|
Log-Analyse und Auswertung: smart fortress 2012, wie entfernen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.04.2012, 20:25 | #1 |
| smart fortress 2012, wie entfernen? Hallo, ich bin froh euer Forum gefunden zu haben und hoffe, dass Ihr mir helfen könnt. Bitte entschuldigt ggf. falsche Ausdrücke, ich bin nur ein Laie in Sachen Computern, wenn etwas nicht klar ist - einfach fragen. Letzte Woche habe ich mir smart fortress 2012 eingefangen. Alles hat damit angefangen das ich meinen PC angemacht habe und auf einmal eine Art Virenscanner den ich nicht kannte angeblich mein System gecheckt hat und dabei 39 Gefahren / Viren etc. gefunden hat. Ich sollte eine kostenpflichtige Version des Programmes kaufen. Das habe ich natürlich nicht gemacht. Außerdem hat dieses Programm das Öffnen diverser anderer Programme (Virenscanner, Word, Systemsteuerung usw.) verhindert. Auch ins Internet bin ich über die normale Einwahlsoftware meines Anbieters nicht mehr gekommen. Nach ein paar Minuten hatte ich außerdem einen Bluescreen der PC wurde automatisch heruntergefahren und neugestartet. Auch beim Neustart meldete sich smart fortress mit der selben Meldung. Ich habe ihn dann nur noch ausgemacht und meinen Onlinebankingaccount über die Hotline sperren lassen. Auf dem Desctop hatte ich ein rotes Icon von smart fortess. Über Ostern war ich nicht da und wollte mich jetzt diese Woche daran machen meinen Rechner zu säubern. Ich habe meinen Rechner normal angemacht und smart fortress meldet sich nicht mehr. Aus dem roten Icon auf dem Desctop ist jetzt eine anders aussehende Verknüpfung geworden. Es läuft auch soweit alles wieder wie vorher. Ich kann ins Internet und meine Programme laufen soweit ich das überblicken kann auch alle wieder. Im Startmenue ist noch ein Ordner von smart fortress, auch unter den installierten Programmen in der Systemsteuerung wird es aufgeführt. Es war in der zwischenzeit definitiv niemand an meinem Rechner. Aufgefallen ist mir nur das mein Rechner beim hochfahren auf einmal sehr laut ist. Im normalen Betrieb ist dies nicht der Fall. Keine Ahnung ob das mit smart fortess zusammen hängt oder eher damit das mein Rechner nicht mehr der Neueste ist. Am Mittwoch habe ich mit Bullguard mein System durchsucht. Das Protokoll hänge ich an. Heute habe ich dann wie in eurer Anleitung angeben rkill laufen lassen. Es hat aber anscheinend nichts gefunden, zumindest laut dem log danach. Es standen keine Prozesse da die er beendet hat. Danach habe ich ich meinen Rechner mit Malwarebytes gescannt. Log Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.14.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Janet :: JANET-PC [Administrator] 14.04.2012 17:58:20 mbam-log-2012-04-14 (17-58-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 466690 Laufzeit: 1 Stunde(n), 46 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Vielen Dank schon mal für eure Hilfe. |
15.04.2012, 19:19 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart fortress 2012, wie entfernen? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
15.04.2012, 19:31 | #3 |
| smart fortress 2012, wie entfernen? Hallo Arne,
__________________danke das Du mir helfen wirst. Ich habe Malewarebytes gestern erst installiert. Vormittags hatte ich erst einen Quickscan gemacht und den vollständigen scan abgebrochen, da ich keine Zeit mehr hatte. Den vollständigen Scan hatte ich dann am Abend noch gemacht. Hier noch die Logs von den Beiden o.g. Scans. Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.14.02 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Janet :: JANET-PC [Administrator] 14.04.2012 12:26:44 mbam-log-2012-04-14 (12-26-44).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200565 Laufzeit: 9 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.14.02 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Janet :: JANET-PC [Administrator] 14.04.2012 12:37:27 mbam-log-2012-04-14 (12-37-27).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200655 Laufzeit: 45 Minute(n), 26 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
15.04.2012, 21:09 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart fortress 2012, wie entfernen? Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
16.04.2012, 04:51 | #5 |
| smart fortress 2012, wie entfernen? Guten Morgen Arne, Eset ist gerade fertig geworden und hat leider einiges gefunden. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3e12385e2eef9f498824378235e4e0cd # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-04-16 03:38:13 # local_time=2012-04-16 05:38:13 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=4609 16776893 80 79 112620396 168082288 0 0 # compatibility_mode=5892 16776573 100 100 81256 172055402 0 0 # compatibility_mode=8192 67108863 100 0 213 213 0 0 # scanned=310336 # found=6 # cleaned=0 # scan_time=24819 C:\Program Files\BullGuard Software\BullGuard\update\fix-ang.exe probably a variant of Win32/Agent.DZEHFYW trojan (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\BullGuard\LiveUpdate\Download\Files\LiveUpdate\${APPDIR}\update\fix-ang.exe.gz probably a variant of Win32/Agent.DZEHFYW trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\BullGuard\LiveUpdate\Download\Files\LiveUpdate\${APPDIR}\update\fix-ang.exe.gz probably a variant of Win32/Agent.DZEHFYW trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Janet\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1fb60693-26ab4ab2 Java/TrojanDownloader.Agent.AB trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Janet\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\53fd2b38-4685fb5a Java/TrojanDownloader.Agent.NAM trojan (unable to clean) 00000000000000000000000000000000 I D:\TOOLS\Nero Burning ROM 8 Update\Nero-8.2.8.0_deu_update.exe Win32/Toolbar.AskSBar application (unable to clean) 00000000000000000000000000000000 I |
16.04.2012, 11:37 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart fortress 2012, wie entfernen? Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> smart fortress 2012, wie entfernen? |
16.04.2012, 18:00 | #7 |
| smart fortress 2012, wie entfernen? Sorry das ich jetzt erst antworte, bin tagsüber auf Arbeit und kann mich daher nur Abends melden. zu 1.) Was meinst Du mit uneingeschränkt? Ich würde sagen, ja. Internet funktioniert, Programme funktionieren, keine Fehlermeldungen / Bluescreens etc. Auch keine Meldungen mehr von Smart fortress. Die Programme die vorher gesperrt waren wegen angeblichen Virenbefall funktionieren wieder. Ich komme auch in die Systemsteuerung wieder. Ich würde sagen: alles ok. zu 2.) Im Startmenue unter alle Programme ist alles vorhanden. Es gibt keine leeren Ordner. Es gibt aber einen zusätzlichen Ordner "smart fortress 2012" der wohl die Verknüpfung enthält die auch auf meinem Desktop ist. |
16.04.2012, 20:19 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart fortress 2012, wie entfernen? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
17.04.2012, 18:03 | #9 |
| smart fortress 2012, wie entfernen? OTL.Txt Code:
ATTFilter OTL logfile created on: 17.04.2012 18:26:28 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Janet\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 51,91% Memory free 4,23 Gb Paging File | 2,80 Gb Available in Paging File | 66,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 255,52 Gb Free Space | 57,32% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,68 Gb Free Space | 53,40% Space Free | Partition Type: FAT32 Computer Name: JANET-PC | User Name: Janet | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.04.17 18:21:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Janet\Downloads\OTL.exe PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2009.05.06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.02.06 18:51:28 | 003,885,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.04.13 12:13:16 | 000,308,552 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuard.exe PRC - [2008.03.16 11:33:50 | 000,718,152 | ---- | M] (BullGuard Software) -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe PRC - [2008.03.06 17:13:36 | 000,403,968 | ---- | M] (Hansenet) -- C:\Programme\Alice\Signup\AliceCnn.exe PRC - [2008.02.07 11:35:44 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.11.30 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEAE.EXE PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe PRC - [2007.04.13 19:14:28 | 000,016,384 | ---- | M] (Empolis GmbH) -- C:\Programme\Medion\MEDIONbox\Program\GCS.exe PRC - [2007.04.13 19:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007.03.24 22:44:20 | 000,114,688 | ---- | M] () -- C:\Programme\Alice\Signup\sys.plg MOD - [2007.02.12 18:54:30 | 000,253,952 | ---- | M] () -- C:\Programme\Alice\Signup\dslsetup.plg MOD - [2005.10.04 18:28:40 | 000,081,920 | ---- | M] () -- C:\Programme\Alice\Signup\htmlpars.plg MOD - [2005.09.23 19:10:22 | 000,081,920 | ---- | M] () -- C:\Programme\Alice\Signup\alice.plg MOD - [2005.08.17 20:36:28 | 000,090,112 | ---- | M] () -- C:\Programme\Alice\Signup\Support.plg MOD - [2005.04.15 13:35:50 | 000,077,824 | ---- | M] () -- C:\Programme\Alice\Signup\SueDsl.plg ========== Win32 Services (SafeList) ========== SRV - [2012.04.12 20:10:56 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.05.06 19:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.09.19 19:47:16 | 000,107,848 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.03.20 14:07:16 | 000,058,696 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMailProxy.dll -- (BsMailProxy) SRV - [2008.03.16 11:33:50 | 000,718,152 | ---- | M] (BullGuard Software) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BullGuardUpdate.exe -- (BGLiveSvc) SRV - [2008.03.16 11:33:40 | 000,083,272 | ---- | M] (BullGuard, Ltd.) [Auto | Running] -- C:\Programme\BullGuard Software\BullGuard\BsMain.dll -- (BgMainSvc) SRV - [2008.02.07 11:35:44 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.08.16 11:31:40 | 001,681,408 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Programme\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2007.04.13 19:14:26 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto | Running] -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe -- (GnabService) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.04.10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2008.03.16 11:33:55 | 000,050,896 | ---- | M] (BullGuard Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BdFileSpy.sys -- (BdFileSpy) DRV - [2008.02.27 21:31:13 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008.02.27 21:31:12 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.11.18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.09.21 11:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.16 13:07:58 | 000,016,984 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\BullGuard Software\BullGuard\Reconn.sys -- (Reconn) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNMp50.sys -- (PDNMp50) DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PDNSp50.sys -- (PDNSp50) DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_deDE265 IE - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Janet\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.19 22:03:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.15 15:08:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2008.03.16 17:27:08 | 000,000,000 | ---D | M] [2009.10.10 17:56:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Extensions [2012.04.16 21:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janet\AppData\Roaming\mozilla\Firefox\Profiles\jnqba3oc.default\extensions [2011.04.27 00:18:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Janet\AppData\Roaming\mozilla\Firefox\Profiles\jnqba3oc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.10 21:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.12.10 23:01:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} [2011.12.10 23:01:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009.08.24 21:25:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.08.24 21:25:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.08.24 21:25:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.08.24 21:25:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.08.24 21:25:19 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\bullguard.exe (BullGuard Software) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003..\Run: [BullGuard] C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe (BullGuard Software) O4 - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003..\Run: [EPSON Stylus S20 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O7 - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Felder mit Bestellhelfer ausfüllen - C:\Program Files\DHL\DHL Bestellhelfer\fillFormContext.html () O8 - Extra context menu item: Felder mit Bestellhelfer merken - C:\Program Files\DHL\DHL Bestellhelfer\assignContext.html () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : DHL Bestellhelfer - {AC38BD53-2101-4ec8-A4D7-D1E58C690E71} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\..Trusted Domains: fernuni-hagen.de ([ca] https in Trusted sites) O15 - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\..Trusted Domains: fernuni-hagen.de ([pos] https in Trusted sites) O15 - HKU\S-1-5-21-2593873034-2721537522-2536930808-1003\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} hxxp://www.psapoll.com/CopyGuardIE.cab (CopyGuardCtrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228413342227 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E9B39AC7-B9FB-48CA-84A0-1659A05C0008} hxxp://www.wohnmoebel.de/priess/install/KPSA-home%20Priess.cab (ActiveFormX Element) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A534F7E-8C94-48C5-ADAD-357149947882}: NameServer = 62.109.123.196 213.191.74.18 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Janet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Janet\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3ec20133-237a-11df-b2ac-001d9260e62a}\Shell - "" = AutoRun O33 - MountPoints2\{3ec20133-237a-11df-b2ac-001d9260e62a}\Shell\AutoRun\command - "" = I:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {01494900-0430-8926-D5BF-8A8312738D21} - ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {04A3CF90-110D-EA28-3551-A6DA209B1F6B} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.04.15 22:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.04.15 19:58:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices [2012.04.15 00:08:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES [2012.04.15 00:08:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES [2012.04.15 00:08:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN [2012.04.14 23:43:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.04.14 22:57:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.04.14 22:08:27 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Roaming\InstallShield [2012.04.14 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.04.14 21:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.04.14 12:25:04 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Roaming\Malwarebytes [2012.04.14 12:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.04.14 12:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.04.14 12:24:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.14 12:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.04.02 20:45:25 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012 [2012.04.02 20:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F2C00016056000AD65EEEC1FB6E [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.04.17 18:37:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.04.17 18:21:34 | 000,698,904 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.17 18:21:34 | 000,655,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.17 18:21:34 | 000,156,140 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.17 18:21:34 | 000,128,206 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.17 18:13:26 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.04.17 18:13:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 18:13:17 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.04.17 18:13:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.17 18:13:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.04.17 18:12:47 | 2146,709,504 | -HS- | M] () -- C:\hiberfil.sys [2012.04.16 01:45:04 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.04.15 20:00:43 | 000,425,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.04.15 19:56:59 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.04.15 19:56:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.04.15 17:34:52 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2012.04.15 17:34:51 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2012.04.15 17:34:19 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.04.15 15:08:34 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2012.04.14 21:20:20 | 000,032,621 | ---- | M] () -- C:\Users\Janet\Desktop\Log#0.zip [2012.04.10 20:57:01 | 000,001,356 | ---- | M] () -- C:\Users\Janet\AppData\Local\d3d9caps.dat [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.02 20:45:25 | 000,001,040 | ---- | M] () -- C:\Users\Janet\Desktop\Smart Fortress 2012.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.15 19:56:59 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2012.04.15 19:56:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf [2012.04.15 17:34:19 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.04.15 14:52:21 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2012.04.15 14:52:21 | 000,001,891 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk [2012.04.14 23:10:21 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf [2012.04.14 23:10:13 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml [2012.04.14 23:10:12 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml [2012.04.14 23:09:13 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf [2012.04.14 23:09:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.04.14 23:09:00 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf [2012.04.14 23:06:45 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF [2012.04.14 23:06:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.04.14 23:05:59 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs [2012.04.14 23:05:56 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man [2012.04.14 23:05:46 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2012.04.14 21:20:20 | 000,032,621 | ---- | C] () -- C:\Users\Janet\Desktop\Log#0.zip [2012.04.12 20:10:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.04.10 21:06:36 | 2146,709,504 | -HS- | C] () -- C:\hiberfil.sys [2012.04.02 20:45:25 | 000,001,040 | ---- | C] () -- C:\Users\Janet\Desktop\Smart Fortress 2012.lnk [2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.01.28 20:53:03 | 000,000,808 | ---- | C] () -- C:\Windows\wiso.ini [2010.08.03 19:33:15 | 000,000,580 | ---- | C] () -- C:\Windows\eReg.dat [2010.07.07 19:15:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin ========== LOP Check ========== [2011.11.12 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Amazon [2011.02.11 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Buhl Data Service [2008.02.07 12:40:48 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Buhl Data Service GmbH [2009.05.23 11:05:51 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\BullGuard [2008.05.25 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Canon [2009.05.25 02:02:01 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\gtk-2.0 [2008.05.24 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Haufe [2008.10.18 22:31:23 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Leadertech [2008.05.24 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Lexware [2009.11.22 14:55:34 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\MAGIX [2012.03.07 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Origin [2008.06.22 10:01:31 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Panasonic [2008.04.18 19:51:28 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Sonavis [2008.02.10 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Template [2008.02.07 19:30:44 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\TVcentral-Core [2008.02.07 21:00:07 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\VMedia [2008.11.19 20:21:31 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Wildlife Park 2 [2008.11.19 21:14:18 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2008.11.19 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Wildlife Park 2 - Marine World [2012.04.16 23:05:46 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.27 11:21:03 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Adobe [2011.11.12 23:19:00 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Amazon [2011.11.14 23:30:19 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Apple Computer [2011.02.11 22:28:08 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Buhl Data Service [2008.02.07 12:40:48 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Buhl Data Service GmbH [2009.05.23 11:05:51 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\BullGuard [2008.05.25 19:46:23 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Canon [2009.05.09 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\CyberLink [2010.01.14 21:51:02 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\DivX [2008.03.07 16:52:43 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Google [2009.05.25 02:02:01 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\gtk-2.0 [2008.05.24 20:53:37 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Haufe [2008.02.07 11:46:25 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Identities [2012.04.14 22:08:27 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\InstallShield [2008.10.18 22:31:23 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Leadertech [2008.05.24 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Lexware [2008.03.06 17:21:11 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Macromedia [2009.11.22 14:55:34 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\MAGIX [2012.04.14 12:25:04 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Media Center Programs [2011.10.30 22:18:11 | 000,000,000 | --SD | M] -- C:\Users\Janet\AppData\Roaming\Microsoft [2010.02.28 13:37:43 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Microsoft Games [2009.10.10 17:56:38 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Mozilla [2008.02.07 11:46:43 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Nero [2012.03.07 20:19:31 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Origin [2008.06.22 10:01:31 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Panasonic [2009.12.18 18:36:48 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Real [2008.04.18 19:51:28 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Sonavis [2008.02.10 20:14:48 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Template [2008.02.07 19:30:44 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\TVcentral-Core [2008.02.07 21:00:07 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\VMedia [2008.11.19 20:21:31 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Wildlife Park 2 [2008.11.19 21:14:18 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2008.11.19 20:28:48 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\Wildlife Park 2 - Marine World [2008.04.06 10:36:51 | 000,000,000 | ---D | M] -- C:\Users\Janet\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.07.11 14:31:33 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Janet\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.06.15 21:46:50 | 002,605,008 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Janet\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2010.09.23 22:02:11 | 000,001,406 | R--- | M] () -- C:\Users\Janet\AppData\Roaming\Microsoft\Installer\{B033CE38-B38A-4920-8556-AE38E553680A}\_6FEFF9B68218417F98F549.exe [2009.06.04 17:33:17 | 000,010,134 | R--- | M] () -- C:\Users\Janet\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2009.12.16 22:11:19 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Janet\AppData\Roaming\Real\Update\setup3.09\setup.exe [2010.05.30 18:21:30 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Janet\AppData\Roaming\Real\Update\setup3.10\setup.exe [2011.01.18 21:19:04 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Janet\AppData\Roaming\Real\Update\setup3.13\setup.exe [2011.11.18 22:35:36 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Janet\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe [2011.11.26 12:22:04 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Janet\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe [2011.11.26 12:21:20 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Janet\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.03.08 22:41:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.03.08 22:41:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.03.08 22:41:33 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.03.08 22:41:33 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 22:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.10 23:28:22 | 000,179,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msnetobj.dll < > < End of report > |
17.04.2012, 19:01 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart fortress 2012, wie entfernen? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3ec20133-237a-11df-b2ac-001d9260e62a}\Shell - "" = AutoRun O33 - MountPoints2\{3ec20133-237a-11df-b2ac-001d9260e62a}\Shell\AutoRun\command - "" = I:\Autorun.exe [2012.04.02 20:45:25 | 000,000,000 | ---D | C] -- C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012 [2012.04.02 20:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F2C00016056000AD65EEEC1FB6E [2012.04.02 20:45:25 | 000,001,040 | ---- | M] () -- C:\Users\Janet\Desktop\Smart Fortress 2012.lnk :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.04.2012, 19:34 | #11 |
| smart fortress 2012, wie entfernen? Windows hat mitten beim Fix gemeldet das OTL nicht mehr funktioniert und geschlossen werden muss. Danach hatte ich auf meinem Desktop keine Symbole mehr und der Rechner hat auf nichts mehr reagiert außer auf Strg + Alt + Entf. Habe den PC runter gefahren und wieder angemacht. Soll ich es noch mal probieren? |
17.04.2012, 19:59 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart fortress 2012, wie entfernen? Wiederhol den Fix im abgesicherten Modus bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
17.04.2012, 20:16 | #13 |
| smart fortress 2012, wie entfernen? Im abgesicherten Modus hat es dann geklappt. Ach ja was mir aufgefallen ist und vlt. die Einträge im Log erklärt. Nach dem ersten Fixversuch waren schon der Ordner im Startmenue und das Desktopsymbol von smart fortress weg. Allerdings war an der Stelle des Symbols eine neue Datei "Desktop.ini". Die ist jetzt nach dem hoffentlich geglückten Fix auch weg. Ein Neustart wurde zum Löschen der Dateien auch verlangt und durchgeführt. Hier das Log. Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File C:\autoexec.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ec20133-237a-11df-b2ac-001d9260e62a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ec20133-237a-11df-b2ac-001d9260e62a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ec20133-237a-11df-b2ac-001d9260e62a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ec20133-237a-11df-b2ac-001d9260e62a}\ not found. File I:\Autorun.exe not found. Folder C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012\ not found. Folder C:\ProgramData\F4D55F2C00016056000AD65EEEC1FB6E\ not found. File C:\Users\Janet\Desktop\Smart Fortress 2012.lnk not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Janet ->Temp folder emptied: 36212 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 20141539 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 366732162 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 369,00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Janet ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.39.2 log created on 04172012_210904 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
18.04.2012, 09:02 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart fortress 2012, wie entfernen? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.04.2012, 18:05 | #15 |
| smart fortress 2012, wie entfernen? Hier das Log Code:
ATTFilter 18:55:31.0572 6012 TDSS rootkit removing tool 2.7.29.0 Apr 18 2012 16:44:20 18:55:32.0352 6012 ============================================================ 18:55:32.0352 6012 Current date / time: 2012/04/18 18:55:32.0352 18:55:32.0352 6012 SystemInfo: 18:55:32.0352 6012 18:55:32.0352 6012 OS Version: 6.0.6002 ServicePack: 2.0 18:55:32.0352 6012 Product type: Workstation 18:55:32.0352 6012 ComputerName: JANET-PC 18:55:32.0352 6012 UserName: Janet 18:55:32.0352 6012 Windows directory: C:\Windows 18:55:32.0352 6012 System windows directory: C:\Windows 18:55:32.0352 6012 Processor architecture: Intel x86 18:55:32.0352 6012 Number of processors: 2 18:55:32.0352 6012 Page size: 0x1000 18:55:32.0352 6012 Boot type: Normal boot 18:55:32.0352 6012 ============================================================ 18:55:33.0600 6012 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 18:55:33.0646 6012 \Device\Harddisk0\DR0: 18:55:33.0662 6012 MBR partitions: 18:55:33.0662 6012 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B8418F 18:55:33.0678 6012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x37B8420D, BlocksNum 0x2800A34 18:55:33.0756 6012 C: <-> \Device\Harddisk0\DR0\Partition0 18:55:33.0756 6012 D: <-> \Device\Harddisk0\DR0\Partition1 18:55:33.0756 6012 Initialize success 18:55:33.0756 6012 ============================================================ 19:01:03.0836 4700 ============================================================ 19:01:03.0836 4700 Scan started 19:01:03.0836 4700 Mode: Manual; SigCheck; TDLFS; 19:01:03.0836 4700 ============================================================ 19:01:04.0132 4700 3xHybrid (651c54ac4ec5c5397c5aff5d575ca45b) C:\Windows\system32\DRIVERS\3xHybrid.sys 19:01:04.0491 4700 3xHybrid - ok 19:01:04.0569 4700 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys 19:01:04.0694 4700 61883 - ok 19:01:04.0819 4700 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 19:01:04.0850 4700 ACPI - ok 19:01:05.0022 4700 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 19:01:05.0053 4700 AdobeARMservice - ok 19:01:05.0209 4700 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 19:01:05.0256 4700 AdobeFlashPlayerUpdateSvc - ok 19:01:05.0349 4700 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 19:01:05.0380 4700 adp94xx - ok 19:01:05.0427 4700 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 19:01:05.0443 4700 adpahci - ok 19:01:05.0474 4700 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 19:01:05.0490 4700 adpu160m - ok 19:01:05.0521 4700 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 19:01:05.0552 4700 adpu320 - ok 19:01:05.0583 4700 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 19:01:05.0724 4700 AeLookupSvc - ok 19:01:05.0786 4700 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 19:01:05.0895 4700 AFD - ok 19:01:05.0911 4700 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 19:01:05.0942 4700 agp440 - ok 19:01:05.0973 4700 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 19:01:05.0989 4700 aic78xx - ok 19:01:06.0036 4700 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 19:01:06.0067 4700 ALG - ok 19:01:06.0098 4700 aliide (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys 19:01:06.0114 4700 aliide - ok 19:01:06.0145 4700 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 19:01:06.0160 4700 amdagp - ok 19:01:06.0176 4700 amdide (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys 19:01:06.0192 4700 amdide - ok 19:01:06.0207 4700 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 19:01:06.0348 4700 AmdK7 - ok 19:01:06.0348 4700 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 19:01:06.0426 4700 AmdK8 - ok 19:01:06.0472 4700 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 19:01:06.0535 4700 Appinfo - ok 19:01:06.0722 4700 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:01:06.0753 4700 Apple Mobile Device - ok 19:01:06.0769 4700 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 19:01:06.0800 4700 arc - ok 19:01:06.0816 4700 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 19:01:06.0831 4700 arcsas - ok 19:01:07.0128 4700 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 19:01:07.0174 4700 aspnet_state - ok 19:01:07.0268 4700 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 19:01:07.0315 4700 AsyncMac - ok 19:01:07.0346 4700 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 19:01:07.0362 4700 atapi - ok 19:01:07.0518 4700 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\Windows\system32\DRIVERS\atksgt.sys 19:01:07.0580 4700 atksgt - ok 19:01:07.0642 4700 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 19:01:07.0689 4700 AudioEndpointBuilder - ok 19:01:07.0720 4700 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 19:01:07.0736 4700 Audiosrv - ok 19:01:07.0767 4700 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys 19:01:07.0845 4700 Avc - ok 19:01:07.0892 4700 BdFileSpy (49ea1829ad8fe3bc7e56b81ec4922be5) C:\Windows\system32\drivers\BdFileSpy.sys 19:01:07.0923 4700 BdFileSpy - ok 19:01:07.0970 4700 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 19:01:08.0032 4700 Beep - ok 19:01:08.0142 4700 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 19:01:08.0188 4700 BFE - ok 19:01:08.0344 4700 BGLiveSvc (a657a7530574b823dc680101ed69b04f) C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe 19:01:08.0407 4700 BGLiveSvc ( UnsignedFile.Multi.Generic ) - warning 19:01:08.0407 4700 BGLiveSvc - detected UnsignedFile.Multi.Generic (1) 19:01:08.0469 4700 BgMainSvc (99473441bdb18ec05b3a0704857ed107) C:\Program Files\BullGuard Software\BullGuard\BsMain.dll 19:01:08.0485 4700 BgMainSvc - ok 19:01:08.0578 4700 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 19:01:08.0656 4700 BITS - ok 19:01:08.0672 4700 blbdrive - ok 19:01:08.0968 4700 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 19:01:09.0000 4700 Bonjour Service - ok 19:01:09.0093 4700 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 19:01:09.0156 4700 bowser - ok 19:01:09.0202 4700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 19:01:09.0249 4700 BrFiltLo - ok 19:01:09.0249 4700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 19:01:09.0296 4700 BrFiltUp - ok 19:01:09.0327 4700 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 19:01:09.0390 4700 Browser - ok 19:01:09.0390 4700 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 19:01:09.0452 4700 Brserid - ok 19:01:09.0499 4700 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 19:01:09.0592 4700 BrSerWdm - ok 19:01:09.0624 4700 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 19:01:09.0670 4700 BrUsbMdm - ok 19:01:09.0702 4700 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 19:01:09.0780 4700 BrUsbSer - ok 19:01:09.0904 4700 BsFileScan (14097adfb42c1c2a1c1bf04ee165125b) C:\Program Files\BullGuard Software\BullGuard\BsFileScan.dll 19:01:09.0936 4700 BsFileScan - ok 19:01:09.0982 4700 BsMailProxy (951ba32e312c68ec8fd725eee7db5d60) C:\Program Files\BullGuard Software\BullGuard\BsMailProxy.dll 19:01:09.0998 4700 BsMailProxy - ok 19:01:10.0014 4700 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 19:01:10.0092 4700 BTHMODEM - ok 19:01:10.0154 4700 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 19:01:10.0185 4700 cdfs - ok 19:01:10.0216 4700 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 19:01:10.0263 4700 cdrom - ok 19:01:10.0326 4700 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 19:01:10.0372 4700 CertPropSvc - ok 19:01:10.0388 4700 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 19:01:10.0450 4700 circlass - ok 19:01:10.0466 4700 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 19:01:10.0497 4700 CLFS - ok 19:01:10.0575 4700 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:01:10.0591 4700 clr_optimization_v2.0.50727_32 - ok 19:01:10.0856 4700 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:01:10.0950 4700 clr_optimization_v4.0.30319_32 - ok 19:01:10.0965 4700 cmdide (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys 19:01:10.0981 4700 cmdide - ok 19:01:10.0996 4700 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 19:01:11.0012 4700 Compbatt - ok 19:01:11.0028 4700 COMSysApp - ok 19:01:11.0043 4700 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 19:01:11.0059 4700 crcdisk - ok 19:01:11.0074 4700 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 19:01:11.0199 4700 Crusoe - ok 19:01:11.0262 4700 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 19:01:11.0293 4700 CryptSvc - ok 19:01:11.0355 4700 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 19:01:11.0433 4700 DcomLaunch - ok 19:01:11.0480 4700 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 19:01:11.0605 4700 DfsC - ok 19:01:11.0714 4700 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 19:01:11.0901 4700 DFSR - ok 19:01:11.0964 4700 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 19:01:12.0010 4700 Dhcp - ok 19:01:12.0042 4700 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 19:01:12.0073 4700 disk - ok 19:01:12.0120 4700 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 19:01:12.0182 4700 Dnscache - ok 19:01:12.0229 4700 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 19:01:12.0291 4700 dot3svc - ok 19:01:12.0322 4700 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 19:01:12.0385 4700 DPS - ok 19:01:12.0432 4700 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 19:01:12.0463 4700 drmkaud - ok 19:01:12.0494 4700 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 19:01:12.0525 4700 DXGKrnl - ok 19:01:12.0603 4700 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 19:01:12.0681 4700 E1G60 - ok 19:01:12.0744 4700 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 19:01:12.0775 4700 EapHost - ok 19:01:12.0837 4700 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 19:01:12.0884 4700 Ecache - ok 19:01:12.0993 4700 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 19:01:13.0024 4700 ehRecvr - ok 19:01:13.0056 4700 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 19:01:13.0102 4700 ehSched - ok 19:01:13.0134 4700 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 19:01:13.0149 4700 ehstart - ok 19:01:13.0196 4700 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 19:01:13.0243 4700 elxstor - ok 19:01:13.0305 4700 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 19:01:13.0399 4700 EMDMgmt - ok 19:01:13.0477 4700 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 19:01:13.0555 4700 EventSystem - ok 19:01:13.0602 4700 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 19:01:13.0664 4700 exfat - ok 19:01:13.0773 4700 Fabs - ok 19:01:13.0836 4700 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 19:01:13.0914 4700 fastfat - ok 19:01:13.0960 4700 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 19:01:14.0038 4700 fdc - ok 19:01:14.0070 4700 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 19:01:14.0101 4700 fdPHost - ok 19:01:14.0116 4700 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 19:01:14.0179 4700 FDResPub - ok 19:01:14.0226 4700 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 19:01:14.0257 4700 FileInfo - ok 19:01:14.0272 4700 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 19:01:14.0319 4700 Filetrace - ok 19:01:15.0052 4700 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 19:01:15.0255 4700 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 19:01:15.0255 4700 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 19:01:15.0567 4700 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 19:01:15.0645 4700 flpydisk - ok 19:01:15.0770 4700 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 19:01:15.0801 4700 FltMgr - ok 19:01:16.0051 4700 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 19:01:16.0129 4700 FontCache - ok 19:01:16.0222 4700 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:01:16.0254 4700 FontCache3.0.0.0 - ok 19:01:16.0269 4700 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys 19:01:16.0316 4700 Fs_Rec - ok 19:01:16.0394 4700 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 19:01:16.0410 4700 gagp30kx - ok 19:01:16.0488 4700 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:01:16.0503 4700 GEARAspiWDM - ok 19:01:16.0550 4700 GnabService (51b2d8629e1a0f463682f365d56325cb) c:\program files\common files\gnab\service\servicecontroller.exe 19:01:16.0597 4700 GnabService ( UnsignedFile.Multi.Generic ) - warning 19:01:16.0597 4700 GnabService - detected UnsignedFile.Multi.Generic (1) 19:01:16.0675 4700 GoogleDesktopManager (4a381768fcaf9096ec96a29f9602a3ed) C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe 19:01:16.0706 4700 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning 19:01:16.0706 4700 GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1) 19:01:16.0940 4700 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 19:01:17.0002 4700 gpsvc - ok 19:01:17.0112 4700 gupdate1c99423b8ae4260 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 19:01:17.0174 4700 gupdate1c99423b8ae4260 - ok 19:01:17.0221 4700 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe 19:01:17.0221 4700 gupdatem - ok 19:01:17.0299 4700 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 19:01:17.0346 4700 gusvc - ok 19:01:17.0736 4700 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 19:01:17.0907 4700 HdAudAddService - ok 19:01:18.0110 4700 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:01:18.0204 4700 HDAudBus - ok 19:01:18.0250 4700 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 19:01:18.0313 4700 HidBth - ok 19:01:18.0344 4700 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 19:01:18.0391 4700 HidIr - ok 19:01:18.0500 4700 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 19:01:18.0594 4700 hidserv - ok 19:01:18.0656 4700 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys 19:01:18.0750 4700 HidUsb - ok 19:01:18.0796 4700 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 19:01:18.0859 4700 hkmsvc - ok 19:01:18.0874 4700 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 19:01:18.0890 4700 HpCISSs - ok 19:01:18.0937 4700 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 19:01:19.0046 4700 HTTP - ok 19:01:19.0077 4700 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 19:01:19.0093 4700 i2omp - ok 19:01:19.0155 4700 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 19:01:19.0186 4700 i8042prt - ok 19:01:19.0218 4700 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 19:01:19.0249 4700 iaStorV - ok 19:01:19.0420 4700 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 19:01:19.0436 4700 IDriverT ( UnsignedFile.Multi.Generic ) - warning 19:01:19.0436 4700 IDriverT - detected UnsignedFile.Multi.Generic (1) 19:01:19.0530 4700 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:01:19.0608 4700 idsvc - ok 19:01:19.0623 4700 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 19:01:19.0639 4700 iirsp - ok 19:01:19.0701 4700 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 19:01:19.0764 4700 IKEEXT - ok 19:01:19.0982 4700 IntcAzAudAddService (56661beae591e59067710b6cbca78184) C:\Windows\system32\drivers\RTKVHDA.sys 19:01:20.0200 4700 IntcAzAudAddService - ok 19:01:20.0325 4700 intelide (e5ea1c17da5065032e346591ff64f3af) C:\Windows\system32\drivers\intelide.sys 19:01:20.0341 4700 intelide - ok 19:01:20.0419 4700 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 19:01:20.0481 4700 intelppm - ok 19:01:20.0544 4700 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 19:01:20.0590 4700 IPBusEnum - ok 19:01:20.0653 4700 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:01:20.0700 4700 IpFilterDriver - ok 19:01:20.0809 4700 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 19:01:20.0856 4700 iphlpsvc - ok 19:01:20.0887 4700 IpInIp - ok 19:01:20.0887 4700 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 19:01:20.0965 4700 IPMIDRV - ok 19:01:21.0012 4700 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 19:01:21.0090 4700 IPNAT - ok 19:01:21.0495 4700 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe 19:01:21.0511 4700 iPod Service - ok 19:01:21.0558 4700 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 19:01:21.0589 4700 IRENUM - ok 19:01:21.0620 4700 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 19:01:21.0636 4700 isapnp - ok 19:01:21.0698 4700 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 19:01:21.0729 4700 iScsiPrt - ok 19:01:21.0745 4700 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 19:01:21.0760 4700 iteatapi - ok 19:01:21.0776 4700 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 19:01:21.0807 4700 iteraid - ok 19:01:21.0838 4700 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 19:01:21.0870 4700 kbdclass - ok 19:01:21.0901 4700 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 19:01:21.0932 4700 kbdhid - ok 19:01:21.0963 4700 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 19:01:22.0057 4700 KeyIso - ok 19:01:22.0088 4700 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 19:01:22.0166 4700 KSecDD - ok 19:01:22.0244 4700 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 19:01:22.0306 4700 KtmRm - ok 19:01:22.0338 4700 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 19:01:22.0400 4700 LanmanServer - ok 19:01:22.0556 4700 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 19:01:22.0634 4700 LanmanWorkstation - ok 19:01:22.0759 4700 LexBceS (aeedacc6fb20fdba95213ad3bb009b7d) C:\Windows\System32\LEXBCES.EXE 19:01:22.0852 4700 LexBceS - ok 19:01:22.0930 4700 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys 19:01:22.0946 4700 lirsgt - ok 19:01:22.0977 4700 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 19:01:23.0024 4700 lltdio - ok 19:01:23.0086 4700 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 19:01:23.0164 4700 lltdsvc - ok 19:01:23.0196 4700 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 19:01:23.0242 4700 lmhosts - ok 19:01:23.0305 4700 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 19:01:23.0320 4700 LSI_FC - ok 19:01:23.0336 4700 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 19:01:23.0352 4700 LSI_SAS - ok 19:01:23.0383 4700 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 19:01:23.0398 4700 LSI_SCSI - ok 19:01:23.0430 4700 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 19:01:23.0492 4700 luafv - ok 19:01:23.0539 4700 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 19:01:23.0554 4700 Mcx2Svc - ok 19:01:23.0601 4700 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 19:01:23.0617 4700 megasas - ok 19:01:23.0632 4700 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 19:01:23.0664 4700 MMCSS - ok 19:01:23.0695 4700 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 19:01:23.0742 4700 Modem - ok 19:01:23.0773 4700 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 19:01:23.0820 4700 monitor - ok 19:01:23.0851 4700 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 19:01:23.0866 4700 mouclass - ok 19:01:23.0882 4700 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys 19:01:23.0944 4700 mouhid - ok 19:01:23.0976 4700 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 19:01:23.0991 4700 MountMgr - ok 19:01:24.0022 4700 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 19:01:24.0054 4700 mpio - ok 19:01:24.0069 4700 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 19:01:24.0116 4700 mpsdrv - ok 19:01:24.0147 4700 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 19:01:24.0194 4700 MpsSvc - ok 19:01:24.0210 4700 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 19:01:24.0225 4700 Mraid35x - ok 19:01:24.0256 4700 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 19:01:24.0288 4700 MRxDAV - ok 19:01:24.0319 4700 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:01:24.0381 4700 mrxsmb - ok 19:01:24.0428 4700 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:01:24.0475 4700 mrxsmb10 - ok 19:01:24.0490 4700 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:01:24.0537 4700 mrxsmb20 - ok 19:01:24.0537 4700 msahci (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys 19:01:24.0568 4700 msahci - ok 19:01:24.0568 4700 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 19:01:24.0600 4700 msdsm - ok 19:01:24.0631 4700 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 19:01:24.0678 4700 MSDTC - ok 19:01:24.0724 4700 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys 19:01:24.0756 4700 MSDV - ok 19:01:24.0787 4700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 19:01:24.0834 4700 Msfs - ok 19:01:24.0880 4700 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 19:01:24.0912 4700 msisadrv - ok 19:01:24.0943 4700 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 19:01:24.0990 4700 MSiSCSI - ok 19:01:25.0005 4700 msiserver - ok 19:01:25.0052 4700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 19:01:25.0099 4700 MSKSSRV - ok 19:01:25.0161 4700 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 19:01:25.0208 4700 MSPCLOCK - ok 19:01:25.0224 4700 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 19:01:25.0270 4700 MSPQM - ok 19:01:25.0302 4700 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 19:01:25.0333 4700 MsRPC - ok 19:01:25.0348 4700 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 19:01:25.0380 4700 mssmbios - ok 19:01:25.0395 4700 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 19:01:25.0458 4700 MSTEE - ok 19:01:25.0489 4700 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 19:01:25.0504 4700 Mup - ok 19:01:25.0551 4700 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 19:01:25.0629 4700 napagent - ok 19:01:25.0692 4700 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 19:01:25.0723 4700 NativeWifiP - ok 19:01:25.0801 4700 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 19:01:25.0863 4700 NDIS - ok 19:01:25.0894 4700 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 19:01:25.0941 4700 NdisTapi - ok 19:01:25.0957 4700 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 19:01:25.0988 4700 Ndisuio - ok 19:01:26.0019 4700 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 19:01:26.0066 4700 NdisWan - ok 19:01:26.0082 4700 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 19:01:26.0128 4700 NDProxy - ok 19:01:26.0222 4700 Nero BackItUp Scheduler 3 (c5052fb77aa42ed440f9f6b4e37145a9) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 19:01:26.0362 4700 Nero BackItUp Scheduler 3 - ok 19:01:26.0394 4700 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 19:01:26.0440 4700 NetBIOS - ok 19:01:26.0472 4700 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 19:01:26.0534 4700 netbt - ok 19:01:26.0581 4700 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 19:01:26.0596 4700 Netlogon - ok 19:01:26.0721 4700 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 19:01:26.0768 4700 Netman - ok 19:01:27.0345 4700 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:01:27.0376 4700 NetMsmqActivator - ok 19:01:27.0376 4700 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:01:27.0392 4700 NetPipeActivator - ok 19:01:27.0423 4700 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 19:01:27.0486 4700 netprofm - ok 19:01:27.0548 4700 netr28u (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys 19:01:27.0626 4700 netr28u - ok 19:01:27.0626 4700 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:01:27.0642 4700 NetTcpActivator - ok 19:01:27.0642 4700 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:01:27.0657 4700 NetTcpPortSharing - ok 19:01:27.0688 4700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 19:01:27.0720 4700 nfrd960 - ok 19:01:27.0735 4700 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 19:01:27.0766 4700 NlaSvc - ok 19:01:27.0969 4700 NMIndexingService (74149bcf0307bb76d68c0f8912df731c) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 19:01:28.0047 4700 NMIndexingService - ok 19:01:28.0094 4700 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 19:01:28.0172 4700 Npfs - ok 19:01:28.0234 4700 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 19:01:28.0312 4700 nsi - ok 19:01:28.0328 4700 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 19:01:28.0359 4700 nsiproxy - ok 19:01:28.0453 4700 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 19:01:28.0562 4700 Ntfs - ok 19:01:28.0624 4700 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 19:01:28.0702 4700 ntrigdigi - ok 19:01:28.0734 4700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 19:01:28.0765 4700 Null - ok 19:01:28.0827 4700 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys 19:01:28.0890 4700 NVENETFD - ok 19:01:29.0904 4700 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:01:30.0559 4700 nvlddmkm - ok 19:01:30.0699 4700 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 19:01:30.0730 4700 nvraid - ok 19:01:30.0808 4700 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys 19:01:30.0840 4700 nvsmu - ok 19:01:30.0855 4700 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 19:01:30.0871 4700 nvstor - ok 19:01:30.0886 4700 nvstor32 (4876e7c3184bdf50ede043fef616b867) C:\Windows\system32\DRIVERS\nvstor32.sys 19:01:30.0918 4700 nvstor32 - ok 19:01:30.0996 4700 nvsvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe 19:01:31.0042 4700 nvsvc - ok 19:01:31.0042 4700 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 19:01:31.0074 4700 nv_agp - ok 19:01:31.0074 4700 NwlnkFlt - ok 19:01:31.0089 4700 NwlnkFwd - ok 19:01:31.0370 4700 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:01:31.0417 4700 odserv - ok 19:01:31.0479 4700 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 19:01:31.0526 4700 ohci1394 - ok 19:01:31.0588 4700 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:01:31.0620 4700 ose - ok 19:01:31.0791 4700 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 19:01:31.0900 4700 p2pimsvc - ok 19:01:31.0916 4700 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 19:01:31.0947 4700 p2psvc - ok 19:01:31.0963 4700 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 19:01:32.0072 4700 Parport - ok 19:01:32.0119 4700 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 19:01:32.0134 4700 partmgr - ok 19:01:32.0150 4700 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 19:01:32.0212 4700 Parvdm - ok 19:01:32.0244 4700 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 19:01:32.0290 4700 PcaSvc - ok 19:01:32.0337 4700 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 19:01:32.0368 4700 pci - ok 19:01:32.0400 4700 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 19:01:32.0415 4700 pciide - ok 19:01:32.0446 4700 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 19:01:32.0462 4700 pcmcia - ok 19:01:32.0509 4700 PDNMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\drivers\PDNMp50.sys 19:01:32.0524 4700 PDNMp50 - ok 19:01:32.0540 4700 PDNSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\drivers\PDNSp50.sys 19:01:32.0556 4700 PDNSp50 - ok 19:01:32.0758 4700 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 19:01:32.0852 4700 PEAUTH - ok 19:01:33.0164 4700 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 19:01:33.0242 4700 pla - ok 19:01:33.0289 4700 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 19:01:33.0336 4700 PlugPlay - ok 19:01:33.0398 4700 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 19:01:33.0414 4700 PNRPAutoReg - ok 19:01:33.0445 4700 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 19:01:33.0460 4700 PNRPsvc - ok 19:01:33.0538 4700 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 19:01:33.0632 4700 PolicyAgent - ok 19:01:33.0710 4700 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 19:01:33.0772 4700 PptpMiniport - ok 19:01:33.0819 4700 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 19:01:33.0882 4700 Processor - ok 19:01:33.0944 4700 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 19:01:33.0975 4700 ProfSvc - ok 19:01:34.0022 4700 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 19:01:34.0038 4700 ProtectedStorage - ok 19:01:34.0053 4700 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 19:01:34.0100 4700 PSched - ok 19:01:34.0162 4700 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 19:01:34.0178 4700 PxHelp20 - ok 19:01:34.0240 4700 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 19:01:34.0303 4700 ql2300 - ok 19:01:34.0318 4700 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 19:01:34.0334 4700 ql40xx - ok 19:01:34.0365 4700 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 19:01:34.0428 4700 QWAVE - ok 19:01:34.0443 4700 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 19:01:34.0474 4700 QWAVEdrv - ok 19:01:34.0490 4700 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 19:01:34.0521 4700 RasAcd - ok 19:01:34.0552 4700 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 19:01:34.0584 4700 RasAuto - ok 19:01:34.0615 4700 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:01:34.0662 4700 Rasl2tp - ok 19:01:34.0708 4700 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 19:01:34.0786 4700 RasMan - ok 19:01:34.0818 4700 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 19:01:34.0849 4700 RasPppoe - ok 19:01:34.0880 4700 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 19:01:34.0896 4700 RasSstp - ok 19:01:34.0958 4700 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 19:01:34.0989 4700 rdbss - ok 19:01:35.0005 4700 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:01:35.0052 4700 RDPCDD - ok 19:01:35.0176 4700 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 19:01:35.0223 4700 rdpdr - ok 19:01:35.0239 4700 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 19:01:35.0270 4700 RDPENCDD - ok 19:01:35.0332 4700 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 19:01:35.0395 4700 RDPWD - ok 19:01:35.0488 4700 Reconn (7528b6f193d76a7183271e44f04a7905) C:\Program Files\BullGuard Software\BullGuard\reconn.sys 19:01:35.0504 4700 Reconn - ok 19:01:35.0566 4700 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 19:01:35.0613 4700 RemoteAccess - ok 19:01:35.0660 4700 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 19:01:35.0707 4700 RemoteRegistry - ok 19:01:35.0769 4700 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe 19:01:35.0800 4700 RichVideo - ok 19:01:35.0832 4700 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 19:01:35.0894 4700 RpcLocator - ok 19:01:35.0941 4700 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 19:01:35.0988 4700 RpcSs - ok 19:01:36.0081 4700 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 19:01:36.0128 4700 rspndr - ok 19:01:36.0159 4700 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 19:01:36.0175 4700 SamSs - ok 19:01:36.0222 4700 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 19:01:36.0237 4700 sbp2port - ok 19:01:36.0300 4700 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 19:01:36.0346 4700 SCardSvr - ok 19:01:36.0534 4700 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 19:01:36.0643 4700 Schedule - ok 19:01:36.0705 4700 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 19:01:36.0721 4700 SCPolicySvc - ok 19:01:36.0783 4700 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 19:01:36.0861 4700 SDRSVC - ok 19:01:36.0877 4700 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 19:01:36.0939 4700 secdrv - ok 19:01:36.0955 4700 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 19:01:36.0986 4700 seclogon - ok 19:01:37.0017 4700 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 19:01:37.0064 4700 SENS - ok 19:01:37.0095 4700 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys 19:01:37.0142 4700 Serenum - ok 19:01:37.0189 4700 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys 19:01:37.0220 4700 Serial - ok 19:01:37.0251 4700 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 19:01:37.0298 4700 sermouse - ok 19:01:37.0329 4700 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 19:01:37.0376 4700 SessionEnv - ok 19:01:37.0407 4700 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 19:01:37.0438 4700 sffdisk - ok 19:01:37.0454 4700 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 19:01:37.0485 4700 sffp_mmc - ok 19:01:37.0501 4700 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 19:01:37.0516 4700 sffp_sd - ok 19:01:37.0532 4700 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 19:01:37.0579 4700 sfloppy - ok 19:01:37.0672 4700 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 19:01:37.0719 4700 SharedAccess - ok 19:01:37.0750 4700 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 19:01:37.0828 4700 ShellHWDetection - ok 19:01:37.0828 4700 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 19:01:37.0844 4700 sisagp - ok 19:01:37.0860 4700 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 19:01:37.0875 4700 SiSRaid2 - ok 19:01:37.0891 4700 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 19:01:37.0906 4700 SiSRaid4 - ok 19:01:38.0328 4700 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 19:01:38.0577 4700 slsvc - ok 19:01:38.0655 4700 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 19:01:38.0686 4700 SLUINotify - ok 19:01:38.0718 4700 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 19:01:38.0780 4700 Smb - ok 19:01:38.0811 4700 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 19:01:38.0827 4700 SNMPTRAP - ok 19:01:38.0858 4700 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 19:01:38.0889 4700 spldr - ok 19:01:38.0936 4700 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 19:01:38.0983 4700 Spooler - ok 19:01:39.0014 4700 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 19:01:39.0092 4700 srv - ok 19:01:39.0139 4700 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 19:01:39.0232 4700 srv2 - ok 19:01:39.0404 4700 srvcPVR (bf94a7553ef257d70cb2287bf7a3bce1) C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe 19:01:39.0576 4700 srvcPVR ( UnsignedFile.Multi.Generic ) - warning 19:01:39.0576 4700 srvcPVR - detected UnsignedFile.Multi.Generic (1) 19:01:39.0622 4700 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 19:01:39.0654 4700 srvnet - ok 19:01:39.0685 4700 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 19:01:39.0732 4700 SSDPSRV - ok 19:01:39.0778 4700 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 19:01:39.0810 4700 SstpSvc - ok 19:01:39.0919 4700 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 19:01:40.0012 4700 Stereo Service - ok 19:01:40.0106 4700 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 19:01:40.0168 4700 stisvc - ok 19:01:40.0215 4700 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 19:01:40.0246 4700 swenum - ok 19:01:40.0340 4700 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 19:01:40.0402 4700 swprv - ok 19:01:40.0434 4700 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 19:01:40.0465 4700 Symc8xx - ok 19:01:40.0465 4700 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 19:01:40.0496 4700 Sym_hi - ok 19:01:40.0496 4700 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 19:01:40.0512 4700 Sym_u3 - ok 19:01:40.0558 4700 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 19:01:40.0590 4700 SysMain - ok 19:01:40.0636 4700 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 19:01:40.0714 4700 TabletInputService - ok 19:01:40.0746 4700 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 19:01:40.0792 4700 TapiSrv - ok 19:01:40.0824 4700 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 19:01:40.0855 4700 TBS - ok 19:01:41.0182 4700 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 19:01:41.0292 4700 Tcpip - ok 19:01:41.0307 4700 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 19:01:41.0338 4700 Tcpip6 - ok 19:01:41.0385 4700 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 19:01:41.0432 4700 tcpipreg - ok 19:01:41.0463 4700 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 19:01:41.0510 4700 TDPIPE - ok 19:01:41.0541 4700 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 19:01:41.0588 4700 TDTCP - ok 19:01:41.0635 4700 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 19:01:41.0682 4700 tdx - ok 19:01:41.0713 4700 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 19:01:41.0728 4700 TermDD - ok 19:01:41.0760 4700 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 19:01:41.0838 4700 TermService - ok 19:01:41.0884 4700 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 19:01:41.0900 4700 Themes - ok 19:01:41.0931 4700 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 19:01:41.0947 4700 THREADORDER - ok 19:01:41.0978 4700 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 19:01:42.0009 4700 TrkWks - ok 19:01:42.0056 4700 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 19:01:42.0072 4700 TrustedInstaller - ok 19:01:42.0087 4700 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:01:42.0134 4700 tssecsrv - ok 19:01:42.0165 4700 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 19:01:42.0212 4700 tunmp - ok 19:01:42.0243 4700 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 19:01:42.0274 4700 tunnel - ok 19:01:42.0306 4700 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 19:01:42.0321 4700 uagp35 - ok 19:01:42.0368 4700 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 19:01:42.0399 4700 udfs - ok 19:01:42.0415 4700 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 19:01:42.0446 4700 UI0Detect - ok 19:01:42.0462 4700 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 19:01:42.0477 4700 uliagpkx - ok 19:01:42.0493 4700 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 19:01:42.0524 4700 uliahci - ok 19:01:42.0540 4700 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 19:01:42.0555 4700 UlSata - ok 19:01:42.0571 4700 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 19:01:42.0586 4700 ulsata2 - ok 19:01:42.0602 4700 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 19:01:42.0633 4700 umbus - ok 19:01:42.0664 4700 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 19:01:42.0727 4700 upnphost - ok 19:01:42.0805 4700 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 19:01:42.0836 4700 USBAAPL - ok 19:01:42.0898 4700 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys 19:01:42.0945 4700 usbccgp - ok 19:01:42.0976 4700 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 19:01:43.0023 4700 usbcir - ok 19:01:43.0054 4700 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 19:01:43.0101 4700 usbehci - ok 19:01:43.0132 4700 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 19:01:43.0179 4700 usbhub - ok 19:01:43.0195 4700 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 19:01:43.0226 4700 usbohci - ok 19:01:43.0257 4700 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 19:01:43.0320 4700 usbprint - ok 19:01:43.0351 4700 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 19:01:43.0398 4700 usbscan - ok 19:01:43.0413 4700 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:01:43.0444 4700 USBSTOR - ok 19:01:43.0476 4700 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 19:01:43.0522 4700 usbuhci - ok 19:01:43.0569 4700 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 19:01:43.0600 4700 UxSms - ok 19:01:43.0741 4700 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 19:01:43.0850 4700 vds - ok 19:01:43.0881 4700 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 19:01:43.0959 4700 vga - ok 19:01:44.0068 4700 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 19:01:44.0100 4700 VgaSave - ok 19:01:44.0115 4700 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 19:01:44.0131 4700 viaagp - ok 19:01:44.0146 4700 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 19:01:44.0193 4700 ViaC7 - ok 19:01:44.0240 4700 viaide (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys 19:01:44.0256 4700 viaide - ok 19:01:44.0287 4700 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 19:01:44.0302 4700 volmgr - ok 19:01:44.0334 4700 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 19:01:44.0365 4700 volmgrx - ok 19:01:44.0427 4700 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 19:01:44.0458 4700 volsnap - ok 19:01:44.0490 4700 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 19:01:44.0505 4700 vsmraid - ok 19:01:44.0599 4700 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 19:01:44.0739 4700 VSS - ok 19:01:44.0833 4700 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 19:01:44.0895 4700 W32Time - ok 19:01:44.0911 4700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 19:01:44.0958 4700 WacomPen - ok 19:01:45.0036 4700 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 19:01:45.0082 4700 Wanarp - ok 19:01:45.0082 4700 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 19:01:45.0114 4700 Wanarpv6 - ok 19:01:45.0207 4700 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 19:01:45.0301 4700 wcncsvc - ok 19:01:45.0332 4700 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 19:01:45.0410 4700 WcsPlugInService - ok 19:01:45.0441 4700 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 19:01:45.0472 4700 Wd - ok 19:01:45.0644 4700 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 19:01:45.0691 4700 Wdf01000 - ok 19:01:45.0816 4700 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 19:01:45.0925 4700 WdiServiceHost - ok 19:01:45.0940 4700 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 19:01:45.0956 4700 WdiSystemHost - ok 19:01:46.0034 4700 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 19:01:46.0112 4700 WebClient - ok 19:01:46.0252 4700 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 19:01:46.0299 4700 Wecsvc - ok 19:01:46.0346 4700 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 19:01:46.0377 4700 wercplsupport - ok 19:01:46.0408 4700 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 19:01:46.0455 4700 WerSvc - ok 19:01:46.0564 4700 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 19:01:46.0611 4700 WinDefend - ok 19:01:46.0611 4700 WinHttpAutoProxySvc - ok 19:01:46.0736 4700 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 19:01:46.0814 4700 Winmgmt - ok 19:01:46.0908 4700 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 19:01:47.0032 4700 WinRM - ok 19:01:47.0142 4700 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS 19:01:47.0188 4700 winusb - ok 19:01:47.0313 4700 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 19:01:47.0422 4700 Wlansvc - ok 19:01:47.0454 4700 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 19:01:47.0610 4700 WmiAcpi - ok 19:01:47.0766 4700 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 19:01:47.0797 4700 wmiApSrv - ok 19:01:48.0093 4700 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 19:01:48.0171 4700 WMPNetworkSvc - ok 19:01:48.0265 4700 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 19:01:48.0312 4700 WPCSvc - ok 19:01:48.0374 4700 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 19:01:48.0436 4700 WPDBusEnum - ok 19:01:48.0483 4700 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 19:01:48.0514 4700 WpdUsb - ok 19:01:49.0123 4700 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 19:01:49.0216 4700 WPFFontCache_v0400 - ok 19:01:49.0279 4700 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 19:01:49.0310 4700 ws2ifsl - ok 19:01:49.0388 4700 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 19:01:49.0419 4700 wscsvc - ok 19:01:49.0419 4700 WSearch - ok 19:01:49.0716 4700 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 19:01:49.0903 4700 wuauserv - ok 19:01:49.0965 4700 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:01:50.0012 4700 WUDFRd - ok 19:01:50.0074 4700 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 19:01:50.0106 4700 wudfsvc - ok 19:01:50.0152 4700 X10Hid (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys 19:01:50.0168 4700 X10Hid - ok 19:01:50.0293 4700 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 19:01:50.0340 4700 x10nets ( UnsignedFile.Multi.Generic ) - warning 19:01:50.0340 4700 x10nets - detected UnsignedFile.Multi.Generic (1) 19:01:50.0433 4700 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys 19:01:50.0449 4700 XUIF - ok 19:01:50.0464 4700 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 19:01:50.0542 4700 \Device\Harddisk0\DR0 - ok 19:01:50.0542 4700 Boot (0x1200) (65057d06e751ed002cd26451db2b72fc) \Device\Harddisk0\DR0\Partition0 19:01:50.0542 4700 \Device\Harddisk0\DR0\Partition0 - ok 19:01:50.0558 4700 Boot (0x1200) (9bb818e890fd8ccdbb3b5eedf124b97b) \Device\Harddisk0\DR0\Partition1 19:01:50.0558 4700 \Device\Harddisk0\DR0\Partition1 - ok 19:01:50.0558 4700 ============================================================ 19:01:50.0558 4700 Scan finished 19:01:50.0558 4700 ============================================================ 19:01:50.0808 4972 Detected object count: 7 19:01:50.0808 4972 Actual detected object count: 7 19:02:28.0591 4972 BGLiveSvc ( UnsignedFile.Multi.Generic ) - skipped by user 19:02:28.0606 4972 BGLiveSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:02:28.0606 4972 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 19:02:28.0606 4972 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:02:28.0606 4972 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user 19:02:28.0606 4972 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:02:28.0606 4972 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user 19:02:28.0606 4972 GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:02:28.0606 4972 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 19:02:28.0606 4972 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:02:28.0606 4972 srvcPVR ( UnsignedFile.Multi.Generic ) - skipped by user 19:02:28.0606 4972 srvcPVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:02:28.0606 4972 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user 19:02:28.0606 4972 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip |
Themen zu smart fortress 2012, wie entfernen? |
administrator, automatisch, autostart, bluescreen, computer, computern, dateien, dateisystem, entfernen, explorer, falsche, forum, frage, heuristiks/extra, heuristiks/shuriken, hängt, icon, internet, log, malwarebytes, neustart, ordner, prozesse, rechner, scan, sehr laut, system, systemsteuerung, vista, wie entfernen, wie entfernen? |