Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hard drive clusters are partly damaged

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.03.2012, 16:03   #1
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Hallo,

ich hatte die Fehlermeldung "Hard drive clusters are partly damaged", fand viele Dateien nicht mehr, Bildschirmhintergrund war schwarz und es kamen ganz viele Fehlermeldungen. Habe dann bei der Suche nach Lösungen hier im Forum folgende Seite gefunden:

http://www.trojaner-board.de/108567-...or-andere.html

und ich habe die Anweisungen ausgeführt.

Log von Malwarebytes war:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.03

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
noto :: NOTO-PC [Administrator]

Schutz: Deaktiviert

22.03.2012 16:08:24
mbam-log-2012-03-22 (16-08-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 185835
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\BeNNFxoTOFDUaV.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Daten: grpconv -o -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\1F4YgiGnRbZJxQ.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\noto\AppData\Local\Temp\7tpHrwTdM3ELad.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


TDSSKiller hat nichts gefunden. Der Log lautet:

6:20:23.0755 1428 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:20:23.0817 1428 ============================================================
16:20:23.0817 1428 Current date / time: 2012/03/22 16:20:23.0817
16:20:23.0817 1428 SystemInfo:
16:20:23.0817 1428
16:20:23.0817 1428 OS Version: 6.1.7601 ServicePack: 1.0
16:20:23.0817 1428 Product type: Workstation
16:20:23.0817 1428 ComputerName: NOTO-PC
16:20:23.0817 1428 UserName: noto
16:20:23.0817 1428 Windows directory: C:\Windows
16:20:23.0817 1428 System windows directory: C:\Windows
16:20:23.0817 1428 Processor architecture: Intel x86
16:20:23.0817 1428 Number of processors: 2
16:20:23.0817 1428 Page size: 0x1000
16:20:23.0817 1428 Boot type: Safe boot
16:20:23.0817 1428 ============================================================
16:20:24.0488 1428 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:20:24.0582 1428 \Device\Harddisk0\DR0:
16:20:24.0582 1428 MBR used
16:20:24.0582 1428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:20:24.0582 1428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
16:20:24.0582 1428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
16:20:24.0644 1428 Initialize success
16:20:24.0644 1428 ============================================================
16:20:40.0150 1464 ============================================================
16:20:40.0150 1464 Scan started
16:20:40.0150 1464 Mode: Manual;
16:20:40.0150 1464 ============================================================
16:20:40.0525 1464 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:20:40.0540 1464 1394ohci - ok
16:20:40.0618 1464 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:20:40.0618 1464 ACPI - ok
16:20:40.0665 1464 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:20:40.0665 1464 AcpiPmi - ok
16:20:40.0728 1464 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:20:40.0743 1464 adp94xx - ok
16:20:40.0790 1464 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:20:40.0790 1464 adpahci - ok
16:20:40.0821 1464 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:20:40.0821 1464 adpu320 - ok
16:20:40.0837 1464 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:20:40.0852 1464 AeLookupSvc - ok
16:20:40.0899 1464 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:20:40.0915 1464 AFD - ok
16:20:40.0977 1464 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:20:40.0977 1464 agp440 - ok
16:20:41.0024 1464 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:20:41.0024 1464 aic78xx - ok
16:20:41.0055 1464 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:20:41.0055 1464 ALG - ok
16:20:41.0071 1464 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:20:41.0071 1464 aliide - ok
16:20:41.0118 1464 AMD External Events Utility (60201ad353105d8c6796c1b69e6c49f0) C:\Windows\system32\atiesrxx.exe
16:20:41.0118 1464 AMD External Events Utility - ok
16:20:41.0133 1464 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:20:41.0133 1464 amdagp - ok
16:20:41.0196 1464 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:20:41.0196 1464 amdide - ok
16:20:41.0242 1464 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:20:41.0242 1464 AmdK8 - ok
16:20:41.0336 1464 amdkmdag (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
16:20:41.0383 1464 amdkmdag - ok
16:20:41.0430 1464 amdkmdap (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
16:20:41.0445 1464 amdkmdap - ok
16:20:41.0508 1464 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:20:41.0508 1464 AmdPPM - ok
16:20:41.0539 1464 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:20:41.0539 1464 amdsata - ok
16:20:41.0570 1464 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:20:41.0570 1464 amdsbs - ok
16:20:41.0586 1464 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:20:41.0586 1464 amdxata - ok
16:20:41.0617 1464 Andbus (3e59df4984fbd6800d6621480b38a34e) C:\Windows\system32\DRIVERS\lgandbus.sys
16:20:41.0617 1464 Andbus - ok
16:20:41.0648 1464 AndDiag (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\Windows\system32\DRIVERS\lganddiag.sys
16:20:41.0648 1464 AndDiag - ok
16:20:41.0710 1464 AndGps (1d2c90e25483363d54b652898bbc8f2a) C:\Windows\system32\DRIVERS\lgandgps.sys
16:20:41.0710 1464 AndGps - ok
16:20:41.0726 1464 ANDModem (b1b06a95da2cac7fa19832c60c348c85) C:\Windows\system32\DRIVERS\lgandmodem.sys
16:20:41.0726 1464 ANDModem - ok
16:20:41.0742 1464 androidusb - ok
16:20:41.0804 1464 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:20:41.0804 1464 AntiVirSchedulerService - ok
16:20:41.0820 1464 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:20:41.0820 1464 AntiVirService - ok
16:20:41.0866 1464 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:20:41.0866 1464 AppID - ok
16:20:41.0913 1464 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:20:41.0913 1464 AppIDSvc - ok
16:20:41.0944 1464 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:20:41.0944 1464 Appinfo - ok
16:20:41.0991 1464 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:20:41.0991 1464 arc - ok
16:20:42.0007 1464 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:20:42.0007 1464 arcsas - ok
16:20:42.0054 1464 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:20:42.0054 1464 AsyncMac - ok
16:20:42.0069 1464 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:20:42.0069 1464 atapi - ok
16:20:42.0163 1464 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
16:20:42.0178 1464 AtiHdmiService - ok
16:20:42.0210 1464 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:20:42.0210 1464 AudioEndpointBuilder - ok
16:20:42.0225 1464 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:20:42.0225 1464 Audiosrv - ok
16:20:42.0272 1464 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
16:20:42.0272 1464 avgntflt - ok
16:20:42.0288 1464 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
16:20:42.0303 1464 avipbb - ok
16:20:42.0350 1464 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:20:42.0350 1464 AxInstSV - ok
16:20:42.0397 1464 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:20:42.0412 1464 b06bdrv - ok
16:20:42.0444 1464 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:20:42.0444 1464 b57nd60x - ok
16:20:42.0522 1464 BBSvc (483f1162eeebd10bf77fbb32db963370) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:20:42.0522 1464 BBSvc - ok
16:20:42.0568 1464 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:20:42.0568 1464 BBUpdate - ok
16:20:42.0631 1464 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:20:42.0631 1464 BDESVC - ok
16:20:42.0662 1464 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:20:42.0662 1464 Beep - ok
16:20:42.0693 1464 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:20:42.0709 1464 BFE - ok
16:20:42.0724 1464 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:20:42.0740 1464 BITS - ok
16:20:42.0756 1464 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:20:42.0756 1464 blbdrive - ok
16:20:42.0787 1464 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:20:42.0787 1464 bowser - ok
16:20:42.0849 1464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:20:42.0849 1464 BrFiltLo - ok
16:20:42.0865 1464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:20:42.0865 1464 BrFiltUp - ok
16:20:42.0896 1464 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:20:42.0896 1464 Browser - ok
16:20:42.0927 1464 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:20:42.0927 1464 Brserid - ok
16:20:42.0958 1464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:20:42.0958 1464 BrSerWdm - ok
16:20:42.0990 1464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:20:42.0990 1464 BrUsbMdm - ok
16:20:43.0036 1464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:20:43.0036 1464 BrUsbSer - ok
16:20:43.0068 1464 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:20:43.0068 1464 BTHMODEM - ok
16:20:43.0099 1464 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:20:43.0099 1464 bthserv - ok
16:20:43.0114 1464 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:20:43.0114 1464 cdfs - ok
16:20:43.0177 1464 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:20:43.0177 1464 cdrom - ok
16:20:43.0239 1464 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:20:43.0239 1464 CertPropSvc - ok
16:20:43.0286 1464 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:20:43.0286 1464 circlass - ok
16:20:43.0317 1464 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:20:43.0317 1464 CLFS - ok
16:20:43.0380 1464 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:20:43.0380 1464 clr_optimization_v2.0.50727_32 - ok
16:20:43.0442 1464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:20:43.0442 1464 clr_optimization_v4.0.30319_32 - ok
16:20:43.0489 1464 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:20:43.0504 1464 CmBatt - ok
16:20:43.0536 1464 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:20:43.0536 1464 cmdide - ok
16:20:43.0582 1464 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:20:43.0582 1464 CNG - ok
16:20:43.0598 1464 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:20:43.0598 1464 Compbatt - ok
16:20:43.0645 1464 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:20:43.0645 1464 CompositeBus - ok
16:20:43.0676 1464 COMSysApp - ok
16:20:43.0707 1464 cpuz132 - ok
16:20:43.0754 1464 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:20:43.0754 1464 crcdisk - ok
16:20:43.0801 1464 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:20:43.0801 1464 CryptSvc - ok
16:20:43.0832 1464 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:20:43.0832 1464 DcomLaunch - ok
16:20:43.0863 1464 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:20:43.0863 1464 defragsvc - ok
16:20:43.0926 1464 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:20:43.0926 1464 DfsC - ok
16:20:43.0972 1464 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:20:43.0972 1464 Dhcp - ok
16:20:44.0004 1464 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:20:44.0004 1464 discache - ok
16:20:44.0050 1464 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:20:44.0050 1464 Disk - ok
16:20:44.0066 1464 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:20:44.0066 1464 Dnscache - ok
16:20:44.0113 1464 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:20:44.0128 1464 dot3svc - ok
16:20:44.0144 1464 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:20:44.0144 1464 DPS - ok
16:20:44.0191 1464 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:20:44.0191 1464 drmkaud - ok
16:20:44.0222 1464 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:20:44.0238 1464 DXGKrnl - ok
16:20:44.0269 1464 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:20:44.0269 1464 EapHost - ok
16:20:44.0378 1464 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:20:44.0409 1464 ebdrv - ok
16:20:44.0440 1464 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:20:44.0440 1464 EFS - ok
16:20:44.0503 1464 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:20:44.0503 1464 ehRecvr - ok
16:20:44.0518 1464 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:20:44.0518 1464 ehSched - ok
16:20:44.0612 1464 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:20:44.0612 1464 elxstor - ok
16:20:44.0643 1464 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:20:44.0643 1464 ErrDev - ok
16:20:44.0690 1464 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:20:44.0690 1464 EventSystem - ok
16:20:44.0706 1464 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:20:44.0706 1464 exfat - ok
16:20:44.0721 1464 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:20:44.0721 1464 fastfat - ok
16:20:44.0784 1464 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:20:44.0784 1464 Fax - ok
16:20:44.0830 1464 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:20:44.0830 1464 fdc - ok
16:20:44.0862 1464 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:20:44.0862 1464 fdPHost - ok
16:20:44.0877 1464 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:20:44.0877 1464 FDResPub - ok
16:20:44.0908 1464 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:20:44.0908 1464 FileInfo - ok
16:20:44.0955 1464 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:20:44.0955 1464 Filetrace - ok
16:20:44.0986 1464 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:20:44.0986 1464 flpydisk - ok
16:20:45.0002 1464 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:20:45.0018 1464 FltMgr - ok
16:20:45.0049 1464 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:20:45.0049 1464 FontCache - ok
16:20:45.0096 1464 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:20:45.0111 1464 FontCache3.0.0.0 - ok
16:20:45.0174 1464 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:20:45.0174 1464 FsDepends - ok
16:20:45.0189 1464 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
16:20:45.0189 1464 Fs_Rec - ok
16:20:45.0236 1464 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:20:45.0236 1464 fvevol - ok
16:20:45.0267 1464 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:20:45.0267 1464 gagp30kx - ok
16:20:45.0298 1464 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:20:45.0314 1464 gpsvc - ok
16:20:45.0408 1464 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:20:45.0408 1464 gupdate - ok
16:20:45.0423 1464 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:20:45.0423 1464 gupdatem - ok
16:20:45.0439 1464 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:20:45.0439 1464 gusvc - ok
16:20:45.0501 1464 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:20:45.0501 1464 hcw85cir - ok
16:20:45.0532 1464 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
16:20:45.0532 1464 HdAudAddService - ok
16:20:45.0579 1464 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:20:45.0579 1464 HDAudBus - ok
16:20:45.0595 1464 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:20:45.0595 1464 HidBatt - ok
16:20:45.0610 1464 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:20:45.0610 1464 HidBth - ok
16:20:45.0673 1464 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:20:45.0673 1464 HidIr - ok
16:20:45.0720 1464 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:20:45.0720 1464 hidserv - ok
16:20:45.0751 1464 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\drivers\hidusb.sys
16:20:45.0751 1464 HidUsb - ok
16:20:45.0766 1464 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:20:45.0766 1464 hkmsvc - ok
16:20:45.0798 1464 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:20:45.0798 1464 HomeGroupListener - ok
16:20:45.0829 1464 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:20:45.0829 1464 HomeGroupProvider - ok
16:20:45.0876 1464 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:20:45.0891 1464 HpSAMD - ok
16:20:45.0938 1464 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:20:45.0938 1464 HTTP - ok
16:20:45.0954 1464 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:20:45.0954 1464 hwpolicy - ok
16:20:46.0016 1464 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:20:46.0016 1464 i8042prt - ok
16:20:46.0047 1464 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
16:20:46.0047 1464 iaStor - ok
16:20:46.0110 1464 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:20:46.0110 1464 IAStorDataMgrSvc - ok
16:20:46.0188 1464 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:20:46.0203 1464 iaStorV - ok
16:20:46.0281 1464 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:20:46.0297 1464 idsvc - ok
16:20:46.0390 1464 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:20:46.0437 1464 igfx - ok
16:20:46.0515 1464 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:20:46.0515 1464 iirsp - ok
16:20:46.0562 1464 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:20:46.0562 1464 IKEEXT - ok
16:20:46.0656 1464 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
16:20:46.0687 1464 IntcAzAudAddService - ok
16:20:46.0749 1464 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:20:46.0749 1464 intelide - ok
16:20:46.0796 1464 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:20:46.0796 1464 intelppm - ok
16:20:46.0812 1464 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:20:46.0827 1464 IPBusEnum - ok
16:20:46.0843 1464 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:20:46.0843 1464 IpFilterDriver - ok
16:20:46.0874 1464 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:20:46.0890 1464 iphlpsvc - ok
16:20:46.0921 1464 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:20:46.0921 1464 IPMIDRV - ok
16:20:46.0983 1464 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:20:46.0983 1464 IPNAT - ok
16:20:47.0014 1464 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:20:47.0014 1464 IRENUM - ok
16:20:47.0030 1464 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:20:47.0030 1464 isapnp - ok
16:20:47.0046 1464 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:20:47.0061 1464 iScsiPrt - ok
16:20:47.0077 1464 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:20:47.0077 1464 kbdclass - ok
16:20:47.0108 1464 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\drivers\kbdhid.sys
16:20:47.0108 1464 kbdhid - ok
16:20:47.0170 1464 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:20:47.0170 1464 KeyIso - ok
16:20:47.0202 1464 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:20:47.0202 1464 KSecDD - ok
16:20:47.0233 1464 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:20:47.0233 1464 KSecPkg - ok
16:20:47.0264 1464 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:20:47.0264 1464 KtmRm - ok
16:20:47.0295 1464 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
16:20:47.0295 1464 LanmanServer - ok
16:20:47.0358 1464 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:20:47.0358 1464 LanmanWorkstation - ok
16:20:47.0404 1464 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
16:20:47.0404 1464 LgBttPort - ok
16:20:47.0420 1464 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
16:20:47.0420 1464 lgbusenum - ok
16:20:47.0467 1464 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
16:20:47.0467 1464 LGVMODEM - ok
16:20:47.0514 1464 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:20:47.0514 1464 lltdio - ok
16:20:47.0529 1464 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:20:47.0545 1464 lltdsvc - ok
16:20:47.0576 1464 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:20:47.0576 1464 lmhosts - ok
16:20:47.0623 1464 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:20:47.0623 1464 LSI_FC - ok
16:20:47.0654 1464 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:20:47.0654 1464 LSI_SAS - ok
16:20:47.0685 1464 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:20:47.0685 1464 LSI_SAS2 - ok
16:20:47.0732 1464 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:20:47.0732 1464 LSI_SCSI - ok
16:20:47.0748 1464 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:20:47.0748 1464 luafv - ok
16:20:47.0841 1464 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:20:47.0841 1464 MBAMProtector - ok
16:20:47.0888 1464 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:20:47.0904 1464 MBAMService - ok
16:20:47.0950 1464 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:20:47.0950 1464 Mcx2Svc - ok
16:20:47.0982 1464 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:20:47.0982 1464 megasas - ok
16:20:48.0044 1464 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:20:48.0044 1464 MegaSR - ok
16:20:48.0075 1464 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:20:48.0075 1464 MMCSS - ok
16:20:48.0091 1464 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:20:48.0091 1464 Modem - ok
16:20:48.0122 1464 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:20:48.0122 1464 monitor - ok
16:20:48.0138 1464 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
16:20:48.0138 1464 mouclass - ok
16:20:48.0169 1464 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:20:48.0169 1464 mouhid - ok
16:20:48.0184 1464 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:20:48.0184 1464 mountmgr - ok
16:20:48.0247 1464 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:20:48.0247 1464 mpio - ok
16:20:48.0278 1464 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:20:48.0294 1464 mpsdrv - ok
16:20:48.0309 1464 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:20:48.0325 1464 MpsSvc - ok
16:20:48.0356 1464 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:20:48.0356 1464 MRxDAV - ok
16:20:48.0418 1464 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:20:48.0418 1464 mrxsmb - ok
16:20:48.0450 1464 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:20:48.0465 1464 mrxsmb10 - ok
16:20:48.0496 1464 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:20:48.0496 1464 mrxsmb20 - ok
16:20:48.0528 1464 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:20:48.0528 1464 msahci - ok
16:20:48.0559 1464 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:20:48.0559 1464 msdsm - ok
16:20:48.0621 1464 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:20:48.0621 1464 MSDTC - ok
16:20:48.0668 1464 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:20:48.0668 1464 Msfs - ok
16:20:48.0668 1464 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:20:48.0668 1464 mshidkmdf - ok
16:20:48.0699 1464 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:20:48.0699 1464 msisadrv - ok
16:20:48.0746 1464 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:20:48.0746 1464 MSiSCSI - ok
16:20:48.0746 1464 msiserver - ok
16:20:48.0777 1464 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:20:48.0777 1464 MSKSSRV - ok
16:20:48.0840 1464 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:20:48.0840 1464 MSPCLOCK - ok
16:20:48.0855 1464 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:20:48.0855 1464 MSPQM - ok
16:20:48.0871 1464 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:20:48.0871 1464 MsRPC - ok
16:20:48.0902 1464 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:20:48.0902 1464 mssmbios - ok
16:20:48.0933 1464 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:20:48.0933 1464 MSTEE - ok
16:20:48.0949 1464 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:20:48.0949 1464 MTConfig - ok
16:20:49.0011 1464 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:20:49.0011 1464 Mup - ok
16:20:49.0042 1464 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:20:49.0042 1464 napagent - ok
16:20:49.0074 1464 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:20:49.0074 1464 NativeWifiP - ok
16:20:49.0105 1464 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:20:49.0120 1464 NDIS - ok
16:20:49.0167 1464 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:20:49.0167 1464 NdisCap - ok
16:20:49.0230 1464 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:20:49.0230 1464 NdisTapi - ok
16:20:49.0245 1464 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:20:49.0245 1464 Ndisuio - ok
16:20:49.0276 1464 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:20:49.0276 1464 NdisWan - ok
16:20:49.0308 1464 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:20:49.0308 1464 NDProxy - ok
16:20:49.0323 1464 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:20:49.0323 1464 NetBIOS - ok
16:20:49.0354 1464 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:20:49.0354 1464 NetBT - ok
16:20:49.0401 1464 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:20:49.0417 1464 Netlogon - ok
16:20:49.0448 1464 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:20:49.0448 1464 Netman - ok
16:20:49.0464 1464 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:20:49.0464 1464 netprofm - ok
16:20:49.0526 1464 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:20:49.0526 1464 NetTcpPortSharing - ok
16:20:49.0588 1464 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:20:49.0588 1464 nfrd960 - ok
16:20:49.0651 1464 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:20:49.0651 1464 NlaSvc - ok
16:20:49.0682 1464 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:20:49.0682 1464 Npfs - ok
16:20:49.0713 1464 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:20:49.0713 1464 nsi - ok
16:20:49.0729 1464 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:20:49.0729 1464 nsiproxy - ok
16:20:49.0776 1464 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:20:49.0776 1464 Ntfs - ok
16:20:49.0854 1464 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:20:49.0854 1464 Null - ok
16:20:49.0885 1464 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:20:49.0885 1464 nvraid - ok
16:20:49.0900 1464 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:20:49.0900 1464 nvstor - ok
16:20:49.0932 1464 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:20:49.0932 1464 nv_agp - ok
16:20:50.0025 1464 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:20:50.0041 1464 odserv - ok
16:20:50.0119 1464 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:20:50.0119 1464 ohci1394 - ok
16:20:50.0150 1464 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:20:50.0150 1464 ose - ok
16:20:50.0181 1464 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:20:50.0181 1464 p2pimsvc - ok
16:20:50.0197 1464 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:20:50.0197 1464 p2psvc - ok
16:20:50.0228 1464 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:20:50.0228 1464 Parport - ok
16:20:50.0244 1464 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
16:20:50.0244 1464 partmgr - ok
16:20:50.0306 1464 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:20:50.0306 1464 Parvdm - ok
16:20:50.0322 1464 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:20:50.0337 1464 PcaSvc - ok
16:20:50.0353 1464 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:20:50.0368 1464 pci - ok
16:20:50.0384 1464 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:20:50.0384 1464 pciide - ok
16:20:50.0415 1464 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:20:50.0415 1464 pcmcia - ok
16:20:50.0446 1464 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:20:50.0446 1464 pcw - ok
16:20:50.0509 1464 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:20:50.0524 1464 PEAUTH - ok
16:20:50.0587 1464 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:20:50.0602 1464 pla - ok
16:20:50.0618 1464 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:20:50.0634 1464 PlugPlay - ok
16:20:50.0665 1464 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:20:50.0665 1464 PNRPAutoReg - ok
16:20:50.0712 1464 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:20:50.0712 1464 PNRPsvc - ok
16:20:50.0743 1464 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:20:50.0743 1464 PolicyAgent - ok
16:20:50.0774 1464 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:20:50.0774 1464 Power - ok
16:20:50.0821 1464 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:20:50.0821 1464 PptpMiniport - ok
16:20:50.0852 1464 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:20:50.0852 1464 Processor - ok
16:20:50.0914 1464 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:20:50.0914 1464 ProfSvc - ok
16:20:50.0946 1464 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:20:50.0946 1464 ProtectedStorage - ok
16:20:50.0961 1464 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:20:50.0961 1464 Psched - ok
16:20:51.0024 1464 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:20:51.0024 1464 PSI_SVC_2 - ok
16:20:51.0086 1464 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:20:51.0102 1464 ql2300 - ok
16:20:51.0180 1464 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:20:51.0180 1464 ql40xx - ok
16:20:51.0211 1464 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:20:51.0211 1464 QWAVE - ok
16:20:51.0226 1464 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:20:51.0226 1464 QWAVEdrv - ok
16:20:51.0258 1464 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:20:51.0258 1464 RasAcd - ok
16:20:51.0289 1464 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:20:51.0304 1464 RasAgileVpn - ok
16:20:51.0336 1464 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:20:51.0351 1464 RasAuto - ok
16:20:51.0367 1464 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:20:51.0367 1464 Rasl2tp - ok
16:20:51.0414 1464 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:20:51.0414 1464 RasMan - ok
16:20:51.0429 1464 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:20:51.0445 1464 RasPppoe - ok
16:20:51.0476 1464 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:20:51.0476 1464 RasSstp - ok
16:20:51.0507 1464 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:20:51.0507 1464 rdbss - ok
16:20:51.0538 1464 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:20:51.0538 1464 rdpbus - ok
16:20:51.0585 1464 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:20:51.0585 1464 RDPCDD - ok
16:20:51.0601 1464 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:20:51.0601 1464 RDPENCDD - ok
16:20:51.0616 1464 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:20:51.0616 1464 RDPREFMP - ok
16:20:51.0648 1464 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:20:51.0648 1464 RDPWD - ok
16:20:51.0679 1464 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:20:51.0679 1464 rdyboost - ok
16:20:51.0694 1464 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:20:51.0694 1464 RemoteAccess - ok
16:20:51.0757 1464 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:20:51.0757 1464 RemoteRegistry - ok
16:20:51.0788 1464 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:20:51.0788 1464 RpcEptMapper - ok
16:20:51.0804 1464 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:20:51.0804 1464 RpcLocator - ok
16:20:51.0819 1464 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:20:51.0835 1464 RpcSs - ok
16:20:51.0866 1464 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:20:51.0866 1464 rspndr - ok
16:20:51.0913 1464 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:20:51.0913 1464 RTL8167 - ok
16:20:51.0991 1464 RTL8192su (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys
16:20:51.0991 1464 RTL8192su - ok
16:20:52.0022 1464 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:20:52.0022 1464 SamSs - ok
16:20:52.0053 1464 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:20:52.0053 1464 sbp2port - ok
16:20:52.0100 1464 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:20:52.0100 1464 SCardSvr - ok
16:20:52.0131 1464 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:20:52.0131 1464 scfilter - ok
16:20:52.0194 1464 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:20:52.0209 1464 Schedule - ok
16:20:52.0240 1464 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:20:52.0240 1464 SCPolicySvc - ok
16:20:52.0256 1464 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:20:52.0256 1464 SDRSVC - ok
16:20:52.0303 1464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:20:52.0303 1464 secdrv - ok
16:20:52.0318 1464 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:20:52.0318 1464 seclogon - ok
16:20:52.0365 1464 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:20:52.0365 1464 SENS - ok
16:20:52.0396 1464 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:20:52.0396 1464 SensrSvc - ok
16:20:52.0412 1464 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:20:52.0412 1464 Serenum - ok
16:20:52.0428 1464 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:20:52.0428 1464 Serial - ok
16:20:52.0459 1464 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:20:52.0459 1464 sermouse - ok
16:20:52.0506 1464 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:20:52.0506 1464 SessionEnv - ok
16:20:52.0552 1464 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:20:52.0552 1464 sffdisk - ok
16:20:52.0584 1464 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:20:52.0584 1464 sffp_mmc - ok
16:20:52.0599 1464 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
16:20:52.0599 1464 sffp_sd - ok
16:20:52.0630 1464 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:20:52.0630 1464 sfloppy - ok
16:20:52.0662 1464 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:20:52.0662 1464 SharedAccess - ok
16:20:52.0708 1464 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:20:52.0708 1464 ShellHWDetection - ok
16:20:52.0786 1464 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:20:52.0786 1464 sisagp - ok
16:20:52.0818 1464 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:20:52.0818 1464 SiSRaid2 - ok
16:20:52.0849 1464 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:20:52.0849 1464 SiSRaid4 - ok
16:20:52.0880 1464 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:20:52.0880 1464 Smb - ok
16:20:52.0911 1464 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:20:52.0911 1464 SNMPTRAP - ok
16:20:52.0958 1464 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:20:52.0958 1464 spldr - ok
16:20:52.0989 1464 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:20:53.0005 1464 Spooler - ok
16:20:53.0067 1464 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:20:53.0098 1464 sppsvc - ok
16:20:53.0130 1464 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:20:53.0130 1464 sppuinotify - ok
16:20:53.0192 1464 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:20:53.0192 1464 srv - ok
16:20:53.0223 1464 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:20:53.0223 1464 srv2 - ok
16:20:53.0254 1464 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:20:53.0254 1464 srvnet - ok
16:20:53.0286 1464 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:20:53.0286 1464 SSDPSRV - ok
16:20:53.0317 1464 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
16:20:53.0317 1464 ssmdrv - ok
16:20:53.0364 1464 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:20:53.0364 1464 SstpSvc - ok
16:20:53.0410 1464 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:20:53.0410 1464 stexstor - ok
16:20:53.0504 1464 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:20:53.0504 1464 StiSvc - ok
16:20:53.0520 1464 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:20:53.0535 1464 swenum - ok
16:20:53.0551 1464 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:20:53.0551 1464 swprv - ok
16:20:53.0613 1464 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:20:53.0613 1464 SysMain - ok
16:20:53.0676 1464 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:20:53.0676 1464 TabletInputService - ok
16:20:53.0707 1464 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:20:53.0707 1464 TapiSrv - ok
16:20:53.0722 1464 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:20:53.0738 1464 TBS - ok
16:20:53.0785 1464 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
16:20:53.0800 1464 Tcpip - ok
16:20:53.0832 1464 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
16:20:53.0847 1464 TCPIP6 - ok
16:20:53.0878 1464 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:20:53.0878 1464 tcpipreg - ok
16:20:53.0925 1464 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:20:53.0925 1464 TDPIPE - ok
16:20:53.0956 1464 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:20:53.0972 1464 TDTCP - ok
16:20:53.0988 1464 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:20:53.0988 1464 tdx - ok
16:20:54.0034 1464 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:20:54.0034 1464 TermDD - ok
16:20:54.0066 1464 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:20:54.0066 1464 TermService - ok
16:20:54.0112 1464 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:20:54.0112 1464 Themes - ok
16:20:54.0159 1464 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:20:54.0159 1464 THREADORDER - ok
16:20:54.0175 1464 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:20:54.0190 1464 TrkWks - ok
16:20:54.0206 1464 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:20:54.0206 1464 TrustedInstaller - ok
16:20:54.0237 1464 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:20:54.0237 1464 tssecsrv - ok
16:20:54.0284 1464 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:20:54.0284 1464 TsUsbFlt - ok
16:20:54.0346 1464 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:20:54.0362 1464 tunnel - ok
16:20:54.0393 1464 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:20:54.0393 1464 uagp35 - ok
16:20:54.0424 1464 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:20:54.0424 1464 udfs - ok
16:20:54.0471 1464 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:20:54.0471 1464 UI0Detect - ok
16:20:54.0502 1464 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:20:54.0502 1464 uliagpkx - ok
16:20:54.0549 1464 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:20:54.0549 1464 umbus - ok
16:20:54.0580 1464 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:20:54.0580 1464 UmPass - ok
16:20:54.0612 1464 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:20:54.0612 1464 upnphost - ok
16:20:54.0627 1464 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
16:20:54.0627 1464 usbccgp - ok
16:20:54.0658 1464 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:20:54.0658 1464 usbcir - ok
16:20:54.0690 1464 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:20:54.0690 1464 usbehci - ok
16:20:54.0752 1464 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:20:54.0752 1464 usbhub - ok
16:20:54.0799 1464 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
16:20:54.0799 1464 usbohci - ok
16:20:54.0830 1464 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:20:54.0830 1464 usbprint - ok
16:20:54.0892 1464 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
16:20:54.0892 1464 usbscan - ok
16:20:54.0924 1464 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:20:54.0924 1464 USBSTOR - ok
16:20:54.0939 1464 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:20:54.0939 1464 usbuhci - ok
16:20:54.0955 1464 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:20:54.0970 1464 UxSms - ok
16:20:55.0017 1464 V0260VID (c90055bd2bb41443462ea715e0876b8d) C:\Windows\system32\DRIVERS\V0260Vid.sys
16:20:55.0017 1464 V0260VID - ok
16:20:55.0048 1464 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:20:55.0048 1464 VaultSvc - ok
16:20:55.0080 1464 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:20:55.0080 1464 vdrvroot - ok
16:20:55.0126 1464 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:20:55.0126 1464 vds - ok
16:20:55.0158 1464 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:20:55.0158 1464 vga - ok
16:20:55.0189 1464 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:20:55.0189 1464 VgaSave - ok
16:20:55.0220 1464 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:20:55.0220 1464 vhdmp - ok
16:20:55.0282 1464 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:20:55.0282 1464 viaagp - ok
16:20:55.0314 1464 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:20:55.0314 1464 ViaC7 - ok
16:20:55.0345 1464 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:20:55.0345 1464 viaide - ok
16:20:55.0376 1464 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:20:55.0376 1464 volmgr - ok
16:20:55.0423 1464 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:20:55.0423 1464 volmgrx - ok
16:20:55.0454 1464 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:20:55.0454 1464 volsnap - ok
16:20:55.0501 1464 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:20:55.0501 1464 vsmraid - ok
16:20:55.0548 1464 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:20:55.0563 1464 VSS - ok
16:20:55.0594 1464 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:20:55.0594 1464 vwifibus - ok
16:20:55.0626 1464 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:20:55.0626 1464 vwififlt - ok
16:20:55.0657 1464 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
16:20:55.0672 1464 vwifimp - ok
16:20:55.0688 1464 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:20:55.0704 1464 W32Time - ok
16:20:55.0719 1464 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:20:55.0719 1464 WacomPen - ok
16:20:55.0782 1464 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:20:55.0782 1464 WANARP - ok
16:20:55.0797 1464 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:20:55.0797 1464 Wanarpv6 - ok
16:20:55.0860 1464 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:20:55.0875 1464 WatAdminSvc - ok
16:20:55.0922 1464 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:20:55.0938 1464 wbengine - ok
16:20:55.0984 1464 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:20:56.0000 1464 WbioSrvc - ok
16:20:56.0047 1464 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:20:56.0047 1464 wcncsvc - ok
16:20:56.0062 1464 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:20:56.0062 1464 WcsPlugInService - ok
16:20:56.0094 1464 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:20:56.0094 1464 Wd - ok
16:20:56.0125 1464 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:20:56.0125 1464 Wdf01000 - ok
16:20:56.0156 1464 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:20:56.0156 1464 WdiServiceHost - ok
16:20:56.0156 1464 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:20:56.0156 1464 WdiSystemHost - ok
16:20:56.0187 1464 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:20:56.0203 1464 WebClient - ok
16:20:56.0250 1464 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:20:56.0250 1464 Wecsvc - ok
16:20:56.0281 1464 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:20:56.0281 1464 wercplsupport - ok
16:20:56.0296 1464 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:20:56.0312 1464 WerSvc - ok
16:20:56.0343 1464 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:20:56.0343 1464 WfpLwf - ok
16:20:56.0359 1464 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:20:56.0359 1464 WIMMount - ok
16:20:56.0421 1464 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:20:56.0437 1464 WinDefend - ok
16:20:56.0437 1464 WinHttpAutoProxySvc - ok
16:20:56.0468 1464 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:20:56.0468 1464 Winmgmt - ok
16:20:56.0546 1464 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:20:56.0562 1464 WinRM - ok
16:20:56.0608 1464 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:20:56.0624 1464 Wlansvc - ok
16:20:56.0655 1464 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:20:56.0655 1464 WmiAcpi - ok
16:20:56.0733 1464 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:20:56.0733 1464 wmiApSrv - ok
16:20:56.0796 1464 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:20:56.0796 1464 WMPNetworkSvc - ok
16:20:56.0842 1464 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:20:56.0842 1464 WPCSvc - ok
16:20:56.0874 1464 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:20:56.0874 1464 WPDBusEnum - ok
16:20:56.0936 1464 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:20:56.0936 1464 ws2ifsl - ok
16:20:56.0952 1464 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
16:20:56.0952 1464 wscsvc - ok
16:20:56.0967 1464 WSearch - ok
16:20:57.0014 1464 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:20:57.0030 1464 wuauserv - ok
16:20:57.0076 1464 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:20:57.0076 1464 WudfPf - ok
16:20:57.0123 1464 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:20:57.0123 1464 WUDFRd - ok
16:20:57.0154 1464 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:20:57.0170 1464 wudfsvc - ok
16:20:57.0186 1464 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:20:57.0217 1464 WwanSvc - ok
16:20:57.0248 1464 MBR (0x1B8) (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0
16:20:59.0292 1464 \Device\Harddisk0\DR0 - ok
16:20:59.0307 1464 Boot (0x1200) (a96290b5401c2da5a08bb9471d76d503) \Device\Harddisk0\DR0\Partition0
16:20:59.0307 1464 \Device\Harddisk0\DR0\Partition0 - ok
16:20:59.0307 1464 Boot (0x1200) (046bbd7303f14eb983a3f0c302651470) \Device\Harddisk0\DR0\Partition1
16:20:59.0307 1464 \Device\Harddisk0\DR0\Partition1 - ok
16:20:59.0354 1464 Boot (0x1200) (376b50b18dd730f4a63e4b8227f4638c) \Device\Harddisk0\DR0\Partition2
16:20:59.0354 1464 \Device\Harddisk0\DR0\Partition2 - ok
16:20:59.0354 1464 ============================================================
16:20:59.0354 1464 Scan finished
16:20:59.0354 1464 ============================================================
16:20:59.0354 1456 Detected object count: 0
16:20:59.0354 1456 Actual detected object count: 0
16:21:05.0422 1424 Deinitialize success


Die Fehlermeldungen sind jetzt weg, aber der Bildschirmhintergrund ist immer noch schwarz und die Dateien weg.

Kann mir jemand weiterhelfen?
Danke

Alt 24.03.2012, 18:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 25.03.2012, 12:28   #3
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Hi,
danke schon mal. Also malewarebytes-log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.25.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
noto :: NOTO-PC [Administrator]

Schutz: Aktiviert

25.03.2012 11:21:11
mbam-log-2012-03-25 (11-21-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346717
Laufzeit: 56 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
und die älteren malewarebytes-Suchergebnisse:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.03

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
noto :: NOTO-PC [Administrator]

Schutz: Deaktiviert

22.03.2012 16:08:24
mbam-log-2012-03-22 (16-08-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 185835
Laufzeit: 3 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\BeNNFxoTOFDUaV.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|GrpConv (Trojan.Agent.Gen) -> Daten: grpconv -o -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\ProgramData\BeNNFxoTOFDUaV.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\1F4YgiGnRbZJxQ.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\noto\AppData\Local\Temp\7tpHrwTdM3ELad.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\grpconv.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.22.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
noto :: NOTO-PC [Administrator]

Schutz: Aktiviert

22.03.2012 16:27:44
mbam-log-2012-03-22 (16-27-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 187825
Laufzeit: 6 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und schlieplich noch der log von Eset

Code:
ATTFilter
 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
         
Grüße
Tobi
__________________

Alt 25.03.2012, 15:33   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Und bei ESET wurde das hier mal wieder überlesen:

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2012, 19:37   #5
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Hatte es nicht überlesen, aber irgendwie war diese Option nicht angezeigt (oder ich hab es nicht gesehen). Jetzt aber:

Code:
ATTFilter
 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9e0ba7f9b93997459573269abd4f0437
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-25 05:28:36
# local_time=2012-03-25 07:28:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 12880 69227175 5652 0
# compatibility_mode=5893 16776573 100 94 175655 84321510 0 0
# compatibility_mode=8192 67108863 100 0 19138 19138 0 0
# scanned=174980
# found=0
# cleaned=0
# scan_time=6197
         
Grüße


Alt 26.03.2012, 12:43   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Hard drive clusters are partly damaged

Alt 27.03.2012, 05:58   #7
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



So hier der Inhalt von OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/27/2012 6:42:51 AM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\noto\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.14% Memory free
6.00 Gb Paging File | 4.75 Gb Available in Paging File | 79.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 756.36 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: NOTO-PC | User Name: noto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/27 06:40:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\noto\Desktop\OTL.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/07 15:22:59 | 002,450,288 | ---- | M] (Mobile Leader Co.,Ltd.) -- C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
PRC - [2011/12/16 13:54:22 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2011/06/30 19:11:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/27 16:24:35 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/05 22:46:08 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/05/27 18:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/05/27 18:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/02/16 13:16:05 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\5be773440afa1e1f565f9021d8fd9730\IAStorUtil.ni.dll
MOD - [2012/02/15 16:10:57 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/15 16:10:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 16:10:28 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 16:10:22 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 16:10:06 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 16:09:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 16:09:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 16:09:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 09:37:21 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/12 15:12:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/03/15 18:59:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/30 19:11:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/04/27 16:24:35 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/05/27 18:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\noto\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandadb.sys -- (androidusb)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/30 19:11:57 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 19:11:57 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/12/23 18:35:02 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/23 18:35:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/23 18:35:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/23 18:35:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/05/27 19:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/05/27 18:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009/09/29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009/09/29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009/09/22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/11/04 00:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0260Vid.sys -- (V0260VID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.aol.com/ [binary data]
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes\{631B415A-8AF2-46E1-B229-BE9D1E645382}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_deDE399
IE - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010/12/30 04:02:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/08/24 17:17:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011/08/24 17:17:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\noto\AppData\Roaming\mozilla\Extensions
() (No name found) -- C:\USERS\NOTO\APPDATA\ROAMING\THUNDERBIRD\PROFILES\7XXO5JJ4.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\noto\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\noto\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\noto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001..\Run: [LG LinkAir] C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe (Mobile Leader Co.,Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - msh263.drv File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/27 06:40:33 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\noto\Desktop\OTL.exe
[2012/03/25 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/22 17:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/22 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/22 17:16:21 | 000,000,000 | ---D | C] -- C:\Users\noto\Desktop\tdsskiller
[2012/03/22 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\noto\AppData\Roaming\Malwarebytes
[2012/03/22 17:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/22 17:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/22 17:07:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/22 17:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/22 14:03:17 | 000,000,000 | -H-D | C] -- C:\Users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/03/15 18:59:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2012/03/14 14:26:11 | 000,000,000 | -H-D | C] -- C:\Users\noto\AppData\Roaming\Dropbox
[2012/02/26 17:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/26 17:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Veetle
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/27 06:41:37 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 06:41:37 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 06:40:33 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\noto\Desktop\OTL.exe
[2012/03/27 06:38:37 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/03/27 06:38:37 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/27 06:38:37 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/03/27 06:38:37 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/27 06:34:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/27 06:34:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/27 06:33:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/26 20:26:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/22 17:16:13 | 002,047,211 | ---- | M] () -- C:\Users\noto\Desktop\tdsskiller.zip
[2012/03/22 17:07:22 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/22 14:04:29 | 000,000,448 | -H-- | M] () -- C:\ProgramData\1F4YgiGnRbZJxQ
[2012/03/22 14:03:17 | 000,000,657 | -H-- | M] () -- C:\Users\noto\Desktop\System Check.lnk
[2012/03/22 14:03:17 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQ
[2012/03/22 14:03:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQr
[2012/03/20 13:43:52 | 000,009,017 | -H-- | M] () -- C:\Users\noto\Desktop\Bewerbungsbogen.pdf
[2012/03/14 14:23:00 | 000,313,352 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012/03/22 17:16:07 | 002,047,211 | ---- | C] () -- C:\Users\noto\Desktop\tdsskiller.zip
[2012/03/22 17:07:22 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/03/22 14:03:17 | 000,000,657 | -H-- | C] () -- C:\Users\noto\Desktop\System Check.lnk
[2012/03/22 14:03:17 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~1F4YgiGnRbZJxQ
[2012/03/22 14:03:17 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~1F4YgiGnRbZJxQr
[2012/03/22 14:03:14 | 000,000,448 | -H-- | C] () -- C:\ProgramData\1F4YgiGnRbZJxQ
[2012/03/20 13:43:52 | 000,009,017 | -H-- | C] () -- C:\Users\noto\Desktop\Bewerbungsbogen.pdf
[2012/02/14 17:47:08 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2012/01/05 11:47:21 | 000,000,517 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/01/05 11:46:03 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/12/08 18:03:43 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2011/12/08 18:03:43 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010/12/30 03:54:03 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010/12/30 03:54:03 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010/10/09 17:58:25 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010/10/09 17:53:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2010/10/09 17:52:05 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/09/30 23:29:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/30 20:05:19 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/07/02 00:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/06/30 13:00:23 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe
[2010/06/29 15:53:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/06/29 06:34:58 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010/05/12 15:13:56 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/12 15:13:56 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010/04/29 17:37:26 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/04/06 19:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== LOP Check ==========
 
[2011/10/09 13:56:53 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\BSW
[2012/03/14 14:26:56 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Dropbox
[2011/02/25 15:43:32 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\elsterformular
[2012/01/05 11:50:46 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\MyHeritage
[2010/10/26 18:46:28 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\SoftGrid Client
[2012/01/05 11:46:02 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2011/08/24 17:17:35 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Thunderbird
[2010/09/30 18:05:48 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\TP
[2012/03/14 17:28:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/09/30 19:00:36 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Adobe
[2010/09/30 17:58:56 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\ATI
[2010/10/01 16:56:15 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Avira
[2010/10/09 18:07:30 | 000,000,000 | RH-D | M] -- C:\Users\noto\AppData\Roaming\Brother
[2011/10/09 13:56:53 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\BSW
[2010/09/30 20:05:18 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Corel
[2011/07/23 23:12:27 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\CyberLink
[2012/03/14 14:26:56 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Dropbox
[2011/02/25 15:43:32 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\elsterformular
[2010/09/30 23:39:31 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Google
[2010/09/30 17:58:40 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Identities
[2010/10/09 17:53:04 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\InstallShield
[2010/09/30 17:59:01 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Intel Corporation
[2010/06/30 12:12:02 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Macromedia
[2012/03/22 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\noto\AppData\Roaming\Malwarebytes
[2009/07/14 09:48:18 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Media Center Programs
[2011/07/30 10:41:53 | 000,000,000 | --SD | M] -- C:\Users\noto\AppData\Roaming\Microsoft
[2011/08/24 17:17:35 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Mozilla
[2012/01/05 11:50:46 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\MyHeritage
[2012/03/27 06:42:40 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Skype
[2011/07/26 12:23:38 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\skypePM
[2010/10/26 18:46:28 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\SoftGrid Client
[2012/01/05 11:46:02 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2011/08/24 17:17:35 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\Thunderbird
[2010/09/30 18:05:48 | 000,000,000 | -H-D | M] -- C:\Users\noto\AppData\Roaming\TP
 
< %APPDATA%\*.exe /s >
[2010/06/30 12:23:09 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\noto\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/12/21 18:38:42 | 000,113,680 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\Convertor.exe
[2011/12/21 18:38:44 | 000,113,680 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\ConvertorFDB.exe
[2011/12/21 18:38:46 | 000,047,104 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\depcheck.exe
[2011/12/21 18:01:20 | 000,110,592 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Convert\gbtest.exe
[2011/12/21 18:01:34 | 000,058,896 | -H-- | M] () -- C:\Users\noto\AppData\Roaming\MyHeritage\Bin\Detect\Detect.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007/11/14 19:44:42 | 000,129,552 | -H-- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2009/10/26 19:41:10 | 000,189,496 | -H-- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX1\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\noto\AppData\Local\Temp\RarSFX1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


Ebenfalls aufgegangen ist am Ende des Scans die Datei Extras.txt. Zur Sicherheit poste ich auch mal deren Inhalt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/27/2012 6:42:51 AM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\noto\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.14% Memory free
6.00 Gb Paging File | 4.75 Gb Available in Paging File | 79.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 756.36 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: NOTO-PC | User Name: noto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1410527557-3332609946-3188139107-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C2944BE7-9BFF-4EF0-A362-CB3281B7C50D}" = LG United Mobile Drivers
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFB5612F-AF7E-4CB3-00AB-3C0CD2520B29}" = FUSSBALL MANAGER 06
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI SÜD Mah Jong" = ALDI SÜD Mah Jong
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"dm-Fotowelt" = dm-Fotowelt
"ElsterFormular für Privatanwender 12.1.0.6164p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Family Tree Builder" = MyHeritage Family Tree Builder
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Imperialismus" = Imperialismus
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LG PC Suite IV" = LG PC Suite IV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"S4Uninst" = Die Siedler IV
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 3/25/2012 11:33:42 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:42.492]: [00003020]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 3/25/2012 11:33:43 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:43.992]: [00003020]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 3/25/2012 11:33:45 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:45.492]: [00003020]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 3/25/2012 11:33:46 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:46.994]: [00003020]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 3/25/2012 11:33:48 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:48.494]: [00003020]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 3/25/2012 11:33:49 AM | Computer Name = noto-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/03/25 17:33:49.994]: [00003020]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 3/26/2012 1:45:57 PM | Computer Name = noto-PC | Source = ESENT | ID = 488
Description = wlmail (2440) WindowsLiveMail0: Versuch, Datei "C:\Users\noto\AppData\Local\Microsoft\Windows
 Live Mail\Mail.pat" zu erstellen, ist mit Systemfehler 5 (0x00000005): "Zugriff
 verweigert " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Erstellen von Dateien.
 
Error - 3/26/2012 1:45:57 PM | Computer Name = noto-PC | Source = ESENT | ID = 217
Description = wlmail (2440) WindowsLiveMail0: Fehler (-1032) während der Sicherung
 einer Datenbank (Datei C:\Users\noto\AppData\Local\Microsoft\Windows Live Mail\Mail.MSMessageStore).
 Die Datenbank kann nicht wiederhergestellt werden.
 
Error - 3/26/2012 1:45:57 PM | Computer Name = noto-PC | Source = ESENT | ID = 215
Description = wlmail (2440) WindowsLiveMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 3/27/2012 12:35:19 AM | Computer Name = noto-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CCC.exe, Version: 2.0.0.0, Zeitstempel:
 0x49ef8e09  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0xe0434f4d  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0x11f8  Startzeit der fehlerhaften Anwendung: 0x01cd0bd300875539  Pfad der
 fehlerhaften Anwendung: C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 418e65b4-77c6-11e1-af03-6c626d5b0b5b
 
[ OSession Events ]
Error - 5/15/2011 8:12:29 AM | Computer Name = noto-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 135
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 3/22/2012 11:19:59 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/22/2012 11:19:59 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/22/2012 11:20:00 AM | Computer Name = noto-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 3/23/2012 9:59:50 AM | Computer Name = noto-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
 
Error - 3/24/2012 1:02:12 PM | Computer Name = noto-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?03.?2012 um 18:00:23 unerwartet heruntergefahren.
 
 
< End of report >
         
--- --- ---


Grüße
Tobi

Alt 27.03.2012, 11:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-1410527557-3332609946-3188139107-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012/03/22 14:04:29 | 000,000,448 | -H-- | M] () -- C:\ProgramData\1F4YgiGnRbZJxQ
[2012/03/22 14:03:17 | 000,000,657 | -H-- | M] () -- C:\Users\noto\Desktop\System Check.lnk
[2012/03/22 14:03:17 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQ
[2012/03/22 14:03:17 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~1F4YgiGnRbZJxQr
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2012, 14:01   #9
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Hier das log:

Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21A88CB9-84D2-4020-A2D1-B25A21034884}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21A88CB9-84D2-4020-A2D1-B25A21034884}\ deleted successfully.
C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1410527557-3332609946-3188139107-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\ProgramData\1F4YgiGnRbZJxQ moved successfully.
C:\Users\noto\Desktop\System Check.lnk moved successfully.
C:\ProgramData\~1F4YgiGnRbZJxQ moved successfully.
C:\ProgramData\~1F4YgiGnRbZJxQr moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: noto
->Temp folder emptied: 388540499 bytes
->Temporary Internet Files folder emptied: 551431856 bytes
->Java cache emptied: 4011803 bytes
->Google Chrome cache emptied: 7089636 bytes
->Flash cache emptied: 129036 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93228411 bytes
RecycleBin emptied: 48116688640 bytes
 
Total Files Cleaned = 46,884.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_144346

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 27.03.2012, 14:08   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Zitat:
Total Files Cleaned = 46,884.00 mb
Boah ein neuer Rekord! fast 47 GB an Datenmüll in TEMP wurden geleert!


Mach bitte nun ein neues Log mit dem TDSS-Killer => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2012, 14:27   #11
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Und hier der log von tdsskiller:

Code:
ATTFilter
 15:25:54.0672 5048	TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:25:54.0730 5048	============================================================
15:25:54.0730 5048	Current date / time: 2012/03/27 15:25:54.0730
15:25:54.0730 5048	SystemInfo:
15:25:54.0730 5048	
15:25:54.0730 5048	OS Version: 6.1.7601 ServicePack: 1.0
15:25:54.0730 5048	Product type: Workstation
15:25:54.0730 5048	ComputerName: NOTO-PC
15:25:54.0730 5048	UserName: noto
15:25:54.0730 5048	Windows directory: C:\Windows
15:25:54.0730 5048	System windows directory: C:\Windows
15:25:54.0730 5048	Processor architecture: Intel x86
15:25:54.0730 5048	Number of processors: 2
15:25:54.0730 5048	Page size: 0x1000
15:25:54.0730 5048	Boot type: Normal boot
15:25:54.0730 5048	============================================================
15:25:55.0062 5048	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:25:55.0072 5048	\Device\Harddisk0\DR0:
15:25:55.0072 5048	MBR used
15:25:55.0072 5048	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:25:55.0072 5048	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
15:25:55.0072 5048	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
15:25:55.0132 5048	Initialize success
15:25:55.0132 5048	============================================================
15:26:02.0146 1432	============================================================
15:26:02.0146 1432	Scan started
15:26:02.0146 1432	Mode: Manual; SigCheck; TDLFS; 
15:26:02.0146 1432	============================================================
15:26:02.0416 1432	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:26:02.0496 1432	1394ohci - ok
15:26:02.0586 1432	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:26:02.0606 1432	ACPI - ok
15:26:02.0636 1432	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:26:02.0696 1432	AcpiPmi - ok
15:26:02.0746 1432	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:26:02.0756 1432	adp94xx - ok
15:26:02.0816 1432	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:26:02.0826 1432	adpahci - ok
15:26:02.0866 1432	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:26:02.0876 1432	adpu320 - ok
15:26:02.0896 1432	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:26:02.0926 1432	AeLookupSvc - ok
15:26:02.0966 1432	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:26:02.0996 1432	AFD - ok
15:26:03.0046 1432	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:26:03.0056 1432	agp440 - ok
15:26:03.0106 1432	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:26:03.0106 1432	aic78xx - ok
15:26:03.0146 1432	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:26:03.0186 1432	ALG - ok
15:26:03.0206 1432	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:26:03.0216 1432	aliide - ok
15:26:03.0276 1432	AMD External Events Utility (60201ad353105d8c6796c1b69e6c49f0) C:\Windows\system32\atiesrxx.exe
15:26:03.0326 1432	AMD External Events Utility - ok
15:26:03.0386 1432	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:26:03.0406 1432	amdagp - ok
15:26:03.0446 1432	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:26:03.0446 1432	amdide - ok
15:26:03.0476 1432	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:26:03.0506 1432	AmdK8 - ok
15:26:03.0656 1432	amdkmdag        (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:26:03.0726 1432	amdkmdag - ok
15:26:03.0806 1432	amdkmdap        (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
15:26:03.0846 1432	amdkmdap - ok
15:26:03.0876 1432	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:26:03.0916 1432	AmdPPM - ok
15:26:03.0956 1432	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:26:03.0956 1432	amdsata - ok
15:26:04.0026 1432	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:26:04.0046 1432	amdsbs - ok
15:26:04.0046 1432	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:26:04.0066 1432	amdxata - ok
15:26:04.0086 1432	Andbus          (3e59df4984fbd6800d6621480b38a34e) C:\Windows\system32\DRIVERS\lgandbus.sys
15:26:04.0116 1432	Andbus - ok
15:26:04.0136 1432	AndDiag         (8e0bf6f3b2c9c292bc7ce0de727cdd56) C:\Windows\system32\DRIVERS\lganddiag.sys
15:26:04.0156 1432	AndDiag - ok
15:26:04.0176 1432	AndGps          (1d2c90e25483363d54b652898bbc8f2a) C:\Windows\system32\DRIVERS\lgandgps.sys
15:26:04.0196 1432	AndGps - ok
15:26:04.0276 1432	ANDModem        (b1b06a95da2cac7fa19832c60c348c85) C:\Windows\system32\DRIVERS\lgandmodem.sys
15:26:04.0306 1432	ANDModem - ok
15:26:04.0326 1432	androidusb - ok
15:26:04.0406 1432	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:26:04.0426 1432	AntiVirSchedulerService - ok
15:26:04.0446 1432	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:26:04.0446 1432	AntiVirService - ok
15:26:04.0516 1432	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:26:04.0626 1432	AppID - ok
15:26:04.0646 1432	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:26:04.0676 1432	AppIDSvc - ok
15:26:04.0716 1432	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:26:04.0736 1432	Appinfo - ok
15:26:04.0806 1432	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:26:04.0826 1432	arc - ok
15:26:04.0856 1432	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:26:04.0866 1432	arcsas - ok
15:26:04.0886 1432	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:26:04.0976 1432	AsyncMac - ok
15:26:05.0066 1432	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:26:05.0086 1432	atapi - ok
15:26:05.0136 1432	AtiHdmiService  (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
15:26:05.0166 1432	AtiHdmiService - ok
15:26:05.0206 1432	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:26:05.0246 1432	AudioEndpointBuilder - ok
15:26:05.0256 1432	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:26:05.0286 1432	Audiosrv - ok
15:26:05.0386 1432	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
15:26:05.0396 1432	avgntflt - ok
15:26:05.0426 1432	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
15:26:05.0436 1432	avipbb - ok
15:26:05.0466 1432	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:26:05.0526 1432	AxInstSV - ok
15:26:05.0606 1432	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:26:05.0646 1432	b06bdrv - ok
15:26:05.0666 1432	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:26:05.0696 1432	b57nd60x - ok
15:26:05.0776 1432	BBSvc           (483f1162eeebd10bf77fbb32db963370) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:26:05.0806 1432	BBSvc - ok
15:26:05.0846 1432	BBUpdate        (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:26:05.0866 1432	BBUpdate - ok
15:26:05.0926 1432	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:26:05.0956 1432	BDESVC - ok
15:26:06.0006 1432	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:26:06.0056 1432	Beep - ok
15:26:06.0086 1432	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:26:06.0106 1432	BFE - ok
15:26:06.0126 1432	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
15:26:06.0146 1432	BITS - ok
15:26:06.0216 1432	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:26:06.0246 1432	blbdrive - ok
15:26:06.0276 1432	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:26:06.0316 1432	bowser - ok
15:26:06.0346 1432	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:26:06.0386 1432	BrFiltLo - ok
15:26:06.0446 1432	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:26:06.0486 1432	BrFiltUp - ok
15:26:06.0516 1432	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:26:06.0556 1432	Browser - ok
15:26:06.0596 1432	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:26:06.0616 1432	Brserid - ok
15:26:06.0686 1432	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:26:06.0726 1432	BrSerWdm - ok
15:26:06.0746 1432	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:26:06.0766 1432	BrUsbMdm - ok
15:26:06.0786 1432	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:26:06.0826 1432	BrUsbSer - ok
15:26:06.0836 1432	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:26:06.0856 1432	BTHMODEM - ok
15:26:06.0916 1432	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:26:06.0956 1432	bthserv - ok
15:26:06.0996 1432	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:26:07.0036 1432	cdfs - ok
15:26:07.0076 1432	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
15:26:07.0116 1432	cdrom - ok
15:26:07.0176 1432	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:26:07.0206 1432	CertPropSvc - ok
15:26:07.0266 1432	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:26:07.0306 1432	circlass - ok
15:26:07.0336 1432	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:26:07.0356 1432	CLFS - ok
15:26:07.0426 1432	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:26:07.0436 1432	clr_optimization_v2.0.50727_32 - ok
15:26:07.0476 1432	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:26:07.0486 1432	clr_optimization_v4.0.30319_32 - ok
15:26:07.0546 1432	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:26:07.0576 1432	CmBatt - ok
15:26:07.0606 1432	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:26:07.0616 1432	cmdide - ok
15:26:07.0636 1432	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
15:26:07.0666 1432	CNG - ok
15:26:07.0686 1432	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:26:07.0686 1432	Compbatt - ok
15:26:07.0766 1432	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:26:07.0806 1432	CompositeBus - ok
15:26:07.0836 1432	COMSysApp - ok
15:26:07.0856 1432	cpuz132 - ok
15:26:07.0886 1432	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:26:07.0896 1432	crcdisk - ok
15:26:07.0936 1432	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
15:26:07.0966 1432	CryptSvc - ok
15:26:08.0006 1432	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:26:08.0026 1432	DcomLaunch - ok
15:26:08.0056 1432	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:26:08.0076 1432	defragsvc - ok
15:26:08.0126 1432	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:26:08.0166 1432	DfsC - ok
15:26:08.0226 1432	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:26:08.0276 1432	Dhcp - ok
15:26:08.0306 1432	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:26:08.0336 1432	discache - ok
15:26:08.0386 1432	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:26:08.0396 1432	Disk - ok
15:26:08.0446 1432	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:26:08.0466 1432	Dnscache - ok
15:26:08.0486 1432	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:26:08.0516 1432	dot3svc - ok
15:26:08.0546 1432	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:26:08.0586 1432	DPS - ok
15:26:08.0646 1432	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:26:08.0666 1432	drmkaud - ok
15:26:08.0726 1432	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:26:08.0756 1432	DXGKrnl - ok
15:26:08.0786 1432	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:26:08.0806 1432	EapHost - ok
15:26:08.0906 1432	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:26:08.0966 1432	ebdrv - ok
15:26:09.0006 1432	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:26:09.0036 1432	EFS - ok
15:26:09.0106 1432	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:26:09.0156 1432	ehRecvr - ok
15:26:09.0186 1432	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:26:09.0216 1432	ehSched - ok
15:26:09.0296 1432	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:26:09.0326 1432	elxstor - ok
15:26:09.0356 1432	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:26:09.0376 1432	ErrDev - ok
15:26:09.0416 1432	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:26:09.0446 1432	EventSystem - ok
15:26:09.0466 1432	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:26:09.0486 1432	exfat - ok
15:26:09.0546 1432	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:26:09.0596 1432	fastfat - ok
15:26:09.0646 1432	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:26:09.0686 1432	Fax - ok
15:26:09.0716 1432	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:26:09.0726 1432	fdc - ok
15:26:09.0776 1432	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:26:09.0806 1432	fdPHost - ok
15:26:09.0816 1432	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:26:09.0836 1432	FDResPub - ok
15:26:09.0876 1432	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:26:09.0886 1432	FileInfo - ok
15:26:09.0896 1432	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:26:09.0916 1432	Filetrace - ok
15:26:09.0946 1432	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:26:09.0956 1432	flpydisk - ok
15:26:10.0006 1432	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:26:10.0016 1432	FltMgr - ok
15:26:10.0066 1432	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:26:10.0116 1432	FontCache - ok
15:26:10.0176 1432	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:26:10.0186 1432	FontCache3.0.0.0 - ok
15:26:10.0236 1432	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:26:10.0246 1432	FsDepends - ok
15:26:10.0276 1432	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:26:10.0296 1432	Fs_Rec - ok
15:26:10.0326 1432	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:26:10.0336 1432	fvevol - ok
15:26:10.0386 1432	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:26:10.0386 1432	gagp30kx - ok
15:26:10.0446 1432	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:26:10.0476 1432	gpsvc - ok
15:26:10.0546 1432	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:26:10.0556 1432	gupdate - ok
15:26:10.0566 1432	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:26:10.0576 1432	gupdatem - ok
15:26:10.0586 1432	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:26:10.0596 1432	gusvc - ok
15:26:10.0666 1432	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:26:10.0696 1432	hcw85cir - ok
15:26:10.0736 1432	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:26:10.0776 1432	HdAudAddService - ok
15:26:10.0816 1432	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:26:10.0836 1432	HDAudBus - ok
15:26:10.0906 1432	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:26:10.0926 1432	HidBatt - ok
15:26:10.0946 1432	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:26:10.0966 1432	HidBth - ok
15:26:11.0006 1432	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:26:11.0036 1432	HidIr - ok
15:26:11.0046 1432	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
15:26:11.0086 1432	hidserv - ok
15:26:11.0156 1432	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\drivers\hidusb.sys
15:26:11.0176 1432	HidUsb - ok
15:26:11.0206 1432	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:26:11.0246 1432	hkmsvc - ok
15:26:11.0266 1432	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:26:11.0296 1432	HomeGroupListener - ok
15:26:11.0326 1432	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:26:11.0356 1432	HomeGroupProvider - ok
15:26:11.0436 1432	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:26:11.0456 1432	HpSAMD - ok
15:26:11.0496 1432	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:26:11.0526 1432	HTTP - ok
15:26:11.0546 1432	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:26:11.0546 1432	hwpolicy - ok
15:26:11.0586 1432	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
15:26:11.0606 1432	i8042prt - ok
15:26:11.0676 1432	iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
15:26:11.0686 1432	iaStor - ok
15:26:11.0746 1432	IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:26:11.0756 1432	IAStorDataMgrSvc - ok
15:26:11.0826 1432	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:26:11.0836 1432	iaStorV - ok
15:26:11.0946 1432	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:26:11.0976 1432	idsvc - ok
15:26:12.0116 1432	igfx            (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:26:12.0166 1432	igfx - ok
15:26:12.0236 1432	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:26:12.0256 1432	iirsp - ok
15:26:12.0306 1432	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:26:12.0346 1432	IKEEXT - ok
15:26:12.0476 1432	IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
15:26:12.0526 1432	IntcAzAudAddService - ok
15:26:12.0566 1432	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:26:12.0586 1432	intelide - ok
15:26:12.0646 1432	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:26:12.0666 1432	intelppm - ok
15:26:12.0696 1432	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:26:12.0736 1432	IPBusEnum - ok
15:26:12.0746 1432	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:26:12.0766 1432	IpFilterDriver - ok
15:26:12.0826 1432	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:26:12.0856 1432	iphlpsvc - ok
15:26:12.0906 1432	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:26:12.0946 1432	IPMIDRV - ok
15:26:12.0976 1432	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:26:13.0016 1432	IPNAT - ok
15:26:13.0046 1432	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:26:13.0076 1432	IRENUM - ok
15:26:13.0136 1432	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:26:13.0146 1432	isapnp - ok
15:26:13.0176 1432	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:26:13.0186 1432	iScsiPrt - ok
15:26:13.0216 1432	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
15:26:13.0226 1432	kbdclass - ok
15:26:13.0256 1432	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\drivers\kbdhid.sys
15:26:13.0276 1432	kbdhid - ok
15:26:13.0306 1432	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:13.0316 1432	KeyIso - ok
15:26:13.0376 1432	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
15:26:13.0376 1432	KSecDD - ok
15:26:13.0416 1432	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
15:26:13.0426 1432	KSecPkg - ok
15:26:13.0446 1432	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:26:13.0476 1432	KtmRm - ok
15:26:13.0556 1432	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
15:26:13.0596 1432	LanmanServer - ok
15:26:13.0626 1432	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:26:13.0656 1432	LanmanWorkstation - ok
15:26:13.0706 1432	LgBttPort       (4dd47b5af0b24871ebb9efc012a7474e) C:\Windows\system32\DRIVERS\lgbtport.sys
15:26:13.0736 1432	LgBttPort - ok
15:26:13.0776 1432	lgbusenum       (1d038ca6c529203087a990e5e97887b4) C:\Windows\system32\DRIVERS\lgbtbus.sys
15:26:13.0786 1432	lgbusenum - ok
15:26:13.0816 1432	LGVMODEM        (26f1976a330195d62a6224c76968cf0d) C:\Windows\system32\DRIVERS\lgvmodem.sys
15:26:13.0836 1432	LGVMODEM - ok
15:26:13.0886 1432	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:26:13.0916 1432	lltdio - ok
15:26:13.0966 1432	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:26:14.0006 1432	lltdsvc - ok
15:26:14.0016 1432	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:26:14.0046 1432	lmhosts - ok
15:26:14.0116 1432	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:26:14.0136 1432	LSI_FC - ok
15:26:14.0186 1432	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:26:14.0196 1432	LSI_SAS - ok
15:26:14.0216 1432	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:26:14.0226 1432	LSI_SAS2 - ok
15:26:14.0246 1432	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:26:14.0256 1432	LSI_SCSI - ok
15:26:14.0276 1432	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:26:14.0306 1432	luafv - ok
15:26:14.0416 1432	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
15:26:14.0426 1432	MBAMProtector - ok
15:26:14.0466 1432	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:26:14.0486 1432	MBAMService - ok
15:26:14.0516 1432	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:26:14.0526 1432	Mcx2Svc - ok
15:26:14.0566 1432	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:26:14.0576 1432	megasas - ok
15:26:14.0656 1432	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:26:14.0676 1432	MegaSR - ok
15:26:14.0706 1432	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:26:14.0736 1432	MMCSS - ok
15:26:14.0756 1432	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:26:14.0786 1432	Modem - ok
15:26:14.0806 1432	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:26:14.0826 1432	monitor - ok
15:26:14.0896 1432	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
15:26:14.0916 1432	mouclass - ok
15:26:14.0936 1432	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:26:14.0956 1432	mouhid - ok
15:26:14.0976 1432	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:26:14.0986 1432	mountmgr - ok
15:26:15.0006 1432	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:26:15.0016 1432	mpio - ok
15:26:15.0076 1432	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:26:15.0116 1432	mpsdrv - ok
15:26:15.0156 1432	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:26:15.0196 1432	MpsSvc - ok
15:26:15.0226 1432	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:26:15.0256 1432	MRxDAV - ok
15:26:15.0346 1432	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:26:15.0376 1432	mrxsmb - ok
15:26:15.0406 1432	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:26:15.0426 1432	mrxsmb10 - ok
15:26:15.0446 1432	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:26:15.0456 1432	mrxsmb20 - ok
15:26:15.0486 1432	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:26:15.0486 1432	msahci - ok
15:26:15.0566 1432	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:26:15.0586 1432	msdsm - ok
15:26:15.0616 1432	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:26:15.0626 1432	MSDTC - ok
15:26:15.0656 1432	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:26:15.0686 1432	Msfs - ok
15:26:15.0696 1432	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:26:15.0726 1432	mshidkmdf - ok
15:26:15.0796 1432	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:26:15.0816 1432	msisadrv - ok
15:26:15.0856 1432	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:26:15.0886 1432	MSiSCSI - ok
15:26:15.0896 1432	msiserver - ok
15:26:15.0926 1432	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:26:15.0956 1432	MSKSSRV - ok
15:26:15.0976 1432	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:26:16.0006 1432	MSPCLOCK - ok
15:26:16.0046 1432	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:26:16.0076 1432	MSPQM - ok
15:26:16.0096 1432	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:26:16.0106 1432	MsRPC - ok
15:26:16.0136 1432	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:26:16.0136 1432	mssmbios - ok
15:26:16.0196 1432	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:26:16.0226 1432	MSTEE - ok
15:26:16.0256 1432	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:26:16.0276 1432	MTConfig - ok
15:26:16.0296 1432	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:26:16.0306 1432	Mup - ok
15:26:16.0326 1432	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:26:16.0356 1432	napagent - ok
15:26:16.0426 1432	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:26:16.0456 1432	NativeWifiP - ok
15:26:16.0486 1432	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:26:16.0506 1432	NDIS - ok
15:26:16.0536 1432	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:26:16.0566 1432	NdisCap - ok
15:26:16.0626 1432	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:26:16.0676 1432	NdisTapi - ok
15:26:16.0716 1432	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:26:16.0746 1432	Ndisuio - ok
15:26:16.0776 1432	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:26:16.0806 1432	NdisWan - ok
15:26:16.0846 1432	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:26:16.0896 1432	NDProxy - ok
15:26:16.0936 1432	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:26:16.0966 1432	NetBIOS - ok
15:26:16.0996 1432	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:26:17.0026 1432	NetBT - ok
15:26:17.0056 1432	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:17.0066 1432	Netlogon - ok
15:26:17.0126 1432	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:26:17.0176 1432	Netman - ok
15:26:17.0206 1432	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:26:17.0236 1432	netprofm - ok
15:26:17.0296 1432	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:26:17.0306 1432	NetTcpPortSharing - ok
15:26:17.0366 1432	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:26:17.0386 1432	nfrd960 - ok
15:26:17.0436 1432	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:26:17.0466 1432	NlaSvc - ok
15:26:17.0496 1432	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:26:17.0526 1432	Npfs - ok
15:26:17.0556 1432	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:26:17.0586 1432	nsi - ok
15:26:17.0616 1432	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:26:17.0646 1432	nsiproxy - ok
15:26:17.0686 1432	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:26:17.0716 1432	Ntfs - ok
15:26:17.0736 1432	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:26:17.0756 1432	Null - ok
15:26:17.0826 1432	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:26:17.0846 1432	nvraid - ok
15:26:17.0886 1432	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:26:17.0896 1432	nvstor - ok
15:26:17.0936 1432	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:26:17.0946 1432	nv_agp - ok
15:26:18.0046 1432	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:26:18.0066 1432	odserv - ok
15:26:18.0146 1432	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:26:18.0186 1432	ohci1394 - ok
15:26:18.0216 1432	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:26:18.0226 1432	ose - ok
15:26:18.0256 1432	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:26:18.0296 1432	p2pimsvc - ok
15:26:18.0346 1432	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:26:18.0366 1432	p2psvc - ok
15:26:18.0416 1432	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:26:18.0426 1432	Parport - ok
15:26:18.0456 1432	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
15:26:18.0466 1432	partmgr - ok
15:26:18.0486 1432	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:26:18.0506 1432	Parvdm - ok
15:26:18.0536 1432	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:26:18.0546 1432	PcaSvc - ok
15:26:18.0616 1432	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:26:18.0636 1432	pci - ok
15:26:18.0666 1432	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:26:18.0676 1432	pciide - ok
15:26:18.0696 1432	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:26:18.0706 1432	pcmcia - ok
15:26:18.0726 1432	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:26:18.0736 1432	pcw - ok
15:26:18.0766 1432	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:26:18.0796 1432	PEAUTH - ok
15:26:18.0886 1432	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:26:18.0926 1432	pla - ok
15:26:18.0956 1432	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:26:18.0986 1432	PlugPlay - ok
15:26:19.0006 1432	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:26:19.0026 1432	PNRPAutoReg - ok
15:26:19.0076 1432	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:26:19.0086 1432	PNRPsvc - ok
15:26:19.0126 1432	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:26:19.0156 1432	PolicyAgent - ok
15:26:19.0176 1432	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:26:19.0206 1432	Power - ok
15:26:19.0296 1432	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:26:19.0366 1432	PptpMiniport - ok
15:26:19.0436 1432	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:26:19.0456 1432	Processor - ok
15:26:19.0486 1432	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
15:26:19.0506 1432	ProfSvc - ok
15:26:19.0536 1432	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:19.0546 1432	ProtectedStorage - ok
15:26:19.0576 1432	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:26:19.0606 1432	Psched - ok
15:26:19.0656 1432	PSI_SVC_2       (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
15:26:19.0676 1432	PSI_SVC_2 - ok
15:26:19.0756 1432	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:26:19.0786 1432	ql2300 - ok
15:26:19.0826 1432	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:26:19.0836 1432	ql40xx - ok
15:26:19.0866 1432	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:26:19.0896 1432	QWAVE - ok
15:26:19.0946 1432	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:26:19.0976 1432	QWAVEdrv - ok
15:26:19.0996 1432	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:26:20.0026 1432	RasAcd - ok
15:26:20.0036 1432	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:26:20.0076 1432	RasAgileVpn - ok
15:26:20.0106 1432	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:26:20.0126 1432	RasAuto - ok
15:26:20.0186 1432	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:26:20.0216 1432	Rasl2tp - ok
15:26:20.0246 1432	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:26:20.0276 1432	RasMan - ok
15:26:20.0296 1432	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:26:20.0326 1432	RasPppoe - ok
15:26:20.0396 1432	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:26:20.0446 1432	RasSstp - ok
15:26:20.0476 1432	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:26:20.0506 1432	rdbss - ok
15:26:20.0536 1432	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:26:20.0556 1432	rdpbus - ok
15:26:20.0606 1432	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:26:20.0656 1432	RDPCDD - ok
15:26:20.0686 1432	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:26:20.0706 1432	RDPENCDD - ok
15:26:20.0716 1432	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:26:20.0746 1432	RDPREFMP - ok
15:26:20.0776 1432	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
15:26:20.0796 1432	RDPWD - ok
15:26:20.0876 1432	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:26:20.0896 1432	rdyboost - ok
15:26:20.0926 1432	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:26:20.0956 1432	RemoteAccess - ok
15:26:20.0986 1432	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:26:21.0006 1432	RemoteRegistry - ok
15:26:21.0046 1432	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:26:21.0076 1432	RpcEptMapper - ok
15:26:21.0116 1432	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:26:21.0146 1432	RpcLocator - ok
15:26:21.0176 1432	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:26:21.0226 1432	RpcSs - ok
15:26:21.0266 1432	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:26:21.0306 1432	rspndr - ok
15:26:21.0386 1432	RTL8167         (bcebd5d1aabce4efb7597635e347c44b) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:26:21.0466 1432	RTL8167 - ok
15:26:21.0506 1432	RTL8192su       (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys
15:26:21.0536 1432	RTL8192su - ok
15:26:21.0586 1432	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:21.0596 1432	SamSs - ok
15:26:21.0646 1432	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:26:21.0656 1432	sbp2port - ok
15:26:21.0676 1432	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:26:21.0696 1432	SCardSvr - ok
15:26:21.0706 1432	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:26:21.0736 1432	scfilter - ok
15:26:21.0806 1432	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:26:21.0856 1432	Schedule - ok
15:26:21.0886 1432	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:26:21.0906 1432	SCPolicySvc - ok
15:26:21.0926 1432	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:26:21.0956 1432	SDRSVC - ok
15:26:22.0026 1432	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:26:22.0076 1432	secdrv - ok
15:26:22.0086 1432	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:26:22.0116 1432	seclogon - ok
15:26:22.0146 1432	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
15:26:22.0166 1432	SENS - ok
15:26:22.0186 1432	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:26:22.0196 1432	SensrSvc - ok
15:26:22.0256 1432	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:26:22.0276 1432	Serenum - ok
15:26:22.0296 1432	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:26:22.0316 1432	Serial - ok
15:26:22.0346 1432	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:26:22.0356 1432	sermouse - ok
15:26:22.0396 1432	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:26:22.0416 1432	SessionEnv - ok
15:26:22.0466 1432	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:26:22.0496 1432	sffdisk - ok
15:26:22.0516 1432	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:26:22.0536 1432	sffp_mmc - ok
15:26:22.0556 1432	sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\drivers\sffp_sd.sys
15:26:22.0576 1432	sffp_sd - ok
15:26:22.0596 1432	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:26:22.0616 1432	sfloppy - ok
15:26:22.0676 1432	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:26:22.0706 1432	SharedAccess - ok
15:26:22.0736 1432	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:26:22.0766 1432	ShellHWDetection - ok
15:26:22.0806 1432	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:26:22.0826 1432	sisagp - ok
15:26:22.0886 1432	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:26:22.0906 1432	SiSRaid2 - ok
15:26:22.0936 1432	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:26:22.0946 1432	SiSRaid4 - ok
15:26:23.0006 1432	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
15:26:23.0016 1432	SkypeUpdate - ok
15:26:23.0096 1432	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:26:23.0136 1432	Smb - ok
15:26:23.0166 1432	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:26:23.0176 1432	SNMPTRAP - ok
15:26:23.0186 1432	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:26:23.0196 1432	spldr - ok
15:26:23.0236 1432	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:26:23.0266 1432	Spooler - ok
15:26:23.0356 1432	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:26:23.0416 1432	sppsvc - ok
15:26:23.0466 1432	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:26:23.0496 1432	sppuinotify - ok
15:26:23.0536 1432	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:26:23.0566 1432	srv - ok
15:26:23.0606 1432	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:26:23.0626 1432	srv2 - ok
15:26:23.0666 1432	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:26:23.0696 1432	srvnet - ok
15:26:23.0716 1432	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:26:23.0756 1432	SSDPSRV - ok
15:26:23.0776 1432	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
15:26:23.0776 1432	ssmdrv - ok
15:26:23.0806 1432	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:26:23.0846 1432	SstpSvc - ok
15:26:23.0896 1432	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:26:23.0906 1432	stexstor - ok
15:26:23.0946 1432	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:26:23.0956 1432	StiSvc - ok
15:26:23.0976 1432	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:26:23.0986 1432	swenum - ok
15:26:24.0016 1432	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:26:24.0046 1432	swprv - ok
15:26:24.0126 1432	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:26:24.0166 1432	SysMain - ok
15:26:24.0186 1432	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:26:24.0216 1432	TabletInputService - ok
15:26:24.0246 1432	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:26:24.0286 1432	TapiSrv - ok
15:26:24.0346 1432	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:26:24.0386 1432	TBS - ok
15:26:24.0446 1432	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
15:26:24.0466 1432	Tcpip - ok
15:26:24.0496 1432	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
15:26:24.0526 1432	TCPIP6 - ok
15:26:24.0546 1432	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:26:24.0576 1432	tcpipreg - ok
15:26:24.0636 1432	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:26:24.0676 1432	TDPIPE - ok
15:26:24.0696 1432	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:26:24.0716 1432	TDTCP - ok
15:26:24.0746 1432	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:26:24.0776 1432	tdx - ok
15:26:24.0796 1432	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:26:24.0816 1432	TermDD - ok
15:26:24.0856 1432	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:26:24.0886 1432	TermService - ok
15:26:24.0906 1432	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:26:24.0926 1432	Themes - ok
15:26:24.0936 1432	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:26:24.0956 1432	THREADORDER - ok
15:26:24.0996 1432	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:26:25.0026 1432	TrkWks - ok
15:26:25.0076 1432	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:26:25.0126 1432	TrustedInstaller - ok
15:26:25.0156 1432	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:26:25.0186 1432	tssecsrv - ok
15:26:25.0246 1432	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:26:25.0286 1432	TsUsbFlt - ok
15:26:25.0336 1432	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:26:25.0396 1432	tunnel - ok
15:26:25.0426 1432	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:26:25.0436 1432	uagp35 - ok
15:26:25.0496 1432	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:26:25.0526 1432	udfs - ok
15:26:25.0556 1432	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:26:25.0576 1432	UI0Detect - ok
15:26:25.0616 1432	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:26:25.0636 1432	uliagpkx - ok
15:26:25.0696 1432	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:26:25.0716 1432	umbus - ok
15:26:25.0746 1432	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:26:25.0766 1432	UmPass - ok
15:26:25.0806 1432	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:26:25.0826 1432	upnphost - ok
15:26:25.0856 1432	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
15:26:25.0876 1432	usbccgp - ok
15:26:25.0926 1432	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:26:25.0956 1432	usbcir - ok
15:26:25.0976 1432	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:26:25.0986 1432	usbehci - ok
15:26:26.0036 1432	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:26:26.0056 1432	usbhub - ok
15:26:26.0066 1432	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
15:26:26.0076 1432	usbohci - ok
15:26:26.0136 1432	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:26:26.0176 1432	usbprint - ok
15:26:26.0206 1432	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:26:26.0216 1432	usbscan - ok
15:26:26.0256 1432	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:26:26.0276 1432	USBSTOR - ok
15:26:26.0286 1432	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:26:26.0306 1432	usbuhci - ok
15:26:26.0346 1432	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:26:26.0376 1432	UxSms - ok
15:26:26.0416 1432	V0260VID        (c90055bd2bb41443462ea715e0876b8d) C:\Windows\system32\DRIVERS\V0260Vid.sys
15:26:26.0436 1432	V0260VID - ok
15:26:26.0466 1432	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:26:26.0476 1432	VaultSvc - ok
15:26:26.0506 1432	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:26:26.0516 1432	vdrvroot - ok
15:26:26.0556 1432	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:26:26.0586 1432	vds - ok
15:26:26.0616 1432	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:26:26.0636 1432	vga - ok
15:26:26.0656 1432	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:26:26.0676 1432	VgaSave - ok
15:26:26.0706 1432	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:26:26.0716 1432	vhdmp - ok
15:26:26.0776 1432	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:26:26.0796 1432	viaagp - ok
15:26:26.0826 1432	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:26:26.0846 1432	ViaC7 - ok
15:26:26.0886 1432	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:26:26.0896 1432	viaide - ok
15:26:26.0916 1432	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:26:26.0936 1432	volmgr - ok
15:26:26.0976 1432	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:26:26.0986 1432	volmgrx - ok
15:26:27.0016 1432	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:26:27.0026 1432	volsnap - ok
15:26:27.0076 1432	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:26:27.0086 1432	vsmraid - ok
15:26:27.0126 1432	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:26:27.0156 1432	VSS - ok
15:26:27.0196 1432	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:26:27.0206 1432	vwifibus - ok
15:26:27.0246 1432	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
15:26:27.0266 1432	vwififlt - ok
15:26:27.0286 1432	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
15:26:27.0296 1432	vwifimp - ok
15:26:27.0336 1432	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:26:27.0376 1432	W32Time - ok
15:26:27.0396 1432	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:26:27.0406 1432	WacomPen - ok
15:26:27.0456 1432	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:26:27.0496 1432	WANARP - ok
15:26:27.0506 1432	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:26:27.0526 1432	Wanarpv6 - ok
15:26:27.0616 1432	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:26:27.0656 1432	WatAdminSvc - ok
15:26:27.0706 1432	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:26:27.0736 1432	wbengine - ok
15:26:27.0776 1432	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:26:27.0796 1432	WbioSrvc - ok
15:26:27.0846 1432	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:26:27.0886 1432	wcncsvc - ok
15:26:27.0906 1432	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:26:27.0936 1432	WcsPlugInService - ok
15:26:27.0986 1432	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:26:28.0006 1432	Wd - ok
15:26:28.0046 1432	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:26:28.0066 1432	Wdf01000 - ok
15:26:28.0086 1432	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:26:28.0126 1432	WdiServiceHost - ok
15:26:28.0136 1432	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:26:28.0156 1432	WdiSystemHost - ok
15:26:28.0206 1432	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:26:28.0226 1432	WebClient - ok
15:26:28.0256 1432	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:26:28.0286 1432	Wecsvc - ok
15:26:28.0306 1432	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:26:28.0336 1432	wercplsupport - ok
15:26:28.0356 1432	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:26:28.0376 1432	WerSvc - ok
15:26:28.0436 1432	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:26:28.0466 1432	WfpLwf - ok
15:26:28.0496 1432	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:26:28.0506 1432	WIMMount - ok
15:26:28.0566 1432	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:26:28.0606 1432	WinDefend - ok
15:26:28.0606 1432	WinHttpAutoProxySvc - ok
15:26:28.0666 1432	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:26:28.0716 1432	Winmgmt - ok
15:26:28.0776 1432	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:26:28.0816 1432	WinRM - ok
15:26:28.0856 1432	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:26:28.0886 1432	Wlansvc - ok
15:26:28.0946 1432	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:26:28.0966 1432	WmiAcpi - ok
15:26:29.0016 1432	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:26:29.0046 1432	wmiApSrv - ok
15:26:29.0106 1432	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:26:29.0166 1432	WMPNetworkSvc - ok
15:26:29.0216 1432	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:26:29.0256 1432	WPCSvc - ok
15:26:29.0286 1432	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:26:29.0306 1432	WPDBusEnum - ok
15:26:29.0356 1432	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:26:29.0376 1432	ws2ifsl - ok
15:26:29.0396 1432	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
15:26:29.0416 1432	wscsvc - ok
15:26:29.0446 1432	WSearch - ok
15:26:29.0496 1432	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
15:26:29.0536 1432	wuauserv - ok
15:26:29.0576 1432	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:26:29.0606 1432	WudfPf - ok
15:26:29.0626 1432	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:26:29.0656 1432	WUDFRd - ok
15:26:29.0716 1432	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:26:29.0756 1432	wudfsvc - ok
15:26:29.0786 1432	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:26:29.0806 1432	WwanSvc - ok
15:26:29.0836 1432	MBR (0x1B8)     (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0
15:26:31.0896 1432	\Device\Harddisk0\DR0 - ok
15:26:31.0926 1432	Boot (0x1200)   (a96290b5401c2da5a08bb9471d76d503) \Device\Harddisk0\DR0\Partition0
15:26:31.0936 1432	\Device\Harddisk0\DR0\Partition0 - ok
15:26:31.0936 1432	Boot (0x1200)   (046bbd7303f14eb983a3f0c302651470) \Device\Harddisk0\DR0\Partition1
15:26:31.0936 1432	\Device\Harddisk0\DR0\Partition1 - ok
15:26:31.0976 1432	Boot (0x1200)   (376b50b18dd730f4a63e4b8227f4638c) \Device\Harddisk0\DR0\Partition2
15:26:31.0976 1432	\Device\Harddisk0\DR0\Partition2 - ok
15:26:31.0976 1432	============================================================
15:26:31.0976 1432	Scan finished
15:26:31.0976 1432	============================================================
15:26:31.0996 3124	Detected object count: 0
15:26:31.0996 3124	Actual detected object count: 0
         
Grüße
Tobi

Alt 27.03.2012, 14:35   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2012, 14:57   #13
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Und hier die combofix-log:

[Combofix Logfile:
Code:
ATTFilter
ComboFix 12-03-27.02 - noto 27.03.2012  15:41:33.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.2046 [GMT 2:00]
ausgeführt von:: c:\users\noto\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
c:\windows\system32\grpconv.exe fehlte 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-grpconv_31bf3856ad364e35_6.1.7600.16385_none_a25e7b019f016e70\grpconv.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 13:45 . 2012-03-27 13:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-27 13:45 . 2009-07-14 01:14	16384	----a-w-	c:\windows\system32\grpconv.exe
2012-03-27 12:43 . 2012-03-27 12:43	--------	d-----w-	C:\_OTL
2012-03-25 10:26 . 2012-03-25 10:26	--------	d-----w-	c:\program files\ESET
2012-03-23 06:54 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7C34FE01-354D-44F3-8BDF-93940E6859C8}\mpengine.dll
2012-03-22 15:24 . 2012-03-22 15:24	--------	d-----w-	c:\program files\Common Files\Skype
2012-03-22 15:07 . 2012-03-22 15:07	--------	d-----w-	c:\users\noto\AppData\Roaming\Malwarebytes
2012-03-22 15:07 . 2012-03-22 15:07	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-22 15:07 . 2012-03-22 15:07	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-22 15:07 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-15 16:59 . 2012-03-15 16:59	--------	d-----w-	c:\windows\system32\Wat
2012-03-14 12:26 . 2012-03-14 12:26	--------	d--h--w-	c:\users\noto\AppData\Roaming\Dropbox
2012-03-14 08:21 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-14 08:21 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-14 07:48 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 07:48 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 07:46 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 07:46 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 07:46 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 07:46 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 07:46 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 07:46 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-26 15:07 . 2012-02-26 15:07	--------	d-----w-	c:\program files\Veetle
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2010-06-29 13:41	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-22 07:18 . 2011-05-16 15:21	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 08:58 . 2012-02-15 08:55	442880	----a-w-	c:\windows\system32\ntshrui.dll
2011-12-30 05:27 . 2012-02-15 08:55	478720	----a-w-	c:\windows\system32\timedate.cpl
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-30 39408]
"LG LinkAir"="c:\program files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe" [2012-01-07 2450288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2011-09-28 404568]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-16 220744]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [2010-12-23 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [2010-12-23 20736]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [2010-12-23 20096]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [2010-12-23 25088]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-15 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-03-10 249648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2006-11-03 178913]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 21:28]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-30 21:28]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
AddRemove-EVEREST Home Edition_is1 - j:\everest home edition\unins000.exe
AddRemove-Imperialismus - c:\windows\unin0407.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-27  15:54:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-27 13:54
.
Vor Suchlauf: 5 Verzeichnis(se), 860.362.760.192 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 860.559.773.696 Bytes frei
.
- - End Of File - - DCE36E5A4C6D4E044FD2F97FF45D5418
         
--- --- ---


Grüße uns zwischendurch schon mal ein Danke für die Mühe

Übrigens: Oberflächlich sieht es jetzt schon ziemlich gut aus. Bin gespannt auf dein Urteil

Alt 27.03.2012, 15:39   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2012, 16:55   #15
tomabien
 
Hard drive clusters are partly damaged - Standard

Hard drive clusters are partly damaged



Gmer:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-27 17:54:34
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JP4O
Running: 3pvw120o.exe; Driver: C:\Users\noto\AppData\Local\Temp\pwldqpog.sys


---- System - GMER 1.0.15 ----

SSDT            918E8C36                                    ZwCreateSection
SSDT            918E8C3B                                    ZwSetContextThread
SSDT            918E8BD7                                    ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13C1               8347F3D9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2      834B8D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7         834BFEEC 4 Bytes  [36, 8C, 8E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597         834C028C 4 Bytes  [3B, 8C, 8E, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F         834C0364 4 Bytes  [D7, 8B, 8E, 91]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys    section is writeable [0x92014000, 0x2FBAB4, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000046           halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---

[/code]

Osam
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:05:49 on 27.03.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ADB Interface Driver" (androidusb) - ? - C:\Windows\System32\Drivers\lgandadb.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\noto\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz132" (cpuz132) - ? - C:\Users\noto\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"pwldqpog" (pwldqpog) - ? - C:\Users\noto\AppData\Local\Temp\pwldqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  (File not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\noto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"LG LinkAir" - ? - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAir.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"B2C_AGENT" - "LG Electronics" - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"Family Tree Builder Update" - "MyHeritage" - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"IndexSearch" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe
"PPort11reminder" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
"SSBkgdUpdate" - "Nuance Communications, Inc." - "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

und die aswMBR.txt:

Code:
ATTFilter
 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 18:08:17
-----------------------------
18:08:17.665    OS Version: Windows 6.1.7601 Service Pack 1
18:08:17.665    Number of processors: 2 586 0x170A
18:08:17.667    ComputerName: NOTO-PC  UserName: noto
18:08:20.364    Initialize success
18:10:40.399    AVAST engine defs: 12032701
18:12:09.225    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:12:09.225    Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
18:12:09.325    Disk 0 MBR read successfully
18:12:09.325    Disk 0 MBR scan
18:12:09.335    Disk 0 unknown MBR code
18:12:09.345    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:12:09.395    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       911782 MB offset 206848
18:12:09.475    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 1867536384
18:12:09.505    Disk 0 Partition 4 00     12  Compaq diag NTFS         1025 MB offset 1951422464
18:12:09.545    Disk 0 scanning sectors +1953521664
18:12:09.815    Disk 0 scanning C:\Windows\system32\drivers
18:12:56.245    Service scanning
18:13:13.435    Modules scanning
18:14:11.796    Disk 0 trace - called modules:
18:14:11.826    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
18:14:11.836    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x885827c8]
18:14:11.836    3 CLASSPNP.SYS[8bf8b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x866de028]
18:14:15.206    AVAST engine scan C:\Windows
18:18:22.927    AVAST engine scan C:\Windows\system32
18:23:39.608    AVAST engine scan C:\Windows\system32\drivers
18:23:52.798    AVAST engine scan C:\Users\noto
18:27:28.365    File: C:\Users\noto\AppData\Local\Temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen
18:27:28.675    File: C:\Users\noto\AppData\Local\Temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen
18:37:04.912    AVAST engine scan C:\ProgramData
18:37:41.922    Scan finished successfully
19:04:05.419    Disk 0 MBR has been saved successfully to "C:\Users\noto\Desktop\MBR.dat"
19:04:05.419    The log file has been saved successfully to "C:\Users\noto\Desktop\aswMBR.txt"
         

Geändert von tomabien (27.03.2012 um 17:07 Uhr)

Antwort

Themen zu Hard drive clusters are partly damaged
administrator, autostart, avira, bingbar, dateien, dateisystem, defender, desktop, explorer, fehlermeldung, folge, forum, gelöscht, google, harddisk, heuristiks/extra, heuristiks/shuriken, malwarebytes, microsoft, object, office, rootkit, seite, server, software, suche, system32, temp, trojan.agent.ge, windows media player



Ähnliche Themen: Hard drive clusters are partly damaged


  1. Hard drive clusters are partly damaged - Daten retten?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (5)
  2. Damaged Hard Drive Clusters Detected
    Log-Analyse und Auswertung - 18.03.2012 (4)
  3. Critical Error Damaged hard Drive Clusters detected
    Log-Analyse und Auswertung - 03.03.2012 (6)
  4. Hard drive clusters are partly damaged / Windows - Delayed Write Failed / Critical Error und andere
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (1)
  5. damaged hard drive Clusters detected
    Log-Analyse und Auswertung - 15.01.2012 (9)
  6. Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected
    Plagegeister aller Art und deren Bekämpfung - 31.05.2011 (28)
  7. Critical Disk Hard Drive Error
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (1)
  8. [Wichtig] critical error hard drive not found und die anderen Übeltäter
    Log-Analyse und Auswertung - 17.04.2011 (27)
  9. Hard Drive damage - 33% der Harddisk nicht lesbar
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (5)
  10. TR/Crypt.XPACK.Gen von Antivir gefunden und Windwosmeldung ``Damaged hard disk clusters detected ``
    Plagegeister aller Art und deren Bekämpfung - 04.04.2011 (18)
  11. Critical Hard Disk, Hard Drive not found usw.
    Plagegeister aller Art und deren Bekämpfung - 16.02.2011 (5)
  12. A critical error has occurred while indexing data stored on hard drive.
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (1)
  13. HDD Low Critical Error, Damaged Hard Drive - Problem mit OTL
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (13)
  14. HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected
    Plagegeister aller Art und deren Bekämpfung - 27.12.2010 (41)
  15. Hard Drive Diagnostic entfernen
    Anleitungen, FAQs & Links - 04.12.2010 (2)
  16. schwarzer Bildschirm (...Partition damaged...) nix geht mehr
    Plagegeister aller Art und deren Bekämpfung - 25.03.2010 (1)
  17. automatischer Seitenaufbau zu upd.extr3me.com.ar + upd.damaged.com.ar
    Plagegeister aller Art und deren Bekämpfung - 17.04.2006 (5)

Zum Thema Hard drive clusters are partly damaged - Hallo, ich hatte die Fehlermeldung "Hard drive clusters are partly damaged", fand viele Dateien nicht mehr, Bildschirmhintergrund war schwarz und es kamen ganz viele Fehlermeldungen. Habe dann bei der Suche - Hard drive clusters are partly damaged...
Archiv
Du betrachtest: Hard drive clusters are partly damaged auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.