| |
| |||||||
Log-Analyse und Auswertung: Hard drive clusters are partly damagedWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.03.2012, 17:03
| #1 |
 |  Hard drive clusters are partly damaged Hallo, ich hatte die Fehlermeldung "Hard drive clusters are partly damaged", fand viele Dateien nicht mehr, Bildschirmhintergrund war schwarz und es kamen ganz viele Fehlermeldungen. Habe dann bei der Suche nach Lösungen hier im Forum folgende Seite gefunden: http://www.trojaner-board.de/108567-...or-andere.html und ich habe die Anweisungen ausgeführt. Log von Malwarebytes war: Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.03 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 noto :: NOTO-PC [Administrator] Schutz: Deaktiviert 22.03.2012 16:08:24 mbam-log-2012-03-22 (16-08-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 185835 Laufzeit: 3 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\BeNNFxoTOFDUaV.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Daten: grpconv -o -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\1F4YgiGnRbZJxQ.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\noto\AppData\Local\Temp\7tpHrwTdM3ELad.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) TDSSKiller hat nichts gefunden. Der Log lautet: 6:20:23.0755 1428 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00 16:20:23.0817 1428 ============================================================ 16:20:23.0817 1428 Current date / time: 2012/03/22 16:20:23.0817 16:20:23.0817 1428 SystemInfo: 16:20:23.0817 1428 16:20:23.0817 1428 OS Version: 6.1.7601 ServicePack: 1.0 16:20:23.0817 1428 Product type: Workstation 16:20:23.0817 1428 ComputerName: NOTO-PC 16:20:23.0817 1428 UserName: noto 16:20:23.0817 1428 Windows directory: C:\Windows 16:20:23.0817 1428 System windows directory: C:\Windows 16:20:23.0817 1428 Processor architecture: Intel x86 16:20:23.0817 1428 Number of processors: 2 16:20:23.0817 1428 Page size: 0x1000 16:20:23.0817 1428 Boot type: Safe boot 16:20:23.0817 1428 ============================================================ 16:20:24.0488 1428 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:20:24.0582 1428 \Device\Harddisk0\DR0: 16:20:24.0582 1428 MBR used 16:20:24.0582 1428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:20:24.0582 1428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000 16:20:24.0582 1428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000 16:20:24.0644 1428 Initialize success 16:20:24.0644 1428 ============================================================ 16:20:40.0150 1464 ============================================================ 16:20:40.0150 1464 Scan started 16:20:40.0150 1464 Mode: Manual; 16:20:40.0150 1464 ============================================================ 16:20:40.0525 1464 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 16:20:40.0540 1464 1394ohci - ok 16:20:40.0618 1464 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 16:20:40.0618 1464 ACPI - ok 16:20:40.0665 1464 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 16:20:40.0665 1464 AcpiPmi - ok 16:20:40.0728 1464 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 16:20:40.0743 1464 adp94xx - ok 16:20:40.0790 1464 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 16:20:40.0790 1464 adpahci - ok 16:20:40.0821 1464 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 16:20:40.0821 1464 adpu320 - ok 16:20:40.0837 1464 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 16:20:40.0852 1464 AeLookupSvc - ok 16:20:40.0899 1464 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 16:20:40.0915 1464 AFD - ok 16:20:40.0977 1464 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 16:20:40.0977 1464 agp440 - ok 16:20:41.0024 1464 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 16:20:41.0024 1464 aic78xx - ok 16:20:41.0055 1464 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 16:20:41.0055 1464 ALG - ok 16:20:41.0071 1464 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 16:20:41.0071 1464 aliide - ok 16:20:41.0118 1464 AMD External Events Utility (60201ad353105d8c6796c1b69e6c49f0) C:\Windows\system32\atiesrxx.exe 16:20:41.0118 1464 AMD External Events Utility - ok 16:20:41.0133 1464 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 16:20:41.0133 1464 amdagp - ok 16:20:41.0196 1464 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 16:20:41.0196 1464 amdide - ok 16:20:41.0242 1464 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 16:20:41.0242 1464 AmdK8 - ok 16:20:41.0336 1464 amdkmdag (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys 16:20:41.0383 1464 amdkmdag - ok 16:20:41.0430 1464 amdkmdap (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys 16:20:41.0445 1464 amdkmdap - ok 16:20:41.0508 1464 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 16:20:41.0508 1464 AmdPPM - ok 16:20:41.0539 1464 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 16:20:41.0539 1464 amdsata - ok 16:20:41.0570 1464 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 16:20:41.0570 1464 amdsbs - ok 16:20:41.0586 1464 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 16:20:41.0586 1464 amdxata - ok 16:20:41.0617 1464 Andbus (3e59df4984fbd6800d6621480b38a34e) C:\Windows\system32\DRIVERS\lgandbus.sys 16:20:41.0617 1464 Andbus - ok 16:20:41.0648 1464 AndDiag (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\Windows\system32\DRIVERS\lganddiag.sys 16:20:41.0648 1464 AndDiag - ok 16:20:41.0710 1464 AndGps (1d2c90e25483363d54b652898bbc8f2a) C:\Windows\system32\DRIVERS\lgandgps.sys 16:20:41.0710 1464 AndGps - ok 16:20:41.0726 1464 ANDModem (b1b06a95da2cac7fa19832c60c348c85) C:\Windows\system32\DRIVERS\lgandmodem.sys 16:20:41.0726 1464 ANDModem - ok 16:20:41.0742 1464 androidusb - ok 16:20:41.0804 1464 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe 16:20:41.0804 1464 AntiVirSchedulerService - ok 16:20:41.0820 1464 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 16:20:41.0820 1464 AntiVirService - ok 16:20:41.0866 1464 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 16:20:41.0866 1464 AppID - ok 16:20:41.0913 1464 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 16:20:41.0913 1464 AppIDSvc - ok 16:20:41.0944 1464 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 16:20:41.0944 1464 Appinfo - ok 16:20:41.0991 1464 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 16:20:41.0991 1464 arc - ok 16:20:42.0007 1464 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 16:20:42.0007 1464 arcsas - ok 16:20:42.0054 1464 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 16:20:42.0054 1464 AsyncMac - ok 16:20:42.0069 1464 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 16:20:42.0069 1464 atapi - ok 16:20:42.0163 1464 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys 16:20:42.0178 1464 AtiHdmiService - ok 16:20:42.0210 1464 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 16:20:42.0210 1464 AudioEndpointBuilder - ok 16:20:42.0225 1464 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 16:20:42.0225 1464 Audiosrv - ok 16:20:42.0272 1464 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 16:20:42.0272 1464 avgntflt - ok 16:20:42.0288 1464 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 16:20:42.0303 1464 avipbb - ok 16:20:42.0350 1464 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 16:20:42.0350 1464 AxInstSV - ok 16:20:42.0397 1464 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 16:20:42.0412 1464 b06bdrv - ok 16:20:42.0444 1464 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 16:20:42.0444 1464 b57nd60x - ok 16:20:42.0522 1464 BBSvc (483f1162eeebd10bf77fbb32db963370) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 16:20:42.0522 1464 BBSvc - ok 16:20:42.0568 1464 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 16:20:42.0568 1464 BBUpdate - ok 16:20:42.0631 1464 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 16:20:42.0631 1464 BDESVC - ok 16:20:42.0662 1464 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 16:20:42.0662 1464 Beep - ok 16:20:42.0693 1464 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 16:20:42.0709 1464 BFE - ok 16:20:42.0724 1464 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 16:20:42.0740 1464 BITS - ok 16:20:42.0756 1464 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 16:20:42.0756 1464 blbdrive - ok 16:20:42.0787 1464 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 16:20:42.0787 1464 bowser - ok 16:20:42.0849 1464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:20:42.0849 1464 BrFiltLo - ok 16:20:42.0865 1464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:20:42.0865 1464 BrFiltUp - ok 16:20:42.0896 1464 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 16:20:42.0896 1464 Browser - ok 16:20:42.0927 1464 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 16:20:42.0927 1464 Brserid - ok 16:20:42.0958 1464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 16:20:42.0958 1464 BrSerWdm - ok 16:20:42.0990 1464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:20:42.0990 1464 BrUsbMdm - ok 16:20:43.0036 1464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 16:20:43.0036 1464 BrUsbSer - ok 16:20:43.0068 1464 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 16:20:43.0068 1464 BTHMODEM - ok 16:20:43.0099 1464 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 16:20:43.0099 1464 bthserv - ok 16:20:43.0114 1464 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 16:20:43.0114 1464 cdfs - ok 16:20:43.0177 1464 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 16:20:43.0177 1464 cdrom - ok 16:20:43.0239 1464 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 16:20:43.0239 1464 CertPropSvc - ok 16:20:43.0286 1464 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 16:20:43.0286 1464 circlass - ok 16:20:43.0317 1464 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 16:20:43.0317 1464 CLFS - ok 16:20:43.0380 1464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:20:43.0380 1464 clr_optimization_v2.0.50727_32 - ok 16:20:43.0442 1464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:20:43.0442 1464 clr_optimization_v4.0.30319_32 - ok 16:20:43.0489 1464 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 16:20:43.0504 1464 CmBatt - ok 16:20:43.0536 1464 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 16:20:43.0536 1464 cmdide - ok 16:20:43.0582 1464 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 16:20:43.0582 1464 CNG - ok 16:20:43.0598 1464 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 16:20:43.0598 1464 Compbatt - ok 16:20:43.0645 1464 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 16:20:43.0645 1464 CompositeBus - ok 16:20:43.0676 1464 COMSysApp - ok 16:20:43.0707 1464 cpuz132 - ok 16:20:43.0754 1464 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 16:20:43.0754 1464 crcdisk - ok 16:20:43.0801 1464 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 16:20:43.0801 1464 CryptSvc - ok 16:20:43.0832 1464 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 16:20:43.0832 1464 DcomLaunch - ok 16:20:43.0863 1464 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 16:20:43.0863 1464 defragsvc - ok 16:20:43.0926 1464 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 16:20:43.0926 1464 DfsC - ok 16:20:43.0972 1464 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 16:20:43.0972 1464 Dhcp - ok 16:20:44.0004 1464 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 16:20:44.0004 1464 discache - ok 16:20:44.0050 1464 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 16:20:44.0050 1464 Disk - ok 16:20:44.0066 1464 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 16:20:44.0066 1464 Dnscache - ok 16:20:44.0113 1464 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 16:20:44.0128 1464 dot3svc - ok 16:20:44.0144 1464 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 16:20:44.0144 1464 DPS - ok 16:20:44.0191 1464 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 16:20:44.0191 1464 drmkaud - ok 16:20:44.0222 1464 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 16:20:44.0238 1464 DXGKrnl - ok 16:20:44.0269 1464 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 16:20:44.0269 1464 EapHost - ok 16:20:44.0378 1464 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 16:20:44.0409 1464 ebdrv - ok 16:20:44.0440 1464 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 16:20:44.0440 1464 EFS - ok 16:20:44.0503 1464 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 16:20:44.0503 1464 ehRecvr - ok 16:20:44.0518 1464 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 16:20:44.0518 1464 ehSched - ok 16:20:44.0612 1464 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 16:20:44.0612 1464 elxstor - ok 16:20:44.0643 1464 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 16:20:44.0643 1464 ErrDev - ok 16:20:44.0690 1464 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 16:20:44.0690 1464 EventSystem - ok 16:20:44.0706 1464 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 16:20:44.0706 1464 exfat - ok 16:20:44.0721 1464 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 16:20:44.0721 1464 fastfat - ok 16:20:44.0784 1464 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 16:20:44.0784 1464 Fax - ok 16:20:44.0830 1464 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 16:20:44.0830 1464 fdc - ok 16:20:44.0862 1464 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 16:20:44.0862 1464 fdPHost - ok 16:20:44.0877 1464 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 16:20:44.0877 1464 FDResPub - ok 16:20:44.0908 1464 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 16:20:44.0908 1464 FileInfo - ok 16:20:44.0955 1464 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 16:20:44.0955 1464 Filetrace - ok 16:20:44.0986 1464 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 16:20:44.0986 1464 flpydisk - ok 16:20:45.0002 1464 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 16:20:45.0018 1464 FltMgr - ok 16:20:45.0049 1464 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 16:20:45.0049 1464 FontCache - ok 16:20:45.0096 1464 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:20:45.0111 1464 FontCache3.0.0.0 - ok 16:20:45.0174 1464 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 16:20:45.0174 1464 FsDepends - ok 16:20:45.0189 1464 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 16:20:45.0189 1464 Fs_Rec - ok 16:20:45.0236 1464 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 16:20:45.0236 1464 fvevol - ok 16:20:45.0267 1464 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:20:45.0267 1464 gagp30kx - ok 16:20:45.0298 1464 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 16:20:45.0314 1464 gpsvc - ok 16:20:45.0408 1464 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 16:20:45.0408 1464 gupdate - ok 16:20:45.0423 1464 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 16:20:45.0423 1464 gupdatem - ok 16:20:45.0439 1464 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 16:20:45.0439 1464 gusvc - ok 16:20:45.0501 1464 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 16:20:45.0501 1464 hcw85cir - ok 16:20:45.0532 1464 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 16:20:45.0532 1464 HdAudAddService - ok 16:20:45.0579 1464 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 16:20:45.0579 1464 HDAudBus - ok 16:20:45.0595 1464 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 16:20:45.0595 1464 HidBatt - ok 16:20:45.0610 1464 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 16:20:45.0610 1464 HidBth - ok 16:20:45.0673 1464 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 16:20:45.0673 1464 HidIr - ok 16:20:45.0720 1464 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 16:20:45.0720 1464 hidserv - ok 16:20:45.0751 1464 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\drivers\hidusb.sys 16:20:45.0751 1464 HidUsb - ok 16:20:45.0766 1464 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 16:20:45.0766 1464 hkmsvc - ok 16:20:45.0798 1464 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 16:20:45.0798 1464 HomeGroupListener - ok 16:20:45.0829 1464 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 16:20:45.0829 1464 HomeGroupProvider - ok 16:20:45.0876 1464 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 16:20:45.0891 1464 HpSAMD - ok 16:20:45.0938 1464 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 16:20:45.0938 1464 HTTP - ok 16:20:45.0954 1464 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 16:20:45.0954 1464 hwpolicy - ok 16:20:46.0016 1464 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 16:20:46.0016 1464 i8042prt - ok 16:20:46.0047 1464 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys 16:20:46.0047 1464 iaStor - ok 16:20:46.0110 1464 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 16:20:46.0110 1464 IAStorDataMgrSvc - ok 16:20:46.0188 1464 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 16:20:46.0203 1464 iaStorV - ok 16:20:46.0281 1464 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:20:46.0297 1464 idsvc - ok 16:20:46.0390 1464 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys 16:20:46.0437 1464 igfx - ok 16:20:46.0515 1464 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 16:20:46.0515 1464 iirsp - ok 16:20:46.0562 1464 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 16:20:46.0562 1464 IKEEXT - ok 16:20:46.0656 1464 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys 16:20:46.0687 1464 IntcAzAudAddService - ok 16:20:46.0749 1464 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 16:20:46.0749 1464 intelide - ok 16:20:46.0796 1464 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 16:20:46.0796 1464 intelppm - ok 16:20:46.0812 1464 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 16:20:46.0827 1464 IPBusEnum - ok 16:20:46.0843 1464 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:20:46.0843 1464 IpFilterDriver - ok 16:20:46.0874 1464 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 16:20:46.0890 1464 iphlpsvc - ok 16:20:46.0921 1464 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 16:20:46.0921 1464 IPMIDRV - ok 16:20:46.0983 1464 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 16:20:46.0983 1464 IPNAT - ok 16:20:47.0014 1464 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 16:20:47.0014 1464 IRENUM - ok 16:20:47.0030 1464 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 16:20:47.0030 1464 isapnp - ok 16:20:47.0046 1464 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 16:20:47.0061 1464 iScsiPrt - ok 16:20:47.0077 1464 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 16:20:47.0077 1464 kbdclass - ok 16:20:47.0108 1464 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\drivers\kbdhid.sys 16:20:47.0108 1464 kbdhid - ok 16:20:47.0170 1464 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 16:20:47.0170 1464 KeyIso - ok 16:20:47.0202 1464 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 16:20:47.0202 1464 KSecDD - ok 16:20:47.0233 1464 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 16:20:47.0233 1464 KSecPkg - ok 16:20:47.0264 1464 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 16:20:47.0264 1464 KtmRm - ok 16:20:47.0295 1464 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 16:20:47.0295 1464 LanmanServer - ok 16:20:47.0358 1464 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 16:20:47.0358 1464 LanmanWorkstation - ok 16:20:47.0404 1464 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys 16:20:47.0404 1464 LgBttPort - ok 16:20:47.0420 1464 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys 16:20:47.0420 1464 lgbusenum - ok 16:20:47.0467 1464 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys 16:20:47.0467 1464 LGVMODEM - ok 16:20:47.0514 1464 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 16:20:47.0514 1464 lltdio - ok 16:20:47.0529 1464 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 16:20:47.0545 1464 lltdsvc - ok 16:20:47.0576 1464 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 16:20:47.0576 1464 lmhosts - ok 16:20:47.0623 1464 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:20:47.0623 1464 LSI_FC - ok 16:20:47.0654 1464 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:20:47.0654 1464 LSI_SAS - ok 16:20:47.0685 1464 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:20:47.0685 1464 LSI_SAS2 - ok 16:20:47.0732 1464 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:20:47.0732 1464 LSI_SCSI - ok 16:20:47.0748 1464 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 16:20:47.0748 1464 luafv - ok 16:20:47.0841 1464 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 16:20:47.0841 1464 MBAMProtector - ok 16:20:47.0888 1464 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 16:20:47.0904 1464 MBAMService - ok 16:20:47.0950 1464 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 16:20:47.0950 1464 Mcx2Svc - ok 16:20:47.0982 1464 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 16:20:47.0982 1464 megasas - ok 16:20:48.0044 1464 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 16:20:48.0044 1464 MegaSR - ok 16:20:48.0075 1464 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 16:20:48.0075 1464 MMCSS - ok 16:20:48.0091 1464 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 16:20:48.0091 1464 Modem - ok 16:20:48.0122 1464 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 16:20:48.0122 1464 monitor - ok 16:20:48.0138 1464 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 16:20:48.0138 1464 mouclass - ok 16:20:48.0169 1464 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 16:20:48.0169 1464 mouhid - ok 16:20:48.0184 1464 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 16:20:48.0184 1464 mountmgr - ok 16:20:48.0247 1464 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 16:20:48.0247 1464 mpio - ok 16:20:48.0278 1464 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 16:20:48.0294 1464 mpsdrv - ok 16:20:48.0309 1464 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 16:20:48.0325 1464 MpsSvc - ok 16:20:48.0356 1464 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 16:20:48.0356 1464 MRxDAV - ok 16:20:48.0418 1464 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:20:48.0418 1464 mrxsmb - ok 16:20:48.0450 1464 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:20:48.0465 1464 mrxsmb10 - ok 16:20:48.0496 1464 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:20:48.0496 1464 mrxsmb20 - ok 16:20:48.0528 1464 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 16:20:48.0528 1464 msahci - ok 16:20:48.0559 1464 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 16:20:48.0559 1464 msdsm - ok 16:20:48.0621 1464 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 16:20:48.0621 1464 MSDTC - ok 16:20:48.0668 1464 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 16:20:48.0668 1464 Msfs - ok 16:20:48.0668 1464 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 16:20:48.0668 1464 mshidkmdf - ok 16:20:48.0699 1464 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 16:20:48.0699 1464 msisadrv - ok 16:20:48.0746 1464 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 16:20:48.0746 1464 MSiSCSI - ok 16:20:48.0746 1464 msiserver - ok 16:20:48.0777 1464 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 16:20:48.0777 1464 MSKSSRV - ok 16:20:48.0840 1464 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 16:20:48.0840 1464 MSPCLOCK - ok 16:20:48.0855 1464 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 16:20:48.0855 1464 MSPQM - ok 16:20:48.0871 1464 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 16:20:48.0871 1464 MsRPC - ok 16:20:48.0902 1464 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 16:20:48.0902 1464 mssmbios - ok 16:20:48.0933 1464 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 16:20:48.0933 1464 MSTEE - ok 16:20:48.0949 1464 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 16:20:48.0949 1464 MTConfig - ok 16:20:49.0011 1464 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 16:20:49.0011 1464 Mup - ok 16:20:49.0042 1464 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 16:20:49.0042 1464 napagent - ok 16:20:49.0074 1464 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 16:20:49.0074 1464 NativeWifiP - ok 16:20:49.0105 1464 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 16:20:49.0120 1464 NDIS - ok 16:20:49.0167 1464 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 16:20:49.0167 1464 NdisCap - ok 16:20:49.0230 1464 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 16:20:49.0230 1464 NdisTapi - ok 16:20:49.0245 1464 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 16:20:49.0245 1464 Ndisuio - ok 16:20:49.0276 1464 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 16:20:49.0276 1464 NdisWan - ok 16:20:49.0308 1464 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 16:20:49.0308 1464 NDProxy - ok 16:20:49.0323 1464 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 16:20:49.0323 1464 NetBIOS - ok 16:20:49.0354 1464 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 16:20:49.0354 1464 NetBT - ok 16:20:49.0401 1464 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 16:20:49.0417 1464 Netlogon - ok 16:20:49.0448 1464 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 16:20:49.0448 1464 Netman - ok 16:20:49.0464 1464 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 16:20:49.0464 1464 netprofm - ok 16:20:49.0526 1464 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:20:49.0526 1464 NetTcpPortSharing - ok 16:20:49.0588 1464 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 16:20:49.0588 1464 nfrd960 - ok 16:20:49.0651 1464 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 16:20:49.0651 1464 NlaSvc - ok 16:20:49.0682 1464 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 16:20:49.0682 1464 Npfs - ok 16:20:49.0713 1464 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 16:20:49.0713 1464 nsi - ok 16:20:49.0729 1464 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 16:20:49.0729 1464 nsiproxy - ok 16:20:49.0776 1464 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 16:20:49.0776 1464 Ntfs - ok 16:20:49.0854 1464 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 16:20:49.0854 1464 Null - ok 16:20:49.0885 1464 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 16:20:49.0885 1464 nvraid - ok 16:20:49.0900 1464 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 16:20:49.0900 1464 nvstor - ok 16:20:49.0932 1464 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 16:20:49.0932 1464 nv_agp - ok 16:20:50.0025 1464 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:20:50.0041 1464 odserv - ok 16:20:50.0119 1464 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 16:20:50.0119 1464 ohci1394 - ok 16:20:50.0150 1464 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:20:50.0150 1464 ose - ok 16:20:50.0181 1464 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 16:20:50.0181 1464 p2pimsvc - ok 16:20:50.0197 1464 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 16:20:50.0197 1464 p2psvc - ok 16:20:50.0228 1464 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 16:20:50.0228 1464 Parport - ok 16:20:50.0244 1464 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 16:20:50.0244 1464 partmgr - ok 16:20:50.0306 1464 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 16:20:50.0306 1464 Parvdm - ok 16:20:50.0322 1464 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 16:20:50.0337 1464 PcaSvc - ok 16:20:50.0353 1464 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 16:20:50.0368 1464 pci - ok 16:20:50.0384 1464 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 16:20:50.0384 1464 pciide - ok 16:20:50.0415 1464 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 16:20:50.0415 1464 pcmcia - ok 16:20:50.0446 1464 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 16:20:50.0446 1464 pcw - ok 16:20:50.0509 1464 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 16:20:50.0524 1464 PEAUTH - ok 16:20:50.0587 1464 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 16:20:50.0602 1464 pla - ok 16:20:50.0618 1464 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 16:20:50.0634 1464 PlugPlay - ok 16:20:50.0665 1464 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 16:20:50.0665 1464 PNRPAutoReg - ok 16:20:50.0712 1464 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 16:20:50.0712 1464 PNRPsvc - ok 16:20:50.0743 1464 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 16:20:50.0743 1464 PolicyAgent - ok 16:20:50.0774 1464 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 16:20:50.0774 1464 Power - ok 16:20:50.0821 1464 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 16:20:50.0821 1464 PptpMiniport - ok 16:20:50.0852 1464 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 16:20:50.0852 1464 Processor - ok 16:20:50.0914 1464 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 16:20:50.0914 1464 ProfSvc - ok 16:20:50.0946 1464 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 16:20:50.0946 1464 ProtectedStorage - ok 16:20:50.0961 1464 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 16:20:50.0961 1464 Psched - ok 16:20:51.0024 1464 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 16:20:51.0024 1464 PSI_SVC_2 - ok 16:20:51.0086 1464 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 16:20:51.0102 1464 ql2300 - ok 16:20:51.0180 1464 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 16:20:51.0180 1464 ql40xx - ok 16:20:51.0211 1464 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 16:20:51.0211 1464 QWAVE - ok 16:20:51.0226 1464 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 16:20:51.0226 1464 QWAVEdrv - ok 16:20:51.0258 1464 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 16:20:51.0258 1464 RasAcd - ok 16:20:51.0289 1464 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:20:51.0304 1464 RasAgileVpn - ok 16:20:51.0336 1464 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 16:20:51.0351 1464 RasAuto - ok 16:20:51.0367 1464 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:20:51.0367 1464 Rasl2tp - ok 16:20:51.0414 1464 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 16:20:51.0414 1464 RasMan - ok 16:20:51.0429 1464 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 16:20:51.0445 1464 RasPppoe - ok 16:20:51.0476 1464 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 16:20:51.0476 1464 RasSstp - ok 16:20:51.0507 1464 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 16:20:51.0507 1464 rdbss - ok 16:20:51.0538 1464 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 16:20:51.0538 1464 rdpbus - ok 16:20:51.0585 1464 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:20:51.0585 1464 RDPCDD - ok 16:20:51.0601 1464 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 16:20:51.0601 1464 RDPENCDD - ok 16:20:51.0616 1464 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 16:20:51.0616 1464 RDPREFMP - ok 16:20:51.0648 1464 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys 16:20:51.0648 1464 RDPWD - ok 16:20:51.0679 1464 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 16:20:51.0679 1464 rdyboost - ok 16:20:51.0694 1464 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 16:20:51.0694 1464 RemoteAccess - ok 16:20:51.0757 1464 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 16:20:51.0757 1464 RemoteRegistry - ok 16:20:51.0788 1464 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 16:20:51.0788 1464 RpcEptMapper - ok 16:20:51.0804 1464 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 16:20:51.0804 1464 RpcLocator - ok 16:20:51.0819 1464 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 16:20:51.0835 1464 RpcSs - ok 16:20:51.0866 1464 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 16:20:51.0866 1464 rspndr - ok 16:20:51.0913 1464 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys 16:20:51.0913 1464 RTL8167 - ok 16:20:51.0991 1464 RTL8192su (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys 16:20:51.0991 1464 RTL8192su - ok 16:20:52.0022 1464 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 16:20:52.0022 1464 SamSs - ok 16:20:52.0053 1464 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 16:20:52.0053 1464 sbp2port - ok 16:20:52.0100 1464 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 16:20:52.0100 1464 SCardSvr - ok 16:20:52.0131 1464 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 16:20:52.0131 1464 scfilter - ok 16:20:52.0194 1464 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 16:20:52.0209 1464 Schedule - ok 16:20:52.0240 1464 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 16:20:52.0240 1464 SCPolicySvc - ok 16:20:52.0256 1464 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 16:20:52.0256 1464 SDRSVC - ok 16:20:52.0303 1464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 16:20:52.0303 1464 secdrv - ok 16:20:52.0318 1464 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 16:20:52.0318 1464 seclogon - ok 16:20:52.0365 1464 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 16:20:52.0365 1464 SENS - ok 16:20:52.0396 1464 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 16:20:52.0396 1464 SensrSvc - ok 16:20:52.0412 1464 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 16:20:52.0412 1464 Serenum - ok 16:20:52.0428 1464 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 16:20:52.0428 1464 Serial - ok 16:20:52.0459 1464 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 16:20:52.0459 1464 sermouse - ok 16:20:52.0506 1464 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 16:20:52.0506 1464 SessionEnv - ok 16:20:52.0552 1464 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 16:20:52.0552 1464 sffdisk - ok 16:20:52.0584 1464 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 16:20:52.0584 1464 sffp_mmc - ok 16:20:52.0599 1464 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys 16:20:52.0599 1464 sffp_sd - ok 16:20:52.0630 1464 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 16:20:52.0630 1464 sfloppy - ok 16:20:52.0662 1464 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 16:20:52.0662 1464 SharedAccess - ok 16:20:52.0708 1464 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 16:20:52.0708 1464 ShellHWDetection - ok 16:20:52.0786 1464 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 16:20:52.0786 1464 sisagp - ok 16:20:52.0818 1464 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:20:52.0818 1464 SiSRaid2 - ok 16:20:52.0849 1464 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 16:20:52.0849 1464 SiSRaid4 - ok 16:20:52.0880 1464 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 16:20:52.0880 1464 Smb - ok 16:20:52.0911 1464 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 16:20:52.0911 1464 SNMPTRAP - ok 16:20:52.0958 1464 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 16:20:52.0958 1464 spldr - ok 16:20:52.0989 1464 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 16:20:53.0005 1464 Spooler - ok 16:20:53.0067 1464 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 16:20:53.0098 1464 sppsvc - ok 16:20:53.0130 1464 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 16:20:53.0130 1464 sppuinotify - ok 16:20:53.0192 1464 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 16:20:53.0192 1464 srv - ok 16:20:53.0223 1464 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 16:20:53.0223 1464 srv2 - ok 16:20:53.0254 1464 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 16:20:53.0254 1464 srvnet - ok 16:20:53.0286 1464 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 16:20:53.0286 1464 SSDPSRV - ok 16:20:53.0317 1464 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 16:20:53.0317 1464 ssmdrv - ok 16:20:53.0364 1464 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 16:20:53.0364 1464 SstpSvc - ok 16:20:53.0410 1464 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 16:20:53.0410 1464 stexstor - ok 16:20:53.0504 1464 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 16:20:53.0504 1464 StiSvc - ok 16:20:53.0520 1464 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 16:20:53.0535 1464 swenum - ok 16:20:53.0551 1464 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 16:20:53.0551 1464 swprv - ok 16:20:53.0613 1464 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 16:20:53.0613 1464 SysMain - ok 16:20:53.0676 1464 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 16:20:53.0676 1464 TabletInputService - ok 16:20:53.0707 1464 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 16:20:53.0707 1464 TapiSrv - ok 16:20:53.0722 1464 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 16:20:53.0738 1464 TBS - ok 16:20:53.0785 1464 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys 16:20:53.0800 1464 Tcpip - ok 16:20:53.0832 1464 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys 16:20:53.0847 1464 TCPIP6 - ok 16:20:53.0878 1464 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 16:20:53.0878 1464 tcpipreg - ok 16:20:53.0925 1464 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 16:20:53.0925 1464 TDPIPE - ok 16:20:53.0956 1464 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 16:20:53.0972 1464 TDTCP - ok 16:20:53.0988 1464 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 16:20:53.0988 1464 tdx - ok 16:20:54.0034 1464 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 16:20:54.0034 1464 TermDD - ok 16:20:54.0066 1464 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 16:20:54.0066 1464 TermService - ok 16:20:54.0112 1464 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 16:20:54.0112 1464 Themes - ok 16:20:54.0159 1464 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 16:20:54.0159 1464 THREADORDER - ok 16:20:54.0175 1464 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 16:20:54.0190 1464 TrkWks - ok 16:20:54.0206 1464 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 16:20:54.0206 1464 TrustedInstaller - ok 16:20:54.0237 1464 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:20:54.0237 1464 tssecsrv - ok 16:20:54.0284 1464 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 16:20:54.0284 1464 TsUsbFlt - ok 16:20:54.0346 1464 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 16:20:54.0362 1464 tunnel - ok 16:20:54.0393 1464 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 16:20:54.0393 1464 uagp35 - ok 16:20:54.0424 1464 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 16:20:54.0424 1464 udfs - ok 16:20:54.0471 1464 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 16:20:54.0471 1464 UI0Detect - ok 16:20:54.0502 1464 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 16:20:54.0502 1464 uliagpkx - ok 16:20:54.0549 1464 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 16:20:54.0549 1464 umbus - ok 16:20:54.0580 1464 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 16:20:54.0580 1464 UmPass - ok 16:20:54.0612 1464 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 16:20:54.0612 1464 upnphost - ok 16:20:54.0627 1464 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 16:20:54.0627 1464 usbccgp - ok 16:20:54.0658 1464 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 16:20:54.0658 1464 usbcir - ok 16:20:54.0690 1464 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 16:20:54.0690 1464 usbehci - ok 16:20:54.0752 1464 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 16:20:54.0752 1464 usbhub - ok 16:20:54.0799 1464 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys 16:20:54.0799 1464 usbohci - ok 16:20:54.0830 1464 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 16:20:54.0830 1464 usbprint - ok 16:20:54.0892 1464 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 16:20:54.0892 1464 usbscan - ok 16:20:54.0924 1464 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:20:54.0924 1464 USBSTOR - ok 16:20:54.0939 1464 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 16:20:54.0939 1464 usbuhci - ok 16:20:54.0955 1464 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 16:20:54.0970 1464 UxSms - ok 16:20:55.0017 1464 V0260VID (c90055bd2bb41443462ea715e0876b8d) C:\Windows\system32\DRIVERS\V0260Vid.sys 16:20:55.0017 1464 V0260VID - ok 16:20:55.0048 1464 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 16:20:55.0048 1464 VaultSvc - ok 16:20:55.0080 1464 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 16:20:55.0080 1464 vdrvroot - ok 16:20:55.0126 1464 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 16:20:55.0126 1464 vds - ok 16:20:55.0158 1464 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 16:20:55.0158 1464 vga - ok 16:20:55.0189 1464 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 16:20:55.0189 1464 VgaSave - ok 16:20:55.0220 1464 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 16:20:55.0220 1464 vhdmp - ok 16:20:55.0282 1464 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 16:20:55.0282 1464 viaagp - ok 16:20:55.0314 1464 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 16:20:55.0314 1464 ViaC7 - ok 16:20:55.0345 1464 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 16:20:55.0345 1464 viaide - ok 16:20:55.0376 1464 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 16:20:55.0376 1464 volmgr - ok 16:20:55.0423 1464 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 16:20:55.0423 1464 volmgrx - ok 16:20:55.0454 1464 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 16:20:55.0454 1464 volsnap - ok 16:20:55.0501 1464 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 16:20:55.0501 1464 vsmraid - ok 16:20:55.0548 1464 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 16:20:55.0563 1464 VSS - ok 16:20:55.0594 1464 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 16:20:55.0594 1464 vwifibus - ok 16:20:55.0626 1464 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 16:20:55.0626 1464 vwififlt - ok 16:20:55.0657 1464 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 16:20:55.0672 1464 vwifimp - ok 16:20:55.0688 1464 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 16:20:55.0704 1464 W32Time - ok 16:20:55.0719 1464 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 16:20:55.0719 1464 WacomPen - ok 16:20:55.0782 1464 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 16:20:55.0782 1464 WANARP - ok 16:20:55.0797 1464 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 16:20:55.0797 1464 Wanarpv6 - ok 16:20:55.0860 1464 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 16:20:55.0875 1464 WatAdminSvc - ok 16:20:55.0922 1464 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 16:20:55.0938 1464 wbengine - ok 16:20:55.0984 1464 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 16:20:56.0000 1464 WbioSrvc - ok 16:20:56.0047 1464 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 16:20:56.0047 1464 wcncsvc - ok 16:20:56.0062 1464 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 16:20:56.0062 1464 WcsPlugInService - ok 16:20:56.0094 1464 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 16:20:56.0094 1464 Wd - ok 16:20:56.0125 1464 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 16:20:56.0125 1464 Wdf01000 - ok 16:20:56.0156 1464 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 16:20:56.0156 1464 WdiServiceHost - ok 16:20:56.0156 1464 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 16:20:56.0156 1464 WdiSystemHost - ok 16:20:56.0187 1464 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 16:20:56.0203 1464 WebClient - ok 16:20:56.0250 1464 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 16:20:56.0250 1464 Wecsvc - ok 16:20:56.0281 1464 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 16:20:56.0281 1464 wercplsupport - ok 16:20:56.0296 1464 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 16:20:56.0312 1464 WerSvc - ok 16:20:56.0343 1464 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 16:20:56.0343 1464 WfpLwf - ok 16:20:56.0359 1464 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 16:20:56.0359 1464 WIMMount - ok 16:20:56.0421 1464 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 16:20:56.0437 1464 WinDefend - ok 16:20:56.0437 1464 WinHttpAutoProxySvc - ok 16:20:56.0468 1464 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 16:20:56.0468 1464 Winmgmt - ok 16:20:56.0546 1464 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 16:20:56.0562 1464 WinRM - ok 16:20:56.0608 1464 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 16:20:56.0624 1464 Wlansvc - ok 16:20:56.0655 1464 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 16:20:56.0655 1464 WmiAcpi - ok 16:20:56.0733 1464 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 16:20:56.0733 1464 wmiApSrv - ok 16:20:56.0796 1464 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 16:20:56.0796 1464 WMPNetworkSvc - ok 16:20:56.0842 1464 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 16:20:56.0842 1464 WPCSvc - ok 16:20:56.0874 1464 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 16:20:56.0874 1464 WPDBusEnum - ok 16:20:56.0936 1464 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 16:20:56.0936 1464 ws2ifsl - ok 16:20:56.0952 1464 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 16:20:56.0952 1464 wscsvc - ok 16:20:56.0967 1464 WSearch - ok 16:20:57.0014 1464 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 16:20:57.0030 1464 wuauserv - ok 16:20:57.0076 1464 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 16:20:57.0076 1464 WudfPf - ok 16:20:57.0123 1464 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:20:57.0123 1464 WUDFRd - ok 16:20:57.0154 1464 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 16:20:57.0170 1464 wudfsvc - ok 16:20:57.0186 1464 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 16:20:57.0217 1464 WwanSvc - ok 16:20:57.0248 1464 MBR (0x1B8) (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0 16:20:59.0292 1464 \Device\Harddisk0\DR0 - ok 16:20:59.0307 1464 Boot (0x1200) (a96290b5401c2da5a08bb9471d76d503) \Device\Harddisk0\DR0\Partition0 16:20:59.0307 1464 \Device\Harddisk0\DR0\Partition0 - ok 16:20:59.0307 1464 Boot (0x1200) (046bbd7303f14eb983a3f0c302651470) \Device\Harddisk0\DR0\Partition1 16:20:59.0307 1464 \Device\Harddisk0\DR0\Partition1 - ok 16:20:59.0354 1464 Boot (0x1200) (376b50b18dd730f4a63e4b8227f4638c) \Device\Harddisk0\DR0\Partition2 16:20:59.0354 1464 \Device\Harddisk0\DR0\Partition2 - ok 16:20:59.0354 1464 ============================================================ 16:20:59.0354 1464 Scan finished 16:20:59.0354 1464 ============================================================ 16:20:59.0354 1456 Detected object count: 0 16:20:59.0354 1456 Actual detected object count: 0 16:21:05.0422 1424 Deinitialize success Die Fehlermeldungen sind jetzt weg, aber der Bildschirmhintergrund ist immer noch schwarz und die Dateien weg. Kann mir jemand weiterhelfen? Danke |
|
24.03.2012, 19:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hard drive clusters are partly damaged Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
25.03.2012, 12:28
| #3 |
| | Hard drive clusters are partly damaged Hi,
__________________danke schon mal. Also malewarebytes-log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.25.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 noto :: NOTO-PC [Administrator] Schutz: Aktiviert 25.03.2012 11:21:11 mbam-log-2012-03-25 (11-21-11).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 346717 Laufzeit: 56 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.03 Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 noto :: NOTO-PC [Administrator] Schutz: Deaktiviert 22.03.2012 16:08:24 mbam-log-2012-03-22 (16-08-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 185835 Laufzeit: 3 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\BeNNFxoTOFDUaV.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Daten: grpconv -o -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\ProgramData\BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\1F4YgiGnRbZJxQ.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\noto\AppData\Local\Temp\7tpHrwTdM3ELad.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.22.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 noto :: NOTO-PC [Administrator] Schutz: Aktiviert 22.03.2012 16:27:44 mbam-log-2012-03-22 (16-27-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 187825 Laufzeit: 6 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Tobi |
|
25.03.2012, 15:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hard drive clusters are partly damaged Und bei ESET wurde das hier mal wieder überlesen: Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.03.2012, 19:37
| #5 |
| | Hard drive clusters are partly damaged Hatte es nicht überlesen, aber irgendwie war diese Option nicht angezeigt (oder ich hab es nicht gesehen). Jetzt aber: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9e0ba7f9b93997459573269abd4f0437
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 05:28:36
# local_time=2012-03-25 07:28:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 12880 69227175 5652 0
# compatibility_mode=5893 16776573 100 94 175655 84321510 0 0
# compatibility_mode=8192 67108863 100 0 19138 19138 0 0
# scanned=174980
# found=0
# cleaned=0
# scan_time=6197
|
|
26.03.2012, 12:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hard drive clusters are partly damaged CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Hard drive clusters are partly damaged |
|
27.03.2012, 05:58
| #7 |
| | Hard drive clusters are partly damaged So hier der Inhalt von OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/27/2012 6:42:51 AM - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\noto\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.14% Memory free 6.00 Gb Paging File | 4.75 Gb Available in Paging File | 79.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 890.41 Gb Total Space | 756.36 Gb Free Space | 84.95% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS Computer Name: NOTO-PC | User Name: noto | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/27 06:40:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\noto\Desktop\OTL.exe PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/01/07 15:22:59 | 002,450,288 | ---- | M] (Mobile Leader Co.,Ltd.) -- C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe PRC - [2011/12/16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe PRC - [2011/06/30 19:11:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011/04/27 16:24:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/05 22:46:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/05/27 18:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010/05/27 18:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/02/16 13:16:05 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll MOD - [2012/02/15 16:10:57 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll MOD - [2012/02/15 16:10:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/02/15 16:10:28 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/02/15 16:10:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/02/15 16:10:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll MOD - [2012/02/15 16:09:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/02/15 16:09:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/02/15 16:09:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2011/10/14 09:37:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/05/12 15:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV - [2012/03/15 18:59:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/06/30 19:11:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/04/27 16:24:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/05/27 18:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\noto\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandadb.sys -- (androidusb) DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/06/30 19:11:57 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011/06/30 19:11:57 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/12/23 18:35:02 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2010/12/23 18:35:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2010/12/23 18:35:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2010/12/23 18:35:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/05/27 19:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010/05/27 18:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010/05/06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009/09/29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort) DRV - [2009/09/29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM) DRV - [2009/09/29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum) DRV - [2009/09/22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2006/11/04 00:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aol.com/ [binary data] IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes\{631B415A-8AF2-46E1-B229-BE9D1E645382}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deDE399 IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010/12/30 04:02:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/24 17:17:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/08/24 17:17:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\noto\AppData\Roaming\mozilla\Extensions () (No name found) -- C:\USERS\NOTO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\7XXO5JJ4.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - Extension: YouTube = C:\Users\noto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\noto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\noto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001..\Run: [LG LinkAir] C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe (Mobile Leader Co.,Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: BsScanner - Service SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: BsScanner - Service SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - msh263.drv File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/03/27 06:40:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\noto\Desktop\OTL.exe [2012/03/25 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/03/22 17:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/03/22 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/03/22 17:16:21 | 000,000,000 | ---D | C] -- C:\Users\noto\Desktop\tdsskiller [2012/03/22 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\noto\AppData\Roaming\Malwarebytes [2012/03/22 17:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/22 17:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/03/22 17:07:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/03/22 17:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/22 14:03:17 | 000,000,000 | -H-D | C] -- C:\Users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012/03/15 18:59:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2012/03/14 14:26:11 | 000,000,000 | -H-D | C] -- C:\Users\noto\AppData\Roaming\Dropbox [2012/02/26 17:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/02/26 17:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle ========== Files - Modified Within 30 Days ========== [2012/03/27 06:41:37 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/27 06:41:37 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/27 06:40:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\noto\Desktop\OTL.exe [2012/03/27 06:38:37 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/03/27 06:38:37 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/03/27 06:38:37 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/03/27 06:38:37 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/27 06:34:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/27 06:34:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/27 06:33:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys [2012/03/26 20:26:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/22 17:16:13 | 002,047,211 | ---- | M] () -- C:\Users\noto\Desktop\tdsskiller.zip [2012/03/22 17:07:22 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/22 14:04:29 | 000,000,448 | -H-- | M] () -- C:\ProgramData\1F4YgiGnRbZJxQ [2012/03/22 14:03:17 | 000,000,657 | -H-- | M] () -- C:\Users\noto\Desktop\System Check.lnk [2012/03/22 14:03:17 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQ [2012/03/22 14:03:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQr [2012/03/20 13:43:52 | 000,009,017 | -H-- | M] () -- C:\Users\noto\Desktop\Bewerbungsbogen.pdf [2012/03/14 14:23:00 | 000,313,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/03/22 17:16:07 | 002,047,211 | ---- | C] () -- C:\Users\noto\Desktop\tdsskiller.zip [2012/03/22 17:07:22 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/03/22 14:03:17 | 000,000,657 | -H-- | C] () -- C:\Users\noto\Desktop\System Check.lnk [2012/03/22 14:03:17 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~1F4YgiGnRbZJxQ [2012/03/22 14:03:17 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~1F4YgiGnRbZJxQr [2012/03/22 14:03:14 | 000,000,448 | -H-- | C] () -- C:\ProgramData\1F4YgiGnRbZJxQ [2012/03/20 13:43:52 | 000,009,017 | -H-- | C] () -- C:\Users\noto\Desktop\Bewerbungsbogen.pdf [2012/02/14 17:47:08 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe [2012/01/05 11:47:21 | 000,000,517 | ---- | C] () -- C:\Windows\MyHeritage.INI [2012/01/05 11:46:03 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2011/12/08 18:03:43 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2011/12/08 18:03:43 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010/12/30 03:54:03 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2010/12/30 03:54:03 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010/10/09 17:58:25 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2010/10/09 17:53:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat [2010/10/09 17:52:05 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2010/09/30 23:29:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/09/30 20:05:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/07/02 00:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/06/30 13:00:23 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe [2010/06/29 15:53:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/06/29 06:34:58 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys [2010/05/12 15:13:56 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/05/12 15:13:56 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010/04/29 17:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010/04/06 19:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat ========== LOP Check ========== [2011/10/09 13:56:53 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\BSW [2012/03/14 14:26:56 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Dropbox [2011/02/25 15:43:32 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\elsterformular [2012/01/05 11:50:46 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\MyHeritage [2010/10/26 18:46:28 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\SoftGrid Client [2012/01/05 11:46:02 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\The Complete Genealogy Reporter - FTB [2011/08/24 17:17:35 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Thunderbird [2010/09/30 18:05:48 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\TP [2012/03/14 17:28:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/09/30 19:00:36 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Adobe [2010/09/30 17:58:56 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\ATI [2010/10/01 16:56:15 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Avira [2010/10/09 18:07:30 | 000,000,000 | RH-D | M] -- C:\Users\noto\AppData\Roaming\Brother [2011/10/09 13:56:53 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\BSW [2010/09/30 20:05:18 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Corel [2011/07/23 23:12:27 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\CyberLink [2012/03/14 14:26:56 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Dropbox [2011/02/25 15:43:32 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\elsterformular [2010/09/30 23:39:31 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Google [2010/09/30 17:58:40 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Identities [2010/10/09 17:53:04 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\InstallShield [2010/09/30 17:59:01 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Intel Corporation [2010/06/30 12:12:02 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Macromedia [2012/03/22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\noto\AppData\Roaming\Malwarebytes [2009/07/14 09:48:18 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Media Center Programs [2011/07/30 10:41:53 | 000,000,000 | --SD | M] -- C:\Users\noto\AppData\Roaming\Microsoft [2011/08/24 17:17:35 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Mozilla [2012/01/05 11:50:46 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\MyHeritage [2012/03/27 06:42:40 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Skype [2011/07/26 12:23:38 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\skypePM [2010/10/26 18:46:28 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\SoftGrid Client [2012/01/05 11:46:02 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\The Complete Genealogy Reporter - FTB [2011/08/24 17:17:35 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Thunderbird [2010/09/30 18:05:48 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\TP < %APPDATA%\*.exe /s > [2010/06/30 12:23:09 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\noto\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011/12/21 18:38:42 | 000,113,680 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\Convertor.exe [2011/12/21 18:38:44 | 000,113,680 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\ConvertorFDB.exe [2011/12/21 18:38:46 | 000,047,104 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\depcheck.exe [2011/12/21 18:01:20 | 000,110,592 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\gbtest.exe [2011/12/21 18:01:34 | 000,058,896 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Detect\Detect.exe < %SYSTEMDRIVE%\*.exe > [2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: AHCIX86S.SYS > [2007/11/14 19:44:42 | 000,129,552 | -H-- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys [2009/10/26 19:41:10 | 000,189,496 | -H-- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys [2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX0\userinit.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX1\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX0\winlogon.exe [2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX1\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Ebenfalls aufgegangen ist am Ende des Scans die Datei Extras.txt. Zur Sicherheit poste ich auch mal deren Inhalt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/27/2012 6:42:51 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\noto\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.14% Memory free
6.00 Gb Paging File | 4.75 Gb Available in Paging File | 79.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 756.36 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
Computer Name: NOTO-PC | User Name: noto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}" = FUSSBALL MANAGER 06
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Family Tree Builder" = MyHeritage Family Tree Builder
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Imperialismus" = Imperialismus
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"S4Uninst" = Die Siedler IV
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/25/2012 11:33:42 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:42.492]: [00003020]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 3/25/2012 11:33:43 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:43.992]: [00003020]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 3/25/2012 11:33:45 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:45.492]: [00003020]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 3/25/2012 11:33:46 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:46.994]: [00003020]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 3/25/2012 11:33:48 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:48.494]: [00003020]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 3/25/2012 11:33:49 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:49.994]: [00003020]: lperrcode->api
= 1 , lperrcode->code = 2
Error - 3/26/2012 1:45:57 PM | Computer Name = noto-PC | Source = ESENT | ID = 488
Description = wlmail (2440) WindowsLiveMail0: Versuch, Datei "C:\Users\noto\AppData\Local\Microsoft\Windows
Live Mail\Mail.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff
verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
Error - 3/26/2012 1:45:57 PM | Computer Name = noto-PC | Source = ESENT | ID = 217
Description = wlmail (2440) WindowsLiveMail0: Fehler (-1032) während der Sicherung
einer Datenbank (Datei C:\Users\noto\AppData\Local\Microsoft\Windows Live Mail\Mail.MSMessageStore).
Die Datenbank kann nicht wiederhergestellt werden.
Error - 3/26/2012 1:45:57 PM | Computer Name = noto-PC | Source = ESENT | ID = 215
Description = wlmail (2440) WindowsLiveMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 3/27/2012 12:35:19 AM | Computer Name = noto-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 2.0.0.0, Zeitstempel:
0x49ef8e09 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
Zeitstempel: 0x4e2111c0 Ausnahmecode: 0xe0434f4d Fehleroffset: 0x0000d36f ID des fehlerhaften
Prozesses: 0x11f8 Startzeit der fehlerhaften Anwendung: 0x01cd0bd300875539 Pfad der
fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: 418e65b4-77c6-11e1-af03-6c626d5b0b5b
[ OSession Events ]
Error - 5/15/2011 8:12:29 AM | Computer Name = noto-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 135
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/22/2012 11:19:59 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/22/2012 11:19:59 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 3/23/2012 9:59:50 AM | Computer Name = noto-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 3/24/2012 1:02:12 PM | Computer Name = noto-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?03.?2012 um 18:00:23 unerwartet heruntergefahren.
< End of report >
Grüße Tobi |
|
27.03.2012, 11:35
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hard drive clusters are partly damaged Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012/03/22 14:04:29 | 000,000,448 | -H-- | M] () -- C:\ProgramData\1F4YgiGnRbZJxQ
[2012/03/22 14:03:17 | 000,000,657 | -H-- | M] () -- C:\Users\noto\Desktop\System Check.lnk
[2012/03/22 14:03:17 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQ
[2012/03/22 14:03:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQr
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 14:01
| #9 |
| | Hard drive clusters are partly damaged Hier das log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21A88CB9-84D2-4020-A2D1-B25A21034884}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21A88CB9-84D2-4020-A2D1-B25A21034884}\ deleted successfully.
C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1410527557-3332609946-3188139107-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\1F4YgiGnRbZJxQ moved successfully.
C:\Users\noto\Desktop\System Check.lnk moved successfully.
C:\ProgramData\~1F4YgiGnRbZJxQ moved successfully.
C:\ProgramData\~1F4YgiGnRbZJxQr moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: noto
->Temp folder emptied: 388540499 bytes
->Temporary Internet Files folder emptied: 551431856 bytes
->Java cache emptied: 4011803 bytes
->Google Chrome cache emptied: 7089636 bytes
->Flash cache emptied: 129036 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93228411 bytes
RecycleBin emptied: 48116688640 bytes
Total Files Cleaned = 46,884.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_144346
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
27.03.2012, 14:08
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hard drive clusters are partly damagedZitat:
 ein neuer Rekord! fast 47 GB an Datenmüll in TEMP wurden geleert!  Mach bitte nun ein neues Log mit dem TDSS-Killer => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 14:27
| #11 |
| | Hard drive clusters are partly damaged Und hier der log von tdsskiller: Code:
ATTFilter 15:25:54.0672 5048 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:25:54.0730 5048 ============================================================
15:25:54.0730 5048 Current date / time: 2012/03/27 15:25:54.0730
15:25:54.0730 5048 SystemInfo:
15:25:54.0730 5048
15:25:54.0730 5048 OS Version: 6.1.7601 ServicePack: 1.0
15:25:54.0730 5048 Product type: Workstation
15:25:54.0730 5048 ComputerName: NOTO-PC
15:25:54.0730 5048 UserName: noto
15:25:54.0730 5048 Windows directory: C:\Windows
15:25:54.0730 5048 System windows directory: C:\Windows
15:25:54.0730 5048 Processor architecture: Intel x86
15:25:54.0730 5048 Number of processors: 2
15:25:54.0730 5048 Page size: 0x1000
15:25:54.0730 5048 Boot type: Normal boot
15:25:54.0730 5048 ============================================================
15:25:55.0062 5048 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:25:55.0072 5048 \Device\Harddisk0\DR0:
15:25:55.0072 5048 MBR used
15:25:55.0072 5048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:25:55.0072 5048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
15:25:55.0072 5048 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
15:25:55.0132 5048 Initialize success
15:25:55.0132 5048 ============================================================
15:26:02.0146 1432 ============================================================
15:26:02.0146 1432 Scan started
15:26:02.0146 1432 Mode: Manual; SigCheck; TDLFS;
15:26:02.0146 1432 ============================================================
15:26:02.0416 1432 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:26:02.0496 1432 1394ohci - ok
15:26:02.0586 1432 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:26:02.0606 1432 ACPI - ok
15:26:02.0636 1432 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:26:02.0696 1432 AcpiPmi - ok
15:26:02.0746 1432 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:26:02.0756 1432 adp94xx - ok
15:26:02.0816 1432 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:26:02.0826 1432 adpahci - ok
15:26:02.0866 1432 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:26:02.0876 1432 adpu320 - ok
15:26:02.0896 1432 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:26:02.0926 1432 AeLookupSvc - ok
15:26:02.0966 1432 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:26:02.0996 1432 AFD - ok
15:26:03.0046 1432 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:26:03.0056 1432 agp440 - ok
15:26:03.0106 1432 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:26:03.0106 1432 aic78xx - ok
15:26:03.0146 1432 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:26:03.0186 1432 ALG - ok
15:26:03.0206 1432 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:26:03.0216 1432 aliide - ok
15:26:03.0276 1432 AMD External Events Utility (60201ad353105d8c6796c1b69e6c49f0) C:\Windows\system32\atiesrxx.exe
15:26:03.0326 1432 AMD External Events Utility - ok
15:26:03.0386 1432 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:26:03.0406 1432 amdagp - ok
15:26:03.0446 1432 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:26:03.0446 1432 amdide - ok
15:26:03.0476 1432 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:26:03.0506 1432 AmdK8 - ok
15:26:03.0656 1432 amdkmdag (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:26:03.0726 1432 amdkmdag - ok
15:26:03.0806 1432 amdkmdap (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
15:26:03.0846 1432 amdkmdap - ok
15:26:03.0876 1432 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:26:03.0916 1432 AmdPPM - ok
15:26:03.0956 1432 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:26:03.0956 1432 amdsata - ok
15:26:04.0026 1432 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:26:04.0046 1432 amdsbs - ok
15:26:04.0046 1432 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:26:04.0066 1432 amdxata - ok
15:26:04.0086 1432 Andbus (3e59df4984fbd6800d6621480b38a34e) C:\Windows\system32\DRIVERS\lgandbus.sys
15:26:04.0116 1432 Andbus - ok
15:26:04.0136 1432 AndDiag (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\Windows\system32\DRIVERS\lganddiag.sys
15:26:04.0156 1432 AndDiag - ok
15:26:04.0176 1432 AndGps (1d2c90e25483363d54b652898bbc8f2a) C:\Windows\system32\DRIVERS\lgandgps.sys
15:26:04.0196 1432 AndGps - ok
15:26:04.0276 1432 ANDModem (b1b06a95da2cac7fa19832c60c348c85) C:\Windows\system32\DRIVERS\lgandmodem.sys
15:26:04.0306 1432 ANDModem - ok
15:26:04.0326 1432 androidusb - ok
15:26:04.0406 1432 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:26:04.0426 1432 AntiVirSchedulerService - ok
15:26:04.0446 1432 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:26:04.0446 1432 AntiVirService - ok
15:26:04.0516 1432 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:26:04.0626 1432 AppID - ok
15:26:04.0646 1432 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:26:04.0676 1432 AppIDSvc - ok
15:26:04.0716 1432 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:26:04.0736 1432 Appinfo - ok
15:26:04.0806 1432 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:26:04.0826 1432 arc - ok
15:26:04.0856 1432 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:26:04.0866 1432 arcsas - ok
15:26:04.0886 1432 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:26:04.0976 1432 AsyncMac - ok
15:26:05.0066 1432 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:26:05.0086 1432 atapi - ok
15:26:05.0136 1432 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
15:26:05.0166 1432 AtiHdmiService - ok
15:26:05.0206 1432 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:26:05.0246 1432 AudioEndpointBuilder - ok
15:26:05.0256 1432 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:26:05.0286 1432 Audiosrv - ok
15:26:05.0386 1432 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:26:05.0396 1432 avgntflt - ok
15:26:05.0426 1432 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:26:05.0436 1432 avipbb - ok
15:26:05.0466 1432 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:26:05.0526 1432 AxInstSV - ok
15:26:05.0606 1432 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:26:05.0646 1432 b06bdrv - ok
15:26:05.0666 1432 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:26:05.0696 1432 b57nd60x - ok
15:26:05.0776 1432 BBSvc (483f1162eeebd10bf77fbb32db963370) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:26:05.0806 1432 BBSvc - ok
15:26:05.0846 1432 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:26:05.0866 1432 BBUpdate - ok
15:26:05.0926 1432 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:26:05.0956 1432 BDESVC - ok
15:26:06.0006 1432 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:26:06.0056 1432 Beep - ok
15:26:06.0086 1432 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:26:06.0106 1432 BFE - ok
15:26:06.0126 1432 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
15:26:06.0146 1432 BITS - ok
15:26:06.0216 1432 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:26:06.0246 1432 blbdrive - ok
15:26:06.0276 1432 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:26:06.0316 1432 bowser - ok
15:26:06.0346 1432 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:26:06.0386 1432 BrFiltLo - ok
15:26:06.0446 1432 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:26:06.0486 1432 BrFiltUp - ok
15:26:06.0516 1432 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:26:06.0556 1432 Browser - ok
15:26:06.0596 1432 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:26:06.0616 1432 Brserid - ok
15:26:06.0686 1432 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:26:06.0726 1432 BrSerWdm - ok
15:26:06.0746 1432 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:26:06.0766 1432 BrUsbMdm - ok
15:26:06.0786 1432 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:26:06.0826 1432 BrUsbSer - ok
15:26:06.0836 1432 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:26:06.0856 1432 BTHMODEM - ok
15:26:06.0916 1432 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:26:06.0956 1432 bthserv - ok
15:26:06.0996 1432 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:26:07.0036 1432 cdfs - ok
15:26:07.0076 1432 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
15:26:07.0116 1432 cdrom - ok
15:26:07.0176 1432 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:26:07.0206 1432 CertPropSvc - ok
15:26:07.0266 1432 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:26:07.0306 1432 circlass - ok
15:26:07.0336 1432 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:26:07.0356 1432 CLFS - ok
15:26:07.0426 1432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:07.0436 1432 clr_optimization_v2.0.50727_32 - ok
15:26:07.0476 1432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:07.0486 1432 clr_optimization_v4.0.30319_32 - ok
15:26:07.0546 1432 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:26:07.0576 1432 CmBatt - ok
15:26:07.0606 1432 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:26:07.0616 1432 cmdide - ok
15:26:07.0636 1432 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:26:07.0666 1432 CNG - ok
15:26:07.0686 1432 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:26:07.0686 1432 Compbatt - ok
15:26:07.0766 1432 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:26:07.0806 1432 CompositeBus - ok
15:26:07.0836 1432 COMSysApp - ok
15:26:07.0856 1432 cpuz132 - ok
15:26:07.0886 1432 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:26:07.0896 1432 crcdisk - ok
15:26:07.0936 1432 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
15:26:07.0966 1432 CryptSvc - ok
15:26:08.0006 1432 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:26:08.0026 1432 DcomLaunch - ok
15:26:08.0056 1432 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:26:08.0076 1432 defragsvc - ok
15:26:08.0126 1432 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:26:08.0166 1432 DfsC - ok
15:26:08.0226 1432 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:26:08.0276 1432 Dhcp - ok
15:26:08.0306 1432 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:26:08.0336 1432 discache - ok
15:26:08.0386 1432 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:26:08.0396 1432 Disk - ok
15:26:08.0446 1432 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:26:08.0466 1432 Dnscache - ok
15:26:08.0486 1432 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:26:08.0516 1432 dot3svc - ok
15:26:08.0546 1432 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:26:08.0586 1432 DPS - ok
15:26:08.0646 1432 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:26:08.0666 1432 drmkaud - ok
15:26:08.0726 1432 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:26:08.0756 1432 DXGKrnl - ok
15:26:08.0786 1432 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:26:08.0806 1432 EapHost - ok
15:26:08.0906 1432 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:26:08.0966 1432 ebdrv - ok
15:26:09.0006 1432 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:26:09.0036 1432 EFS - ok
15:26:09.0106 1432 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:26:09.0156 1432 ehRecvr - ok
15:26:09.0186 1432 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:26:09.0216 1432 ehSched - ok
15:26:09.0296 1432 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:26:09.0326 1432 elxstor - ok
15:26:09.0356 1432 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:26:09.0376 1432 ErrDev - ok
15:26:09.0416 1432 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:26:09.0446 1432 EventSystem - ok
15:26:09.0466 1432 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:26:09.0486 1432 exfat - ok
15:26:09.0546 1432 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:26:09.0596 1432 fastfat - ok
15:26:09.0646 1432 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:26:09.0686 1432 Fax - ok
15:26:09.0716 1432 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:26:09.0726 1432 fdc - ok
15:26:09.0776 1432 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:26:09.0806 1432 fdPHost - ok
15:26:09.0816 1432 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:26:09.0836 1432 FDResPub - ok
15:26:09.0876 1432 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:26:09.0886 1432 FileInfo - ok
15:26:09.0896 1432 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:26:09.0916 1432 Filetrace - ok
15:26:09.0946 1432 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:26:09.0956 1432 flpydisk - ok
15:26:10.0006 1432 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:26:10.0016 1432 FltMgr - ok
15:26:10.0066 1432 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:26:10.0116 1432 FontCache - ok
15:26:10.0176 1432 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:26:10.0186 1432 FontCache3.0.0.0 - ok
15:26:10.0236 1432 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:26:10.0246 1432 FsDepends - ok
15:26:10.0276 1432 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:26:10.0296 1432 Fs_Rec - ok
15:26:10.0326 1432 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:26:10.0336 1432 fvevol - ok
15:26:10.0386 1432 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:26:10.0386 1432 gagp30kx - ok
15:26:10.0446 1432 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:26:10.0476 1432 gpsvc - ok
15:26:10.0546 1432 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:26:10.0556 1432 gupdate - ok
15:26:10.0566 1432 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:26:10.0576 1432 gupdatem - ok
15:26:10.0586 1432 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:26:10.0596 1432 gusvc - ok
15:26:10.0666 1432 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:26:10.0696 1432 hcw85cir - ok
15:26:10.0736 1432 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:26:10.0776 1432 HdAudAddService - ok
15:26:10.0816 1432 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:26:10.0836 1432 HDAudBus - ok
15:26:10.0906 1432 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:26:10.0926 1432 HidBatt - ok
15:26:10.0946 1432 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:26:10.0966 1432 HidBth - ok
15:26:11.0006 1432 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:26:11.0036 1432 HidIr - ok
15:26:11.0046 1432 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
15:26:11.0086 1432 hidserv - ok
15:26:11.0156 1432 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\drivers\hidusb.sys
15:26:11.0176 1432 HidUsb - ok
15:26:11.0206 1432 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:26:11.0246 1432 hkmsvc - ok
15:26:11.0266 1432 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:26:11.0296 1432 HomeGroupListener - ok
15:26:11.0326 1432 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:26:11.0356 1432 HomeGroupProvider - ok
15:26:11.0436 1432 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:26:11.0456 1432 HpSAMD - ok
15:26:11.0496 1432 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:26:11.0526 1432 HTTP - ok
15:26:11.0546 1432 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:26:11.0546 1432 hwpolicy - ok
15:26:11.0586 1432 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:26:11.0606 1432 i8042prt - ok
15:26:11.0676 1432 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
15:26:11.0686 1432 iaStor - ok
15:26:11.0746 1432 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:26:11.0756 1432 IAStorDataMgrSvc - ok
15:26:11.0826 1432 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:26:11.0836 1432 iaStorV - ok
15:26:11.0946 1432 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:26:11.0976 1432 idsvc - ok
15:26:12.0116 1432 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:26:12.0166 1432 igfx - ok
15:26:12.0236 1432 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:26:12.0256 1432 iirsp - ok
15:26:12.0306 1432 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:26:12.0346 1432 IKEEXT - ok
15:26:12.0476 1432 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
15:26:12.0526 1432 IntcAzAudAddService - ok
15:26:12.0566 1432 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:26:12.0586 1432 intelide - ok
15:26:12.0646 1432 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:26:12.0666 1432 intelppm - ok
15:26:12.0696 1432 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:26:12.0736 1432 IPBusEnum - ok
15:26:12.0746 1432 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:26:12.0766 1432 IpFilterDriver - ok
15:26:12.0826 1432 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:26:12.0856 1432 iphlpsvc - ok
15:26:12.0906 1432 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:26:12.0946 1432 IPMIDRV - ok
15:26:12.0976 1432 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:26:13.0016 1432 IPNAT - ok
15:26:13.0046 1432 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:26:13.0076 1432 IRENUM - ok
15:26:13.0136 1432 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:26:13.0146 1432 isapnp - ok
15:26:13.0176 1432 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:26:13.0186 1432 iScsiPrt - ok
15:26:13.0216 1432 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
15:26:13.0226 1432 kbdclass - ok
15:26:13.0256 1432 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\drivers\kbdhid.sys
15:26:13.0276 1432 kbdhid - ok
15:26:13.0306 1432 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:13.0316 1432 KeyIso - ok
15:26:13.0376 1432 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:26:13.0376 1432 KSecDD - ok
15:26:13.0416 1432 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:26:13.0426 1432 KSecPkg - ok
15:26:13.0446 1432 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:26:13.0476 1432 KtmRm - ok
15:26:13.0556 1432 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
15:26:13.0596 1432 LanmanServer - ok
15:26:13.0626 1432 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:26:13.0656 1432 LanmanWorkstation - ok
15:26:13.0706 1432 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
15:26:13.0736 1432 LgBttPort - ok
15:26:13.0776 1432 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
15:26:13.0786 1432 lgbusenum - ok
15:26:13.0816 1432 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
15:26:13.0836 1432 LGVMODEM - ok
15:26:13.0886 1432 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:26:13.0916 1432 lltdio - ok
15:26:13.0966 1432 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:26:14.0006 1432 lltdsvc - ok
15:26:14.0016 1432 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:26:14.0046 1432 lmhosts - ok
15:26:14.0116 1432 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:26:14.0136 1432 LSI_FC - ok
15:26:14.0186 1432 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:26:14.0196 1432 LSI_SAS - ok
15:26:14.0216 1432 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:26:14.0226 1432 LSI_SAS2 - ok
15:26:14.0246 1432 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:26:14.0256 1432 LSI_SCSI - ok
15:26:14.0276 1432 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:26:14.0306 1432 luafv - ok
15:26:14.0416 1432 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:26:14.0426 1432 MBAMProtector - ok
15:26:14.0466 1432 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:26:14.0486 1432 MBAMService - ok
15:26:14.0516 1432 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:26:14.0526 1432 Mcx2Svc - ok
15:26:14.0566 1432 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:26:14.0576 1432 megasas - ok
15:26:14.0656 1432 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:26:14.0676 1432 MegaSR - ok
15:26:14.0706 1432 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:26:14.0736 1432 MMCSS - ok
15:26:14.0756 1432 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:26:14.0786 1432 Modem - ok
15:26:14.0806 1432 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:26:14.0826 1432 monitor - ok
15:26:14.0896 1432 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
15:26:14.0916 1432 mouclass - ok
15:26:14.0936 1432 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:26:14.0956 1432 mouhid - ok
15:26:14.0976 1432 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:26:14.0986 1432 mountmgr - ok
15:26:15.0006 1432 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:26:15.0016 1432 mpio - ok
15:26:15.0076 1432 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:26:15.0116 1432 mpsdrv - ok
15:26:15.0156 1432 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:26:15.0196 1432 MpsSvc - ok
15:26:15.0226 1432 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:26:15.0256 1432 MRxDAV - ok
15:26:15.0346 1432 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:26:15.0376 1432 mrxsmb - ok
15:26:15.0406 1432 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:26:15.0426 1432 mrxsmb10 - ok
15:26:15.0446 1432 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:26:15.0456 1432 mrxsmb20 - ok
15:26:15.0486 1432 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:26:15.0486 1432 msahci - ok
15:26:15.0566 1432 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:26:15.0586 1432 msdsm - ok
15:26:15.0616 1432 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:26:15.0626 1432 MSDTC - ok
15:26:15.0656 1432 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:26:15.0686 1432 Msfs - ok
15:26:15.0696 1432 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:26:15.0726 1432 mshidkmdf - ok
15:26:15.0796 1432 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:26:15.0816 1432 msisadrv - ok
15:26:15.0856 1432 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:26:15.0886 1432 MSiSCSI - ok
15:26:15.0896 1432 msiserver - ok
15:26:15.0926 1432 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:26:15.0956 1432 MSKSSRV - ok
15:26:15.0976 1432 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:26:16.0006 1432 MSPCLOCK - ok
15:26:16.0046 1432 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:26:16.0076 1432 MSPQM - ok
15:26:16.0096 1432 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:26:16.0106 1432 MsRPC - ok
15:26:16.0136 1432 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:26:16.0136 1432 mssmbios - ok
15:26:16.0196 1432 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:26:16.0226 1432 MSTEE - ok
15:26:16.0256 1432 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:26:16.0276 1432 MTConfig - ok
15:26:16.0296 1432 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:26:16.0306 1432 Mup - ok
15:26:16.0326 1432 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:26:16.0356 1432 napagent - ok
15:26:16.0426 1432 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:26:16.0456 1432 NativeWifiP - ok
15:26:16.0486 1432 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:26:16.0506 1432 NDIS - ok
15:26:16.0536 1432 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:26:16.0566 1432 NdisCap - ok
15:26:16.0626 1432 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:26:16.0676 1432 NdisTapi - ok
15:26:16.0716 1432 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:26:16.0746 1432 Ndisuio - ok
15:26:16.0776 1432 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:26:16.0806 1432 NdisWan - ok
15:26:16.0846 1432 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:26:16.0896 1432 NDProxy - ok
15:26:16.0936 1432 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:26:16.0966 1432 NetBIOS - ok
15:26:16.0996 1432 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:26:17.0026 1432 NetBT - ok
15:26:17.0056 1432 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:17.0066 1432 Netlogon - ok
15:26:17.0126 1432 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:26:17.0176 1432 Netman - ok
15:26:17.0206 1432 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:26:17.0236 1432 netprofm - ok
15:26:17.0296 1432 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:17.0306 1432 NetTcpPortSharing - ok
15:26:17.0366 1432 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:26:17.0386 1432 nfrd960 - ok
15:26:17.0436 1432 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:26:17.0466 1432 NlaSvc - ok
15:26:17.0496 1432 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:26:17.0526 1432 Npfs - ok
15:26:17.0556 1432 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:26:17.0586 1432 nsi - ok
15:26:17.0616 1432 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:26:17.0646 1432 nsiproxy - ok
15:26:17.0686 1432 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:26:17.0716 1432 Ntfs - ok
15:26:17.0736 1432 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:26:17.0756 1432 Null - ok
15:26:17.0826 1432 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:26:17.0846 1432 nvraid - ok
15:26:17.0886 1432 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:26:17.0896 1432 nvstor - ok
15:26:17.0936 1432 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:26:17.0946 1432 nv_agp - ok
15:26:18.0046 1432 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:26:18.0066 1432 odserv - ok
15:26:18.0146 1432 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:26:18.0186 1432 ohci1394 - ok
15:26:18.0216 1432 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:18.0226 1432 ose - ok
15:26:18.0256 1432 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:26:18.0296 1432 p2pimsvc - ok
15:26:18.0346 1432 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:26:18.0366 1432 p2psvc - ok
15:26:18.0416 1432 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:26:18.0426 1432 Parport - ok
15:26:18.0456 1432 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:26:18.0466 1432 partmgr - ok
15:26:18.0486 1432 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:26:18.0506 1432 Parvdm - ok
15:26:18.0536 1432 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:26:18.0546 1432 PcaSvc - ok
15:26:18.0616 1432 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:26:18.0636 1432 pci - ok
15:26:18.0666 1432 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:26:18.0676 1432 pciide - ok
15:26:18.0696 1432 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:26:18.0706 1432 pcmcia - ok
15:26:18.0726 1432 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:26:18.0736 1432 pcw - ok
15:26:18.0766 1432 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:26:18.0796 1432 PEAUTH - ok
15:26:18.0886 1432 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:26:18.0926 1432 pla - ok
15:26:18.0956 1432 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:26:18.0986 1432 PlugPlay - ok
15:26:19.0006 1432 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:26:19.0026 1432 PNRPAutoReg - ok
15:26:19.0076 1432 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:26:19.0086 1432 PNRPsvc - ok
15:26:19.0126 1432 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:26:19.0156 1432 PolicyAgent - ok
15:26:19.0176 1432 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:26:19.0206 1432 Power - ok
15:26:19.0296 1432 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:26:19.0366 1432 PptpMiniport - ok
15:26:19.0436 1432 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:26:19.0456 1432 Processor - ok
15:26:19.0486 1432 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
15:26:19.0506 1432 ProfSvc - ok
15:26:19.0536 1432 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:19.0546 1432 ProtectedStorage - ok
15:26:19.0576 1432 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:26:19.0606 1432 Psched - ok
15:26:19.0656 1432 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:26:19.0676 1432 PSI_SVC_2 - ok
15:26:19.0756 1432 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:26:19.0786 1432 ql2300 - ok
15:26:19.0826 1432 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:26:19.0836 1432 ql40xx - ok
15:26:19.0866 1432 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:26:19.0896 1432 QWAVE - ok
15:26:19.0946 1432 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:26:19.0976 1432 QWAVEdrv - ok
15:26:19.0996 1432 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:26:20.0026 1432 RasAcd - ok
15:26:20.0036 1432 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:26:20.0076 1432 RasAgileVpn - ok
15:26:20.0106 1432 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:26:20.0126 1432 RasAuto - ok
15:26:20.0186 1432 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:26:20.0216 1432 Rasl2tp - ok
15:26:20.0246 1432 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:26:20.0276 1432 RasMan - ok
15:26:20.0296 1432 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:26:20.0326 1432 RasPppoe - ok
15:26:20.0396 1432 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:26:20.0446 1432 RasSstp - ok
15:26:20.0476 1432 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:26:20.0506 1432 rdbss - ok
15:26:20.0536 1432 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:26:20.0556 1432 rdpbus - ok
15:26:20.0606 1432 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:26:20.0656 1432 RDPCDD - ok
15:26:20.0686 1432 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:26:20.0706 1432 RDPENCDD - ok
15:26:20.0716 1432 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:26:20.0746 1432 RDPREFMP - ok
15:26:20.0776 1432 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
15:26:20.0796 1432 RDPWD - ok
15:26:20.0876 1432 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:26:20.0896 1432 rdyboost - ok
15:26:20.0926 1432 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:26:20.0956 1432 RemoteAccess - ok
15:26:20.0986 1432 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:26:21.0006 1432 RemoteRegistry - ok
15:26:21.0046 1432 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:26:21.0076 1432 RpcEptMapper - ok
15:26:21.0116 1432 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:26:21.0146 1432 RpcLocator - ok
15:26:21.0176 1432 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:26:21.0226 1432 RpcSs - ok
15:26:21.0266 1432 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:26:21.0306 1432 rspndr - ok
15:26:21.0386 1432 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:26:21.0466 1432 RTL8167 - ok
15:26:21.0506 1432 RTL8192su (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys
15:26:21.0536 1432 RTL8192su - ok
15:26:21.0586 1432 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:21.0596 1432 SamSs - ok
15:26:21.0646 1432 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:26:21.0656 1432 sbp2port - ok
15:26:21.0676 1432 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:26:21.0696 1432 SCardSvr - ok
15:26:21.0706 1432 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:26:21.0736 1432 scfilter - ok
15:26:21.0806 1432 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:26:21.0856 1432 Schedule - ok
15:26:21.0886 1432 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:26:21.0906 1432 SCPolicySvc - ok
15:26:21.0926 1432 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:26:21.0956 1432 SDRSVC - ok
15:26:22.0026 1432 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:26:22.0076 1432 secdrv - ok
15:26:22.0086 1432 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:26:22.0116 1432 seclogon - ok
15:26:22.0146 1432 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
15:26:22.0166 1432 SENS - ok
15:26:22.0186 1432 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:26:22.0196 1432 SensrSvc - ok
15:26:22.0256 1432 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:26:22.0276 1432 Serenum - ok
15:26:22.0296 1432 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:26:22.0316 1432 Serial - ok
15:26:22.0346 1432 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:26:22.0356 1432 sermouse - ok
15:26:22.0396 1432 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:26:22.0416 1432 SessionEnv - ok
15:26:22.0466 1432 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:26:22.0496 1432 sffdisk - ok
15:26:22.0516 1432 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:26:22.0536 1432 sffp_mmc - ok
15:26:22.0556 1432 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
15:26:22.0576 1432 sffp_sd - ok
15:26:22.0596 1432 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:26:22.0616 1432 sfloppy - ok
15:26:22.0676 1432 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:26:22.0706 1432 SharedAccess - ok
15:26:22.0736 1432 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:26:22.0766 1432 ShellHWDetection - ok
15:26:22.0806 1432 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:26:22.0826 1432 sisagp - ok
15:26:22.0886 1432 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:26:22.0906 1432 SiSRaid2 - ok
15:26:22.0936 1432 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:26:22.0946 1432 SiSRaid4 - ok
15:26:23.0006 1432 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:26:23.0016 1432 SkypeUpdate - ok
15:26:23.0096 1432 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:26:23.0136 1432 Smb - ok
15:26:23.0166 1432 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:26:23.0176 1432 SNMPTRAP - ok
15:26:23.0186 1432 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:26:23.0196 1432 spldr - ok
15:26:23.0236 1432 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:26:23.0266 1432 Spooler - ok
15:26:23.0356 1432 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:26:23.0416 1432 sppsvc - ok
15:26:23.0466 1432 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:26:23.0496 1432 sppuinotify - ok
15:26:23.0536 1432 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:26:23.0566 1432 srv - ok
15:26:23.0606 1432 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:26:23.0626 1432 srv2 - ok
15:26:23.0666 1432 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:26:23.0696 1432 srvnet - ok
15:26:23.0716 1432 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:26:23.0756 1432 SSDPSRV - ok
15:26:23.0776 1432 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:26:23.0776 1432 ssmdrv - ok
15:26:23.0806 1432 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:26:23.0846 1432 SstpSvc - ok
15:26:23.0896 1432 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:26:23.0906 1432 stexstor - ok
15:26:23.0946 1432 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:26:23.0956 1432 StiSvc - ok
15:26:23.0976 1432 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:26:23.0986 1432 swenum - ok
15:26:24.0016 1432 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:26:24.0046 1432 swprv - ok
15:26:24.0126 1432 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:26:24.0166 1432 SysMain - ok
15:26:24.0186 1432 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:26:24.0216 1432 TabletInputService - ok
15:26:24.0246 1432 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:26:24.0286 1432 TapiSrv - ok
15:26:24.0346 1432 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:26:24.0386 1432 TBS - ok
15:26:24.0446 1432 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:26:24.0466 1432 Tcpip - ok
15:26:24.0496 1432 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:26:24.0526 1432 TCPIP6 - ok
15:26:24.0546 1432 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:26:24.0576 1432 tcpipreg - ok
15:26:24.0636 1432 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:26:24.0676 1432 TDPIPE - ok
15:26:24.0696 1432 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:26:24.0716 1432 TDTCP - ok
15:26:24.0746 1432 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:26:24.0776 1432 tdx - ok
15:26:24.0796 1432 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:26:24.0816 1432 TermDD - ok
15:26:24.0856 1432 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:26:24.0886 1432 TermService - ok
15:26:24.0906 1432 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:26:24.0926 1432 Themes - ok
15:26:24.0936 1432 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:26:24.0956 1432 THREADORDER - ok
15:26:24.0996 1432 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:26:25.0026 1432 TrkWks - ok
15:26:25.0076 1432 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:26:25.0126 1432 TrustedInstaller - ok
15:26:25.0156 1432 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:26:25.0186 1432 tssecsrv - ok
15:26:25.0246 1432 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:26:25.0286 1432 TsUsbFlt - ok
15:26:25.0336 1432 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:26:25.0396 1432 tunnel - ok
15:26:25.0426 1432 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:26:25.0436 1432 uagp35 - ok
15:26:25.0496 1432 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:26:25.0526 1432 udfs - ok
15:26:25.0556 1432 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:26:25.0576 1432 UI0Detect - ok
15:26:25.0616 1432 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:26:25.0636 1432 uliagpkx - ok
15:26:25.0696 1432 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:26:25.0716 1432 umbus - ok
15:26:25.0746 1432 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:26:25.0766 1432 UmPass - ok
15:26:25.0806 1432 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:26:25.0826 1432 upnphost - ok
15:26:25.0856 1432 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
15:26:25.0876 1432 usbccgp - ok
15:26:25.0926 1432 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:26:25.0956 1432 usbcir - ok
15:26:25.0976 1432 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:26:25.0986 1432 usbehci - ok
15:26:26.0036 1432 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:26:26.0056 1432 usbhub - ok
15:26:26.0066 1432 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
15:26:26.0076 1432 usbohci - ok
15:26:26.0136 1432 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:26:26.0176 1432 usbprint - ok
15:26:26.0206 1432 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:26:26.0216 1432 usbscan - ok
15:26:26.0256 1432 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:26:26.0276 1432 USBSTOR - ok
15:26:26.0286 1432 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:26:26.0306 1432 usbuhci - ok
15:26:26.0346 1432 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:26:26.0376 1432 UxSms - ok
15:26:26.0416 1432 V0260VID (c90055bd2bb41443462ea715e0876b8d) C:\Windows\system32\DRIVERS\V0260Vid.sys
15:26:26.0436 1432 V0260VID - ok
15:26:26.0466 1432 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:26.0476 1432 VaultSvc - ok
15:26:26.0506 1432 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:26:26.0516 1432 vdrvroot - ok
15:26:26.0556 1432 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:26:26.0586 1432 vds - ok
15:26:26.0616 1432 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:26:26.0636 1432 vga - ok
15:26:26.0656 1432 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:26:26.0676 1432 VgaSave - ok
15:26:26.0706 1432 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:26:26.0716 1432 vhdmp - ok
15:26:26.0776 1432 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:26:26.0796 1432 viaagp - ok
15:26:26.0826 1432 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:26:26.0846 1432 ViaC7 - ok
15:26:26.0886 1432 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:26:26.0896 1432 viaide - ok
15:26:26.0916 1432 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:26:26.0936 1432 volmgr - ok
15:26:26.0976 1432 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:26:26.0986 1432 volmgrx - ok
15:26:27.0016 1432 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:26:27.0026 1432 volsnap - ok
15:26:27.0076 1432 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:26:27.0086 1432 vsmraid - ok
15:26:27.0126 1432 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:26:27.0156 1432 VSS - ok
15:26:27.0196 1432 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:26:27.0206 1432 vwifibus - ok
15:26:27.0246 1432 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:26:27.0266 1432 vwififlt - ok
15:26:27.0286 1432 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:26:27.0296 1432 vwifimp - ok
15:26:27.0336 1432 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:26:27.0376 1432 W32Time - ok
15:26:27.0396 1432 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:26:27.0406 1432 WacomPen - ok
15:26:27.0456 1432 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:26:27.0496 1432 WANARP - ok
15:26:27.0506 1432 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:26:27.0526 1432 Wanarpv6 - ok
15:26:27.0616 1432 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:26:27.0656 1432 WatAdminSvc - ok
15:26:27.0706 1432 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:26:27.0736 1432 wbengine - ok
15:26:27.0776 1432 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:26:27.0796 1432 WbioSrvc - ok
15:26:27.0846 1432 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:26:27.0886 1432 wcncsvc - ok
15:26:27.0906 1432 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:26:27.0936 1432 WcsPlugInService - ok
15:26:27.0986 1432 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:26:28.0006 1432 Wd - ok
15:26:28.0046 1432 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:26:28.0066 1432 Wdf01000 - ok
15:26:28.0086 1432 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:26:28.0126 1432 WdiServiceHost - ok
15:26:28.0136 1432 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:26:28.0156 1432 WdiSystemHost - ok
15:26:28.0206 1432 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:26:28.0226 1432 WebClient - ok
15:26:28.0256 1432 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:26:28.0286 1432 Wecsvc - ok
15:26:28.0306 1432 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:26:28.0336 1432 wercplsupport - ok
15:26:28.0356 1432 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:26:28.0376 1432 WerSvc - ok
15:26:28.0436 1432 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:26:28.0466 1432 WfpLwf - ok
15:26:28.0496 1432 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:26:28.0506 1432 WIMMount - ok
15:26:28.0566 1432 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:26:28.0606 1432 WinDefend - ok
15:26:28.0606 1432 WinHttpAutoProxySvc - ok
15:26:28.0666 1432 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:26:28.0716 1432 Winmgmt - ok
15:26:28.0776 1432 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:26:28.0816 1432 WinRM - ok
15:26:28.0856 1432 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:26:28.0886 1432 Wlansvc - ok
15:26:28.0946 1432 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:26:28.0966 1432 WmiAcpi - ok
15:26:29.0016 1432 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:26:29.0046 1432 wmiApSrv - ok
15:26:29.0106 1432 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:26:29.0166 1432 WMPNetworkSvc - ok
15:26:29.0216 1432 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:26:29.0256 1432 WPCSvc - ok
15:26:29.0286 1432 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:26:29.0306 1432 WPDBusEnum - ok
15:26:29.0356 1432 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:26:29.0376 1432 ws2ifsl - ok
15:26:29.0396 1432 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
15:26:29.0416 1432 wscsvc - ok
15:26:29.0446 1432 WSearch - ok
15:26:29.0496 1432 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
15:26:29.0536 1432 wuauserv - ok
15:26:29.0576 1432 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:26:29.0606 1432 WudfPf - ok
15:26:29.0626 1432 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:26:29.0656 1432 WUDFRd - ok
15:26:29.0716 1432 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:26:29.0756 1432 wudfsvc - ok
15:26:29.0786 1432 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:26:29.0806 1432 WwanSvc - ok
15:26:29.0836 1432 MBR (0x1B8) (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0
15:26:31.0896 1432 \Device\Harddisk0\DR0 - ok
15:26:31.0926 1432 Boot (0x1200) (a96290b5401c2da5a08bb9471d76d503) \Device\Harddisk0\DR0\Partition0
15:26:31.0936 1432 \Device\Harddisk0\DR0\Partition0 - ok
15:26:31.0936 1432 Boot (0x1200) (046bbd7303f14eb983a3f0c302651470) \Device\Harddisk0\DR0\Partition1
15:26:31.0936 1432 \Device\Harddisk0\DR0\Partition1 - ok
15:26:31.0976 1432 Boot (0x1200) (376b50b18dd730f4a63e4b8227f4638c) \Device\Harddisk0\DR0\Partition2
15:26:31.0976 1432 \Device\Harddisk0\DR0\Partition2 - ok
15:26:31.0976 1432 ============================================================
15:26:31.0976 1432 Scan finished
15:26:31.0976 1432 ============================================================
15:26:31.0996 3124 Detected object count: 0
15:26:31.0996 3124 Actual detected object count: 0
Tobi |
|
27.03.2012, 14:35
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hard drive clusters are partly damaged Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 14:57
| #13 |
| | Hard drive clusters are partly damaged Und hier die combofix-log: [Combofix Logfile: Code:
ATTFilter ComboFix 12-03-27.02 - noto 27.03.2012 15:41:33.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.2046 [GMT 2:00]
ausgeführt von:: c:\users\noto\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
c:\windows\system32\grpconv.exe fehlte
Kopie von - c:\windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_a25e7b019f016e70\grpconv.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-27 bis 2012-03-27 ))))))))))))))))))))))))))))))
.
.
2012-03-27 13:45 . 2012-03-27 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 13:45 . 2009-07-14 01:14 16384 ----a-w- c:\windows\system32\grpconv.exe
2012-03-27 12:43 . 2012-03-27 12:43 -------- d-----w- C:\_OTL
2012-03-25 10:26 . 2012-03-25 10:26 -------- d-----w- c:\program files\ESET
2012-03-23 06:54 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C34FE01-354D-44F3-8BDF-93940E6859C8}\mpengine.dll
2012-03-22 15:24 . 2012-03-22 15:24 -------- d-----w- c:\program files\Common Files\Skype
2012-03-22 15:07 . 2012-03-22 15:07 -------- d-----w- c:\users\noto\AppData\Roaming\Malwarebytes
2012-03-22 15:07 . 2012-03-22 15:07 -------- d-----w- c:\programdata\Malwarebytes
2012-03-22 15:07 . 2012-03-22 15:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-22 15:07 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 16:59 . 2012-03-15 16:59 -------- d-----w- c:\windows\system32\Wat
2012-03-14 12:26 . 2012-03-14 12:26 -------- d--h--w- c:\users\noto\AppData\Roaming\Dropbox
2012-03-14 08:21 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 08:21 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:48 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 07:48 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 07:46 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 07:46 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:46 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:46 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 07:46 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:46 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-26 15:07 . 2012-02-26 15:07 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-06-29 13:41 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 07:18 . 2011-05-16 15:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58 . 2012-02-15 08:55 442880 ----a-w- c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 08:55 478720 ----a-w- c:\windows\system32\timedate.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-30 39408]
"LG LinkAir"="c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2012-01-07 2450288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-16 220744]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-23 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-23 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-23 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-23 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-15 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-03-10 249648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 21:28]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 21:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
AddRemove-EVEREST Home Edition_is1 - j:\everest home edition\unins000.exe
AddRemove-Imperialismus - c:\windows\unin0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-27 15:54:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-27 13:54
.
Vor Suchlauf: 5 Verzeichnis(se), 860.362.760.192 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 860.559.773.696 Bytes frei
.
- - End Of File - - DCE36E5A4C6D4E044FD2F97FF45D5418
Grüße uns zwischendurch schon mal ein Danke für die Mühe Übrigens: Oberflächlich sieht es jetzt schon ziemlich gut aus. Bin gespannt auf dein Urteil |
|
27.03.2012, 15:39
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hard drive clusters are partly damaged Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2012, 16:55
| #15 |
| | Hard drive clusters are partly damaged Gmer: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-27 17:54:34
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP4O
Running: 3pvw120o.exe; Driver: C:\Users\noto\AppData\Local\Temp\pwldqpog.sys
---- System - GMER 1.0.15 ----
SSDT 918E8C36 ZwCreateSection
SSDT 918E8C3B ZwSetContextThread
SSDT 918E8BD7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 8347F3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B8D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 834BFEEC 4 Bytes [36, 8C, 8E, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 834C028C 4 Bytes [3B, 8C, 8E, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 834C0364 4 Bytes [D7, 8B, 8E, 91]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x92014000, 0x2FBAB4, 0xE8000020]
? C:\Windows\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
[/code] Osam OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 18:05:49 on 27.03.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ADB Interface Driver" (androidusb) - ? - C:\Windows\System32\Drivers\lgandadb.sys (File not found) "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\noto\AppData\Local\Temp\catchme.sys (File not found) "cpuz132" (cpuz132) - ? - C:\Users\noto\AppData\Local\Temp\cpuz132\cpuz132_x32.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "pwldqpog" (pwldqpog) - ? - C:\Users\noto\AppData\Local\Temp\pwldqpog.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (File not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll {872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "LG LinkAir" - ? - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "B2C_AGENT" - "LG Electronics" - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe "BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun "Family Tree Builder Update" - "MyHeritage" - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe "IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" "PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe "PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" "SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] und die aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 18:08:17
-----------------------------
18:08:17.665 OS Version: Windows 6.1.7601 Service Pack 1
18:08:17.665 Number of processors: 2 586 0x170A
18:08:17.667 ComputerName: NOTO-PC UserName: noto
18:08:20.364 Initialize success
18:10:40.399 AVAST engine defs: 12032701
18:12:09.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:12:09.225 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
18:12:09.325 Disk 0 MBR read successfully
18:12:09.325 Disk 0 MBR scan
18:12:09.335 Disk 0 unknown MBR code
18:12:09.345 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:12:09.395 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 911782 MB offset 206848
18:12:09.475 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 1867536384
18:12:09.505 Disk 0 Partition 4 00 12 Compaq diag NTFS 1025 MB offset 1951422464
18:12:09.545 Disk 0 scanning sectors +1953521664
18:12:09.815 Disk 0 scanning C:\Windows\system32\drivers
18:12:56.245 Service scanning
18:13:13.435 Modules scanning
18:14:11.796 Disk 0 trace - called modules:
18:14:11.826 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
18:14:11.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x885827c8]
18:14:11.836 3 CLASSPNP.SYS[8bf8b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866de028]
18:14:15.206 AVAST engine scan C:\Windows
18:18:22.927 AVAST engine scan C:\Windows\system32
18:23:39.608 AVAST engine scan C:\Windows\system32\drivers
18:23:52.798 AVAST engine scan C:\Users\noto
18:27:28.365 File: C:\Users\noto\AppData\Local\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
18:27:28.675 File: C:\Users\noto\AppData\Local\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
18:37:04.912 AVAST engine scan C:\ProgramData
18:37:41.922 Scan finished successfully
19:04:05.419 Disk 0 MBR has been saved successfully to "C:\Users\noto\Desktop\MBR.dat"
19:04:05.419 The log file has been saved successfully to "C:\Users\noto\Desktop\aswMBR.txt"
Geändert von tomabien (27.03.2012 um 17:07 Uhr) |
|
| Themen zu Hard drive clusters are partly damaged |
| administrator, autostart, avira, bingbar, dateien, dateisystem, defender, desktop, explorer, fehlermeldung, folge, forum, gelöscht, google, harddisk, heuristiks/extra, heuristiks/shuriken, malwarebytes, microsoft, object, office, rootkit, seite, server, software, suche, system32, temp, trojan.agent.ge, windows media player |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
