| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ich glaube ich habe AdwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.12.2012, 09:43
| #1 |
 |  Ich glaube ich habe Adware Guten Tag alle miteinader, ich habe leider Mist gemacht und irrtümlich über eine Website Uncompressor installiert. Avira Antivir hatte kurze Zeit nach der Installation einen Fund. Seitdem scheint der Virus/Adware meinen Computer auszuspionieren. Ich soll mich angeblich öfters über meine E-Mail-Adresse falsch angemeldet haben. Der Laptop ist langsamer geworden! Ich hoffe Ihr könnt mir helfen. MfG Manwithvirus |
|
13.12.2012, 13:50
| #2 |
| /// Malware-holic   | Ich glaube ich habe Adware Hi,
__________________poste die Avira Fundmeldung(en) http://www.trojaner-board.de/125889-...en-posten.html Dann: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
13.12.2012, 20:22
| #3 |
| | Ich glaube ich habe Adware Meine erste Log Datei wurde irgendwie nicht erstellt.
__________________Die zweite poste ich sobald der neue Scan beendet ist. Der läuft schon über 2 Std. Sollten wir es nicht mehr rechtzeitig schaffen wünsche ich schon mal einen angenehmen Urlaub Gruß Manwithvirus |
|
13.12.2012, 20:24
| #4 |
| /// Malware-holic | Ich glaube ich habe Adware Hi im urlaub war ich schon, muss nur meine Signatur anpassen :-) Ab weihnachten natürlich n paar Tage...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.12.2012, 22:42
| #5 |
| | Ich glaube ich habe Adware Ich wünsche dir dan für dein Vorhaben viel Erfolg. Leider hat mein Avir beim zweiten Suchlauf keinen Fund entdeckt. Hier der Report: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Donnerstag, 13. Dezember 2012 18:15 Es wird nach 4560471 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 1) [6.0.6001] Boot Modus : Normal gebootet Benutzername : Hool Computername : HOOL-PC Versionsinformationen: BUILD.DAT : 10.2.0.719 36070 Bytes 25.10.2012 10:38:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 21.07.2011 11:08:11 AVSCAN.DLL : 10.0.5.0 57192 Bytes 21.07.2011 11:10:57 LUKE.DLL : 10.3.0.5 45416 Bytes 21.07.2011 11:09:32 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 13:22:40 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 21.07.2011 11:08:11 AVREG.DLL : 10.3.0.9 90472 Bytes 21.07.2011 11:08:05 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 11:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:52:59 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 18:52:51 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:52:55 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 18:52:59 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:53:02 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 18:53:07 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 18:53:11 VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 18:53:11 VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 18:53:11 VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 18:53:11 VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 18:53:11 VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 18:53:11 VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 18:53:11 VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 18:53:12 VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 18:53:12 VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 18:53:12 VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 18:53:13 VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 18:53:13 VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 18:53:13 VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 18:53:14 VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 18:53:14 VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 18:53:14 VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 18:53:14 VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 17:10:52 VBASE025.VDF : 7.11.53.170 2048 Bytes 12.12.2012 17:10:52 VBASE026.VDF : 7.11.53.171 2048 Bytes 12.12.2012 17:10:52 VBASE027.VDF : 7.11.53.172 2048 Bytes 12.12.2012 17:10:52 VBASE028.VDF : 7.11.53.173 2048 Bytes 12.12.2012 17:10:52 VBASE029.VDF : 7.11.53.174 2048 Bytes 12.12.2012 17:10:52 VBASE030.VDF : 7.11.53.175 2048 Bytes 12.12.2012 17:10:52 VBASE031.VDF : 7.11.53.210 77824 Bytes 13.12.2012 17:10:52 Engineversion : 8.2.10.222 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.12.2012 18:53:23 AESCRIPT.DLL : 8.1.4.76 467324 Bytes 13.12.2012 17:10:54 AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 17:10:54 AESBX.DLL : 8.2.5.12 606578 Bytes 10.12.2012 18:53:24 AERDL.DLL : 8.2.0.74 643445 Bytes 10.12.2012 18:53:23 AEPACK.DLL : 8.3.1.0 819574 Bytes 13.12.2012 17:10:54 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 10.12.2012 18:53:22 AEHEUR.DLL : 8.1.4.160 5624184 Bytes 10.12.2012 18:53:22 AEHELP.DLL : 8.1.25.2 258423 Bytes 10.12.2012 18:53:18 AEGEN.DLL : 8.1.6.12 434549 Bytes 13.12.2012 17:10:53 AEEXP.DLL : 8.3.0.0 184692 Bytes 13.12.2012 17:10:54 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.12.2012 18:53:17 AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 17:10:53 AEBB.DLL : 8.1.1.4 53619 Bytes 10.12.2012 18:53:15 AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 06:52:39 AVPREF.DLL : 10.0.3.2 44904 Bytes 21.07.2011 11:08:05 AVREP.DLL : 10.0.0.10 174120 Bytes 21.07.2011 11:08:06 AVARKT.DLL : 10.0.26.1 255336 Bytes 21.07.2011 11:07:41 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 21.07.2011 11:07:59 SQLITE3.DLL : 3.6.19.0 355688 Bytes 21.07.2011 14:12:30 AVSMTP.DLL : 10.0.0.17 63848 Bytes 21.04.2011 06:52:38 NETNT.DLL : 10.0.0.0 11624 Bytes 21.04.2011 06:52:50 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 21.07.2011 11:11:03 RCTEXT.DLL : 10.0.64.0 98664 Bytes 21.07.2011 11:11:03 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Festplatten Konfigurationsdatei...................: C:\program files\avira\antivir desktop\alldiscs.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Donnerstag, 13. Dezember 2012 18:15 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ts3client_win32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashUtil32_11_4_402_287_ActiveX.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BTTray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'unsecapp.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'daemon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LightScribeControlPanel.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'msnmsgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnscfg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'EasySpeedUpManager.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'dmhkcore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MagicDoctorKbdHk.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'WCScheduler.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'EasyBatteryMgr3.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesApp32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ViewpointService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesService32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'agrsmsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ACService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '769' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' Beginne mit der Suche in 'D:\' Ende des Suchlaufs: Donnerstag, 13. Dezember 2012 22:37 Benötigte Zeit: 4:21:27 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 41382 Verzeichnisse wurden überprüft 1783911 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 1783911 Dateien ohne Befall 2754 Archive wurden durchsucht 0 Warnungen 0 Hinweise OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.12.2012 00:06:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hool\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,43% Memory free 6,22 Gb Paging File | 4,48 Gb Available in Paging File | 72,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 33,14 Gb Free Space | 29,62% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 88,54 Gb Free Space | 79,77% Space Free | Partition Type: NTFS Computer Name: HOOL-PC | User Name: Hool | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.13 18:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hool\Desktop\OTL.exe PRC - [2012.12.07 18:15:51 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe PRC - [2012.11.29 16:06:12 | 001,926,496 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.11.29 16:06:12 | 000,102,752 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe PRC - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.11.02 00:23:42 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012.04.16 19:43:27 | 003,089,488 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe PRC - [2011.12.22 14:03:38 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.08 17:22:14 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.04.01 19:49:42 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2008.01.30 04:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 08:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.19 08:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.02 09:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2007.12.28 02:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2007.07.04 23:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.06.13 05:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.01 11:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2007.05.11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2007.04.24 10:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.01.04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Programme\Viewpoint\Common\ViewpointService.exe PRC - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.07 18:15:51 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe MOD - [2012.04.16 19:43:27 | 003,089,488 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe MOD - [2011.12.22 14:03:38 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe MOD - [2011.06.30 21:00:00 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.06.30 20:59:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.06.30 08:36:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.30 08:35:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.30 08:34:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.30 08:31:14 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.30 08:29:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2009.10.07 21:28:20 | 000,200,704 | ---- | M] () -- C:\Programme\ImageConverter Plus\gpgate.dll MOD - [2009.10.07 21:24:06 | 001,339,392 | ---- | M] () -- C:\Programme\ImageConverter Plus\fcnv.dll MOD - [2009.10.07 21:22:12 | 006,803,456 | ---- | M] () -- C:\Programme\ImageConverter Plus\fpdf.dll MOD - [2009.10.07 21:22:04 | 001,183,744 | ---- | M] () -- C:\Programme\ImageConverter Plus\fcrtl.dll MOD - [2009.10.07 21:18:56 | 000,020,992 | ---- | M] () -- C:\Programme\ImageConverter Plus\MemHandler.dll MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.08 17:21:52 | 000,099,328 | ---- | M] () -- C:\Programme\DAEMON Tools Lite\Lang\DEU.dll MOD - [2008.07.08 17:21:50 | 000,081,408 | ---- | M] () -- C:\Programme\DAEMON Tools Lite\Lang\ENU.dll MOD - [2008.04.16 00:09:32 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2999.36899__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.04.16 00:09:32 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2999.36858__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.04.16 00:09:32 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2999.36911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.04.16 00:09:32 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2999.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.04.16 00:09:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2999.36892__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.04.16 00:09:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2999.36878__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.04.16 00:09:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2999.37051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.04.16 00:09:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2999.37008__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.04.16 00:09:30 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2999.37120__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.04.16 00:09:00 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2999.37127__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.04.16 00:09:00 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2999.37065__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.04.16 00:09:00 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2999.36872__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:59 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2999.37059__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2999.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.04.16 00:08:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2999.37118__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.04.16 00:08:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2999.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2999.36923__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2999.36879__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2999.37079__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.04.16 00:08:57 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2999.36917__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.04.16 00:08:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.04.16 00:08:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.04.16 00:08:56 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2999.37010__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2999.37045__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:56 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.04.16 00:08:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2999.37009__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.04.16 00:08:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2999.37044__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.04.16 00:08:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.04.16 00:08:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.04.16 00:08:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.04.16 00:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.04.16 00:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.04.16 00:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.04.16 00:08:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.04.16 00:08:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.04.16 00:08:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.04.16 00:08:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.04.16 00:08:53 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.04.16 00:08:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.04.16 00:08:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.04.16 00:08:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.04.16 00:08:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.04.16 00:08:29 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2999.37102_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.04.16 00:08:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2999.37138__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.04.16 00:08:23 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2999.37149__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.04.16 00:08:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.04.16 00:08:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.04.16 00:08:20 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2999.37110__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.04.16 00:08:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.04.16 00:08:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2999.37109__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.04.16 00:08:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.04.16 00:08:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.04.16 00:08:18 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2999.36886__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.04.16 00:08:18 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2999.37102__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.04.16 00:08:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.04.16 00:08:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.04.16 00:08:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.04.16 00:08:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.04.16 00:08:10 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2999.36865__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.04.16 00:08:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2999.36850__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.04.16 00:08:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.04.16 00:08:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2999.37110__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.04.16 00:08:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.04.16 00:08:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.04.16 00:08:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2999.36849__90ba9c70f846762e\APM.Server.dll MOD - [2008.04.16 00:08:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2999.36849__90ba9c70f846762e\AEM.Server.dll MOD - [2008.04.01 19:49:42 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe MOD - [2008.03.18 14:04:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.18 04:21:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.01.30 04:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe MOD - [2008.01.11 20:49:24 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu MOD - [2007.12.09 07:08:54 | 002,811,392 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\Resdll.dll MOD - [2007.11.09 11:39:56 | 000,007,680 | ---- | M] () -- C:\Programme\DAEMON Tools Lite\Plugins\Images\bw5mount.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.05.11 02:08:40 | 003,076,096 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU MOD - [2007.05.11 01:55:44 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU MOD - [2007.05.11 01:54:28 | 000,036,864 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU MOD - [2007.05.11 01:54:20 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu MOD - [2007.05.11 01:54:02 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU MOD - [2007.05.11 01:53:52 | 000,974,848 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU MOD - [2007.05.11 01:53:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU MOD - [2007.05.11 01:53:22 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU MOD - [2007.05.11 01:52:58 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU MOD - [2007.05.11 01:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU MOD - [2007.05.11 01:52:02 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU MOD - [2007.05.11 01:51:42 | 000,221,184 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU MOD - [2007.05.11 01:51:38 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU MOD - [2007.05.11 01:51:24 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU MOD - [2007.05.11 01:50:30 | 000,811,008 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU MOD - [2007.05.11 01:50:04 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU MOD - [2007.04.24 10:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2007.02.16 09:40:42 | 005,521,408 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.02.16 09:40:40 | 001,466,368 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2007.01.13 02:01:28 | 000,475,136 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll MOD - [2007.01.13 02:01:28 | 000,397,312 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll MOD - [2006.10.23 00:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU MOD - [2006.10.23 00:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU MOD - [2006.10.23 00:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU MOD - [2006.10.23 00:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU MOD - [2006.10.23 00:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu MOD - [2006.10.23 00:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU MOD - [2006.09.19 01:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.05.17 21:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.07.10 14:44:18 | 000,411,136 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\System32\HFGService.dll -- (HFGService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.06.28 10:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2007.01.04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Programme\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006.10.26 06:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005.08.02 22:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (au017kxy) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hool\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM) DRV - [2012.11.16 16:38:46 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 22:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA) DRV - [2008.10.01 22:36:08 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.07.11 10:10:53 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.07.10 14:44:12 | 000,030,208 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF) DRV - [2008.07.10 14:43:54 | 000,034,816 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (bthav) DRV - [2008.07.10 14:43:32 | 000,015,872 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2008.04.16 00:28:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.03.18 14:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.03.18 14:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.10.17 07:48:46 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2007.09.13 07:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.05.02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) DRV - [2007.04.26 02:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.11.02 08:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2005.08.02 22:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.17 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.15.1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.07.04 18:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.16 18:59:35 | 000,000,000 | ---D | M] [2008.07.04 18:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hool\AppData\Roaming\mozilla\Extensions [2012.10.17 21:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions [2012.10.10 02:44:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.10 02:44:29 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.10.10 02:44:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.10 02:44:29 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.02.14 10:04:29 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.14 11:17:18 | 000,000,873 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\conduit.xml [2008.07.11 10:16:21 | 000,000,523 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\daemon-search.xml [2012.10.17 02:26:50 | 000,000,950 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\icqplugin-1.xml [2008.11.18 13:56:02 | 000,000,944 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\icqplugin.xml [2010.10.11 22:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.12.16 17:21:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.11 22:44:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.16 18:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.12.16 17:21:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2008.07.15 22:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009.01.01 13:00:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.09.03 20:33:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.05.16 18:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.04.16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2008.03.15 14:56:14 | 000,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.17 12:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Spotify] C:\Users\Hool\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} ms-its:C:\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab (Microsoft Common Dialog Control, version 5.0 (SP2)) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F7633DA-D986-488D-8ED6-329145B1D2AD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hool\Pictures\2008-07-02 baden\baden 031.JPG O24 - Desktop BackupWallPaper: C:\Users\Hool\Pictures\2008-07-02 baden\baden 031.JPG O27 - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\powerdvd.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\spotify.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{52ace902-4d63-11df-bcbd-0013779c8cbc}\Shell - "" = AutoRun O33 - MountPoints2\{52ace902-4d63-11df-bcbd-0013779c8cbc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{7eae3edd-4f29-11dd-bb1f-0013776c42d8}\Shell - "" = AutoRun O33 - MountPoints2\{7eae3edd-4f29-11dd-bb1f-0013776c42d8}\Shell\AutoRun\command - "" = F:\Torchlight_Setup.exe O33 - MountPoints2\{e4bce008-d1b2-11de-ac75-0013776c42d8}\Shell - "" = AutoRun O33 - MountPoints2\{e4bce008-d1b2-11de-ac75-0013776c42d8}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{f905d07b-0b96-11e1-8200-0013779c8cbc}\Shell - "" = AutoRun O33 - MountPoints2\{f905d07b-0b96-11e1-8200-0013779c8cbc}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{f905d07e-0b96-11e1-8200-0013779c8cbc}\Shell - "" = AutoRun O33 - MountPoints2\{f905d07e-0b96-11e1-8200-0013779c8cbc}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.13 18:18:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hool\Desktop\OTL.exe [2012.12.10 20:08:48 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Roaming\Avira [2012.12.10 19:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.10 19:51:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.12.10 19:51:02 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.12.10 19:51:02 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.12.10 19:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.10 19:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.12.10 19:42:42 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.12.10 19:42:42 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.12.10 19:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.12.10 19:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.12.10 19:40:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.10 18:17:14 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.10 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2012.12.10 18:04:50 | 000,000,000 | ---D | C] -- C:\10d5275629a529db87 [2012.12.10 18:00:32 | 000,000,000 | ---D | C] -- C:\e3814ec1777dc167ab37e7ba [2012.12.10 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Local\ElevatedDiagnostics [2012.12.10 17:52:01 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor [2012.12.10 17:39:29 | 000,000,000 | ---D | C] -- C:\4d6f4ed8882d4510af836080889c [2012.12.10 15:54:03 | 000,000,000 | ---D | C] -- C:\d479d73d481663aa67bf80da46 [2012.12.10 15:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.12.10 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Roaming\TuneUp Software [2012.12.10 15:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.12.10 15:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.10 15:42:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.10 14:33:26 | 000,000,000 | ---D | C] -- C:\f107cb1e531de7587929 [2012.11.16 03:12:25 | 000,000,000 | ---D | C] -- C:\Users\Hool\Documents\HandHistory [2012.11.16 03:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.13 23:46:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 23:46:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 23:43:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.13 22:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.13 18:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hool\Desktop\OTL.exe [2012.12.13 17:45:59 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.12.13 17:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.13 17:45:09 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 11:43:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.13 10:47:57 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{841C9E85-6F0A-45FA-B5D1-AFC0B3E267E9}.job [2012.12.10 22:58:42 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.12.10 19:51:53 | 000,000,134 | ---- | M] () -- C:\Users\Hool\Desktop\Windows Update - Verknüpfung.lnk [2012.12.10 19:51:31 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2012.12.10 19:42:34 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.10 19:42:34 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.10 14:31:16 | 000,129,536 | ---- | M] () -- C:\Users\Hool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.10 14:24:02 | 000,307,200 | ---- | M] () -- C:\Users\Hool\Documents\Datenbank1.accdb [2012.12.10 10:25:28 | 000,675,222 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.10 10:25:28 | 000,635,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.10 10:25:28 | 000,145,664 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.10 10:25:28 | 000,119,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.08 11:44:47 | 000,004,934 | ---- | M] () -- C:\ProgramData\flwjycbm.bab [2012.12.08 11:44:38 | 000,000,871 | ---- | M] () -- C:\Users\Hool\Desktop\PokerTracker 4.lnk [2012.11.29 16:06:14 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.11.16 03:10:24 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.10 19:51:53 | 000,000,134 | ---- | C] () -- C:\Users\Hool\Desktop\Windows Update - Verknüpfung.lnk [2012.12.10 19:51:31 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2012.12.10 19:42:34 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.10 19:42:34 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.10 19:42:33 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.12.10 19:27:59 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2012.12.08 11:44:47 | 000,004,934 | ---- | C] () -- C:\ProgramData\flwjycbm.bab [2012.11.16 03:10:24 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk [2012.05.10 22:53:20 | 000,000,045 | ---- | C] () -- C:\Users\Hool\AppData\Local\machpro.dat [2012.05.10 22:04:19 | 000,004,969 | ---- | C] () -- C:\ProgramData\oinwddee.jeg [2010.05.20 16:16:43 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2009.05.19 23:11:08 | 010,448,896 | ---- | C] () -- C:\ProgramData\sandra.mda [2009.05.19 22:39:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.17 16:11:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.10.01 19:28:27 | 000,022,328 | ---- | C] () -- C:\Users\Hool\AppData\Roaming\PnkBstrK.sys [2008.09.27 10:33:24 | 000,024,206 | ---- | C] () -- C:\Users\Hool\AppData\Roaming\UserTile.png [2008.07.04 18:42:27 | 000,006,944 | ---- | C] () -- C:\Users\Hool\AppData\Local\d3d9caps.dat [2008.07.02 11:54:35 | 000,129,536 | ---- | C] () -- C:\Users\Hool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.08.24 02:25:52 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\acccore [2008.07.11 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\DAEMON Tools [2008.12.16 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\ICQ [2011.01.10 01:55:07 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\LolClient [2012.11.05 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\PacificPoker [2012.10.14 17:48:56 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Party [2008.09.27 10:33:23 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\PeerNetworking [2009.11.24 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\runic games [2009.04.17 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Samsung [2010.11.23 01:16:36 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Scribus [2012.12.11 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Spotify [2012.12.14 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\TS3Client [2012.12.10 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\TuneUp Software [2010.12.05 10:37:53 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Valuga Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.07.23 15:04:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.10 18:18:10 | 000,000,000 | ---D | M] -- C:\10d5275629a529db87 [2012.12.10 17:39:40 | 000,000,000 | ---D | M] -- C:\4d6f4ed8882d4510af836080889c [2008.04.16 02:47:17 | 000,000,000 | ---D | M] -- C:\avs contents [2008.10.24 10:41:36 | 000,000,000 | -HSD | M] -- C:\Boot [2012.12.10 15:54:10 | 000,000,000 | ---D | M] -- C:\d479d73d481663aa67bf80da46 [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.07.01 18:35:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.10 18:00:34 | 000,000,000 | ---D | M] -- C:\e3814ec1777dc167ab37e7ba [2012.12.10 17:19:36 | 000,000,000 | ---D | M] -- C:\f107cb1e531de7587929 [2009.09.29 19:40:49 | 000,000,000 | ---D | M] -- C:\man [2008.04.16 02:32:42 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.04.16 00:22:34 | 000,000,000 | ---D | M] -- C:\MyWorks [2008.10.24 10:28:57 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.30 00:35:31 | 000,000,000 | ---D | M] -- C:\Poker [2009.02.03 03:32:22 | 000,000,000 | ---D | M] -- C:\Poker Application [2012.12.13 09:25:38 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.20 17:01:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.12.10 19:51:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.07.01 18:35:52 | 000,000,000 | -HSD | M] -- C:\Programme [2008.07.01 20:23:59 | 000,000,000 | ---D | M] -- C:\Programs [2012.04.17 02:12:48 | 000,000,000 | ---D | M] -- C:\Riot Games [2008.04.22 12:41:36 | 000,000,000 | ---D | M] -- C:\RiskII [2008.04.16 00:42:50 | 000,000,000 | ---D | M] -- C:\Samsung [2012.12.14 00:11:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.08 14:58:31 | 000,000,000 | R--D | M] -- C:\Users [2012.12.10 19:41:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.01.19 08:33:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,538 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008.07.01 22:33:03 | 000,000,416 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{841C9E85-6F0A-45FA-B5D1-AFC0B3E267E9}.job [2009.03.31 18:11:27 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job [2009.06.30 11:23:27 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.06.30 11:23:28 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.04.16 01:43:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2008.04.16 01:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2008.04.16 01:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2008.04.16 01:45:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2008.04.16 01:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2008.04.16 01:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.04.16 02:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2008.04.16 02:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.04.16 01:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.04.16 01:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.04.16 01:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.04.16 01:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.04.16 01:08:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.04.16 01:08:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.04.16 00:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.04.16 00:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.07.11 10:10:53 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.03.18 14:05:02 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2012.12.14 00:28:28 | 003,145,728 | -HS- | M] () -- C:\Users\Hool\ntuser.dat [2012.12.14 00:28:28 | 000,262,144 | -H-- | M] () -- C:\Users\Hool\ntuser.dat.LOG1 [2008.07.01 18:40:29 | 000,000,000 | -H-- | M] () -- C:\Users\Hool\ntuser.dat.LOG2 [2012.12.13 11:43:38 | 000,065,536 | -HS- | M] () -- C:\Users\Hool\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.02.18 15:22:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hool\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.12.13 11:43:38 | 000,524,288 | -HS- | M] () -- C:\Users\Hool\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.07.01 18:40:31 | 000,000,020 | -HS- | M] () -- C:\Users\Hool\ntuser.ini [2010.05.25 18:34:10 | 000,000,399 | ---- | M] () -- C:\Users\Hool\PokerTracker v3.06.2-Crash_20100525.log [2010.05.26 21:06:24 | 000,000,437 | ---- | M] () -- C:\Users\Hool\PokerTracker v3.06.2-Crash_20100526.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8CEFE51A < End of report > |
|
14.12.2012, 00:41
| #6 |
| | Ich glaube ich habe Adware OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.12.2012 00:06:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hool\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,43% Memory free 6,22 Gb Paging File | 4,48 Gb Available in Paging File | 72,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,88 Gb Total Space | 33,14 Gb Free Space | 29,62% Space Free | Partition Type: NTFS Drive D: | 111,00 Gb Total Space | 88,54 Gb Free Space | 79,77% Space Free | Partition Type: NTFS Computer Name: HOOL-PC | User Name: Hool | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.13 18:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hool\Desktop\OTL.exe PRC - [2012.12.07 18:15:51 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe PRC - [2012.11.29 16:06:12 | 001,926,496 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.11.29 16:06:12 | 000,102,752 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe PRC - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.11.02 00:23:42 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe PRC - [2012.04.16 19:43:27 | 003,089,488 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe PRC - [2011.12.22 14:03:38 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe PRC - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2011.04.21 07:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.07.08 17:22:14 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe PRC - [2008.04.01 19:49:42 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe PRC - [2008.01.30 04:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.19 08:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.19 08:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.02 09:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2007.12.28 02:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2007.07.04 23:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2007.06.13 05:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.01 11:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2007.05.11 02:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2007.04.24 10:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.01.04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Programme\Viewpoint\Common\ViewpointService.exe PRC - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.12.07 18:15:51 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.104\deploy\LoLLauncher.exe MOD - [2012.04.16 19:43:27 | 003,089,488 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe MOD - [2011.12.22 14:03:38 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe MOD - [2011.06.30 21:00:00 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.06.30 20:59:41 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011.06.30 08:36:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.30 08:35:17 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.30 08:34:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.30 08:31:14 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.30 08:29:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2009.10.07 21:28:20 | 000,200,704 | ---- | M] () -- C:\Programme\ImageConverter Plus\gpgate.dll MOD - [2009.10.07 21:24:06 | 001,339,392 | ---- | M] () -- C:\Programme\ImageConverter Plus\fcnv.dll MOD - [2009.10.07 21:22:12 | 006,803,456 | ---- | M] () -- C:\Programme\ImageConverter Plus\fpdf.dll MOD - [2009.10.07 21:22:04 | 001,183,744 | ---- | M] () -- C:\Programme\ImageConverter Plus\fcrtl.dll MOD - [2009.10.07 21:18:56 | 000,020,992 | ---- | M] () -- C:\Programme\ImageConverter Plus\MemHandler.dll MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.08 17:21:52 | 000,099,328 | ---- | M] () -- C:\Programme\DAEMON Tools Lite\Lang\DEU.dll MOD - [2008.07.08 17:21:50 | 000,081,408 | ---- | M] () -- C:\Programme\DAEMON Tools Lite\Lang\ENU.dll MOD - [2008.04.16 00:09:32 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2999.36899__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.04.16 00:09:32 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2999.36858__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.04.16 00:09:32 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2999.36911__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.04.16 00:09:32 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2999.37087__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.04.16 00:09:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2999.36892__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.04.16 00:09:32 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2999.36878__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.04.16 00:09:31 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2999.37051__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.04.16 00:09:31 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2999.37008__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.04.16 00:09:30 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2999.37120__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.04.16 00:09:00 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2999.37127__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.04.16 00:09:00 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2999.37065__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.04.16 00:09:00 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2999.36872__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:59 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2999.37059__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2999.37058__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.04.16 00:08:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2999.37118__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.04.16 00:08:57 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2999.37017__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2999.36923__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2999.36879__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2999.37079__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.04.16 00:08:57 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2999.36917__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:57 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.04.16 00:08:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.04.16 00:08:57 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2999.37030__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.04.16 00:08:56 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2999.37010__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:56 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2999.37045__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.04.16 00:08:56 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2999.36929__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.04.16 00:08:56 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2999.37009__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.04.16 00:08:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2999.37044__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.04.16 00:08:55 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2999.37016__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.04.16 00:08:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.04.16 00:08:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.04.16 00:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.04.16 00:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.04.16 00:08:55 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.04.16 00:08:55 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.04.16 00:08:54 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.04.16 00:08:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.04.16 00:08:54 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.04.16 00:08:54 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.04.16 00:08:54 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.04.16 00:08:53 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.04.16 00:08:53 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.04.16 00:08:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.04.16 00:08:52 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.04.16 00:08:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.04.16 00:08:52 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.04.16 00:08:29 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2999.37102_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2008.04.16 00:08:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2999.37138__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.04.16 00:08:23 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2999.37149__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.04.16 00:08:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.04.16 00:08:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.04.16 00:08:20 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2999.37110__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.04.16 00:08:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.04.16 00:08:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2999.37109__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.04.16 00:08:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.04.16 00:08:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.04.16 00:08:18 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2999.36886__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.04.16 00:08:18 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2999.37102__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.04.16 00:08:18 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.04.16 00:08:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.04.16 00:08:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2999.36850__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.04.16 00:08:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.04.16 00:08:10 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2999.36865__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.04.16 00:08:10 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2999.36850__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.04.16 00:08:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.04.16 00:08:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2999.37110__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.04.16 00:08:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.04.16 00:08:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.04.16 00:08:09 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2999.36849__90ba9c70f846762e\APM.Server.dll MOD - [2008.04.16 00:08:09 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2999.36849__90ba9c70f846762e\AEM.Server.dll MOD - [2008.04.01 19:49:42 | 000,036,352 | ---- | M] () -- C:\Programme\Winamp\winampa.exe MOD - [2008.03.18 14:04:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.03.18 04:21:32 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.01.30 04:00:14 | 001,926,144 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\WCScheduler.exe MOD - [2008.01.11 20:49:24 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu MOD - [2007.12.09 07:08:54 | 002,811,392 | ---- | M] () -- C:\Programme\Samsung\Samsung Recovery Solution II\Resdll.dll MOD - [2007.11.09 11:39:56 | 000,007,680 | ---- | M] () -- C:\Programme\DAEMON Tools Lite\Plugins\Images\bw5mount.dll MOD - [2007.09.20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.05.11 02:08:40 | 003,076,096 | ---- | M] () -- c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU MOD - [2007.05.11 01:55:44 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU MOD - [2007.05.11 01:54:28 | 000,036,864 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Spelling.DEU MOD - [2007.05.11 01:54:20 | 000,026,112 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu MOD - [2007.05.11 01:54:02 | 000,053,248 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU MOD - [2007.05.11 01:53:52 | 000,974,848 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU MOD - [2007.05.11 01:53:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU MOD - [2007.05.11 01:53:22 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU MOD - [2007.05.11 01:52:58 | 000,159,744 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU MOD - [2007.05.11 01:52:54 | 000,086,016 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU MOD - [2007.05.11 01:52:02 | 000,006,656 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU MOD - [2007.05.11 01:51:42 | 000,221,184 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU MOD - [2007.05.11 01:51:38 | 001,224,704 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU MOD - [2007.05.11 01:51:24 | 000,192,512 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU MOD - [2007.05.11 01:50:30 | 000,811,008 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU MOD - [2007.05.11 01:50:04 | 000,077,824 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU MOD - [2007.04.24 10:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2007.02.16 09:40:42 | 005,521,408 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll MOD - [2007.02.16 09:40:40 | 001,466,368 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll MOD - [2007.01.13 02:01:28 | 000,475,136 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll MOD - [2007.01.13 02:01:28 | 000,397,312 | R--- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll MOD - [2006.10.23 00:34:44 | 000,005,120 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU MOD - [2006.10.23 00:33:38 | 000,012,288 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU MOD - [2006.10.23 00:33:02 | 000,008,192 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU MOD - [2006.10.23 00:32:30 | 000,011,264 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU MOD - [2006.10.23 00:31:30 | 000,013,312 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu MOD - [2006.10.23 00:30:32 | 000,028,672 | ---- | M] () -- C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU MOD - [2006.09.19 01:52:46 | 000,028,672 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\WinMove.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.11.29 16:06:10 | 001,723,744 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.07.21 12:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.05.17 21:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.07.10 14:44:18 | 000,411,136 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Windows\System32\HFGService.dll -- (HFGService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.06.28 10:54:42 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2007.01.04 22:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Programme\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006.10.26 06:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2005.08.02 22:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (au017kxy) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Hool\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM) DRV - [2012.11.16 16:38:46 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.07.21 12:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.21 12:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.12.07 19:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.05 22:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA) DRV - [2008.10.01 22:36:08 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.07.11 10:10:53 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2008.07.10 14:44:12 | 000,030,208 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF) DRV - [2008.07.10 14:43:54 | 000,034,816 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (bthav) DRV - [2008.07.10 14:43:32 | 000,015,872 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAvrcp.sys -- (BthAvrcp) DRV - [2008.04.16 00:28:05 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.03.18 14:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.03.18 14:56:20 | 003,542,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.10.17 07:48:46 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302) DRV - [2007.09.13 07:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.05.02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) DRV - [2007.04.26 02:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2006.11.28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006.11.02 08:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2005.08.02 22:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.17 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:3.15.1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008.07.04 18:56:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.16 18:59:35 | 000,000,000 | ---D | M] [2008.07.04 18:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hool\AppData\Roaming\mozilla\Extensions [2012.10.17 21:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions [2012.10.10 02:44:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.10.10 02:44:29 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2012.10.10 02:44:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.10.10 02:44:29 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2010.02.14 10:04:29 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Hool\AppData\Roaming\mozilla\Firefox\Profiles\pwn6ppc4.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.14 11:17:18 | 000,000,873 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\conduit.xml [2008.07.11 10:16:21 | 000,000,523 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\daemon-search.xml [2012.10.17 02:26:50 | 000,000,950 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\icqplugin-1.xml [2008.11.18 13:56:02 | 000,000,944 | ---- | M] () -- C:\Users\Hool\AppData\Roaming\mozilla\firefox\profiles\pwn6ppc4.default\searchplugins\icqplugin.xml [2010.10.11 22:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2008.12.16 17:21:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.10.11 22:44:07 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.16 18:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2008.12.16 17:21:17 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07} [2008.07.15 22:44:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009.01.01 13:00:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [2009.09.03 20:33:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2010.05.16 18:59:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007.04.16 18:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2008.03.15 14:56:14 | 000,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2006.11.17 12:19:24 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [Spotify] C:\Users\Hool\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Hool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} ms-its:C:\Program Files\The Tournament Director 2\TD.lib::/comdlg32.cab (Microsoft Common Dialog Control, version 5.0 (SP2)) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7044E990-DB48-44BA-B743-E604CF9DB3DB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F7633DA-D986-488D-8ED6-329145B1D2AD}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hool\Pictures\2008-07-02 baden\baden 031.JPG O24 - Desktop BackupWallPaper: C:\Users\Hool\Pictures\2008-07-02 baden\baden 031.JPG O27 - HKLM IFEO\googleupdater.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\powerdvd.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\spotify.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{52ace902-4d63-11df-bcbd-0013779c8cbc}\Shell - "" = AutoRun O33 - MountPoints2\{52ace902-4d63-11df-bcbd-0013779c8cbc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{7eae3edd-4f29-11dd-bb1f-0013776c42d8}\Shell - "" = AutoRun O33 - MountPoints2\{7eae3edd-4f29-11dd-bb1f-0013776c42d8}\Shell\AutoRun\command - "" = F:\Torchlight_Setup.exe O33 - MountPoints2\{e4bce008-d1b2-11de-ac75-0013776c42d8}\Shell - "" = AutoRun O33 - MountPoints2\{e4bce008-d1b2-11de-ac75-0013776c42d8}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{f905d07b-0b96-11e1-8200-0013779c8cbc}\Shell - "" = AutoRun O33 - MountPoints2\{f905d07b-0b96-11e1-8200-0013779c8cbc}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{f905d07e-0b96-11e1-8200-0013779c8cbc}\Shell - "" = AutoRun O33 - MountPoints2\{f905d07e-0b96-11e1-8200-0013779c8cbc}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.12.13 18:18:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hool\Desktop\OTL.exe [2012.12.10 20:08:48 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Roaming\Avira [2012.12.10 19:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.12.10 19:51:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2012.12.10 19:51:02 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.12.10 19:51:02 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.12.10 19:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.12.10 19:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2012.12.10 19:42:42 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.12.10 19:42:42 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.12.10 19:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.12.10 19:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2012.12.10 19:40:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.12.10 18:17:14 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.12.10 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2012.12.10 18:04:50 | 000,000,000 | ---D | C] -- C:\10d5275629a529db87 [2012.12.10 18:00:32 | 000,000,000 | ---D | C] -- C:\e3814ec1777dc167ab37e7ba [2012.12.10 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Local\ElevatedDiagnostics [2012.12.10 17:52:01 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor [2012.12.10 17:39:29 | 000,000,000 | ---D | C] -- C:\4d6f4ed8882d4510af836080889c [2012.12.10 15:54:03 | 000,000,000 | ---D | C] -- C:\d479d73d481663aa67bf80da46 [2012.12.10 15:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.12.10 15:43:20 | 000,000,000 | ---D | C] -- C:\Users\Hool\AppData\Roaming\TuneUp Software [2012.12.10 15:43:11 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.12.10 15:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.12.10 15:42:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.10 14:33:26 | 000,000,000 | ---D | C] -- C:\f107cb1e531de7587929 [2012.11.16 03:12:25 | 000,000,000 | ---D | C] -- C:\Users\Hool\Documents\HandHistory [2012.11.16 03:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.13 23:46:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 23:46:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.13 23:43:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.13 22:43:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.13 18:18:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hool\Desktop\OTL.exe [2012.12.13 17:45:59 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.12.13 17:45:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.13 17:45:09 | 3219,308,544 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 11:43:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.12.13 10:47:57 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{841C9E85-6F0A-45FA-B5D1-AFC0B3E267E9}.job [2012.12.10 22:58:42 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.12.10 19:51:53 | 000,000,134 | ---- | M] () -- C:\Users\Hool\Desktop\Windows Update - Verknüpfung.lnk [2012.12.10 19:51:31 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2012.12.10 19:42:34 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.10 19:42:34 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.10 14:31:16 | 000,129,536 | ---- | M] () -- C:\Users\Hool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.10 14:24:02 | 000,307,200 | ---- | M] () -- C:\Users\Hool\Documents\Datenbank1.accdb [2012.12.10 10:25:28 | 000,675,222 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.10 10:25:28 | 000,635,306 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.10 10:25:28 | 000,145,664 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.10 10:25:28 | 000,119,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.08 11:44:47 | 000,004,934 | ---- | M] () -- C:\ProgramData\flwjycbm.bab [2012.12.08 11:44:38 | 000,000,871 | ---- | M] () -- C:\Users\Hool\Desktop\PokerTracker 4.lnk [2012.11.29 16:06:14 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.11.29 16:06:08 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.11.16 03:10:24 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.10 19:51:53 | 000,000,134 | ---- | C] () -- C:\Users\Hool\Desktop\Windows Update - Verknüpfung.lnk [2012.12.10 19:51:31 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2012.12.10 19:42:34 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.12.10 19:42:34 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.12.10 19:42:33 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.12.10 19:27:59 | 000,000,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk [2012.12.08 11:44:47 | 000,004,934 | ---- | C] () -- C:\ProgramData\flwjycbm.bab [2012.11.16 03:10:24 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk [2012.05.10 22:53:20 | 000,000,045 | ---- | C] () -- C:\Users\Hool\AppData\Local\machpro.dat [2012.05.10 22:04:19 | 000,004,969 | ---- | C] () -- C:\ProgramData\oinwddee.jeg [2010.05.20 16:16:43 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2009.05.19 23:11:08 | 010,448,896 | ---- | C] () -- C:\ProgramData\sandra.mda [2009.05.19 22:39:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.04.17 16:11:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2008.10.01 19:28:27 | 000,022,328 | ---- | C] () -- C:\Users\Hool\AppData\Roaming\PnkBstrK.sys [2008.09.27 10:33:24 | 000,024,206 | ---- | C] () -- C:\Users\Hool\AppData\Roaming\UserTile.png [2008.07.04 18:42:27 | 000,006,944 | ---- | C] () -- C:\Users\Hool\AppData\Local\d3d9caps.dat [2008.07.02 11:54:35 | 000,129,536 | ---- | C] () -- C:\Users\Hool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 08:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2008.08.24 02:25:52 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\acccore [2008.07.11 10:10:43 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\DAEMON Tools [2008.12.16 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\ICQ [2011.01.10 01:55:07 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\LolClient [2012.11.05 00:48:54 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\PacificPoker [2012.10.14 17:48:56 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Party [2008.09.27 10:33:23 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\PeerNetworking [2009.11.24 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\runic games [2009.04.17 16:21:34 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Samsung [2010.11.23 01:16:36 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Scribus [2012.12.11 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Spotify [2012.12.14 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\TS3Client [2012.12.10 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\TuneUp Software [2010.12.05 10:37:53 | 000,000,000 | ---D | M] -- C:\Users\Hool\AppData\Roaming\Valuga Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.07.23 15:04:05 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.10 18:18:10 | 000,000,000 | ---D | M] -- C:\10d5275629a529db87 [2012.12.10 17:39:40 | 000,000,000 | ---D | M] -- C:\4d6f4ed8882d4510af836080889c [2008.04.16 02:47:17 | 000,000,000 | ---D | M] -- C:\avs contents [2008.10.24 10:41:36 | 000,000,000 | -HSD | M] -- C:\Boot [2012.12.10 15:54:10 | 000,000,000 | ---D | M] -- C:\d479d73d481663aa67bf80da46 [2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.07.01 18:35:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.10 18:00:34 | 000,000,000 | ---D | M] -- C:\e3814ec1777dc167ab37e7ba [2012.12.10 17:19:36 | 000,000,000 | ---D | M] -- C:\f107cb1e531de7587929 [2009.09.29 19:40:49 | 000,000,000 | ---D | M] -- C:\man [2008.04.16 02:32:42 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.04.16 00:22:34 | 000,000,000 | ---D | M] -- C:\MyWorks [2008.10.24 10:28:57 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.30 00:35:31 | 000,000,000 | ---D | M] -- C:\Poker [2009.02.03 03:32:22 | 000,000,000 | ---D | M] -- C:\Poker Application [2012.12.13 09:25:38 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.20 17:01:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.12.10 19:51:01 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.07.01 18:35:52 | 000,000,000 | -HSD | M] -- C:\Programme [2008.07.01 20:23:59 | 000,000,000 | ---D | M] -- C:\Programs [2012.04.17 02:12:48 | 000,000,000 | ---D | M] -- C:\Riot Games [2008.04.22 12:41:36 | 000,000,000 | ---D | M] -- C:\RiskII [2008.04.16 00:42:50 | 000,000,000 | ---D | M] -- C:\Samsung [2012.12.14 00:11:03 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.05.08 14:58:31 | 000,000,000 | R--D | M] -- C:\Users [2012.12.10 19:41:00 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2006.11.02 10:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2006.11.02 10:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2006.11.02 10:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2006.11.02 10:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2008.01.19 08:33:00 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2006.11.02 14:01:49 | 000,032,538 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2008.07.01 22:33:03 | 000,000,416 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{841C9E85-6F0A-45FA-B5D1-AFC0B3E267E9}.job [2009.03.31 18:11:27 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job [2009.06.30 11:23:27 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.06.30 11:23:28 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2008.04.16 01:43:34 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2008.04.16 01:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys [2008.04.16 01:45:08 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys [2008.04.16 01:45:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys [2008.04.16 01:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2008.04.16 01:43:35 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.04.16 02:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys [2008.04.16 02:05:39 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys [2008.04.16 01:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.04.16 01:23:50 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.04.16 01:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.04.16 01:23:49 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.04.16 01:08:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.04.16 01:08:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTORV.SYS > [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.04.16 00:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.04.16 00:47:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.07.11 10:10:53 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\*.dll /lockedfiles > [2008.03.18 14:05:02 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll [2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2012.12.14 00:28:28 | 003,145,728 | -HS- | M] () -- C:\Users\Hool\ntuser.dat [2012.12.14 00:28:28 | 000,262,144 | -H-- | M] () -- C:\Users\Hool\ntuser.dat.LOG1 [2008.07.01 18:40:29 | 000,000,000 | -H-- | M] () -- C:\Users\Hool\ntuser.dat.LOG2 [2012.12.13 11:43:38 | 000,065,536 | -HS- | M] () -- C:\Users\Hool\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.02.18 15:22:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hool\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2012.12.13 11:43:38 | 000,524,288 | -HS- | M] () -- C:\Users\Hool\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms [2008.07.01 18:40:31 | 000,000,020 | -HS- | M] () -- C:\Users\Hool\ntuser.ini [2010.05.25 18:34:10 | 000,000,399 | ---- | M] () -- C:\Users\Hool\PokerTracker v3.06.2-Crash_20100525.log [2010.05.26 21:06:24 | 000,000,437 | ---- | M] () -- C:\Users\Hool\PokerTracker v3.06.2-Crash_20100526.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8CEFE51A < End of report > |
|
14.12.2012, 00:43
| #7 |
| | Ich glaube ich habe Adware OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.12.2012 00:06:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hool\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 59,43% Memory free
6,22 Gb Paging File | 4,48 Gb Available in Paging File | 72,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 33,14 Gb Free Space | 29,62% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 88,54 Gb Free Space | 79,77% Space Free | Partition Type: NTFS
Computer Name: HOOL-PC | User Name: Hool | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E9C60-716D-44C2-A688-239B370F6845}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{0F32B519-9487-4AA8-A84E-2C164A1EC62D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{1568FB5C-2E65-4D37-B40E-438FC5A09AB1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{16D27ED4-002D-4DC4-A0D2-0547F76003D0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{17B96228-AF23-43BC-8DE8-797E826B2E24}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AB8D1AF-3C7E-41D0-B14D-2807C6F52629}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2208360C-3C6D-48D4-A66B-82BC80325EEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{30C9D29B-0187-40D4-9A3B-568327B64CB6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40611F1B-51DC-4FC9-8970-3582321B8A28}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{46BB1C74-5C50-41CA-8D03-4B5522751323}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{542B7C8E-897D-4CA1-B9EA-E3D4CDA0C7E6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{56DBF2E5-DC44-474C-AFB1-C813ED69FDF0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5DA2CF45-C54E-4FBD-B79B-E095EBDA20CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7778F89E-37E3-4277-BD3D-700540989ABB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x86\rpcsandrasrv.exe |
"{83A5F7FE-5F65-4BF7-B458-D2C711EEEF04}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{970B3DD6-2CD9-4A44-9B09-34D4ADCD3E6A}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9A5681F8-D181-487F-B2C4-FAFF239BE959}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{A955D1AD-8C34-45D3-A104-2D26FA211D48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD48A9F5-89C8-4E02-B099-F70C6852C7CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AFCFD916-4749-43F6-9FBE-FA6C0F041081}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B57015AC-D2EC-4E6B-B746-36C7AF102927}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B6D5D962-A571-47B8-9A19-ACA482450470}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B73E864A-E443-42C8-96B0-8477397BA078}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{BE13A941-FB34-4496-B6D5-D600C732AE39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BE5A0103-C3B1-49B3-8635-9E23469BB7A7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BF3CB5E9-43FC-4397-BE03-A76A1F983268}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C2135247-E965-438E-BC10-5E86DB19118D}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{C4827D46-5B2B-4380-9DF2-C9C5E4E9F4DC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5756154-86BA-4CE0-A9BE-ADE593F101C0}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D7AC8FB1-0551-466D-B359-EB8D1EBE5EE5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8157445-F0A4-495A-B5DC-46DC5A71C701}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x86\rpcsandrasrv.exe |
"{DABEA371-DD0E-4AAA-8080-45DD7E0C3EE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E63385ED-7261-4D44-9D0C-106DC15F7FCA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E6438F84-CDAB-430C-B9A6-C2D889B5DFDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF30B1ED-08FA-4C47-8F09-67F4E2B7E02F}" = rport=2869 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0706A09F-F4C4-4C71-B336-3FA4E256131B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F52E57C-0528-452B-BF54-6C7052400716}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{10E41445-5D3F-456D-9F07-7C2077A89F20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1AE7FB47-E992-4298-9F6F-FCD2DEAB254B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1E49512A-ECC2-4AD3-BF7D-9030DED04E3D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{201ECB7D-A2D1-4B6F-BD6D-F238C67ED68F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{27FDBCA4-15B3-4A22-876F-27A7878FFDF6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2A807267-E039-4F49-8404-AC93F60F815B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{363FD5FE-625A-48E2-9C24-9A2958B5E415}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{3B5A2B2C-8F84-4485-B100-C2C764DCD805}" = protocol=6 | dir=out | app=system |
"{4621FC9E-E4DB-420D-A1C6-8A962A2C6450}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{525F910C-939E-4A1B-ABC7-E96D25411955}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6A6F6F26-96C8-4D44-8ACD-D08C9F0CE2B2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6CACA878-E3F9-4E46-9426-5FDCF6F09428}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{81FBFB37-1F9E-4870-BE48-A47F28220E43}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8BC7C532-7A08-48EC-A0C6-80ED4DE0C524}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{8FFD73C1-479C-4FF5-99E9-2D21AC801DF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{92824920-DAC5-495E-B88E-DC3BD24E9A31}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{950A5A2F-7B21-451C-8D26-2F4F204830C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96BAFBC3-87BD-4B44-A3B7-4D08E09BFA6B}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{98EA3019-9A90-40E2-8171-2E16C5337536}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADE55C0C-054A-4530-9D8C-C38FB6DB3D1E}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B8F6DA45-4C4E-4330-8841-FB13CB35BC87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE965212-DAE8-4A2C-A49F-9AFF851332B8}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x86\rpcsandrasrv.exe |
"{C028D5A1-38E6-4317-BCC2-2E3DC23B53F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C335A714-9E1D-4A4E-BE45-0FAB2B0856CD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C49D5D4D-D2F0-4CA7-8803-81D56A9B1BBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAADB009-1D26-4FA7-91E6-2FE351CD024D}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CFC5E5B0-DE49-4278-B572-2C3CF2F1115A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D6793571-4B69-4622-A1BD-0238109D6E20}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D7E93538-6EB7-47F5-B902-F508B4AD1600}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D86DFA9D-12E2-4FB4-8522-8130DD2A4358}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{E3A14610-5543-45B5-BC0F-B276C3B112D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBFF5FFC-A7F0-4AAC-A383-1F20E3FF9C36}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x86\rpcsandrasrv.exe |
"{F73EF69F-978F-4BB1-9C41-B449AB7EF792}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F8E4D569-DFE0-40B7-BD6B-5E5F048D24A1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FB0F37FA-6531-49E4-AF5A-6E8CAC0CBAAD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1525BF59-6ABE-4A71-8BFC-CF1D37B529B0}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{17175523-5AA3-4183-9CDA-5BAC017FAC10}C:\users\hool\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{356CD927-7A24-4C63-98D2-B972EF7E864C}C:\users\hool\downloads\starcraft_2_eu_de-de.exe" = protocol=6 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_de-de.exe |
"TCP Query User{3BD1A77D-F4A2-40DF-9D86-D31B0E0A3746}C:\users\hool\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hool\appdata\roaming\spotify\spotify.exe |
"TCP Query User{3FEB309A-39A5-46D4-A37F-590208BCFFDE}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{53F2934C-5A3E-4685-B567-B805F42E32BD}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{557CB483-FC08-4DDD-A6D2-A4700E3E4347}C:\program files\pacificpoker\bin\poker.exe" = protocol=6 | dir=in | app=c:\program files\pacificpoker\bin\poker.exe |
"TCP Query User{5995A0A1-3796-4F4E-9A7D-1C1B70332A7D}D:\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=d:\teamspeak3-server_win32\ts3server_win32.exe |
"TCP Query User{70C4AC24-9610-4238-8497-8E8B1F926238}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A1597010-142F-4E85-8FC7-2A7123A7377C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{A232652D-BF37-4DD3-BE0C-3B470F1153F7}C:\program files\microprose\risk ii\riskii.exe" = protocol=6 | dir=in | app=c:\program files\microprose\risk ii\riskii.exe |
"TCP Query User{B13B78E0-A820-49E7-A359-47923532B085}C:\users\hool\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{C7B3A4E4-F499-4FE4-A902-D1014739DC3E}C:\users\hool\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\hool\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C8940AF8-AE06-4209-B9EB-4985665D6F6F}C:\program files\warzone\lobbyclient.exe" = protocol=6 | dir=in | app=c:\program files\warzone\lobbyclient.exe |
"TCP Query User{DA6C3432-E686-49BE-9AD1-CCC4AEB87802}C:\users\hool\downloads\starcraft_2_eu_en-gb(2).exe" = protocol=6 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_en-gb(2).exe |
"TCP Query User{F63D9E80-9EF3-4285-BDEB-A946E3CBB5E4}C:\users\hool\downloads\starcraft_2_beta_dede.exe" = protocol=6 | dir=in | app=c:\users\hool\downloads\starcraft_2_beta_dede.exe |
"UDP Query User{0F6E2AA2-1C85-415F-867D-103C0418844B}C:\users\hool\downloads\starcraft_2_eu_de-de.exe" = protocol=17 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_de-de.exe |
"UDP Query User{1296A3CB-2B5B-45F5-ADB5-1B96D646D69D}C:\program files\pacificpoker\bin\poker.exe" = protocol=17 | dir=in | app=c:\program files\pacificpoker\bin\poker.exe |
"UDP Query User{1A186079-0CD4-4578-BF94-993F8360F245}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{32C03DD8-D6AE-4FD3-B373-4388FFB75DB7}C:\program files\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{4CC2C2EA-8EDA-4994-A19E-CB738358E607}C:\program files\microprose\risk ii\riskii.exe" = protocol=17 | dir=in | app=c:\program files\microprose\risk ii\riskii.exe |
"UDP Query User{67C12BD5-677F-40E3-94EB-2B4C6595430E}C:\users\hool\downloads\starcraft_2_beta_dede.exe" = protocol=17 | dir=in | app=c:\users\hool\downloads\starcraft_2_beta_dede.exe |
"UDP Query User{6D318A1C-DF2F-4F7B-AFF0-AED0157E0D50}C:\users\hool\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{A8998AAD-7285-4C09-86A9-1E410A58043C}C:\program files\warzone\lobbyclient.exe" = protocol=17 | dir=in | app=c:\program files\warzone\lobbyclient.exe |
"UDP Query User{B1F39622-FB62-4D5B-B75B-815C3CAF854F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C16E02E7-2C60-490B-942E-35AEE125A6E5}D:\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=d:\teamspeak3-server_win32\ts3server_win32.exe |
"UDP Query User{C52977A7-FF52-42F7-84A6-CC949B6DA9D7}C:\users\hool\downloads\starcraft_2_eu_en-gb(2).exe" = protocol=17 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_en-gb(2).exe |
"UDP Query User{C6164EE0-6046-4ADF-AA72-DBFB2A5A1199}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{D95D52A6-0CE7-48AA-8086-FB522368A698}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{DB6F1993-1C88-408F-9F07-92831658C66A}C:\users\hool\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\hool\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{F1F49B30-3E72-4CBA-A3C4-AB4056D7F516}C:\users\hool\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hool\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F7791F3F-1398-4495-945D-01716EA9E800}C:\users\hool\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\hool\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{018FE763-ECD9-577B-05D5-3A67364FBAAA}" = Catalyst Control Center Localization Hungarian
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1252B4EB-51F1-F349-6D79-954D877FB865}" = Catalyst Control Center Localization Swedish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{14F91018-2A76-725D-056C-ECFF03F40F54}" = CCC Help Swedish
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F7A2A3A-B874-1E81-D291-A5ACB452F23F}" = CCC Help Italian
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2433BAD7-453F-473D-BE81-455E68940DEB}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28A78C92-AC8C-DA80-6100-99A3AC4C3911}" = CCC Help Turkish
"{2C39F7CF-E022-4C0D-B1BA-AF6DDD931054}" = ArcSoft MediaImpression
"{303A3978-8F11-DAAB-6F72-3D399477CC31}" = Catalyst Control Center Localization Chinese Standard
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4890127D-D62F-C496-9EFF-89FC910ABFE5}" = Catalyst Control Center Localization Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C82121C-EB17-CEB0-996B-4D73FA0FAB47}" = Catalyst Control Center Graphics Light
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5466620C-3B00-0BEE-D626-1FBE29A16AC4}" = Catalyst Control Center Localization Russian
"{5508C9EB-5336-87F4-C2DB-53F2B3A482E7}" = Catalyst Control Center Graphics Previews Vista
"{5611C71F-AFC6-EBA3-E3E1-9FCCEC9647EE}" = ccc-core-static
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D7D1784-84A9-0EDB-62A6-D479F7F75DF6}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62172AFD-E7F0-CAC1-1334-CB0159566F6C}" = Catalyst Control Center Localization Greek
"{65A0F799-1E9A-093B-BB8B-986203DAD390}" = Catalyst Control Center Core Implementation
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67B41BEF-F407-D81D-762F-CC44CC6FEB7A}" = Catalyst Control Center Localization Italian
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFBD0A2-C692-44F5-1C96-773ED9B16002}" = Catalyst Control Center Graphics Full Existing
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{733245E9-4552-4EC0-BE93-7CC9F02B1B12}" = PokerStrategy.com Elephant
"{768361B2-F78F-FFAA-5B1F-EFDB41C70D95}" = CCC Help French
"{7A98B8DF-687E-8F7F-9A4A-ED1D9B306EAF}" = CCC Help Russian
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{818F922E-DE7A-6FC1-D85C-C44495070174}" = Catalyst Control Center Localization Dutch
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DB12734-9543-FBB3-E94D-3BE397ED8078}" = Catalyst Control Center Localization Japanese
"{9001B8A7-B591-7559-2264-B4A0F480D1A8}" = CCC Help Polish
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{905DF41F-D74C-6DF4-9453-D29CDE46A4A4}" = CCC Help Finnish
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92041735-0623-CD56-9BCB-6CD4385232B0}" = CCC Help Thai
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{96A1E845-A730-4488-99A2-054C5BFAB9D1}" = CCC Help Greek
"{97EE277B-C0D9-6394-9A01-7681086EED5C}" = Catalyst Control Center Localization Portuguese
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99F9ACB2-BCD2-B5A7-7738-24FB0B7B7763}" = ccc-utility
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DCC214C-CD1A-1115-6775-A9056185FE4E}" = ATI Catalyst Install Manager
"{9F06F30E-5138-2315-EC57-D4A23D572649}" = CCC Help Portuguese
"{A3D22413-28D3-636E-1CE9-BC55C46364C3}" = Catalyst Control Center Graphics Full New
"{A53EA764-AB97-445E-002B-A32165BB0B3B}" = CCC Help Dutch
"{A586A89F-2BC4-CEB3-3C52-D1F4B57F572F}" = Catalyst Control Center Localization Turkish
"{A5EF9152-55CC-DF0E-AEDA-98D20EC3293E}" = CCC Help Japanese
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A952B4E1-913A-1492-A551-43EAE1D44E1D}" = Catalyst Control Center Localization Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0524CD7-2B3F-50C1-B3AD-87457B7FF852}" = Catalyst Control Center Localization Spanish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B53604B3-8612-4F21-8EBC-34D34ECB0DE2}" = TableNinja
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C359699C-2D0A-5F08-9C44-4C1A508C4990}" = CCC Help Hungarian
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDA83283-8D9F-321F-5C76-AF68D3039B87}" = Catalyst Control Center Localization Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C099EA-C28C-6593-8CE1-38F63EBD22F4}" = CCC Help Korean
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D885CD8B-343B-271D-85EB-DFE5BE962C0D}" = Catalyst Control Center Localization Norwegian
"{DDDA0B2B-674E-A49F-6E31-184F00BDDC85}" = CCC Help Czech
"{E2430405-1983-852E-B297-4FF9207E6C16}" = CCC Help German
"{E596EC1C-4C61-2457-21B3-EDDA326E8157}" = CCC Help English
"{E64D1146-55AE-61E3-7C43-0DA16C0E4416}" = CCC Help Spanish
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED924786-EFE7-392D-F37C-64F4B6E19C2F}" = CCC Help Danish
"{EE174D9D-EF64-9FC7-C900-57C64F02E80D}" = Catalyst Control Center Localization Danish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFF43C31-5F5A-574E-563C-68190FA13F0C}" = CCC Help Chinese Standard
"{F023B88F-DD32-8C85-F372-5319180597A5}" = Catalyst Control Center Localization Thai
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2912763-486E-B5D1-D0C6-BD1AE24D0C20}" = Catalyst Control Center Localization Korean
"{F2D65205-A1D0-5B53-4399-8AA39F738D9D}" = CCC Help Norwegian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F4ECB8B5-737F-6910-C26F-7DA94A2C0710}" = Catalyst Control Center Localization Finnish
"{F59778FB-4F31-0ADE-84C3-D7D77676A1A5}" = Catalyst Control Center Localization French
"{F689C6F7-504E-4373-BE43-0404AFCE049B}" = Samsung PC Studio 3
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAAE0782-8073-112D-BC19-12C64A2D90D9}" = Skins
"{FAC15A44-64C7-1908-CC36-83BC9A308EA9}" = Catalyst Control Center Localization German
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"7-Zip" = 7-Zip 4.65
"888poker" = 888poker
"923A70C1-3B99-4B0E-A077-CA53405C70C9" = Blackmoon Pokerschool
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_6" = AIM 6
"ANSTOSS 3_is1" = ANSTOSS 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Google Updater" = Google Updater
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.0)" = Mozilla Firefox (3.0)
"o.tel.o" = o.tel.o
"PartyPoker" = PartyPoker
"Poker Heaven" = Poker Heaven
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PokerTracker4" = PokerTracker 4 (remove only)
"PROHYBRIDR" = 2007 Microsoft Office system
"Risk WarZone Client" = Risk WarZone Client
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WarZone Client v1.0.41" = WarZone Client v1.0.41
"WarZone Client v1.0.44" = WarZone Client v1.0.44
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"myBet Poker" = myBet Poker
"Skat-Online V9" = Skat-Online V9
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2012 03:37:00 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.12.2012 07:21:32 | Computer Name = Hool-PC | Source = EventSystem | ID = 4621
Description =
Error - 12.12.2012 18:02:56 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.12.2012 18:02:56 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 12.12.2012 22:36:45 | Computer Name = Hool-PC | Source = EventSystem | ID = 4621
Description =
Error - 13.12.2012 04:22:50 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.12.2012 04:22:50 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.12.2012 12:46:05 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.12.2012 12:46:05 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 13.12.2012 13:53:51 | Computer Name = Hool-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel
0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel
0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000678d8, Prozess-ID 0x1284,
Anwendungsstartzeit 01cdd95a8bf84523.
Error - 13.12.2012 14:51:17 | Computer Name = Hool-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ System Events ]
Error - 13.12.2012 05:11:58 | Computer Name = Hool-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.12.2012 05:11:58 | Computer Name = Hool-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.12.2012 05:11:58 | Computer Name = Hool-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.12.2012 05:11:58 | Computer Name = Hool-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.12.2012 05:11:58 | Computer Name = Hool-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.12.2012 05:11:58 | Computer Name = Hool-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.12.2012 05:11:58 | Computer Name = Hool-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 13.12.2012 12:45:40 | Computer Name = Hool-PC | Source = HTTP | ID = 15016
Description =
Error - 13.12.2012 12:46:37 | Computer Name = Hool-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 13.12.2012 12:46:37 | Computer Name = Hool-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
|
|
14.12.2012, 14:48
| #8 |
| /// Malware-holic | Ich glaube ich habe Adware Aloa, download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 19:28
| #9 |
| | Ich glaube ich habe Adware 19:22:19.0645 5904 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 19:22:19.0879 5904 ============================================================ 19:22:19.0879 5904 Current date / time: 2012/12/16 19:22:19.0879 19:22:19.0879 5904 SystemInfo: 19:22:19.0879 5904 19:22:19.0879 5904 OS Version: 6.0.6001 ServicePack: 1.0 19:22:19.0879 5904 Product type: Workstation 19:22:19.0879 5904 ComputerName: HOOL-PC 19:22:19.0879 5904 UserName: Hool 19:22:19.0879 5904 Windows directory: C:\Windows 19:22:19.0879 5904 System windows directory: C:\Windows 19:22:19.0879 5904 Processor architecture: Intel x86 19:22:19.0879 5904 Number of processors: 2 19:22:19.0879 5904 Page size: 0x1000 19:22:19.0879 5904 Boot type: Normal boot 19:22:19.0879 5904 ============================================================ 19:22:22.0110 5904 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:22:22.0141 5904 ============================================================ 19:22:22.0141 5904 \Device\Harddisk0\DR0: 19:22:22.0141 5904 MBR partitions: 19:22:22.0141 5904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0xDFC5000 19:22:22.0141 5904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF3C5800, BlocksNum 0xDDFF800 19:22:22.0141 5904 ============================================================ 19:22:22.0313 5904 C: <-> \Device\Harddisk0\DR0\Partition1 19:22:22.0453 5904 D: <-> \Device\Harddisk0\DR0\Partition2 19:22:22.0453 5904 ============================================================ 19:22:22.0453 5904 Initialize success 19:22:22.0453 5904 ============================================================ 19:22:44.0574 5292 ============================================================ 19:22:44.0574 5292 Scan started 19:22:44.0574 5292 Mode: Manual; SigCheck; TDLFS; 19:22:44.0574 5292 ============================================================ 19:22:49.0815 5292 ================ Scan system memory ======================== 19:22:49.0815 5292 System memory - ok 19:22:49.0815 5292 ================ Scan services ============================= 19:22:50.0252 5292 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 19:22:50.0455 5292 ACDaemon - ok 19:22:51.0001 5292 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys 19:22:51.0032 5292 ACPI - ok 19:22:51.0578 5292 ADDMEM - ok 19:22:51.0625 5292 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:22:51.0828 5292 adp94xx - ok 19:22:51.0890 5292 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:22:51.0984 5292 adpahci - ok 19:22:51.0999 5292 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 19:22:52.0031 5292 adpu160m - ok 19:22:52.0109 5292 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:22:52.0155 5292 adpu320 - ok 19:22:52.0249 5292 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:22:52.0577 5292 AeLookupSvc - ok 19:22:52.0655 5292 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys 19:22:52.0670 5292 Afc - ok 19:22:52.0811 5292 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys 19:22:52.0889 5292 AFD - ok 19:22:52.0967 5292 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe 19:22:53.0029 5292 AgereModemAudio - ok 19:22:53.0154 5292 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 19:22:53.0403 5292 AgereSoftModem - ok 19:22:53.0466 5292 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:22:53.0528 5292 agp440 - ok 19:22:53.0575 5292 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 19:22:53.0637 5292 aic78xx - ok 19:22:53.0669 5292 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 19:22:53.0747 5292 ALG - ok 19:22:53.0762 5292 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys 19:22:53.0793 5292 aliide - ok 19:22:53.0825 5292 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys 19:22:53.0840 5292 amdagp - ok 19:22:53.0871 5292 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys 19:22:53.0903 5292 amdide - ok 19:22:53.0949 5292 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 19:22:54.0761 5292 AmdK7 - ok 19:22:54.0854 5292 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 19:22:54.0963 5292 AmdK8 - ok 19:22:55.0151 5292 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 19:22:55.0166 5292 AntiVirSchedulerService - ok 19:22:55.0229 5292 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 19:22:55.0244 5292 AntiVirService - ok 19:22:55.0338 5292 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 19:22:55.0416 5292 Appinfo - ok 19:22:55.0478 5292 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys 19:22:55.0525 5292 arc - ok 19:22:55.0603 5292 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:22:55.0681 5292 arcsas - ok 19:22:55.0853 5292 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 19:22:55.0962 5292 aspnet_state - ok 19:22:56.0024 5292 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:22:56.0087 5292 AsyncMac - ok 19:22:56.0165 5292 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys 19:22:56.0180 5292 atapi - ok 19:22:56.0352 5292 [ 91E15B0A1D6F7B99ACE55D04C6D1544A ] athr C:\Windows\system32\DRIVERS\athr.sys 19:22:56.0820 5292 athr - ok 19:22:57.0023 5292 [ A80ECB306802572FD2D6659DA010B037 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 19:22:57.0491 5292 Ati External Event Utility - ok 19:22:58.0692 5292 [ 976D32226FC4DD1187110B763F913A69 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:23:01.0921 5292 atikmdag - ok 19:23:01.0952 5292 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 19:23:02.0030 5292 AtiPcie - ok 19:23:02.0249 5292 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:23:02.0327 5292 AudioEndpointBuilder - ok 19:23:02.0389 5292 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll 19:23:02.0420 5292 Audiosrv - ok 19:23:02.0467 5292 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 19:23:02.0514 5292 avgntflt - ok 19:23:02.0607 5292 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 19:23:02.0623 5292 avipbb - ok 19:23:02.0763 5292 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 19:23:02.0888 5292 Beep - ok 19:23:02.0966 5292 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll 19:23:03.0060 5292 BFE - ok 19:23:03.0231 5292 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll 19:23:03.0341 5292 BITS - ok 19:23:03.0356 5292 blbdrive - ok 19:23:03.0481 5292 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:23:03.0590 5292 bowser - ok 19:23:03.0606 5292 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 19:23:03.0668 5292 BrFiltLo - ok 19:23:03.0684 5292 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 19:23:03.0746 5292 BrFiltUp - ok 19:23:03.0777 5292 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 19:23:03.0824 5292 Browser - ok 19:23:03.0855 5292 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 19:23:03.0980 5292 Brserid - ok 19:23:04.0011 5292 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 19:23:04.0121 5292 BrSerWdm - ok 19:23:04.0152 5292 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 19:23:04.0245 5292 BrUsbMdm - ok 19:23:04.0261 5292 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 19:23:04.0355 5292 BrUsbSer - ok 19:23:04.0511 5292 [ D850C190E7C8FB6A97ADB3EEE4FDF969 ] BthAudioHF C:\Windows\system32\DRIVERS\BthAudioHF.sys 19:23:04.0604 5292 BthAudioHF - ok 19:23:04.0698 5292 [ 971FFD6D2840701661931AAA1CA4376F ] bthav C:\Windows\system32\drivers\bthav.sys 19:23:04.0823 5292 bthav - ok 19:23:04.0854 5292 [ 5EAB553A9F317B07D7A5912FF182357C ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys 19:23:04.0963 5292 BthAvrcp - ok 19:23:05.0010 5292 [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 19:23:05.0088 5292 BthEnum - ok 19:23:05.0166 5292 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 19:23:05.0275 5292 BTHMODEM - ok 19:23:05.0353 5292 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 19:23:05.0478 5292 BthPan - ok 19:23:05.0540 5292 [ 73D53F8E90550BA81E2CF44A0873B410 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 19:23:05.0603 5292 BTHPORT - ok 19:23:05.0634 5292 [ 58EE7F5E68310BC8D4E7CEBD8358C12E ] BthServ C:\Windows\System32\bthserv.dll 19:23:05.0696 5292 BthServ - ok 19:23:05.0774 5292 [ 32045A4BB143BBC5BAB1298C4E9E309A ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 19:23:05.0868 5292 BTHUSB - ok 19:23:05.0961 5292 [ 636F45A8500C1438CFA7DEE15FC5C184 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 19:23:05.0993 5292 btwaudio - ok 19:23:06.0024 5292 [ BF9256FF01B093A5D90BB7A35EC90410 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 19:23:06.0071 5292 btwavdt - ok 19:23:06.0117 5292 [ 0AB8C1AC177AFB27309E1072FAF34A37 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 19:23:06.0149 5292 btwrchid - ok 19:23:06.0180 5292 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:23:06.0258 5292 cdfs - ok 19:23:06.0305 5292 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:23:06.0383 5292 cdrom - ok 19:23:06.0476 5292 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll 19:23:06.0539 5292 CertPropSvc - ok 19:23:06.0617 5292 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys 19:23:06.0679 5292 circlass - ok 19:23:06.0788 5292 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys 19:23:07.0241 5292 CLFS - ok 19:23:07.0381 5292 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:23:07.0490 5292 clr_optimization_v2.0.50727_32 - ok 19:23:07.0615 5292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:23:07.0724 5292 clr_optimization_v4.0.30319_32 - ok 19:23:07.0787 5292 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:23:07.0865 5292 CmBatt - ok 19:23:07.0927 5292 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:23:07.0958 5292 cmdide - ok 19:23:07.0989 5292 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:23:08.0036 5292 Compbatt - ok 19:23:08.0036 5292 COMSysApp - ok 19:23:08.0067 5292 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:23:08.0099 5292 crcdisk - ok 19:23:08.0130 5292 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys 19:23:08.0208 5292 Crusoe - ok 19:23:08.0286 5292 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:23:08.0333 5292 CryptSvc - ok 19:23:08.0520 5292 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:23:08.0645 5292 DcomLaunch - ok 19:23:08.0660 5292 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:23:08.0723 5292 DfsC - ok 19:23:08.0894 5292 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe 19:23:09.0347 5292 DFSR - ok 19:23:09.0581 5292 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll 19:23:09.0674 5292 Dhcp - ok 19:23:09.0752 5292 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys 19:23:09.0799 5292 disk - ok 19:23:09.0924 5292 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:23:10.0017 5292 Dnscache - ok 19:23:10.0080 5292 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll 19:23:10.0142 5292 dot3svc - ok 19:23:10.0283 5292 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 19:23:10.0361 5292 Dot4 - ok 19:23:10.0407 5292 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 19:23:10.0439 5292 Dot4Print - ok 19:23:10.0517 5292 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 19:23:10.0579 5292 dot4usb - ok 19:23:10.0673 5292 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 19:23:10.0719 5292 DPS - ok 19:23:10.0782 5292 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:23:10.0860 5292 drmkaud - ok 19:23:11.0078 5292 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:23:11.0390 5292 DXGKrnl - ok 19:23:11.0499 5292 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 19:23:11.0718 5292 E1G60 - ok 19:23:11.0765 5292 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 19:23:11.0796 5292 EapHost - ok 19:23:11.0889 5292 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys 19:23:11.0921 5292 Ecache - ok 19:23:12.0092 5292 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:23:12.0201 5292 ehRecvr - ok 19:23:12.0233 5292 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 19:23:12.0342 5292 ehSched - ok 19:23:12.0373 5292 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 19:23:12.0420 5292 ehstart - ok 19:23:12.0623 5292 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:23:12.0810 5292 elxstor - ok 19:23:12.0903 5292 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll 19:23:12.0997 5292 EMDMgmt - ok 19:23:13.0044 5292 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll 19:23:13.0091 5292 EventSystem - ok 19:23:13.0200 5292 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys 19:23:13.0293 5292 exfat - ok 19:23:13.0340 5292 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:23:13.0449 5292 fastfat - ok 19:23:13.0496 5292 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:23:13.0605 5292 fdc - ok 19:23:13.0668 5292 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 19:23:13.0699 5292 fdPHost - ok 19:23:13.0761 5292 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 19:23:13.0964 5292 FDResPub - ok 19:23:14.0042 5292 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:23:14.0105 5292 FileInfo - ok 19:23:14.0167 5292 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:23:14.0245 5292 Filetrace - ok 19:23:14.0307 5292 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:23:14.0401 5292 flpydisk - ok 19:23:14.0510 5292 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:23:14.0682 5292 FltMgr - ok 19:23:14.0885 5292 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:23:14.0947 5292 FontCache3.0.0.0 - ok 19:23:15.0087 5292 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:23:15.0165 5292 Fs_Rec - ok 19:23:15.0275 5292 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:23:15.0337 5292 gagp30kx - ok 19:23:15.0540 5292 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll 19:23:15.0821 5292 gpsvc - ok 19:23:16.0117 5292 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9b223f93bdfa8 C:\Program Files\Google\Update\GoogleUpdate.exe 19:23:16.0133 5292 gupdate1c9b223f93bdfa8 - ok 19:23:16.0226 5292 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 19:23:16.0257 5292 gupdatem - ok 19:23:16.0429 5292 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 19:23:16.0554 5292 gusvc - ok 19:23:16.0632 5292 [ 7929A161F9951D173CA9900FE7067391 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 19:23:16.0694 5292 hamachi - ok 19:23:16.0897 5292 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:23:17.0100 5292 HdAudAddService - ok 19:23:17.0162 5292 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:23:17.0209 5292 HDAudBus - ok 19:23:17.0412 5292 [ E06B41994F34448D58FA3D12829E7203 ] HFGService C:\Windows\System32\HFGService.dll 19:23:17.0552 5292 HFGService - ok 19:23:17.0583 5292 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:23:17.0708 5292 HidBth - ok 19:23:17.0771 5292 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 19:23:17.0849 5292 HidIr - ok 19:23:17.0958 5292 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll 19:23:18.0005 5292 hidserv - ok 19:23:18.0051 5292 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:23:18.0114 5292 HidUsb - ok 19:23:18.0161 5292 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:23:18.0239 5292 hkmsvc - ok 19:23:18.0285 5292 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 19:23:18.0317 5292 HpCISSs - ok 19:23:18.0441 5292 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:23:18.0785 5292 HTTP - ok 19:23:19.0034 5292 [ 1FC7A63148E4F2BD831DAB0DC732026D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 19:23:19.0143 5292 hwdatacard - ok 19:23:19.0253 5292 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys 19:23:19.0284 5292 i2omp - ok 19:23:19.0424 5292 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:23:19.0471 5292 i8042prt - ok 19:23:19.0549 5292 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 19:23:19.0799 5292 iaStorV - ok 19:23:20.0064 5292 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:23:20.0766 5292 idsvc - ok 19:23:20.0937 5292 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:23:21.0047 5292 iirsp - ok 19:23:21.0343 5292 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll 19:23:21.0468 5292 IKEEXT - ok 19:23:21.0858 5292 [ 7BD4E0428776D11C8E8E26F9F5508690 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 19:23:23.0184 5292 IntcAzAudAddService - ok 19:23:23.0199 5292 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys 19:23:23.0231 5292 intelide - ok 19:23:23.0309 5292 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:23:23.0355 5292 intelppm - ok 19:23:23.0402 5292 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:23:23.0480 5292 IPBusEnum - ok 19:23:23.0543 5292 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:23:23.0636 5292 IpFilterDriver - ok 19:23:23.0730 5292 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:23:23.0761 5292 iphlpsvc - ok 19:23:23.0777 5292 IpInIp - ok 19:23:23.0839 5292 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 19:23:24.0042 5292 IPMIDRV - ok 19:23:24.0089 5292 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 19:23:24.0135 5292 IPNAT - ok 19:23:24.0182 5292 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:23:24.0245 5292 IRENUM - ok 19:23:24.0291 5292 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:23:24.0494 5292 isapnp - ok 19:23:24.0588 5292 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 19:23:24.0603 5292 iScsiPrt - ok 19:23:24.0681 5292 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 19:23:24.0713 5292 iteatapi - ok 19:23:24.0759 5292 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 19:23:24.0806 5292 iteraid - ok 19:23:24.0853 5292 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:23:24.0915 5292 kbdclass - ok 19:23:25.0040 5292 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:23:25.0118 5292 kbdhid - ok 19:23:25.0181 5292 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe 19:23:25.0274 5292 KeyIso - ok 19:23:25.0383 5292 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys 19:23:25.0477 5292 KMDFMEMIO - ok 19:23:25.0727 5292 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:23:26.0023 5292 KSecDD - ok 19:23:26.0132 5292 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 19:23:26.0366 5292 KtmRm - ok 19:23:26.0429 5292 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:23:26.0507 5292 LanmanServer - ok 19:23:26.0616 5292 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:23:26.0678 5292 LanmanWorkstation - ok 19:23:26.0897 5292 [ F34B35F6F74E28A460749DA11D1117F8 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe 19:23:26.0928 5292 LightScribeService - ok 19:23:26.0990 5292 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:23:27.0193 5292 lltdio - ok 19:23:27.0255 5292 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:23:27.0411 5292 lltdsvc - ok 19:23:27.0458 5292 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:23:27.0505 5292 lmhosts - ok 19:23:27.0567 5292 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:23:27.0848 5292 LSI_FC - ok 19:23:27.0864 5292 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:23:27.0973 5292 LSI_SAS - ok 19:23:28.0082 5292 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:23:28.0145 5292 LSI_SCSI - ok 19:23:28.0191 5292 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 19:23:28.0254 5292 luafv - ok 19:23:28.0301 5292 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:23:28.0410 5292 Mcx2Svc - ok 19:23:28.0644 5292 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys 19:23:28.0722 5292 megasas - ok 19:23:28.0769 5292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 19:23:28.0815 5292 MMCSS - ok 19:23:28.0893 5292 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 19:23:28.0940 5292 Modem - ok 19:23:29.0018 5292 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:23:29.0096 5292 monitor - ok 19:23:29.0127 5292 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:23:29.0174 5292 mouclass - ok 19:23:29.0190 5292 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:23:29.0252 5292 mouhid - ok 19:23:29.0315 5292 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 19:23:29.0346 5292 MountMgr - ok 19:23:29.0408 5292 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys 19:23:29.0486 5292 mpio - ok 19:23:29.0689 5292 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:23:29.0736 5292 mpsdrv - ok 19:23:29.0939 5292 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll 19:23:30.0048 5292 MpsSvc - ok 19:23:30.0110 5292 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 19:23:30.0329 5292 Mraid35x - ok 19:23:30.0407 5292 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:23:30.0578 5292 MRxDAV - ok 19:23:30.0641 5292 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:23:30.0703 5292 mrxsmb - ok 19:23:30.0765 5292 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:23:30.0875 5292 mrxsmb10 - ok 19:23:30.0921 5292 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:23:30.0968 5292 mrxsmb20 - ok 19:23:31.0015 5292 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys 19:23:31.0046 5292 msahci - ok 19:23:31.0077 5292 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:23:31.0124 5292 msdsm - ok 19:23:31.0171 5292 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 19:23:31.0249 5292 MSDTC - ok 19:23:31.0311 5292 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:23:31.0405 5292 Msfs - ok 19:23:31.0499 5292 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:23:31.0545 5292 msisadrv - ok 19:23:31.0608 5292 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:23:31.0670 5292 MSiSCSI - ok 19:23:31.0686 5292 msiserver - ok 19:23:31.0764 5292 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:23:31.0857 5292 MSKSSRV - ok 19:23:31.0920 5292 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:23:31.0951 5292 MSPCLOCK - ok 19:23:32.0029 5292 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:23:32.0123 5292 MSPQM - ok 19:23:32.0325 5292 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:23:32.0419 5292 MsRPC - ok 19:23:32.0481 5292 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 19:23:32.0528 5292 mssmbios - ok 19:23:32.0622 5292 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:23:32.0684 5292 MSTEE - ok 19:23:32.0731 5292 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys 19:23:32.0840 5292 Mup - ok 19:23:33.0027 5292 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll 19:23:33.0105 5292 napagent - ok 19:23:33.0199 5292 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:23:33.0277 5292 NativeWifiP - ok 19:23:33.0511 5292 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:23:33.0620 5292 NDIS - ok 19:23:33.0792 5292 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:23:33.0870 5292 NdisTapi - ok 19:23:33.0917 5292 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:23:33.0979 5292 Ndisuio - ok 19:23:34.0057 5292 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:23:34.0135 5292 NdisWan - ok 19:23:34.0197 5292 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:23:34.0260 5292 NDProxy - ok 19:23:34.0416 5292 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:23:34.0494 5292 NetBIOS - ok 19:23:34.0572 5292 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 19:23:34.0712 5292 netbt - ok 19:23:34.0743 5292 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe 19:23:34.0759 5292 Netlogon - ok 19:23:34.0884 5292 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 19:23:35.0040 5292 Netman - ok 19:23:35.0087 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:23:35.0180 5292 NetMsmqActivator - ok 19:23:35.0211 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:23:35.0227 5292 NetPipeActivator - ok 19:23:35.0414 5292 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 19:23:35.0477 5292 netprofm - ok 19:23:35.0523 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:23:35.0539 5292 NetTcpActivator - ok 19:23:35.0539 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 19:23:35.0555 5292 NetTcpPortSharing - ok 19:23:36.0179 5292 [ 6E9EDC1020B319E7676387B8CDF2398C ] NETw2v32 C:\Windows\system32\DRIVERS\NETw2v32.sys 19:23:38.0207 5292 NETw2v32 - ok 19:23:38.0238 5292 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:23:38.0285 5292 nfrd960 - ok 19:23:38.0472 5292 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:23:38.0503 5292 NlaSvc - ok 19:23:38.0628 5292 [ D21FEE8DB254BA762656878168AC1DB6 ] NPF C:\Windows\system32\drivers\npf.sys 19:23:38.0643 5292 NPF ( UnsignedFile.Multi.Generic ) - warning 19:23:38.0643 5292 NPF - detected UnsignedFile.Multi.Generic (1) 19:23:38.0706 5292 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:23:38.0877 5292 Npfs - ok 19:23:38.0955 5292 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 19:23:38.0987 5292 nsi - ok 19:23:39.0033 5292 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:23:39.0065 5292 nsiproxy - ok 19:23:39.0392 5292 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:23:40.0047 5292 Ntfs - ok 19:23:40.0281 5292 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 19:23:40.0391 5292 ntrigdigi - ok 19:23:40.0437 5292 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 19:23:40.0484 5292 Null - ok 19:23:40.0531 5292 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:23:40.0609 5292 nvraid - ok 19:23:40.0656 5292 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:23:40.0703 5292 nvstor - ok 19:23:40.0749 5292 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:23:40.0781 5292 nv_agp - ok 19:23:40.0796 5292 NwlnkFlt - ok 19:23:40.0796 5292 NwlnkFwd - ok 19:23:41.0030 5292 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:23:41.0171 5292 odserv - ok 19:23:41.0264 5292 [ 953C1BA621F4DA9DC7D268AE839A51FB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 19:23:41.0405 5292 ohci1394 - ok 19:23:41.0607 5292 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:23:41.0623 5292 ose - ok 19:23:41.0826 5292 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll 19:23:42.0278 5292 p2pimsvc - ok 19:23:42.0481 5292 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll 19:23:42.0559 5292 p2psvc - ok 19:23:42.0606 5292 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 19:23:42.0731 5292 Parport - ok 19:23:42.0793 5292 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:23:42.0824 5292 partmgr - ok 19:23:42.0855 5292 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 19:23:42.0965 5292 Parvdm - ok 19:23:42.0996 5292 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 19:23:43.0043 5292 PcaSvc - ok 19:23:43.0167 5292 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys 19:23:43.0199 5292 pci - ok 19:23:43.0277 5292 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 19:23:43.0339 5292 pciide - ok 19:23:43.0401 5292 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:23:43.0495 5292 pcmcia - ok 19:23:43.0791 5292 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:23:44.0244 5292 PEAUTH - ok 19:23:44.0759 5292 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 19:23:45.0351 5292 pla - ok 19:23:45.0648 5292 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:23:45.0679 5292 PlugPlay - ok 19:23:45.0944 5292 [ 831883B107684301F48ACE752C963984 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe 19:23:45.0944 5292 PnkBstrA - ok 19:23:46.0116 5292 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 19:23:46.0163 5292 PNRPAutoReg - ok 19:23:46.0475 5292 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll 19:23:46.0521 5292 PNRPsvc - ok 19:23:46.0615 5292 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:23:46.0693 5292 PolicyAgent - ok 19:23:46.0740 5292 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:23:46.0818 5292 PptpMiniport - ok 19:23:46.0880 5292 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys 19:23:46.0989 5292 Processor - ok 19:23:47.0083 5292 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll 19:23:47.0130 5292 ProfSvc - ok 19:23:47.0161 5292 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:23:47.0177 5292 ProtectedStorage - ok 19:23:47.0270 5292 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys 19:23:47.0364 5292 PSched - ok 19:23:47.0473 5292 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:23:48.0003 5292 ql2300 - ok 19:23:48.0035 5292 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:23:48.0081 5292 ql40xx - ok 19:23:48.0159 5292 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 19:23:48.0222 5292 QWAVE - ok 19:23:48.0300 5292 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:23:48.0362 5292 QWAVEdrv - ok 19:23:49.0298 5292 [ 976D32226FC4DD1187110B763F913A69 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys 19:23:49.0860 5292 R300 - ok 19:23:50.0000 5292 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:23:50.0063 5292 RasAcd - ok 19:23:50.0109 5292 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 19:23:50.0156 5292 RasAuto - ok 19:23:50.0219 5292 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:23:50.0328 5292 Rasl2tp - ok 19:23:50.0546 5292 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll 19:23:50.0640 5292 RasMan - ok 19:23:50.0687 5292 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:23:50.0765 5292 RasPppoe - ok 19:23:50.0858 5292 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:23:50.0921 5292 RasSstp - ok 19:23:51.0030 5292 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:23:51.0217 5292 rdbss - ok 19:23:51.0264 5292 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:23:51.0326 5292 RDPCDD - ok 19:23:51.0451 5292 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 19:23:51.0623 5292 rdpdr - ok 19:23:51.0701 5292 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:23:51.0779 5292 RDPENCDD - ok 19:23:51.0872 5292 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:23:52.0028 5292 RDPWD - ok 19:23:52.0122 5292 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:23:52.0184 5292 RemoteAccess - ok 19:23:52.0247 5292 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:23:52.0340 5292 RemoteRegistry - ok 19:23:52.0387 5292 [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 19:23:52.0481 5292 RFCOMM - ok 19:23:52.0808 5292 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 19:23:52.0824 5292 RichVideo - ok 19:23:52.0917 5292 [ 67C607857CCD6EBFFE768DAD5B2CA239 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe 19:23:52.0933 5292 rpcapd ( UnsignedFile.Multi.Generic ) - warning 19:23:52.0933 5292 rpcapd - detected UnsignedFile.Multi.Generic (1) 19:23:52.0995 5292 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 19:23:53.0089 5292 RpcLocator - ok 19:23:53.0183 5292 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll 19:23:53.0229 5292 RpcSs - ok 19:23:53.0276 5292 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:23:53.0354 5292 rspndr - ok 19:23:53.0417 5292 [ 959EF612D2CCFDB6D9E443F8E3655013 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys 19:23:53.0526 5292 RTL8023xp - ok 19:23:53.0557 5292 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe 19:23:53.0573 5292 SamSs - ok 19:23:53.0713 5292 [ 4BFB51CDB25D4D4B9E8FCCAB635F262E ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe 19:23:53.0713 5292 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning 19:23:53.0713 5292 Samsung Update Plus - detected UnsignedFile.Multi.Generic (1) 19:23:53.0978 5292 [ 361094945053C2C04312EF2E5F14EEAF ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys 19:23:54.0025 5292 SANDRA - ok 19:23:54.0103 5292 [ 201C4CA2BEB6152B0238DEA13F9EE85D ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe 19:23:54.0165 5292 SandraAgentSrv - ok 19:23:54.0228 5292 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:23:54.0259 5292 sbp2port - ok 19:23:54.0321 5292 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:23:54.0368 5292 SCardSvr - ok 19:23:54.0587 5292 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll 19:23:54.0821 5292 Schedule - ok 19:23:54.0867 5292 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll 19:23:54.0899 5292 SCPolicySvc - ok 19:23:55.0055 5292 [ 4339A2585708C7D9B0C0CE5AAD3DD6FF ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 19:23:55.0257 5292 sdbus - ok 19:23:55.0304 5292 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:23:55.0398 5292 SDRSVC - ok 19:23:55.0429 5292 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:23:55.0507 5292 secdrv - ok 19:23:55.0632 5292 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 19:23:55.0679 5292 seclogon - ok 19:23:55.0694 5292 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 19:23:55.0757 5292 SENS - ok 19:23:55.0819 5292 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 19:23:55.0913 5292 Serenum - ok 19:23:55.0959 5292 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 19:23:56.0022 5292 Serial - ok 19:23:56.0193 5292 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:23:56.0225 5292 sermouse - ok 19:23:56.0271 5292 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 19:23:56.0303 5292 SessionEnv - ok 19:23:56.0365 5292 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:23:56.0427 5292 sffdisk - ok 19:23:56.0599 5292 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:23:56.0661 5292 sffp_mmc - ok 19:23:56.0708 5292 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:23:56.0802 5292 sffp_sd - ok 19:23:56.0864 5292 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 19:23:56.0958 5292 sfloppy - ok 19:23:57.0051 5292 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:23:57.0161 5292 SharedAccess - ok 19:23:57.0254 5292 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:23:57.0363 5292 ShellHWDetection - ok 19:23:57.0441 5292 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys 19:23:57.0519 5292 sisagp - ok 19:23:57.0566 5292 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 19:23:57.0629 5292 SiSRaid2 - ok 19:23:57.0660 5292 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:23:57.0691 5292 SiSRaid4 - ok 19:23:58.0346 5292 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe 19:23:59.0750 5292 slsvc - ok 19:23:59.0844 5292 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll 19:23:59.0891 5292 SLUINotify - ok 19:23:59.0937 5292 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:24:00.0015 5292 Smb - ok 19:24:00.0062 5292 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:24:00.0093 5292 SNMPTRAP - ok 19:24:00.0125 5292 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 19:24:00.0156 5292 spldr - ok 19:24:00.0312 5292 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe 19:24:00.0405 5292 Spooler - ok 19:24:00.0717 5292 [ 71E276F6D189413266EA22171806597B ] sptd C:\Windows\system32\Drivers\sptd.sys 19:24:00.0717 5292 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B 19:24:00.0717 5292 sptd ( LockedFile.Multi.Generic ) - warning 19:24:00.0733 5292 sptd - detected LockedFile.Multi.Generic (1) 19:24:00.0842 5292 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 19:24:00.0873 5292 SQLWriter - ok 19:24:00.0967 5292 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys 19:24:01.0076 5292 srv - ok 19:24:01.0139 5292 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:24:01.0263 5292 srv2 - ok 19:24:01.0310 5292 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:24:01.0373 5292 srvnet - ok 19:24:01.0482 5292 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys 19:24:01.0685 5292 sscdbus - ok 19:24:01.0747 5292 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys 19:24:01.0809 5292 sscdmdfl - ok 19:24:01.0841 5292 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys 19:24:01.0903 5292 sscdmdm - ok 19:24:01.0965 5292 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:24:02.0028 5292 SSDPSRV - ok 19:24:02.0059 5292 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 19:24:02.0137 5292 ssmdrv - ok 19:24:02.0215 5292 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:24:02.0309 5292 SstpSvc - ok 19:24:02.0527 5292 [ 5A1D0CA8A5F1E7B4EC50B9D76C001F0E ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys 19:24:02.0589 5292 ss_bus - ok 19:24:02.0683 5292 [ F0A85580E36A3A85059037D39A9CF079 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys 19:24:02.0777 5292 ss_mdfl - ok 19:24:02.0964 5292 [ 84C3DBFD1BFA4ADC0A950B3D5506CB00 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys 19:24:03.0026 5292 ss_mdm - ok 19:24:03.0276 5292 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys 19:24:03.0291 5292 StarOpen ( UnsignedFile.Multi.Generic ) - warning 19:24:03.0291 5292 StarOpen - detected UnsignedFile.Multi.Generic (1) 19:24:03.0463 5292 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll 19:24:03.0619 5292 stisvc - ok 19:24:03.0650 5292 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 19:24:03.0681 5292 swenum - ok 19:24:03.0915 5292 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll 19:24:03.0993 5292 swprv - ok 19:24:04.0040 5292 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 19:24:04.0087 5292 Symc8xx - ok 19:24:04.0134 5292 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 19:24:04.0181 5292 Sym_hi - ok 19:24:04.0227 5292 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 19:24:04.0259 5292 Sym_u3 - ok 19:24:04.0368 5292 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:24:04.0539 5292 SynTP - ok 19:24:04.0758 5292 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll 19:24:05.0054 5292 SysMain - ok 19:24:05.0117 5292 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:24:05.0397 5292 TabletInputService - ok 19:24:05.0444 5292 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll 19:24:05.0475 5292 TapiSrv - ok 19:24:05.0522 5292 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 19:24:05.0585 5292 TBS - ok 19:24:05.0850 5292 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:24:06.0365 5292 Tcpip - ok 19:24:06.0708 5292 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 19:24:06.0895 5292 Tcpip6 - ok 19:24:06.0942 5292 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:24:07.0020 5292 tcpipreg - ok 19:24:07.0098 5292 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:24:07.0285 5292 TDPIPE - ok 19:24:07.0347 5292 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:24:07.0410 5292 TDTCP - ok 19:24:07.0457 5292 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:24:07.0550 5292 tdx - ok 19:24:07.0581 5292 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 19:24:07.0613 5292 TermDD - ok 19:24:07.0784 5292 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll 19:24:08.0127 5292 TermService - ok 19:24:08.0221 5292 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll 19:24:08.0237 5292 Themes - ok 19:24:08.0252 5292 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 19:24:08.0283 5292 THREADORDER - ok 19:24:08.0330 5292 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 19:24:08.0377 5292 TrkWks - ok 19:24:08.0486 5292 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:24:08.0533 5292 TrustedInstaller - ok 19:24:08.0595 5292 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:24:08.0689 5292 tssecsrv - ok 19:24:09.0453 5292 [ 75E9D9B9E1C268697DA56EFF1A578F68 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe 19:24:10.0077 5292 TuneUp.UtilitiesSvc - ok 19:24:10.0343 5292 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 19:24:10.0374 5292 TuneUpUtilitiesDrv - ok 19:24:10.0421 5292 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 19:24:10.0608 5292 tunmp - ok 19:24:10.0655 5292 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:24:10.0717 5292 tunnel - ok 19:24:10.0779 5292 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:24:10.0826 5292 uagp35 - ok 19:24:10.0920 5292 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:24:11.0013 5292 udfs - ok 19:24:11.0060 5292 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:24:11.0107 5292 UI0Detect - ok 19:24:11.0169 5292 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:24:11.0216 5292 uliagpkx - ok 19:24:11.0325 5292 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys 19:24:11.0419 5292 uliahci - ok 19:24:11.0450 5292 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 19:24:11.0481 5292 UlSata - ok 19:24:11.0528 5292 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 19:24:11.0637 5292 ulsata2 - ok 19:24:11.0684 5292 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:24:11.0731 5292 umbus - ok 19:24:11.0918 5292 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 19:24:12.0027 5292 upnphost - ok 19:24:12.0105 5292 [ 292A25BB75A568AE2C67169BA2C6365A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:24:12.0199 5292 usbaudio - ok 19:24:12.0277 5292 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:24:12.0324 5292 usbccgp - ok 19:24:12.0417 5292 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:24:12.0527 5292 usbcir - ok 19:24:12.0683 5292 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:24:12.0729 5292 usbehci - ok 19:24:12.0761 5292 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:24:12.0839 5292 usbhub - ok 19:24:12.0885 5292 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:24:13.0010 5292 usbohci - ok 19:24:13.0041 5292 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys 19:24:13.0104 5292 usbprint - ok 19:24:13.0151 5292 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:24:13.0260 5292 USBSTOR - ok 19:24:13.0307 5292 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:24:13.0385 5292 usbuhci - ok 19:24:13.0556 5292 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:24:13.0650 5292 usbvideo - ok 19:24:13.0759 5292 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll 19:24:13.0775 5292 UxSms - ok 19:24:13.0853 5292 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe 19:24:13.0946 5292 vds - ok 19:24:14.0009 5292 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:24:14.0102 5292 vga - ok 19:24:14.0149 5292 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 19:24:14.0289 5292 VgaSave - ok 19:24:14.0321 5292 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys 19:24:14.0352 5292 viaagp - ok 19:24:14.0523 5292 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 19:24:14.0648 5292 ViaC7 - ok 19:24:14.0664 5292 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys 19:24:14.0695 5292 viaide - ok 19:24:14.0867 5292 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files\Viewpoint\Common\ViewpointService.exe 19:24:14.0898 5292 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning 19:24:14.0898 5292 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1) 19:24:14.0960 5292 [ 2DFF4EFA8E65B257C171C362C1256DB8 ] VMC302 C:\Windows\system32\Drivers\VMC302.sys 19:24:15.0319 5292 VMC302 - ok 19:24:15.0335 5292 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:24:15.0381 5292 volmgr - ok 19:24:15.0475 5292 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:24:15.0584 5292 volmgrx - ok 19:24:15.0678 5292 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:24:15.0818 5292 volsnap - ok 19:24:15.0881 5292 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:24:15.0927 5292 vsmraid - ok 19:24:16.0224 5292 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe 19:24:16.0817 5292 VSS - ok 19:24:17.0051 5292 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll 19:24:17.0129 5292 W32Time - ok 19:24:17.0160 5292 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 19:24:17.0253 5292 WacomPen - ok 19:24:17.0331 5292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 19:24:17.0394 5292 Wanarp - ok 19:24:17.0441 5292 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:24:17.0456 5292 Wanarpv6 - ok 19:24:17.0612 5292 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:24:17.0784 5292 wcncsvc - ok 19:24:17.0893 5292 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:24:17.0955 5292 WcsPlugInService - ok 19:24:17.0987 5292 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys 19:24:18.0033 5292 Wd - ok 19:24:18.0361 5292 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:24:18.0533 5292 Wdf01000 - ok 19:24:18.0579 5292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:24:18.0642 5292 WdiServiceHost - ok 19:24:18.0657 5292 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:24:18.0689 5292 WdiSystemHost - ok 19:24:18.0767 5292 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll 19:24:18.0813 5292 WebClient - ok 19:24:18.0907 5292 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:24:18.0969 5292 Wecsvc - ok 19:24:19.0032 5292 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:24:19.0079 5292 wercplsupport - ok 19:24:19.0235 5292 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll 19:24:19.0266 5292 WerSvc - ok 19:24:19.0422 5292 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 19:24:19.0469 5292 WinDefend - ok 19:24:19.0469 5292 WinHttpAutoProxySvc - ok 19:24:19.0812 5292 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:24:19.0859 5292 Winmgmt - ok 19:24:20.0155 5292 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 19:24:20.0732 5292 WinRM - ok 19:24:20.0904 5292 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll 19:24:21.0091 5292 Wlansvc - ok 19:24:21.0153 5292 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:24:21.0216 5292 WmiAcpi - ok 19:24:21.0403 5292 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:24:21.0481 5292 wmiApSrv - ok 19:24:21.0762 5292 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 19:24:22.0245 5292 WMPNetworkSvc - ok 19:24:22.0417 5292 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:24:22.0495 5292 WPCSvc - ok 19:24:22.0557 5292 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:24:22.0682 5292 WPDBusEnum - ok 19:24:22.0776 5292 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 19:24:22.0838 5292 WpdUsb - ok 19:24:23.0072 5292 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 19:24:23.0306 5292 WPFFontCache_v0400 - ok 19:24:23.0415 5292 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:24:23.0462 5292 ws2ifsl - ok 19:24:23.0509 5292 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll 19:24:23.0540 5292 wscsvc - ok 19:24:23.0540 5292 WSearch - ok 19:24:24.0071 5292 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll 19:24:25.0085 5292 wuauserv - ok 19:24:25.0303 5292 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:24:25.0365 5292 WUDFRd - ok 19:24:25.0412 5292 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:24:25.0475 5292 wudfsvc - ok 19:24:25.0599 5292 [ ADE7A4943003020216952B56A6741EC7 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 19:24:25.0802 5292 yukonwlh - ok 19:24:25.0849 5292 ================ Scan global =============================== 19:24:25.0896 5292 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 19:24:26.0005 5292 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 19:24:26.0099 5292 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll 19:24:26.0192 5292 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe 19:24:26.0208 5292 [Global] - ok 19:24:26.0208 5292 ================ Scan MBR ================================== 19:24:26.0239 5292 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0 19:24:35.0989 5292 \Device\Harddisk0\DR0 - ok 19:24:35.0989 5292 ================ Scan VBR ================================== 19:24:36.0051 5292 [ 45BE513C99773C2629DF270E975AD206 ] \Device\Harddisk0\DR0\Partition1 19:24:36.0083 5292 \Device\Harddisk0\DR0\Partition1 - ok 19:24:36.0129 5292 [ 5F3AD48E6A3A05A8786EB3413F653D07 ] \Device\Harddisk0\DR0\Partition2 19:24:36.0254 5292 \Device\Harddisk0\DR0\Partition2 - ok 19:24:36.0254 5292 ============================================================ 19:24:36.0254 5292 Scan finished 19:24:36.0254 5292 ============================================================ 19:24:36.0270 0572 Detected object count: 6 19:24:36.0270 0572 Actual detected object count: 6 19:26:22.0026 0572 NPF ( UnsignedFile.Multi.Generic ) - skipped by user 19:26:22.0026 0572 NPF ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:26:22.0026 0572 rpcapd ( UnsignedFile.Multi.Generic ) - skipped by user 19:26:22.0026 0572 rpcapd ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:26:22.0026 0572 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user 19:26:22.0026 0572 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:26:22.0042 0572 sptd ( LockedFile.Multi.Generic ) - skipped by user 19:26:22.0042 0572 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 19:26:22.0042 0572 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 19:26:22.0042 0572 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:26:22.0042 0572 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:26:22.0042 0572 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
16.12.2012, 19:30
| #10 | |
| /// Malware-holic | Ich glaube ich habe Adware Hi, sehr gut, ohne Befund. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 20:12
| #11 |
| | Ich glaube ich habe Adware huhu, jetzt mal noch die gewünschte Log!! Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - Hool 16.12.2012 19:57:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3069.1844 [GMT 1:00]
ausgeführt von:: c:\users\Hool\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml2241.tmp
c:\programdata\xml231C.tmp
c:\programdata\xml23AA.tmp
c:\users\Sung-Jin\AppData\Roaming\Skype
c:\users\Sung-Jin\AppData\Roaming\Skype\shared.lck
c:\users\Sung-Jin\AppData\Roaming\Skype\shared.xml
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-16 bis 2012-12-16 ))))))))))))))))))))))))))))))
.
.
2012-12-14 08:05 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{997C99EC-DB2A-4404-A7B9-6ECDB00A9058}\mpengine.dll
2012-12-10 19:08 . 2012-12-10 19:08 -------- d-----w- c:\users\Hool\AppData\Roaming\Avira
2012-12-10 18:51 . 2011-07-21 11:11 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-10 18:51 . 2011-07-21 11:11 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-10 18:51 . 2012-12-10 18:51 -------- d-----w- c:\programdata\Avira
2012-12-10 18:51 . 2012-12-10 18:51 -------- d-----w- c:\program files\Avira
2012-12-10 18:42 . 2012-11-29 15:06 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-12-10 14:42 . 2012-12-10 14:42 -------- d--h--w- c:\programdata\Common Files
2012-12-10 13:33 . 2012-12-10 16:19 -------- d-----w- C:\f107cb1e531de7587929
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-01 23:23 . 2012-10-10 01:43 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-01 23:23 . 2011-11-06 19:51 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2009-11-09 17:38 2331672 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 10:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2009-11-09 2331672]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Hool\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-11-05 1199576]
"Spotify"="c:\users\Hool\AppData\Roaming\Spotify\Spotify.exe" [2012-11-05 7880664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-08 486856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 4489216]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 24d3
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 ADDMEM;ADDMEM;c:\users\Hool\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74046305
*Deregistered* - 74046305
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bthaudiosvc REG_MULTI_SZ HFGService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 08:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:31]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 17:12]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 17:12]
.
2012-12-16 c:\windows\Tasks\User_Feed_Synchronization-{841C9E85-6F0A-45FA-B5D1-AFC0B3E267E9}.job
- c:\windows\system32\msfeedssync.exe [2011-06-17 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\programs\PartyGaming\PartyCasino\RunApp.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Hool\AppData\Roaming\Mozilla\Firefox\Profiles\pwn6ppc4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Community Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: Flash and Video Download: {bee6eb20-01e0-ebd1-da83-080329fb9a3a} - %profile%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-16 20:07
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5288)
c:\windows\system32\btmmhook.dll
.
Zeit der Fertigstellung: 2012-12-16 20:10:24
ComboFix-quarantined-files.txt 2012-12-16 19:10
.
Vor Suchlauf: 20 Verzeichnis(se), 34.240.667.648 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 38.219.034.624 Bytes frei
.
- - End Of File - - 512C41F8BA80BA5888252D316B5C8B13
|
|
16.12.2012, 20:20
| #12 |
| /// Malware-holic | Ich glaube ich habe Adware Hi, noch 1 Scan, dann schaun wir mal was bei raus kommt, nicht viel denke ich, aber zur Sicherheit, dann deinstalieren wir noch einiges an Toolbars. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.12.2012, 21:00
| #13 |
| | Ich glaube ich habe Adware Boah, der Scan dauert mindestens so lange wie der Avira Scan. Sprich das wird heute nichts mehr mit der Log. Kannst du mir verraten ob ich wenigstens nebenbei so Spielchen LoL machen kann? Sonst würde ich den Scan nämlich abbrechen und nachts durchführen! Dank dir im vorraus... |
|
16.12.2012, 21:03
| #14 |
| /// Malware-holic | Ich glaube ich habe Adware Nein, alle Programme und aktivitäten während aller Scans einstellen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.12.2012, 20:25
| #15 |
| | Ich glaube ich habe Adware hi, ich habe da mal frohe Kunde zu vermelden!! Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.17.08 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 8.0.6001.19088 Hool :: HOOL-PC [Administrator] Schutz: Aktiviert 17.12.2012 18:57:49 mbam-log-2012-12-17 (18-57-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 438795 Laufzeit: 1 Stunde(n), 21 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu Ich glaube ich habe Adware |
| adware, angeblich, angemeldet, antivir, avira, avira antivir, compu, computer, falsch, gemeldet, glaube, guten, hoffe, installation, installier, kurze, langsamer, laptop, schei, seitdem, öfters |
