| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.Hosts2.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.03.2013, 16:21
| #1 |
 |  Trojan.Win32.Hosts2.gen Hallo an alle "Trojaner-Boarder"! Ich hoffe sehr, dass Ihr mir helfen könnt! Gestern bekam ich von Zone Alarm die Meldung, dass ein Virus namens "Trojan.Win32.Hosts2.gen" auf meinem Rechner vorhanden sei. Zone Alarm war leider nicht im Stande, diesen zu eliminieren. Der Rechner fuhr anschließend mehrmals runter und hoch mit zwischenzeitlichen "Black-Screens" (max. 1 Min.), nach dem Hochfahren war eine Nutzung aber zwischenzeitlich immer möglich, bis Zone Alarm wieder auf den angeblichen Virus reagiert hat. Antivir hat zwischenzeitlich "Hosts" blockiert!?! Am erschreckendsten waren die Phasen, in denen ALLE Programme als "Kein Windows Programm" bezeichnet wurden und daher nicht gestartet werden konnten. (Hinweis: In den letzten Monaten brauchte der Rechner 10 Min. für das Hochfahren!) Eine Internetrecherche ergab... a) sehr wenig Informationen, teilweise allerdings Hinweise, dass eine schwere Infektion des Rechners vorliegen könnte oder b) dass die Möglichkeit besteht, dass Zone Alarm eine Falschmeldung gibt. Teils wird behauptet, kein Programm könne den Trojaner erkennen!?! Ich habe Folgendes getan: a) Zone Alarm deinstalliert und Comodo installiert. Lag es wirklich nur an Zone Alarm??? Seit dem funktioniert alles (scheinbar) sehr gut. b) Quickscans von Malwarebytes Anti-Malware und SuperAntiSpyware, kompletter Scan mit Avira Antivir. Alles ohne Ergebnis bzgl. des "Trojan.Win32.Hosts2.gen". Kann mir jemand sagen, ob mein Rechner nun doch infiziert ist oder nicht???  |
|
18.03.2013, 12:28
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojan.Win32.Hosts2.gen Hallo,
__________________Zitat:
__________________ |
|
24.03.2013, 16:45
| #3 |
| | Trojan.Win32.Hosts2.gen Danke für Deinen Kommentar...
__________________Aber kann mir niemand beim eigentlichen "Kernproblem" helfen??? Seit einer Woche läuft alles problemlos, aber ich weiß immer noch nicht, ob mein Rechner infiziert ist oder nicht!?! Leider kann ich nirgends finden, ob Avira Antivir, Malwarebytes Anti-Malware oder SUPERAntiSpyware den "Trojan.Win32.Hosts2.gen" finden (würden). |
|
24.03.2013, 17:24
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
24.03.2013, 17:54
| #5 |
| | Trojan.Win32.Hosts2.gen Danke für die Antwort! Hier die Logs... Ich habe allerdings letzte Woche schon mehrfache Scans gemacht. SUPERAntiSpyware hatte Funde, die aber vermutlich uninteressant sind!? Anti-Malware war komplett unauffällig. Interessant sind eventuell die Ereignisse von Antivir!? Zumindest taucht dort auch der Begriff "Hosts" auf. Ist das ein Zeichen dafür, dass Antivir von ZoneAlarm blockiert wurde? "Funde" gab es bei Antivir aber auch nicht. |
|
24.03.2013, 17:56
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ --> Trojan.Win32.Hosts2.gen |
|
24.03.2013, 18:06
| #7 |
| | Trojan.Win32.Hosts2.gen Sorry. Ich wusste, dass das so sein muss, aber hatte keine Anleitung gefunden. Noch mal zu den "Hosts-Meldungen": Die Fehlermeldung wurde mir auch immer von Antivir angezeigt. Anschließend wurde jedes Programm, das ich starten wollte, als "keine Windows-Anwendung" bezeichnet und konnte nicht gestartet werden. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.23.07 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Snoopy :: SNOOPY-PC [Administrator] 16.03.2013 15:44:08 mbam-log-2013-03-16 (15-44-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200636 Laufzeit: 4 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Snoopy :: SNOOPY-PC [Administrator] 16.03.2013 18:38:24 mbam-log-2013-03-16 (18-38-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 209846 Laufzeit: 9 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.16.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Snoopy :: SNOOPY-PC [Administrator] 17.03.2013 15:47:51 mbam-log-2013-03-17 (15-47-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 375384 Laufzeit: 1 Stunde(n), 53 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/16/2013 at 03:43 PM
Application Version : 5.6.1014
Core Rules Database Version : 9459
Trace Rules Database Version: 7271
Scan type : Quick Scan
Total Scan Time : 00:06:39
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC Off - Administrator
Memory items scanned : 281
Memory threats detected : 0
Registry items scanned : 30622
Registry threats detected : 0
File items scanned : 7820
File threats detected : 39
Adware.Tracking Cookie
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\AT0TW1MI.txt [ /www.zanox-affiliate.de ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\8WUPZ2N5.txt [ /zanox-affiliate.de ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\CQMEC7IJ.txt [ /harrenmedianetwork.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\5JV44RHE.txt [ /zanox.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\GZX0CRJR.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\AGYQVMWC.txt [ /2o7.net ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\BPTOI6IX.txt [ /adfarm1.adition.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\S415ZZEK.txt [ /perf.overture.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\8YZQI8MK.txt [ /imrworldwide.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\M02YV5FP.txt [ /ad.zanox.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\Q0L9S0SS.txt [ /adformdsp.net ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\RJ7HTHEX.txt [ /im.banner.t-online.de ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\9AOBJ4HE.txt [ /server.adformdsp.net ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\0ZKISRZD.txt [ /ads.adk2.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\QSVVGX02.txt [ /ad.360yield.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\VY7I0HSR.txt [ /smartadserver.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\42ODKEHC.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\G86PUPQ3.txt [ /track.adform.net ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\6Z822TH7.txt [ /serving-sys.com ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\IWOV74KI.txt [ /adform.net ]
C:\Users\Snoopy\AppData\Roaming\Microsoft\Windows\Cookies\LQ0CGRN7.txt [ /ad.yieldmanager.com ]
C:\USERS\SNOOPY\Cookies\AT0TW1MI.txt [ Cookie:snoopy@www.zanox-affiliate.de/ ]
C:\USERS\SNOOPY\Cookies\8WUPZ2N5.txt [ Cookie:snoopy@zanox-affiliate.de/ ]
C:\USERS\SNOOPY\Cookies\CQMEC7IJ.txt [ Cookie:snoopy@harrenmedianetwork.com/ ]
C:\USERS\SNOOPY\Cookies\5JV44RHE.txt [ Cookie:snoopy@zanox.com/ ]
C:\USERS\SNOOPY\Cookies\GZX0CRJR.txt [ Cookie:snoopy@ad2.adfarm1.adition.com/ ]
C:\USERS\SNOOPY\Cookies\AGYQVMWC.txt [ Cookie:snoopy@2o7.net/ ]
C:\USERS\SNOOPY\Cookies\BPTOI6IX.txt [ Cookie:snoopy@adfarm1.adition.com/ ]
C:\USERS\SNOOPY\Cookies\S415ZZEK.txt [ Cookie:snoopy@perf.overture.com/ ]
C:\USERS\SNOOPY\Cookies\8YZQI8MK.txt [ Cookie:snoopy@imrworldwide.com/cgi-bin ]
C:\USERS\SNOOPY\Cookies\M02YV5FP.txt [ Cookie:snoopy@ad.zanox.com/ ]
C:\USERS\SNOOPY\Cookies\Q0L9S0SS.txt [ Cookie:snoopy@adformdsp.net/ ]
C:\USERS\SNOOPY\Cookies\RJ7HTHEX.txt [ Cookie:snoopy@im.banner.t-online.de/ ]
C:\USERS\SNOOPY\Cookies\9AOBJ4HE.txt [ Cookie:snoopy@server.adformdsp.net/ ]
C:\USERS\SNOOPY\Cookies\VY7I0HSR.txt [ Cookie:snoopy@smartadserver.com/ ]
C:\USERS\SNOOPY\Cookies\42ODKEHC.txt [ Cookie:snoopy@ad1.adfarm1.adition.com/ ]
C:\USERS\SNOOPY\Cookies\6Z822TH7.txt [ Cookie:snoopy@serving-sys.com/ ]
C:\USERS\SNOOPY\Cookies\IWOV74KI.txt [ Cookie:snoopy@adform.net/ ]
C:\USERS\SNOOPY\Cookies\LQ0CGRN7.txt [ Cookie:snoopy@ad.yieldmanager.com/ ]
Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/16/2013 at 04:29 PM
Application Version : 5.6.1014
Core Rules Database Version : 10141
Trace Rules Database Version: 7953
Scan type : Quick Scan
Total Scan Time : 00:07:53
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 787
Memory threats detected : 0
Registry items scanned : 30637
Registry threats detected : 0
File items scanned : 7828
File threats detected : 0
Code:
ATTFilter Exportierte Ereignisse:
18.03.2013 14:25 [Updater] Update nicht ausgeführt
Das Update von Computer SNOOPY-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
17.03.2013 15:46 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 17:27 [Updater] Update nicht ausgeführt
Das Update von Computer SNOOPY-PC (127.0.0.1) von
"hxxp://perspeak.avira-update.com/update" ist fehlgeschlagen.
Während des Herunterladens ist ein Fehler aufgetreten.
Es wurden keine neuen Dateien geladen.
16.03.2013 16:07 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 16:04 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 16:00 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 15:58 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 15:54 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 14:54 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 14:48 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 14:42 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 14:40 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 14:35 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 12:32 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 12:26 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
16.03.2013 11:23 [Echtzeit-Scanner] Hosts-Datei blockiert
Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Hosts-Datei
blockiert.
|
|
25.03.2013, 12:54
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2013, 09:53
| #9 |
| | Trojan.Win32.Hosts2.gen Hallo! Hier die Log-Files. Einige Dinge darin machen mich skeptisch, z.B. das Auflisten merkwürdiger ".com"-Internetseiten...  OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.03.2013 09:29:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,97% Memory free 4,23 Gb Paging File | 2,75 Gb Available in Paging File | 65,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 102,51 Gb Total Space | 26,92 Gb Free Space | 26,27% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 5,70 Gb Free Space | 14,59% Space Free | Partition Type: NTFS Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,49% Space Free | Partition Type: NTFS Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Snoopy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Comodo\Dragon\dragon_updater.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.) PRC - C:\Programme\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.) PRC - C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.) PRC - C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\cis.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO) PRC - C:\Programme\Comodo\COMODO Internet Security\cavwp.exe (COMODO) PRC - C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\WINDOWS\HCWemMON.exe (eMPIA Technology, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll () MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (DragonUpdater) -- C:\Programme\Comodo\Dragon\dragon_updater.exe () SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (CLPSLauncher) -- C:\Programme\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.) SRV - (cmdAgent) -- C:\Programme\Comodo\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (cmdvirth) -- C:\Programme\Comodo\COMODO Internet Security\cmdvirth.exe (COMODO) SRV - (GeekBuddyRSP) -- C:\Programme\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (CLSched) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLSched.exe () SRV - (CLCapSvc) -- C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvc.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\Sandra.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (inspect) -- C:\WINDOWS\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\System32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\WINDOWS\System32\drivers\cmdguard.sys (COMODO) DRV - (cmderd) -- C:\WINDOWS\System32\drivers\cmderd.sys (COMODO) DRV - (CFRMD) -- C:\WINDOWS\System32\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia) DRV - (epmntdrv) -- C:\WINDOWS\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\System32\EuGdiDrv.sys () DRV - (cpuz135) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys (CPUID) DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.) DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia) DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC) DRV - (eabfiltr) -- C:\WINDOWS\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (Afc) -- C:\WINDOWS\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (USB28xxBGA) -- C:\WINDOWS\System32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (USB28xxOEM) -- C:\WINDOWS\System32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=73&bd=Pavilion&pf=laptop IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes,DefaultScope = {F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936} IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{39686D2C-1405-42DF-B949-F5EC317602A1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\SearchScopes\{F61F5D9B-DBC6-4C46-AFF0-FB5B955A1936}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://de.search.yahoo.com/search?fr=ffbr-nb&p=" FF - prefs.js..browser.search.order.1: "Search By ZoneAlarm" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://mt-online.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.265.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=fb84af95d67d41a9becb47a6df5d442f&tu=10G90006f1B000v&sku=&tstsId=&ver=&&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 21:02:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 21:02:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.17 14:38:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 21:02:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 21:02:40 | 000,000,000 | ---D | M] [2009.04.18 19:14:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Extensions [2013.03.16 16:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions [2012.11.30 21:01:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2010.07.08 20:30:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.13 10:07:30 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.12.20 14:49:41 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Snoopy\AppData\Roaming\mozilla\Firefox\Profiles\ex9yldm4.default\extensions\firefox@tvunetworks.com [2013.02.17 20:18:03 | 000,001,488 | ---- | M] () -- C:\Users\Snoopy\AppData\Roaming\mozilla\firefox\profiles\ex9yldm4.default\searchplugins\zonealarm.xml [2013.03.08 21:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 21:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.08 21:02:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.03.08 21:02:51 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.01.20 12:21:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.20 12:21:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.20 12:21:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.20 12:21:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.20 12:21:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.20 12:21:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.07 21:11:43 | 000,433,931 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14936 more lines... O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\Comodo\COMODO Internet Security\CisTray.exe (COMODO) O4 - HKLM..\Run: [emMON] C:\Windows\HCWemMON.exe (eMPIA Technology, Inc.) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [] File not found O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKU\S-1-5-21-983539813-1485151683-2393451822-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88A1D3D2-DF7C-4E68-8DB4-042459EB3F3D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.01.21 17:59:44 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O32 - AutoRun File - [2005.09.11 16:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.26 09:27:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe [2013.03.23 20:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.17 15:04:59 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autokauf [2013.03.16 19:40:42 | 000,000,000 | -H-D | C] -- C:\VTRoot [2013.03.16 19:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO [2013.03.16 19:11:43 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space [2013.03.16 19:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2013.03.16 19:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2013.03.16 19:08:57 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Local\Comodo [2013.03.16 19:08:46 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll [2013.03.16 19:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo [2013.03.16 19:08:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013.03.16 19:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2013.03.16 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2013.03.16 18:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.16 18:36:46 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.16 18:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.15 19:18:12 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.14 11:04:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.14 11:04:33 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.14 11:04:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.14 11:04:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.14 11:04:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.14 11:04:31 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.14 11:04:31 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.14 11:04:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.11 22:00:30 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\Desktop\Autoverkauf [2013.03.08 21:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.03.02 17:35:08 | 000,000,000 | ---D | C] -- C:\Users\Snoopy\AppData\Roaming\Avira [2013.03.02 17:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.02 17:28:36 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.02 17:28:34 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.02 17:28:34 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.02 17:28:34 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.02 17:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.02 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.03.02 12:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.02 12:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.02 12:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.03.02 12:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.26 09:28:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snoopy\Desktop\OTL.exe [2013.03.26 09:15:57 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.26 09:15:57 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.26 09:15:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.26 07:47:34 | 000,000,148 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2013.03.26 07:47:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.26 07:47:02 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013.03.26 07:47:01 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.26 07:47:00 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.25 20:56:27 | 000,697,056 | ---- | M] () -- C:\Users\Snoopy\Desktop\Förderantrag.odt [2013.03.24 16:34:02 | 000,637,318 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.24 16:34:02 | 000,604,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.24 16:34:02 | 000,129,900 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.24 16:34:02 | 000,107,710 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.19 21:07:04 | 000,000,680 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat [2013.03.17 15:45:03 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Snoopy\Desktop\rkill.com [2013.03.16 19:33:59 | 000,001,920 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2013.03.16 19:08:46 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll [2013.03.16 19:08:38 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll [2013.03.16 18:36:51 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.15 21:21:58 | 000,005,049 | -H-- | M] () -- C:\Windows\System32\BTImages.dat [2013.03.13 18:41:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.13 18:41:45 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.02 17:17:58 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.02 17:17:58 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.02 17:17:58 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.02 17:17:58 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.02 12:31:10 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.24 18:47:18 | 000,015,360 | ---- | M] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.20 22:30:35 | 000,697,056 | ---- | C] () -- C:\Users\Snoopy\Desktop\Förderantrag.odt [2013.03.16 19:09:19 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2013.03.16 18:36:51 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.02 12:31:10 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.18 21:08:52 | 000,005,049 | -H-- | C] () -- C:\Windows\System32\BTImages.dat [2011.07.21 19:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011.07.21 19:29:47 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011.04.10 16:31:05 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2011.04.10 16:31:05 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2011.04.10 16:31:05 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2011.04.10 16:31:05 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2011.04.10 16:31:05 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2011.03.22 18:26:19 | 000,000,680 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\d3d9caps.dat [2009.05.26 23:34:46 | 000,001,873 | ---- | C] () -- C:\Users\Snoopy\HP Hilfe und Support.lnk [2009.04.22 19:58:05 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.001 [2009.04.21 20:31:46 | 000,027,430 | ---- | C] () -- C:\Users\Snoopy\AppData\Roaming\nvModes.dat [2009.04.18 19:26:19 | 000,015,360 | ---- | C] () -- C:\Users\Snoopy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.03.2013 09:29:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snoopy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,97% Memory free
4,23 Gb Paging File | 2,75 Gb Available in Paging File | 65,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 102,51 Gb Total Space | 26,92 Gb Free Space | 26,27% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 5,70 Gb Free Space | 14,59% Space Free | Partition Type: NTFS
Drive E: | 7,48 Gb Total Space | 1,61 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Computer Name: SNOOPY-PC | User Name: Snoopy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-983539813-1485151683-2393451822-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{365537D5-C461-46AD-91AF-897CD74EA676}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B47EACD4-623D-4647-993E-AB1FA701240D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe |
"{DE5E1087-5193-4216-ACC7-0525AB5CA25B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0228A19E-6DF1-4086-A333-FFCACACF5C9A}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{08389515-F3A0-4BF1-857A-135A820B3F4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19E288B8-7352-4821-8AEB-9FC03FF92D54}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{2785AEB8-DFB0-4524-B68E-23480B819D5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3ABE46CA-218E-4A86-B472-1B42B276FE02}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{3E4A0641-DD67-4340-82F1-B0205382F223}" = protocol=17 | dir=in | app=f:\libneap.dll |
"{4C6FC659-ACD0-4307-8026-0AB179A7DA18}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5550A339-863B-44C5-99C2-8E430F5FF2D9}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{578BC20F-67CE-4331-B376-2716A73C89D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AAF7E0F-2817-4E6D-924F-B9E12896949C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C5B49C7-A467-4392-BF2D-A7381D52F5F2}" = protocol=17 | dir=in | app=f:\dwizard300.exe |
"{872A3F6C-F42F-42A6-8F06-970A542D7710}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{8DF8919C-7C82-4B68-B2B2-EAFF28112F39}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{904D6CF5-0DB2-4BA0-8E65-57AF59B0FD84}" = protocol=6 | dir=in | app=f:\dwizard300.exe |
"{95293639-9B15-4331-833D-B48EBB6E9104}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{9D55DE73-E554-4402-BBC5-B0EEE78E6CDB}" = protocol=6 | dir=in | app=f:\libneap.dll |
"{A52442A5-8C12-4729-9C2D-70EF6C2222ED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B063581F-E7DC-4807-96A4-00F6C31EF999}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C1F9466C-9566-4FDB-9342-E101D2813CEA}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{EE8075DD-6B6D-4897-B5A2-DA616A920DB5}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe |
"{F927BD2C-4D37-4A3D-9BB0-C2DC58AB1453}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{194C14D5-3CB0-4977-8886-A79DFC00E820}" = MSCU for Microsoft Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50D25574-2C48-4AEC-8FFC-32AEAD2EAEFF}" = Nokia Ovi Player
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{58A8CAD0-0FC7-4091-B73B-1D76552B0507}" = GeekBuddy
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B31335-50EE-4834-8431-27412CDE62BD}" = Nokia_Multimedia_Common_Components_2_5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7968EB30-5580-4955-8925-4A17CD625118}" = ESU for Microsoft Vista
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1430C24-93CF-4182-9252-B333A76F2CDD}" = Garmin Training Center
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{DDFD9BA2-8E26-4E49-92AE-882424DAB1BC}" = HP User Guides 0057
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}" = Garmin WebUpdater
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"Corel Applications" = Corel Applications
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 2.2" = Canon MP Navigator 2.2
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Online Manuals for WinTV (German)" = Online Manuals for WinTV (German)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVUPlayer" = TVUPlayer 2.4.5.1
"VLC media player" = VLC media player 1.1.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.03.2013 17:48:19 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.03.2013 17:48:19 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3176711
Error - 25.03.2013 17:48:19 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3176711
Error - 26.03.2013 03:20:51 | Computer Name = Snoopy-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 19.0.2.4814, Zeitstempel
0x5138a1d3, fehlerhaftes Modul xul.dll, Version 19.0.2.4814, Zeitstempel 0x5138a0ed,
Ausnahmecode 0xc0000005, Fehleroffset 0x00172818, Prozess-ID 0x1128, Anwendungsstartzeit
01ce29ef14c3a2c6.
Error - 26.03.2013 04:15:50 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.03.2013 04:15:50 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3287347
Error - 26.03.2013 04:15:50 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3287347
Error - 26.03.2013 04:15:55 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 26.03.2013 04:15:55 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3292464
Error - 26.03.2013 04:15:55 | Computer Name = Snoopy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3292464
[ OSession Events ]
Error - 14.10.2012 12:36:05 | Computer Name = Snoopy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 24.03.2013 15:57:02 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 24.03.2013 15:57:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 24.03.2013 15:57:15 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.03.2013 12:46:19 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 25.03.2013 12:47:48 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 25.03.2013 12:47:49 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 25.03.2013 15:48:07 | Computer Name = Snoopy-PC | Source = bowser | ID = 8003
Description =
Error - 26.03.2013 02:47:34 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 26.03.2013 02:48:41 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 26.03.2013 02:48:42 | Computer Name = Snoopy-PC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
|
|
26.03.2013, 12:17
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2013, 15:19
| #11 |
| | Trojan.Win32.Hosts2.gen Hallo! Die Ergebnisse von GMER kann ich nicht beurteilen und die Datei ist so groß, dass ich sie noch nicht mal anfügen kann. Wie soll ich sie übermitteln? Zippen? MBAR hat nichts gefunden! Hier die Ergebnisse... Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.29.05
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Snoopy :: SNOOPY-PC [administrator]
29.03.2013 15:08:07
mbar-log-2013-03-29 (15-08-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28108
Time elapsed: 15 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
30.03.2013, 01:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen Ja, zu große Logs bitte zippen und hier anhängen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2013, 13:15
| #13 |
| | Trojan.Win32.Hosts2.gen Hallo! Hier die fehlende Datei / der gezippte Log von GMER... |
|
30.03.2013, 15:59
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Win32.Hosts2.gen aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2013, 21:53
| #15 |
| | Trojan.Win32.Hosts2.gen Hat alles funktioniert. Habe aber den aswMBR-Scan wiederholt, da der erste nicht als Admin ausgeführt war. Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-30 20:22:24
-----------------------------
20:22:24.072 OS Version: Windows 6.0.6002 Service Pack 2
20:22:24.072 Number of processors: 2 586 0xF0A
20:22:24.072 ComputerName: SNOOPY-PC UserName: Snoopy
20:22:25.476 Initialize success
20:23:52.271 AVAST engine defs: 13033000
20:25:15.996 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:25:15.996 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
20:25:16.199 Disk 0 MBR read successfully
20:25:16.214 Disk 0 MBR scan
20:25:16.230 Disk 0 unknown MBR code
20:25:16.245 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 104969 MB offset 63
20:25:16.261 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39999 MB offset 214978560
20:25:16.292 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7655 MB offset 296897265
20:25:16.308 Disk 0 scanning sectors +312576705
20:25:16.448 Disk 0 scanning C:\Windows\system32\drivers
20:25:29.505 Service scanning
20:25:59.879 Modules scanning
20:26:37.053 Disk 0 trace - called modules:
20:26:37.631 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
20:26:37.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865334e0]
20:26:37.646 3 CLASSPNP.SYS[88faa8b3] -> nt!IofCallDriver -> [0x85a0ff08]
20:26:37.662 5 acpi.sys[8329e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a20030]
20:26:38.520 AVAST engine scan C:\Windows
20:26:41.406 AVAST engine scan C:\Windows\system32
20:30:12.552 AVAST engine scan C:\Windows\system32\drivers
20:30:26.919 AVAST engine scan C:\Users\Snoopy
20:46:34.681 AVAST engine scan C:\ProgramData
20:48:13.944 Scan finished successfully
20:49:11.679 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
20:49:11.695 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR.txt"
Code:
ATTFilter 20:57:23.0831 5432 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:57:24.0371 5432 ============================================================
20:57:24.0371 5432 Current date / time: 2013/03/30 20:57:24.0371
20:57:24.0371 5432 SystemInfo:
20:57:24.0371 5432
20:57:24.0371 5432 OS Version: 6.0.6002 ServicePack: 2.0
20:57:24.0371 5432 Product type: Workstation
20:57:24.0371 5432 ComputerName: SNOOPY-PC
20:57:24.0371 5432 UserName: Snoopy
20:57:24.0371 5432 Windows directory: C:\Windows
20:57:24.0371 5432 System windows directory: C:\Windows
20:57:24.0371 5432 Processor architecture: Intel x86
20:57:24.0371 5432 Number of processors: 2
20:57:24.0371 5432 Page size: 0x1000
20:57:24.0371 5432 Boot type: Normal boot
20:57:24.0371 5432 ============================================================
20:57:25.0308 5432 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:57:25.0311 5432 ============================================================
20:57:25.0311 5432 \Device\Harddisk0\DR0:
20:57:25.0316 5432 MBR partitions:
20:57:25.0316 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCD04AB2
20:57:25.0316 5432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCD05000, BlocksNum 0x4E1F800
20:57:25.0316 5432 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11B24AF1, BlocksNum 0xEF3FD0
20:57:25.0316 5432 ============================================================
20:57:25.0396 5432 C: <-> \Device\Harddisk0\DR0\Partition1
20:57:25.0450 5432 D: <-> \Device\Harddisk0\DR0\Partition2
20:57:25.0492 5432 E: <-> \Device\Harddisk0\DR0\Partition3
20:57:25.0493 5432 ============================================================
20:57:25.0493 5432 Initialize success
20:57:25.0493 5432 ============================================================
20:59:22.0763 1444 ============================================================
20:59:22.0763 1444 Scan started
20:59:22.0763 1444 Mode: Manual; SigCheck; TDLFS;
20:59:22.0763 1444 ============================================================
20:59:23.0246 1444 ================ Scan system memory ========================
20:59:23.0246 1444 System memory - ok
20:59:23.0246 1444 ================ Scan services =============================
20:59:23.0387 1444 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:59:23.0527 1444 !SASCORE - ok
20:59:23.0636 1444 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:59:23.0668 1444 ACDaemon - ok
20:59:24.0432 1444 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:59:24.0479 1444 ACPI - ok
20:59:24.0557 1444 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:59:24.0588 1444 AdobeARMservice - ok
20:59:24.0682 1444 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:59:24.0697 1444 AdobeFlashPlayerUpdateSvc - ok
20:59:24.0760 1444 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:59:24.0791 1444 adp94xx - ok
20:59:24.0853 1444 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:59:24.0884 1444 adpahci - ok
20:59:24.0916 1444 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:59:24.0947 1444 adpu160m - ok
20:59:25.0009 1444 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:59:25.0040 1444 adpu320 - ok
20:59:25.0118 1444 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:59:25.0274 1444 AeLookupSvc - ok
20:59:25.0290 1444 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
20:59:25.0306 1444 Afc - ok
20:59:25.0399 1444 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:59:25.0493 1444 AFD - ok
20:59:25.0555 1444 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:59:25.0571 1444 agp440 - ok
20:59:25.0602 1444 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:59:25.0618 1444 aic78xx - ok
20:59:25.0649 1444 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:59:25.0852 1444 ALG - ok
20:59:25.0867 1444 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
20:59:25.0883 1444 aliide - ok
20:59:25.0883 1444 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:59:25.0898 1444 amdagp - ok
20:59:25.0930 1444 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
20:59:25.0945 1444 amdide - ok
20:59:25.0961 1444 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:59:26.0148 1444 AmdK7 - ok
20:59:26.0179 1444 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:59:26.0257 1444 AmdK8 - ok
20:59:26.0382 1444 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:59:26.0398 1444 AntiVirSchedulerService - ok
20:59:26.0460 1444 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:59:26.0476 1444 AntiVirService - ok
20:59:26.0522 1444 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:59:26.0632 1444 Appinfo - ok
20:59:26.0678 1444 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:59:26.0710 1444 Apple Mobile Device - ok
20:59:26.0725 1444 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
20:59:26.0741 1444 arc - ok
20:59:26.0772 1444 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:59:26.0803 1444 arcsas - ok
20:59:26.0834 1444 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:59:26.0928 1444 AsyncMac - ok
20:59:26.0959 1444 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:59:26.0990 1444 atapi - ok
20:59:27.0037 1444 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:59:27.0084 1444 AudioEndpointBuilder - ok
20:59:27.0115 1444 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:59:27.0146 1444 Audiosrv - ok
20:59:27.0178 1444 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:59:27.0193 1444 avgntflt - ok
20:59:27.0240 1444 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:59:27.0256 1444 avipbb - ok
20:59:27.0287 1444 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:59:27.0318 1444 avkmgr - ok
20:59:27.0380 1444 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
20:59:27.0474 1444 BCM43XV - ok
20:59:27.0505 1444 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:59:27.0552 1444 Beep - ok
20:59:27.0630 1444 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:59:27.0677 1444 BFE - ok
20:59:27.0802 1444 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:59:27.0848 1444 BITS - ok
20:59:27.0848 1444 blbdrive - ok
20:59:27.0973 1444 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:59:28.0004 1444 Bonjour Service - ok
20:59:28.0051 1444 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:59:28.0114 1444 bowser - ok
20:59:28.0145 1444 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:59:28.0192 1444 BrFiltLo - ok
20:59:28.0207 1444 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:59:28.0285 1444 BrFiltUp - ok
20:59:28.0332 1444 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:59:28.0379 1444 Browser - ok
20:59:28.0441 1444 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:59:28.0519 1444 Brserid - ok
20:59:28.0550 1444 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:59:28.0628 1444 BrSerWdm - ok
20:59:28.0644 1444 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:59:28.0738 1444 BrUsbMdm - ok
20:59:28.0769 1444 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:59:28.0831 1444 BrUsbSer - ok
20:59:28.0862 1444 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:59:28.0940 1444 BTHMODEM - ok
20:59:29.0003 1444 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:59:29.0096 1444 cdfs - ok
20:59:29.0128 1444 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:59:29.0221 1444 cdrom - ok
20:59:29.0268 1444 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:59:29.0362 1444 CertPropSvc - ok
20:59:29.0408 1444 [ 2A3A6EEF9E5479CF662B088EEBEDE8D8 ] CFRMD C:\Windows\system32\DRIVERS\CFRMD.sys
20:59:29.0440 1444 CFRMD - ok
20:59:29.0518 1444 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
20:59:29.0596 1444 circlass - ok
20:59:29.0845 1444 [ DBAFC6734C054FEEF9087754BD80F847 ] CLCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
20:59:29.0876 1444 CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
20:59:29.0876 1444 CLCapSvc - detected UnsignedFile.Multi.Generic (1)
20:59:29.0939 1444 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:59:29.0954 1444 CLFS - ok
20:59:30.0032 1444 [ D7180E73D13AC5DE22D8F5C3A4713E4B ] CLPSLauncher C:\Program Files\Common Files\COMODO\launcher_service.exe
20:59:30.0064 1444 CLPSLauncher - ok
20:59:30.0360 1444 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:59:30.0376 1444 clr_optimization_v2.0.50727_32 - ok
20:59:30.0485 1444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:59:30.0532 1444 clr_optimization_v4.0.30319_32 - ok
20:59:30.0563 1444 [ E67F8F036FD882E4AB62501C0D45B536 ] CLSched C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
20:59:30.0594 1444 CLSched ( UnsignedFile.Multi.Generic ) - warning
20:59:30.0594 1444 CLSched - detected UnsignedFile.Multi.Generic (1)
20:59:30.0625 1444 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:59:30.0672 1444 CmBatt - ok
20:59:31.0046 1444 [ DAA199690ED70FFE5765FBC3BCB48E7C ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:59:31.0218 1444 cmdAgent - ok
20:59:31.0265 1444 [ E6B8CB3C452F3F227ADD2AD63EABEB04 ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
20:59:31.0280 1444 cmderd - ok
20:59:31.0405 1444 [ F4F95399BDB9D416AA68114C378766C4 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
20:59:31.0452 1444 cmdGuard - ok
20:59:31.0499 1444 [ 22230B68EB5B6B713197BC868187CC91 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
20:59:31.0530 1444 cmdHlp - ok
20:59:31.0546 1444 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:59:31.0561 1444 cmdide - ok
20:59:31.0592 1444 [ 2BB9FB821D508758916CF4C78E68694A ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
20:59:31.0608 1444 cmdvirth - ok
20:59:31.0655 1444 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:59:31.0670 1444 Compbatt - ok
20:59:31.0670 1444 COMSysApp - ok
20:59:31.0702 1444 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x32.sys
20:59:31.0717 1444 cpuz135 - ok
20:59:31.0717 1444 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:59:31.0733 1444 crcdisk - ok
20:59:31.0764 1444 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:59:31.0811 1444 Crusoe - ok
20:59:31.0889 1444 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:59:31.0936 1444 CryptSvc - ok
20:59:32.0107 1444 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:59:32.0170 1444 DcomLaunch - ok
20:59:32.0232 1444 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:59:32.0341 1444 DfsC - ok
20:59:32.0466 1444 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:59:32.0731 1444 DFSR - ok
20:59:32.0794 1444 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:59:32.0825 1444 Dhcp - ok
20:59:32.0856 1444 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:59:32.0872 1444 disk - ok
20:59:32.0903 1444 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:59:32.0965 1444 Dnscache - ok
20:59:33.0012 1444 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:59:33.0043 1444 dot3svc - ok
20:59:33.0137 1444 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:59:33.0168 1444 DPS - ok
20:59:33.0402 1444 [ 770AC17FBF274FB1773F5C49EE15B3DD ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
20:59:33.0558 1444 DragonUpdater - ok
20:59:33.0605 1444 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:59:33.0652 1444 drmkaud - ok
20:59:33.0776 1444 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:59:33.0823 1444 DXGKrnl - ok
20:59:33.0886 1444 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
20:59:33.0964 1444 E100B - ok
20:59:33.0995 1444 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:59:34.0073 1444 E1G60 - ok
20:59:34.0120 1444 [ E88B0CFCECF745211BBA87F44F85D0DD ] eabfiltr C:\Windows\system32\DRIVERS\eabfiltr.sys
20:59:34.0182 1444 eabfiltr - ok
20:59:34.0229 1444 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:59:34.0244 1444 EapHost - ok
20:59:34.0385 1444 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:59:34.0416 1444 Ecache - ok
20:59:34.0494 1444 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:59:34.0541 1444 ehRecvr - ok
20:59:34.0572 1444 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:59:34.0666 1444 ehSched - ok
20:59:34.0681 1444 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:59:34.0712 1444 ehstart - ok
20:59:34.0775 1444 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:59:34.0806 1444 elxstor - ok
20:59:34.0962 1444 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:59:35.0071 1444 EMDMgmt - ok
20:59:35.0149 1444 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys
20:59:35.0180 1444 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
20:59:35.0180 1444 epmntdrv - detected UnsignedFile.Multi.Generic (1)
20:59:35.0212 1444 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
20:59:35.0243 1444 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
20:59:35.0243 1444 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
20:59:35.0290 1444 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:59:35.0336 1444 EventSystem - ok
20:59:35.0383 1444 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:59:35.0477 1444 exfat - ok
20:59:35.0524 1444 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:59:35.0570 1444 fastfat - ok
20:59:35.0602 1444 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:59:35.0680 1444 fdc - ok
20:59:35.0711 1444 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:59:35.0789 1444 fdPHost - ok
20:59:35.0836 1444 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:59:35.0898 1444 FDResPub - ok
20:59:35.0945 1444 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:59:35.0976 1444 FileInfo - ok
20:59:36.0007 1444 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:59:36.0070 1444 Filetrace - ok
20:59:36.0101 1444 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:59:36.0163 1444 flpydisk - ok
20:59:36.0319 1444 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:59:36.0335 1444 FltMgr - ok
20:59:36.0444 1444 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:59:36.0553 1444 FontCache - ok
20:59:36.0694 1444 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:59:36.0725 1444 FontCache3.0.0.0 - ok
20:59:36.0756 1444 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:59:36.0818 1444 Fs_Rec - ok
20:59:36.0865 1444 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:59:36.0896 1444 gagp30kx - ok
20:59:36.0928 1444 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:59:36.0943 1444 GEARAspiWDM - ok
20:59:37.0115 1444 [ AE63D0DB96C07CAE5DC4CDB2B2A719A0 ] GeekBuddyRSP C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
20:59:37.0255 1444 GeekBuddyRSP - ok
20:59:37.0333 1444 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:59:37.0411 1444 gpsvc - ok
20:59:37.0474 1444 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
20:59:37.0520 1444 grmnusb - ok
20:59:37.0630 1444 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:37.0645 1444 gupdate - ok
20:59:37.0645 1444 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:37.0661 1444 gupdatem - ok
20:59:37.0708 1444 [ DE15777902A5D9121857D155873A1D1B ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
20:59:37.0739 1444 HBtnKey - ok
20:59:37.0786 1444 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:59:37.0848 1444 HdAudAddService - ok
20:59:37.0957 1444 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:59:38.0051 1444 HDAudBus - ok
20:59:38.0066 1444 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:59:38.0176 1444 HidBth - ok
20:59:38.0176 1444 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:59:38.0285 1444 HidIr - ok
20:59:38.0316 1444 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:59:38.0394 1444 hidserv - ok
20:59:38.0425 1444 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:59:38.0488 1444 HidUsb - ok
20:59:38.0519 1444 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:59:38.0566 1444 hkmsvc - ok
20:59:38.0659 1444 [ 2CEEB349216FEBD91A907013D4ABCFF7 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
20:59:38.0690 1444 HP Health Check Service - ok
20:59:38.0722 1444 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:59:38.0753 1444 HpCISSs - ok
20:59:38.0800 1444 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
20:59:38.0815 1444 hpqwmiex ( UnsignedFile.Multi.Generic ) - warning
20:59:38.0815 1444 hpqwmiex - detected UnsignedFile.Multi.Generic (1)
20:59:38.0862 1444 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:59:38.0924 1444 HSFHWAZL - ok
20:59:39.0065 1444 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:59:39.0190 1444 HSF_DPV - ok
20:59:39.0268 1444 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:59:39.0377 1444 HTTP - ok
20:59:39.0424 1444 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:59:39.0439 1444 i2omp - ok
20:59:39.0502 1444 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:59:39.0548 1444 i8042prt - ok
20:59:39.0626 1444 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:59:39.0658 1444 IAANTMON - ok
20:59:39.0736 1444 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
20:59:39.0907 1444 ialm - ok
20:59:39.0938 1444 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:59:39.0970 1444 iaStor - ok
20:59:40.0032 1444 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:59:40.0063 1444 iaStorV - ok
20:59:40.0126 1444 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:59:40.0157 1444 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:59:40.0157 1444 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:59:40.0235 1444 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:59:40.0313 1444 idsvc - ok
20:59:40.0344 1444 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:59:40.0375 1444 iirsp - ok
20:59:40.0469 1444 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:59:40.0531 1444 IKEEXT - ok
20:59:40.0562 1444 [ 409AC6C4F9F61F41532B702E3A0B3257 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
20:59:40.0594 1444 inspect - ok
20:59:40.0687 1444 [ 8D7EB1FD498FD0A34C95A298685EC1C7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:59:40.0843 1444 IntcAzAudAddService - ok
20:59:40.0890 1444 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
20:59:40.0921 1444 intelide - ok
20:59:40.0952 1444 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:59:40.0999 1444 intelppm - ok
20:59:41.0030 1444 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:59:41.0093 1444 IPBusEnum - ok
20:59:41.0124 1444 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:59:41.0186 1444 IpFilterDriver - ok
20:59:41.0249 1444 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:59:41.0311 1444 iphlpsvc - ok
20:59:41.0311 1444 IpInIp - ok
20:59:41.0342 1444 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:59:41.0405 1444 IPMIDRV - ok
20:59:41.0436 1444 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:59:41.0467 1444 IPNAT - ok
20:59:41.0608 1444 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:59:41.0670 1444 iPod Service - ok
20:59:41.0701 1444 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:59:41.0764 1444 IRENUM - ok
20:59:41.0810 1444 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:59:41.0842 1444 isapnp - ok
20:59:41.0873 1444 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:59:41.0904 1444 iScsiPrt - ok
20:59:41.0920 1444 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:59:41.0935 1444 iteatapi - ok
20:59:41.0951 1444 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:59:41.0966 1444 iteraid - ok
20:59:42.0013 1444 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:59:42.0029 1444 kbdclass - ok
20:59:42.0076 1444 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:59:42.0122 1444 kbdhid - ok
20:59:42.0169 1444 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:59:42.0232 1444 KeyIso - ok
20:59:42.0310 1444 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:59:42.0325 1444 KSecDD - ok
20:59:42.0372 1444 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:59:42.0419 1444 KtmRm - ok
20:59:42.0450 1444 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:59:42.0528 1444 LanmanServer - ok
20:59:42.0575 1444 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:59:42.0637 1444 LanmanWorkstation - ok
20:59:42.0715 1444 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:59:42.0746 1444 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:59:42.0746 1444 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:59:42.0778 1444 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:59:42.0840 1444 lltdio - ok
20:59:42.0902 1444 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:59:42.0980 1444 lltdsvc - ok
20:59:43.0027 1444 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:59:43.0105 1444 lmhosts - ok
20:59:43.0168 1444 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:59:43.0199 1444 LSI_FC - ok
20:59:43.0214 1444 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:59:43.0246 1444 LSI_SAS - ok
20:59:43.0261 1444 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:59:43.0277 1444 LSI_SCSI - ok
20:59:43.0308 1444 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:59:43.0370 1444 luafv - ok
20:59:43.0417 1444 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:59:43.0464 1444 Mcx2Svc - ok
20:59:43.0495 1444 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
20:59:43.0511 1444 megasas - ok
20:59:43.0542 1444 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:59:43.0573 1444 MMCSS - ok
20:59:43.0604 1444 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:59:43.0651 1444 Modem - ok
20:59:43.0682 1444 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
20:59:43.0729 1444 MODEMCSA - ok
20:59:43.0776 1444 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:59:43.0807 1444 monitor - ok
20:59:43.0838 1444 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:59:43.0854 1444 mouclass - ok
20:59:43.0901 1444 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:59:43.0932 1444 mouhid - ok
20:59:43.0963 1444 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:59:43.0979 1444 MountMgr - ok
20:59:44.0041 1444 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:59:44.0072 1444 MozillaMaintenance - ok
20:59:44.0119 1444 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
20:59:44.0135 1444 mpio - ok
20:59:44.0182 1444 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:59:44.0213 1444 mpsdrv - ok
20:59:44.0275 1444 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:59:44.0353 1444 MpsSvc - ok
20:59:44.0384 1444 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:59:44.0400 1444 Mraid35x - ok
20:59:44.0447 1444 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:59:44.0494 1444 MRxDAV - ok
20:59:44.0525 1444 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:59:44.0572 1444 mrxsmb - ok
20:59:44.0618 1444 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:59:44.0665 1444 mrxsmb10 - ok
20:59:44.0696 1444 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:59:44.0728 1444 mrxsmb20 - ok
20:59:44.0759 1444 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
20:59:44.0774 1444 msahci - ok
20:59:44.0806 1444 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:59:44.0821 1444 msdsm - ok
20:59:44.0884 1444 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:59:44.0962 1444 MSDTC - ok
20:59:45.0008 1444 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:59:45.0055 1444 Msfs - ok
20:59:45.0102 1444 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:59:45.0118 1444 msisadrv - ok
20:59:45.0149 1444 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:59:45.0180 1444 MSiSCSI - ok
20:59:45.0196 1444 msiserver - ok
20:59:45.0227 1444 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:59:45.0274 1444 MSKSSRV - ok
20:59:45.0320 1444 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:59:45.0367 1444 MSPCLOCK - ok
20:59:45.0414 1444 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:59:45.0430 1444 MSPQM - ok
20:59:45.0523 1444 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:59:45.0554 1444 MsRPC - ok
20:59:45.0586 1444 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:59:45.0601 1444 mssmbios - ok
20:59:45.0632 1444 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:59:45.0695 1444 MSTEE - ok
20:59:45.0710 1444 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:59:45.0726 1444 Mup - ok
20:59:45.0773 1444 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:59:45.0835 1444 napagent - ok
20:59:45.0882 1444 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:59:45.0913 1444 NativeWifiP - ok
20:59:45.0960 1444 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:59:45.0991 1444 NDIS - ok
20:59:46.0022 1444 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:59:46.0085 1444 NdisTapi - ok
20:59:46.0132 1444 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:59:46.0178 1444 Ndisuio - ok
20:59:46.0225 1444 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:59:46.0288 1444 NdisWan - ok
20:59:46.0319 1444 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:59:46.0350 1444 NDProxy - ok
20:59:46.0366 1444 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:59:46.0428 1444 NetBIOS - ok
20:59:46.0459 1444 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:59:46.0506 1444 netbt - ok
20:59:46.0537 1444 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:59:46.0568 1444 Netlogon - ok
20:59:46.0631 1444 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:59:46.0709 1444 Netman - ok
20:59:46.0756 1444 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:59:46.0787 1444 netprofm - ok
20:59:46.0849 1444 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:59:46.0865 1444 NetTcpPortSharing - ok
20:59:47.0286 1444 [ 1D73499A6664B4DA05D750FF83FDB274 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
20:59:47.0489 1444 NETw4v32 - ok
20:59:48.0440 1444 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
20:59:49.0064 1444 NETw5v32 - ok
20:59:49.0111 1444 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:59:49.0142 1444 nfrd960 - ok
20:59:49.0189 1444 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:59:49.0220 1444 NlaSvc - ok
20:59:49.0267 1444 [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
20:59:49.0330 1444 nmwcd - ok
20:59:49.0361 1444 [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
20:59:49.0408 1444 nmwcdc - ok
20:59:49.0439 1444 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:59:49.0470 1444 Npfs - ok
20:59:49.0501 1444 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:59:49.0532 1444 nsi - ok
20:59:49.0564 1444 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:59:49.0595 1444 nsiproxy - ok
20:59:49.0782 1444 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:59:49.0844 1444 Ntfs - ok
20:59:49.0891 1444 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:59:49.0969 1444 ntrigdigi - ok
20:59:50.0000 1444 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:59:50.0047 1444 Null - ok
20:59:51.0654 1444 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:59:52.0309 1444 nvlddmkm - ok
20:59:52.0356 1444 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:59:52.0387 1444 nvraid - ok
20:59:52.0403 1444 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:59:52.0418 1444 nvstor - ok
20:59:52.0481 1444 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
20:59:52.0496 1444 nvsvc - ok
20:59:52.0512 1444 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:59:52.0528 1444 nv_agp - ok
20:59:52.0528 1444 NwlnkFlt - ok
20:59:52.0543 1444 NwlnkFwd - ok
20:59:52.0746 1444 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:59:52.0777 1444 odserv - ok
20:59:52.0824 1444 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:59:52.0840 1444 ohci1394 - ok
20:59:52.0886 1444 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:59:52.0902 1444 ose - ok
20:59:52.0964 1444 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:59:53.0105 1444 p2pimsvc - ok
20:59:53.0120 1444 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:59:53.0167 1444 p2psvc - ok
20:59:53.0198 1444 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:59:53.0276 1444 Parport - ok
20:59:53.0323 1444 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:59:53.0339 1444 partmgr - ok
20:59:53.0370 1444 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:59:53.0464 1444 Parvdm - ok
20:59:53.0526 1444 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:59:53.0588 1444 PcaSvc - ok
20:59:53.0635 1444 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:59:53.0729 1444 pccsmcfd - ok
20:59:53.0900 1444 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:59:53.0916 1444 pci - ok
20:59:53.0932 1444 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
20:59:53.0963 1444 pciide - ok
20:59:53.0994 1444 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:59:54.0010 1444 pcmcia - ok
20:59:54.0072 1444 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:59:54.0181 1444 PEAUTH - ok
20:59:54.0415 1444 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:59:54.0540 1444 pla - ok
20:59:54.0602 1444 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:59:54.0665 1444 PlugPlay - ok
20:59:54.0712 1444 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:59:54.0774 1444 PNRPAutoReg - ok
20:59:54.0852 1444 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:59:54.0899 1444 PNRPsvc - ok
20:59:54.0977 1444 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:59:55.0055 1444 PolicyAgent - ok
20:59:55.0102 1444 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:59:55.0164 1444 PptpMiniport - ok
20:59:55.0195 1444 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
20:59:55.0242 1444 Processor - ok
20:59:55.0273 1444 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:59:55.0304 1444 ProfSvc - ok
20:59:55.0320 1444 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:59:55.0336 1444 ProtectedStorage - ok
20:59:55.0398 1444 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:59:55.0445 1444 PSched - ok
20:59:55.0460 1444 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:59:55.0476 1444 PxHelp20 - ok
20:59:55.0538 1444 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:59:55.0632 1444 ql2300 - ok
20:59:55.0648 1444 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:59:55.0663 1444 ql40xx - ok
20:59:55.0710 1444 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:59:55.0757 1444 QWAVE - ok
20:59:55.0772 1444 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:59:55.0788 1444 QWAVEdrv - ok
20:59:55.0819 1444 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:59:55.0866 1444 RasAcd - ok
20:59:55.0913 1444 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:59:55.0975 1444 RasAuto - ok
20:59:56.0162 1444 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:59:56.0209 1444 Rasl2tp - ok
20:59:56.0256 1444 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:59:56.0318 1444 RasMan - ok
20:59:56.0350 1444 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:59:56.0412 1444 RasPppoe - ok
20:59:56.0459 1444 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:59:56.0506 1444 RasSstp - ok
20:59:56.0552 1444 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:59:56.0568 1444 rdbss - ok
20:59:56.0599 1444 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:59:56.0662 1444 RDPCDD - ok
20:59:56.0708 1444 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:59:56.0755 1444 rdpdr - ok
20:59:56.0771 1444 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:59:56.0833 1444 RDPENCDD - ok
20:59:56.0911 1444 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:59:56.0974 1444 RDPWD - ok
20:59:57.0005 1444 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:59:57.0052 1444 RemoteAccess - ok
20:59:57.0098 1444 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:59:57.0161 1444 RemoteRegistry - ok
20:59:57.0208 1444 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
20:59:57.0270 1444 rimmptsk - ok
20:59:57.0301 1444 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:59:57.0348 1444 rimsptsk - ok
20:59:57.0379 1444 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
20:59:57.0410 1444 rismxdp - ok
20:59:57.0582 1444 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
20:59:57.0660 1444 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
20:59:57.0660 1444 RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
20:59:57.0691 1444 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:59:57.0769 1444 RpcLocator - ok
20:59:57.0832 1444 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:59:57.0878 1444 RpcSs - ok
20:59:57.0910 1444 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:59:57.0972 1444 rspndr - ok
20:59:58.0003 1444 [ 71B7026D61293C1E91145BDAD11C53BF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:59:58.0050 1444 RTL8169 - ok
20:59:58.0081 1444 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:59:58.0097 1444 SamSs - ok
20:59:58.0128 1444 SANDRA - ok
20:59:58.0206 1444 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:59:58.0222 1444 SASDIFSV - ok
20:59:58.0253 1444 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:59:58.0268 1444 SASKUTIL - ok
20:59:58.0300 1444 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:59:58.0315 1444 sbp2port - ok
20:59:58.0362 1444 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:59:58.0409 1444 SCardSvr - ok
20:59:58.0721 1444 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:59:58.0814 1444 Schedule - ok
20:59:58.0861 1444 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:59:58.0877 1444 SCPolicySvc - ok
20:59:59.0033 1444 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:59:59.0080 1444 sdbus - ok
20:59:59.0142 1444 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:59:59.0251 1444 SDRSVC - ok
20:59:59.0298 1444 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:59:59.0392 1444 secdrv - ok
20:59:59.0470 1444 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:59:59.0563 1444 seclogon - ok
20:59:59.0610 1444 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:59:59.0672 1444 SENS - ok
20:59:59.0688 1444 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:59:59.0782 1444 Serenum - ok
20:59:59.0797 1444 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:59:59.0875 1444 Serial - ok
20:59:59.0953 1444 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:59:59.0969 1444 sermouse - ok
21:00:00.0437 1444 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
21:00:00.0546 1444 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:00:00.0546 1444 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:00:00.0608 1444 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:00:00.0686 1444 SessionEnv - ok
21:00:00.0718 1444 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:00:00.0780 1444 sffdisk - ok
21:00:00.0811 1444 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:00:00.0905 1444 sffp_mmc - ok
21:00:00.0983 1444 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:00:00.0998 1444 sffp_sd - ok
21:00:01.0123 1444 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:00:01.0232 1444 sfloppy - ok
21:00:01.0279 1444 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:00:01.0342 1444 SharedAccess - ok
21:00:01.0388 1444 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:00:01.0451 1444 ShellHWDetection - ok
21:00:01.0482 1444 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:00:01.0498 1444 sisagp - ok
21:00:01.0513 1444 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:00:01.0544 1444 SiSRaid2 - ok
21:00:01.0576 1444 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:00:01.0591 1444 SiSRaid4 - ok
21:00:01.0778 1444 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
21:00:01.0981 1444 slsvc - ok
21:00:02.0012 1444 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:00:02.0059 1444 SLUINotify - ok
21:00:02.0106 1444 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:00:02.0153 1444 Smb - ok
21:00:02.0340 1444 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
21:00:02.0465 1444 smserial - ok
21:00:02.0512 1444 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:00:02.0543 1444 SNMPTRAP - ok
21:00:02.0574 1444 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:00:02.0590 1444 spldr - ok
21:00:02.0636 1444 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
21:00:02.0699 1444 Spooler - ok
21:00:02.0746 1444 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:00:02.0824 1444 srv - ok
21:00:02.0886 1444 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:00:02.0948 1444 srv2 - ok
21:00:02.0980 1444 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:00:03.0026 1444 srvnet - ok
21:00:03.0073 1444 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:00:03.0136 1444 SSDPSRV - ok
21:00:03.0167 1444 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:00:03.0182 1444 ssmdrv - ok
21:00:03.0245 1444 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:00:03.0292 1444 SstpSvc - ok
21:00:03.0354 1444 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
21:00:03.0401 1444 stisvc - ok
21:00:03.0479 1444 [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:00:03.0494 1444 stllssvr - ok
21:00:03.0572 1444 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:00:03.0604 1444 swenum - ok
21:00:03.0635 1444 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
21:00:03.0697 1444 swprv - ok
21:00:03.0728 1444 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:00:03.0744 1444 Symc8xx - ok
21:00:03.0760 1444 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:00:03.0775 1444 Sym_hi - ok
21:00:03.0791 1444 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:00:03.0806 1444 Sym_u3 - ok
21:00:03.0853 1444 [ 067CB9D745407A8C1B26E89A6A2CE152 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:00:03.0869 1444 SynTP - ok
21:00:03.0994 1444 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
21:00:04.0087 1444 SysMain - ok
21:00:04.0150 1444 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:00:04.0196 1444 TabletInputService - ok
21:00:04.0243 1444 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:00:04.0306 1444 TapiSrv - ok
21:00:04.0352 1444 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:00:04.0399 1444 TBS - ok
21:00:04.0477 1444 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:00:04.0540 1444 Tcpip - ok
21:00:04.0586 1444 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:00:04.0649 1444 Tcpip6 - ok
21:00:04.0664 1444 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:00:04.0711 1444 tcpipreg - ok
21:00:04.0742 1444 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:00:04.0789 1444 TDPIPE - ok
21:00:04.0789 1444 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:00:04.0852 1444 TDTCP - ok
21:00:04.0883 1444 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:00:04.0930 1444 tdx - ok
21:00:04.0945 1444 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:00:04.0961 1444 TermDD - ok
21:00:05.0008 1444 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
21:00:05.0039 1444 TermService - ok
21:00:05.0086 1444 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
21:00:05.0101 1444 Themes - ok
21:00:05.0132 1444 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:00:05.0164 1444 THREADORDER - ok
21:00:05.0179 1444 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:00:05.0242 1444 TrkWks - ok
21:00:05.0304 1444 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:00:05.0351 1444 TrustedInstaller - ok
21:00:05.0382 1444 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:05.0444 1444 tssecsrv - ok
21:00:05.0491 1444 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:00:05.0522 1444 tunmp - ok
21:00:05.0569 1444 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:00:05.0600 1444 tunnel - ok
21:00:05.0632 1444 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:00:05.0663 1444 uagp35 - ok
21:00:05.0694 1444 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:00:05.0741 1444 udfs - ok
21:00:05.0772 1444 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:00:05.0834 1444 UI0Detect - ok
21:00:05.0881 1444 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:00:05.0912 1444 uliagpkx - ok
21:00:05.0928 1444 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:00:05.0959 1444 uliahci - ok
21:00:05.0975 1444 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:00:05.0990 1444 UlSata - ok
21:00:06.0022 1444 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:00:06.0037 1444 ulsata2 - ok
21:00:06.0068 1444 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:00:06.0100 1444 umbus - ok
21:00:06.0162 1444 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:00:06.0224 1444 upnphost - ok
21:00:06.0271 1444 [ EC01DA44B090D2651FC032C8B9257232 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
21:00:06.0302 1444 upperdev - ok
21:00:06.0349 1444 [ 68A00F7BD18BC3AF2D98A75142E1C74E ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA.sys
21:00:06.0412 1444 USB28xxBGA - ok
21:00:06.0427 1444 [ 77926A55D9C8258E679A817E48829EB0 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM.sys
21:00:06.0458 1444 USB28xxOEM - ok
21:00:06.0505 1444 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:00:06.0568 1444 USBAAPL - ok
21:00:06.0599 1444 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:06.0646 1444 usbccgp - ok
21:00:06.0708 1444 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:00:06.0770 1444 usbcir - ok
21:00:06.0833 1444 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:00:06.0864 1444 usbehci - ok
21:00:06.0880 1444 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:00:06.0911 1444 usbhub - ok
21:00:06.0926 1444 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:00:07.0004 1444 usbohci - ok
21:00:07.0036 1444 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:00:07.0114 1444 usbprint - ok
21:00:07.0160 1444 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:00:07.0223 1444 usbscan - ok
21:00:07.0285 1444 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\drivers\usbser.sys
21:00:07.0332 1444 usbser - ok
21:00:07.0379 1444 [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
21:00:07.0426 1444 UsbserFilt - ok
21:00:07.0472 1444 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:07.0519 1444 USBSTOR - ok
21:00:07.0550 1444 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:00:07.0582 1444 usbuhci - ok
21:00:07.0644 1444 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:00:07.0660 1444 usbvideo - ok
21:00:07.0706 1444 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
21:00:07.0753 1444 UxSms - ok
21:00:07.0816 1444 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
21:00:07.0862 1444 vds - ok
21:00:07.0925 1444 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:07.0972 1444 vga - ok
21:00:08.0003 1444 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:00:08.0050 1444 VgaSave - ok
21:00:08.0096 1444 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:00:08.0112 1444 viaagp - ok
21:00:08.0128 1444 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:00:08.0190 1444 ViaC7 - ok
21:00:08.0221 1444 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
21:00:08.0237 1444 viaide - ok
21:00:08.0284 1444 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:00:08.0315 1444 volmgr - ok
21:00:08.0362 1444 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:00:08.0377 1444 volmgrx - ok
21:00:08.0424 1444 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:00:08.0471 1444 volsnap - ok
21:00:08.0471 1444 vsdatant7 - ok
21:00:08.0518 1444 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:00:08.0533 1444 vsmraid - ok
21:00:08.0674 1444 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
21:00:08.0767 1444 VSS - ok
21:00:08.0845 1444 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
21:00:08.0892 1444 W32Time - ok
21:00:08.0939 1444 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:00:09.0017 1444 WacomPen - ok
21:00:09.0048 1444 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:00:09.0110 1444 Wanarp - ok
21:00:09.0110 1444 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:00:09.0142 1444 Wanarpv6 - ok
21:00:09.0173 1444 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:00:09.0220 1444 wcncsvc - ok
21:00:09.0266 1444 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:00:09.0313 1444 WcsPlugInService - ok
21:00:09.0344 1444 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
21:00:09.0360 1444 Wd - ok
21:00:09.0422 1444 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:00:09.0485 1444 Wdf01000 - ok
21:00:09.0532 1444 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:00:09.0594 1444 WdiServiceHost - ok
21:00:09.0594 1444 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:00:09.0641 1444 WdiSystemHost - ok
21:00:09.0656 1444 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
21:00:09.0719 1444 WebClient - ok
21:00:09.0766 1444 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:00:09.0859 1444 Wecsvc - ok
21:00:09.0890 1444 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:00:09.0968 1444 wercplsupport - ok
21:00:10.0000 1444 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:00:10.0046 1444 WerSvc - ok
21:00:10.0078 1444 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:00:10.0124 1444 winachsf - ok
21:00:10.0187 1444 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:00:10.0202 1444 WinDefend - ok
21:00:10.0218 1444 WinHttpAutoProxySvc - ok
21:00:10.0343 1444 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:00:10.0374 1444 Winmgmt - ok
21:00:10.0514 1444 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:00:10.0592 1444 WinRM - ok
21:00:10.0655 1444 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:00:10.0717 1444 Wlansvc - ok
21:00:10.0748 1444 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:00:10.0764 1444 WmiAcpi - ok
21:00:10.0826 1444 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:00:10.0858 1444 wmiApSrv - ok
21:00:11.0060 1444 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:00:11.0170 1444 WMPNetworkSvc - ok
21:00:11.0232 1444 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:00:11.0294 1444 WPCSvc - ok
21:00:11.0310 1444 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:00:11.0372 1444 WPDBusEnum - ok
21:00:11.0404 1444 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:00:11.0419 1444 WpdUsb - ok
21:00:11.0575 1444 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:00:11.0622 1444 WPFFontCache_v0400 - ok
21:00:11.0653 1444 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:00:11.0716 1444 ws2ifsl - ok
21:00:11.0747 1444 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
21:00:11.0778 1444 wscsvc - ok
21:00:11.0778 1444 WSearch - ok
21:00:11.0965 1444 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:00:12.0152 1444 wuauserv - ok
21:00:12.0230 1444 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:00:12.0308 1444 WudfPf - ok
21:00:12.0355 1444 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:12.0402 1444 WUDFRd - ok
21:00:12.0449 1444 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:00:12.0496 1444 wudfsvc - ok
21:00:12.0542 1444 ================ Scan global ===============================
21:00:12.0574 1444 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:00:12.0620 1444 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:00:12.0652 1444 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
21:00:12.0698 1444 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:00:12.0714 1444 [Global] - ok
21:00:12.0714 1444 ================ Scan MBR ==================================
21:00:12.0730 1444 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
21:00:14.0758 1444 \Device\Harddisk0\DR0 - ok
21:00:14.0758 1444 ================ Scan VBR ==================================
21:00:14.0773 1444 [ 423B2363B09BA4B732EFA936EF1DA00A ] \Device\Harddisk0\DR0\Partition1
21:00:14.0789 1444 \Device\Harddisk0\DR0\Partition1 - ok
21:00:14.0804 1444 [ 3A65B55C25C9312F013D5C943F225457 ] \Device\Harddisk0\DR0\Partition2
21:00:14.0820 1444 \Device\Harddisk0\DR0\Partition2 - ok
21:00:14.0836 1444 [ E481C827EFA0B2B7FBEFFDE5206A0658 ] \Device\Harddisk0\DR0\Partition3
21:00:14.0836 1444 \Device\Harddisk0\DR0\Partition3 - ok
21:00:14.0836 1444 ============================================================
21:00:14.0836 1444 Scan finished
21:00:14.0836 1444 ============================================================
21:00:14.0851 2064 Detected object count: 9
21:00:14.0851 2064 Actual detected object count: 9
21:00:37.0268 2064 CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0268 2064 CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0268 2064 CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0268 2064 CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064 hpqwmiex ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064 hpqwmiex ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0284 2064 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0284 2064 RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:37.0300 2064 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:00:37.0300 2064 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:00:46.0363 3996 Deinitialize success
Code:
ATTFilter swMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-30 21:01:49
-----------------------------
21:01:49.689 OS Version: Windows 6.0.6002 Service Pack 2
21:01:49.689 Number of processors: 2 586 0xF0A
21:01:49.689 ComputerName: SNOOPY-PC UserName: Snoopy
21:01:50.781 Initialize success
21:02:00.796 AVAST engine defs: 13033000
21:02:11.576 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:02:11.576 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
21:02:12.091 Disk 0 MBR read successfully
21:02:12.091 Disk 0 MBR scan
21:02:12.169 Disk 0 unknown MBR code
21:02:12.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 104969 MB offset 63
21:02:12.216 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 39999 MB offset 214978560
21:02:12.247 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 7655 MB offset 296897265
21:02:12.325 Disk 0 scanning sectors +312576705
21:02:12.777 Disk 0 scanning C:\Windows\system32\drivers
21:02:37.222 Service scanning
21:03:05.724 Modules scanning
21:04:02.648 Disk 0 trace - called modules:
21:04:02.726 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:04:02.742 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865334e0]
21:04:02.742 3 CLASSPNP.SYS[88faa8b3] -> nt!IofCallDriver -> [0x85a0ff08]
21:04:02.742 5 acpi.sys[8329e6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a20030]
21:04:03.537 AVAST engine scan C:\Windows
21:04:17.718 AVAST engine scan C:\Windows\system32
21:11:03.023 AVAST engine scan C:\Windows\system32\drivers
21:11:53.864 AVAST engine scan C:\Users\Snoopy
21:40:20.473 AVAST engine scan C:\ProgramData
21:43:22.168 Scan finished successfully
21:44:44.009 Disk 0 MBR has been saved successfully to "C:\Users\Snoopy\Desktop\MBR.dat"
21:44:44.025 The log file has been saved successfully to "C:\Users\Snoopy\Desktop\aswMBR2.txt"
|
|
| Themen zu Trojan.Win32.Hosts2.gen |
| alarm, anti-malware, antivir, avira, blockiert, brauch, comodo, ergebnis, erkennen, folge, funktioniert, hochfahren, infektion, infiziert, lag, malwarebytes, meldung, programme, reagiert, rechner, runter, superantispyware, virus, windows, zone, zone alarm |
Linear-Darstellung
