|
Plagegeister aller Art und deren Bekämpfung: serach nu, bitte um hilfeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.05.2013, 16:27 | #1 |
| serach nu, bitte um hilfe hallo, ich bitte euch um hilfe. habe seit ca 4 tagen ein Problem mit meinem PC, ( Browser und Game.) Beim Browser kommen immer als Startseite ungewöhnliche Suchmaschienen, wie zb "search nu",etc und das bei allen 3 (Chrome, Firefox und Explorer.) Bei meinem Game "WOW" stürzt das Game nach 1min in Game komplett ab, es kommen Fehlermeldungen und ich bekomm täglich von Blizzard eine mail, dass anderswo versucht wurde sich in meinem acc. einzuloggen und ich wieder mein PW ändern sollte. kann mir wer bitte ein gutes virenprogramm empfehlen dass kostenlos ist, und kann ich den Virus loswerden ohne meinen PC neu aufzusetzen ? " hab keine Windows 7 cd mehr) danke |
23.05.2013, 16:29 | #2 |
/// Malware-holic | serach nu, bitte um hilfe Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
23.05.2013, 16:34 | #3 |
| serach nu, bitte um hilfe hmm seite geht nicht, da kommt das:
__________________Not Found The requested URL /OTL.exe<br /> <br /> was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. -------------------------------------------------------------------------------- Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at oldtimer.geekstogo.com Port 80 hmm da kommt folgendes: Not Found The requested URL /OTL.exe<br /> <br /> was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. -------------------------------------------------------------------------------- Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at oldtimer.geekstogo.com Port 80 |
23.05.2013, 16:47 | #4 |
/// Malware-holic | serach nu, bitte um hilfe einmal reicht auch, da ist außerdem ein zweiter Link.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
23.05.2013, 17:48 | #5 |
| serach nu, bitte um hilfe OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2013 18:33:25 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = L:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 37,09% Memory free 5,75 Gb Paging File | 3,57 Gb Available in Paging File | 62,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files Drive H: | 78,13 Gb Total Space | 6,76 Gb Free Space | 8,66% Space Free | Partition Type: NTFS Drive I: | 97,65 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive J: | 94,66 Gb Total Space | 94,37 Gb Free Space | 99,70% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 76,40 Gb Free Space | 78,23% Space Free | Partition Type: NTFS Drive L: | 97,65 Gb Total Space | 17,19 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - L:\OTL (1).exe (OldTimer Tools) PRC - H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) PRC - H:\Program Files\Yontoo Layers Runtime\Y2Desktop.Updater.exe (Microsoft) PRC - H:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - H:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.) PRC - H:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) PRC - H:\Windows\System32\MsSpellCheckingFacility.exe (Microsoft Corporation) PRC - H:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - H:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-SharedFolder.exe (BlueStack Systems) PRC - H:\Program Files\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) PRC - H:\Program Files\BlueStacks\HD-Network.exe (BlueStack Systems) PRC - H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () PRC - H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - H:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - H:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - H:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - H:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - H:\Program Files\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd) PRC - H:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) PRC - H:\Windows\explorer.exe (Microsoft Corporation) PRC - H:\ProgramData\DatacardService\HWDeviceService.exe () PRC - H:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - H:\Windows\System32\atieclxx.exe (AMD) PRC - H:\Windows\System32\atiesrxx.exe (AMD) PRC - H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - H:\Users\Horst\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\814a45188ec5fe4b0ab709168cf4f81b\HD-Agent.ni.exe () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll () MOD - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\c94d8eba16a1c51a1cf7d7ac7f330843\JSON.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - H:\ProgramData\Wincert\win32prop.dll () MOD - H:\ProgramData\Wincert\win32cert.dll () MOD - H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () MOD - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () MOD - H:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - H:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - H:\Windows\System32\APOMngr.DLL () MOD - H:\Windows\System32\CmdRtr.DLL () ========== Services (SafeList) ========== SRV - (ZuneWlanCfgSvc) -- H:\Program Files\Zune\ZuneWlanCfgSvc.exe File not found SRV - (ZuneNetworkSvc) -- H:\Program Files\Zune\ZuneNss.exe File not found SRV - (Yontoo Desktop Updater) -- H:\Program Files\Yontoo Layers Runtime\Y2Desktop.Updater.exe H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe File not found SRV - (WMZuneComm) -- H:\Program Files\Zune\WMZuneComm.exe File not found SRV - (wlcrasvc) -- H:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found SRV - (gusvc) -- H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdatem) -- H:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found SRV - (gupdate) -- H:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found SRV - (fsssvc) -- H:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found SRV - (Creative Audio Engine Licensing Service) -- H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- H:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DatamngrCoordinator) -- H:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) SRV - (Steam Client Service) -- H:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BstHdLogRotatorSvc) -- H:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- H:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (BrowserProtect) -- H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () SRV - (nvUpdatusService) -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (McComponentHostService) -- H:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- H:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (WatAdminSvc) -- H:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (HWDeviceService.exe) -- H:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (AMD External Events Utility) -- H:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- H:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- H:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CTAudSvcService) -- H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (hwdatacard) -- H:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_wwanecm) -- H:\Windows\System32\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- H:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- H:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- H:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_ext_ctrl) -- H:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- H:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- H:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ew_usbenumfilter) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (BstHdDrv) -- H:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems) DRV - (nvlddmkm) -- H:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (FTSER2K) -- H:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (FTDIBUS) -- H:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (EuMusDesignVirtualAudioCableWdm) -- H:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV - (RzSynapse) -- H:\Windows\System32\drivers\RzSynapse.sys (Razer USA Ltd) DRV - (TsUsbFlt) -- H:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (winusb) -- H:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- H:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (P17) -- H:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.) DRV - (atikmdag) -- H:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Atc002) -- H:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.) DRV - (MTsensor) -- H:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=119781&tt=gc_&babsrc=HP_ss&mntrId=E4E6001D60DB6421 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\ IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406?appid=559 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 D4 D4 09 29 A1 CC 01 [binary data] IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{04C780E6-C682-4F97-B151-6932DBDE79AC}: "URL" = hxxp://search.softonic.com/MOY00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=00000000000000000000001d60db6421&r=397 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119781&tt=gc_&babsrc=SP_ss&mntrId=E4E6001D60DB6421 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{4CC30D01-69C8-4993-8BE2-EEDD8904D876}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT445 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB}?q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\ IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 BB 9D 23 8C 5F CC 01 [binary data] IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=00000000000000000000582c80139263 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{4CC30D01-69C8-4993-8BE2-EEDD8904D876}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB}?q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{C65F971D-0D1A-4667-BDA9-6AE58C9C805F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406?appid=559" FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: {C4A4F5A0-4B89-4392-AFAC-D58010E349AF}:5.0.0.7254 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5476213633344063&o=APN10645&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: H:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: H:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Users\Horst\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Users\Horst\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012.06.30 21:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012.06.30 21:50:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2012.05.09 18:39:48 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Extensions [2013.05.23 17:53:47 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions [2013.05.22 20:10:57 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0} [2013.05.22 20:10:52 | 000,000,000 | ---D | M] (New Tab) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} [2013.05.22 20:05:32 | 000,000,000 | ---D | M] (Delta Toolbar) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\ffxtlbr@delta.com [2013.05.22 20:04:56 | 000,000,000 | ---D | M] (Yontoo) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\plugin@yontoo.com [2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\gophoto@gophoto.it.xpi [2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\hdvc@hdvc.com.xpi [2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\m2k@m2kdownloader.com.xpi [2013.04.24 15:55:52 | 000,190,000 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.05.22 20:05:19 | 000,006,505 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\babylon.xml [2013.05.22 20:05:34 | 000,001,294 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\delta.xml [2013.05.22 20:10:52 | 000,002,646 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\Search_Results.xml [2013.05.17 20:40:31 | 000,001,434 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\softonic.xml [2012.07.01 13:47:14 | 000,004,117 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\sweetim.xml [2012.05.09 18:39:30 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions [2012.06.30 21:50:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- H:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.30 21:50:24 | 000,001,392 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.01 12:46:51 | 000,002,352 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.30 21:50:24 | 000,002,252 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.30 21:50:24 | 000,001,153 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 21:50:24 | 000,006,805 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.22 20:10:52 | 000,002,646 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.30 21:50:24 | 000,001,178 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 21:50:24 | 000,001,105 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/406?appid=559 CHR - Extension: Softonic Chrome Toolbar = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ CHR - Extension: Delta Toolbar = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: iLivid New Tabs = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\jbajpeofkjjeiamcglnmldoboonfkiol\5.0.0.7254_0\ CHR - Extension: HDvid Codec = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.0_0\ CHR - Extension: M2k Downloader = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn\1.0_0\ CHR - Extension: Yontoo = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: GoPhoto.it = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - H:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Program Files\Winamp Toolbar\winamptb.dll File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - H:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - H:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - H:\Program Files\Winload\prxtbWin0.dll File not found O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - H:\Program Files\BittorrentBar_DE\prxtbBitt.dll File not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - H:\Program Files\Windows Live\Companion\companioncore.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll File not found O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - H:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - H:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - H:\Program Files\Softonic\Softonic\1.8.19.3\bh\Softonic.dll (Softonic.com) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - H:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - H:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - H:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - H:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - H:\Program Files\Winload\prxtbWin0.dll File not found O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - H:\Program Files\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - H:\Program Files\BittorrentBar_DE\prxtbBitt.dll File not found O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - H:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - H:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Program Files\Winamp Toolbar\winamptb.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - H:\Program Files\Winload\prxtbWin0.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - H:\Program Files\Winload\prxtbWin0.dll File not found O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BlueStacks Agent] H:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [DATAMNGR] H:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.) O4 - HKLM..\Run: [P17RunE] H:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [QuickTime Plugin Install] H:\Program Files\QuickTime\Plugins\DeleteMe1.exe () O4 - HKLM..\Run: [Razer Anansi Driver] H:\Program Files\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [Razer Naga Driver] H:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Zune Launcher] H:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [EADM] "H:\Program Files\Origin\Origin.exe" -AutoStart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Facebook Update] "H:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [RegistryBooster] "H:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Spotify] "H:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Steam] H:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Yontoo Desktop] H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [EADM] "H:\Program Files\Origin\Origin.exe" -AutoStart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [Facebook Update] "H:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [RegistryBooster] "H:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [Spotify] "H:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [swg] "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [CTAutoUpdate] "H:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [FlashPlayerUpdate] H:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [InetReg] "H:\Program Files\Creative\Produktregistrierung\German\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Web-Suche - H:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: @H:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - H:\Program Files\Windows Live\Companion\companioncore.dll File not found O9 - Extra Button: @H:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found O9 - Extra 'Tools' menuitem : @H:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C0279CB-C7EC-4E56-812A-16CD781ABAB8}: NameServer = 213.162.69.170 213.162.69.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D966CB7E-CEDB-4CB0-AF5E-E011ABA4BB8F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll File not found O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O20 - AppInit_DLLs: (H:\PROGRA~3\Wincert\WIN32C~1.DLL) - H:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (H:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () O20 - AppInit_DLLs: (h:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.03.26 21:26:05 | 000,000,000 | ---D | M] - J:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell\AutoRun\command - "" = M:\Autorun.exe O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell - "" = AutoRun O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell\AutoRun\command - "" = O:\AutoRun.exe O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: x86 - (H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - H:\Windows\system32\cmd.exe /D /C start H:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\Windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - H:\Windows\system32\Rundll32.exe H:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - H:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 17:54:03 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.05.23 17:54:03 | 000,000,000 | ---D | C] -- H:\Program Files\ffdshow [2013.05.23 17:53:47 | 000,000,000 | ---D | C] -- H:\Program Files\Gophoto.it [2013.05.23 17:53:34 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com [2013.05.23 17:53:34 | 000,000,000 | ---D | C] -- H:\Program Files\hdvidcodec.com [2013.05.22 20:11:06 | 000,000,000 | ---D | C] -- H:\ProgramData\Wincert [2013.05.22 20:10:49 | 000,000,000 | ---D | C] -- H:\Program Files\Search Results Toolbar [2013.05.22 20:10:49 | 000,000,000 | ---D | C] -- H:\ProgramData\Datamngr [2013.05.22 20:09:51 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\iLivid [2013.05.22 20:05:50 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.22 20:05:46 | 000,000,000 | ---D | C] -- H:\ProgramData\BrowserProtect [2013.05.22 20:05:38 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\BabSolution [2013.05.22 20:05:32 | 000,000,000 | ---D | C] -- H:\Program Files\Delta [2013.05.22 20:05:31 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Delta [2013.05.22 20:04:55 | 000,000,000 | ---D | C] -- H:\Program Files\Yontoo Layers Runtime [2013.05.22 20:04:55 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Yontoo [2013.05.22 20:04:13 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\PutLockerDownloader [2013.05.22 20:04:05 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.05.22 20:04:05 | 000,000,000 | ---D | C] -- H:\Program Files\Movie2KDownloader.com [2013.05.21 15:36:33 | 000,000,000 | ---D | C] -- H:\Users\Horst\Desktop\addons [2013.05.21 14:58:46 | 000,000,000 | ---D | C] -- H:\Users\Horst\Desktop\gramsch2 [2013.05.19 16:28:55 | 013,011,504 | ---- | C] (Blizzard Entertainment) -- H:\Users\Horst\Desktop\Wow.exe [2013.05.18 12:35:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_5.dll [2013.05.18 12:35:25 | 002,106,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_43.dll [2013.05.18 12:35:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_43.dll [2013.05.18 12:35:25 | 001,868,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dcsx_43.dll [2013.05.18 12:35:25 | 000,528,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_6.dll [2013.05.18 12:35:25 | 000,527,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_7.dll [2013.05.18 12:35:25 | 000,470,880 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_43.dll [2013.05.18 12:35:25 | 000,248,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx11_43.dll [2013.05.18 12:35:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_7.dll [2013.05.18 12:35:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_6.dll [2013.05.18 12:35:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_4.dll [2013.05.18 12:35:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_7.dll [2013.05.18 12:35:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_5.dll [2013.05.18 12:35:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_41.dll [2013.05.18 12:35:21 | 000,517,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_4.dll [2013.05.18 12:35:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_40.dll [2013.05.18 12:35:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_40.dll [2013.05.18 12:35:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_40.dll [2013.05.18 12:35:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_4.dll [2013.05.18 12:35:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_6.dll [2013.05.18 12:35:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_39.dll [2013.05.18 12:35:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_3.dll [2013.05.18 12:35:19 | 000,509,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_2.dll [2013.05.18 12:35:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_39.dll [2013.05.18 12:35:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_2.dll [2013.05.18 12:35:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_3.dll [2013.05.18 12:35:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_2.dll [2013.05.18 12:35:19 | 000,068,616 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_1.dll [2013.05.18 12:35:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_5.dll [2013.05.18 12:35:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_39.dll [2013.05.18 12:35:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_1.dll [2013.05.18 12:35:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_0.dll [2013.05.18 12:35:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_38.dll [2013.05.18 12:35:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_38.dll [2013.05.18 12:35:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_0.dll [2013.05.18 12:35:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_38.dll [2013.05.18 12:35:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_1.dll [2013.05.18 12:35:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_0.dll [2013.05.18 12:35:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_4.dll [2013.05.18 12:35:16 | 003,786,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_37.dll [2013.05.18 12:35:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_37.dll [2013.05.18 12:35:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_37.dll [2013.05.18 12:35:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_36.dll [2013.05.18 12:35:16 | 000,267,272 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_10.dll [2013.05.18 12:35:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_3.dll [2013.05.18 12:35:15 | 003,734,536 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_36.dll [2013.05.18 12:35:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_35.dll [2013.05.18 12:35:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_36.dll [2013.05.18 12:35:15 | 001,358,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_35.dll [2013.05.18 12:35:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_35.dll [2013.05.18 12:35:15 | 000,267,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_9.dll [2013.05.18 12:35:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_34.dll [2013.05.18 12:35:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_34.dll [2013.05.18 12:35:14 | 001,123,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_33.dll [2013.05.18 12:35:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_34.dll [2013.05.18 12:35:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_33.dll [2013.05.18 12:35:14 | 000,266,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_8.dll [2013.05.18 12:35:14 | 000,261,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_7.dll [2013.05.18 12:35:14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_2.dll [2013.05.18 12:35:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_33.dll [2013.05.18 12:35:13 | 000,440,080 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10.dll [2013.05.18 12:35:13 | 000,255,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_6.dll [2013.05.18 12:35:13 | 000,251,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_5.dll [2013.05.18 12:35:12 | 000,237,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_4.dll [2013.05.18 12:35:12 | 000,015,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\x3daudio1_1.dll [2013.05.18 12:35:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_3.dll [2013.05.18 12:35:11 | 000,230,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_2.dll [2013.05.18 12:35:11 | 000,229,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_1.dll [2013.05.18 12:35:11 | 000,062,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xinput1_2.dll [2013.05.18 12:35:11 | 000,062,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xinput1_1.dll [2013.05.18 12:35:06 | 002,388,176 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_30.dll [2013.05.18 12:35:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_29.dll [2013.05.18 12:35:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_28.dll [2013.05.18 12:35:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_27.dll [2013.05.18 12:35:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_0.dll [2013.05.18 12:35:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\x3daudio1_0.dll [2013.05.18 12:35:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_25.dll [2013.05.18 12:35:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_26.dll [2013.05.18 12:35:05 | 002,222,800 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_24.dll [2013.05.18 03:08:02 | 002,706,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb [2013.05.18 03:08:01 | 002,877,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll [2013.05.18 03:08:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll [2013.05.18 03:08:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll [2013.05.18 03:08:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll [2013.05.18 03:07:59 | 000,493,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll [2013.05.18 03:07:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll [2013.05.18 03:07:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe [2013.05.18 03:07:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe [2013.05.18 03:07:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll [2013.05.17 20:42:34 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Curse Advertising [2013.05.17 20:42:07 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2013.05.17 20:40:02 | 000,000,000 | ---D | C] -- H:\Program Files\Softonic [2013.05.17 20:39:24 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Softonic [2013.05.17 20:39:07 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\PerformerSoft [2013.05.17 20:39:07 | 000,000,000 | ---D | C] -- H:\ProgramData\IBUpdaterService [2013.05.17 20:39:05 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- H:\Windows\System32\roboot.exe [2013.05.17 20:39:03 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013.05.17 20:39:02 | 000,000,000 | ---D | C] -- H:\Program Files\PC Performer [2013.05.17 20:29:58 | 000,000,000 | ---D | C] -- H:\Users\Horst\Documents\My Curse [2013.05.17 20:20:54 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.17 20:20:19 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\Deployment [2013.05.17 19:23:37 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\ElevatedDiagnostics [2013.05.17 19:10:25 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.05.17 16:12:31 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.17 15:46:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wwanprotdim.dll [2013.05.17 15:46:32 | 002,347,520 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\win32k.sys [2013.05.17 15:46:22 | 000,218,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\dxgmms1.sys [2013.05.17 15:46:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll [2013.05.17 15:46:15 | 000,101,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\consent.exe [2013.05.17 15:43:45 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\PopCap Games [2013.05.17 15:43:30 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Steam [2013.05.17 15:43:28 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.17 15:43:26 | 000,000,000 | ---D | C] -- H:\Program Files\Steam [2013.05.05 12:20:00 | 000,000,000 | ---D | C] -- H:\Program Files\AGEIA Technologies [2013.05.05 12:19:33 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games [2013.05.05 12:19:29 | 000,000,000 | ---D | C] -- H:\ProgramData\PopCap Games [2013.05.05 12:19:29 | 000,000,000 | ---D | C] -- H:\Program Files\PopCap Games [2013.05.05 12:16:59 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvoglv32.dll [2013.05.05 12:16:59 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcompiler.dll [2013.05.05 12:16:59 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\drivers\nvlddmkm.sys [2013.05.05 12:16:59 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuda.dll [2013.05.05 12:16:59 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvopencl.dll [2013.05.05 12:16:59 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuvid.dll [2013.05.05 12:16:59 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuvenc.dll [2013.05.05 12:16:59 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvdispco3231422.dll [2013.05.05 12:16:59 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvdispgenco3231422.dll [2013.05.05 12:16:14 | 000,000,000 | ---D | C] -- H:\NVIDIA [2013.05.05 11:43:13 | 003,913,560 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntoskrnl.exe [2013.05.05 11:43:12 | 003,968,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntkrnlpa.exe [2013.05.05 11:43:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\csrsrv.dll [2013.05.05 11:42:59 | 000,131,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\aaclient.dll [2013.05.05 11:42:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\tsgqec.dll [2013.05.05 11:38:19 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.05.05 11:38:19 | 000,000,000 | ---D | C] -- H:\Program Files\BlueStacks [2013.05.05 11:38:12 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\NVIDIA [2013.05.05 11:37:58 | 000,000,000 | ---D | C] -- H:\ProgramData\BlueStacksSetup [2013.05.05 11:37:58 | 000,000,000 | ---D | C] -- H:\ProgramData\BlueStacks [2013.05.05 11:28:28 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.24 21:54:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll [2013.04.24 21:54:00 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll [2013.04.24 21:35:33 | 000,047,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys [2013.04.24 21:35:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll [2013.04.24 21:35:01 | 000,613,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll [2013.04.24 21:35:01 | 000,172,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll [2013.04.24 21:35:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll [2013.04.24 21:27:33 | 001,441,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl [2013.04.24 21:27:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat [2013.04.24 21:27:33 | 000,745,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.24 21:27:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll [2013.04.24 21:27:33 | 000,629,248 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll [2013.04.24 21:27:33 | 000,361,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\html.iec [2013.04.24 21:27:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll [2013.04.24 21:27:33 | 000,242,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll [2013.04.24 21:27:33 | 000,232,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll [2013.04.24 21:27:33 | 000,226,816 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll [2013.04.24 21:27:33 | 000,185,344 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll [2013.04.24 21:27:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll [2013.04.24 21:27:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll [2013.04.24 21:27:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe [2013.04.24 21:27:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe [2013.04.24 21:27:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe [2013.04.24 21:27:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll [2013.04.24 21:27:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll [2013.04.24 21:27:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll [2013.04.24 21:27:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe [2013.04.24 21:27:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll [2013.04.24 21:27:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll [2013.04.24 21:27:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll [2013.04.24 21:27:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll [2013.04.24 21:27:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll [2013.04.24 21:27:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe [2013.04.24 21:27:09 | 000,049,152 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe [2013.04.24 21:26:23 | 002,284,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msmpeg2vdec.dll [2013.04.24 21:26:23 | 001,504,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d11.dll [2013.04.24 21:26:23 | 001,247,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll [2013.04.24 21:26:23 | 001,158,144 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XpsPrint.dll [2013.04.24 21:26:23 | 001,080,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10.dll [2013.04.24 21:26:23 | 000,417,792 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WMPhoto.dll [2013.04.24 21:26:23 | 000,364,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XpsGdiConverter.dll [2013.04.24 21:26:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10core.dll [2013.04.24 21:26:23 | 000,207,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WindowsCodecsExt.dll [2013.04.24 21:26:23 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.24 21:26:23 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.24 21:26:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.24 21:26:23 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.24 21:26:22 | 003,419,136 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d2d1.dll [2013.04.24 21:26:22 | 001,988,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10warp.dll [2013.04.24 21:26:22 | 000,604,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10level9.dll [2013.04.24 21:26:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxgi.dll [2013.04.24 21:26:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1core.dll [2013.04.24 21:26:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\UIAnimation.dll [2013.04.24 21:26:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1.dll [2013.04.24 16:03:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\RNDISMP.sys [2013.04.24 16:03:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\usb8023.sys [2013.04.24 16:02:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll [2013.04.24 16:02:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\OxpsConverter.exe [2013.04.24 16:01:55 | 000,187,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\FWPKCLNT.SYS [2013.04.24 16:01:50 | 000,240,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\netio.sys [2013.04.24 16:01:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\netcorehc.dll [2013.04.24 16:01:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncsi.dll [2013.04.24 16:01:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\netevent.dll [2013.04.24 16:01:36 | 000,271,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\conhost.exe [2013.04.24 16:01:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.04.24 16:01:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.04.24 16:01:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.04.24 16:01:22 | 000,400,896 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\srcore.dll [2013.04.24 16:01:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\browcli.dll [2013.04.24 16:00:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\gameux.dll [2013.04.24 16:00:52 | 000,308,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wpc.dll [2013.04.24 16:00:52 | 000,046,592 | ---- | C] (Microsoft) -- H:\Windows\System32\fpb.rs [2013.04.24 16:00:52 | 000,045,568 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc-nz.rs [2013.04.24 16:00:52 | 000,044,544 | ---- | C] (Microsoft) -- H:\Windows\System32\pegibbfc.rs [2013.04.24 16:00:52 | 000,043,520 | ---- | C] (Microsoft) -- H:\Windows\System32\csrr.rs [2013.04.24 16:00:52 | 000,040,960 | ---- | C] (Microsoft) -- H:\Windows\System32\cob-au.rs [2013.04.24 16:00:52 | 000,030,720 | ---- | C] (Microsoft) -- H:\Windows\System32\usk.rs [2013.04.24 16:00:52 | 000,021,504 | ---- | C] (Microsoft) -- H:\Windows\System32\grb.rs [2013.04.24 16:00:52 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-pt.rs [2013.04.24 16:00:52 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi.rs [2013.04.24 16:00:52 | 000,015,360 | ---- | C] (Microsoft) -- H:\Windows\System32\djctq.rs [2013.04.24 16:00:51 | 000,055,296 | ---- | C] (Microsoft) -- H:\Windows\System32\cero.rs [2013.04.24 16:00:51 | 000,051,712 | ---- | C] (Microsoft) -- H:\Windows\System32\esrb.rs [2013.04.24 16:00:51 | 000,023,552 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc.rs [2013.04.24 16:00:51 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-fi.rs [2013.04.24 16:00:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\synceng.dll [2013.04.24 16:00:35 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll [2013.04.24 16:00:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\tzres.dll [2013.04.24 15:59:14 | 000,193,536 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dhcpcore6.dll [2013.04.24 15:59:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dhcpcsvc6.dll [2013.04.24 15:58:54 | 000,169,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winsrv.dll [2013.04.24 15:33:46 | 000,861,696 | ---- | C] (DiBcom SA) -- H:\Windows\System32\drivers\mod7700.sys [2013.04.24 15:33:46 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbwwan.sys [2013.04.24 15:33:46 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbmdm.sys [2013.04.24 15:33:46 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juwwanecm.sys [2013.04.24 15:33:46 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwusbdev.sys [2013.04.24 15:33:46 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcacm.sys [2013.04.24 15:33:46 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jubusenum.sys [2013.04.24 15:33:46 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcecm.sys [2013.04.24 15:33:46 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juextctrl.sys [2013.04.24 15:33:46 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- H:\Windows\System32\drivers\ewdcsc.sys [2013.04.24 15:33:46 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwupgrade.sys [2013.04.24 15:33:46 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.04.24 15:33:19 | 000,724,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\bmutil.dll [2013.04.24 15:33:19 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bmnet.dll [2013.04.24 15:33:19 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bminstall.dll [2013.04.24 15:33:19 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bmdumpd.bin ========== Files - Modified Within 30 Days ========== [2013.05.23 18:26:00 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2013.05.23 18:11:00 | 000,001,096 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 18:04:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 17:53:34 | 000,000,804 | ---- | M] () -- H:\Users\Horst\Desktop\HDVidCodec.lnk [2013.05.23 17:48:00 | 000,000,928 | ---- | M] () -- H:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2013.05.23 17:04:04 | 000,021,888 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 17:04:04 | 000,021,888 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 16:57:34 | 000,000,332 | ---- | M] () -- H:\Windows\tasks\RegistryBooster.job [2013.05.23 16:57:13 | 000,001,092 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 16:56:36 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat [2013.05.23 16:56:32 | 2314,657,792 | -HS- | M] () -- H:\hiberfil.sys [2013.05.22 20:04:05 | 000,000,886 | ---- | M] () -- H:\Users\Horst\Desktop\Movie2KDownloader.lnk [2013.05.21 15:02:13 | 000,000,264 | ---- | M] () -- H:\Windows\tasks\PC Performer_DEFAULT.job [2013.05.21 14:48:00 | 000,000,906 | ---- | M] () -- H:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2013.05.20 21:26:01 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2013.05.19 12:19:53 | 004,852,004 | ---- | M] () -- H:\Windows\System32\perfh007.dat [2013.05.19 12:19:53 | 001,840,076 | ---- | M] () -- H:\Windows\System32\perfh009.dat [2013.05.19 12:19:53 | 001,430,940 | ---- | M] () -- H:\Windows\System32\perfc007.dat [2013.05.19 12:19:53 | 001,274,968 | ---- | M] () -- H:\Windows\System32\perfc009.dat [2013.05.18 03:27:00 | 000,269,712 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT [2013.05.18 03:26:46 | 000,000,272 | ---- | M] () -- H:\Windows\tasks\PC Performer_UPDATES.job [2013.05.17 20:42:07 | 000,000,318 | ---- | M] () -- H:\Users\Horst\Desktop\Curse Client.appref-ms [2013.05.17 20:23:15 | 000,000,000 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013.05.17 20:20:54 | 000,000,213 | ---- | M] () -- H:\Users\Horst\Desktop\Dota 2.url [2013.05.17 19:13:26 | 013,011,504 | ---- | M] (Blizzard Entertainment) -- H:\Users\Horst\Desktop\Wow.exe [2013.05.17 19:10:30 | 000,000,775 | ---- | M] () -- H:\Users\Public\Desktop\World of Warcraft.lnk [2013.05.17 17:04:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\FlashPlayerApp.exe [2013.05.17 17:04:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.17 16:12:31 | 000,001,964 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.17 15:43:40 | 000,000,835 | ---- | M] () -- H:\Users\Public\Desktop\Steam.lnk [2013.05.05 11:38:38 | 000,001,725 | ---- | M] () -- H:\Users\Public\Desktop\Start BlueStacks.lnk [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MpSigStub.exe [2013.04.24 21:27:33 | 001,441,280 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl [2013.04.24 21:27:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat [2013.04.24 21:27:33 | 000,745,472 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.24 21:27:33 | 000,719,360 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll [2013.04.24 21:27:33 | 000,629,248 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll [2013.04.24 21:27:33 | 000,361,984 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\html.iec [2013.04.24 21:27:33 | 000,357,888 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll [2013.04.24 21:27:33 | 000,242,200 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll [2013.04.24 21:27:33 | 000,232,960 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\url.dll [2013.04.24 21:27:33 | 000,226,816 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll [2013.04.24 21:27:33 | 000,185,344 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll [2013.04.24 21:27:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll [2013.04.24 21:27:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll [2013.04.24 21:27:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe [2013.04.24 21:27:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe [2013.04.24 21:27:33 | 000,137,216 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe [2013.04.24 21:27:33 | 000,117,248 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll [2013.04.24 21:27:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll [2013.04.24 21:27:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll [2013.04.24 21:27:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe [2013.04.24 21:27:33 | 000,057,344 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll [2013.04.24 21:27:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll [2013.04.24 21:27:33 | 000,041,984 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll [2013.04.24 21:27:33 | 000,038,400 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll [2013.04.24 21:27:33 | 000,025,185 | ---- | M] () -- H:\Windows\System32\ieuinit.inf [2013.04.24 21:27:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll [2013.04.24 21:27:33 | 000,011,776 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe [2013.04.24 21:27:09 | 000,049,152 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe [2013.04.24 21:26:23 | 002,284,544 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msmpeg2vdec.dll [2013.04.24 21:26:23 | 001,504,768 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d11.dll [2013.04.24 21:26:23 | 001,247,744 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll [2013.04.24 21:26:23 | 001,158,144 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\XpsPrint.dll [2013.04.24 21:26:23 | 001,080,832 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10.dll [2013.04.24 21:26:23 | 000,417,792 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\WMPhoto.dll [2013.04.24 21:26:23 | 000,364,544 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\XpsGdiConverter.dll [2013.04.24 21:26:23 | 000,220,160 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10core.dll [2013.04.24 21:26:23 | 000,207,872 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\WindowsCodecsExt.dll [2013.04.24 21:26:23 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.24 21:26:23 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.24 21:26:23 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.24 21:26:23 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.24 21:26:22 | 003,419,136 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d2d1.dll [2013.04.24 21:26:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10warp.dll [2013.04.24 21:26:22 | 000,604,160 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10level9.dll [2013.04.24 21:26:22 | 000,293,376 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxgi.dll [2013.04.24 21:26:22 | 000,249,856 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1core.dll [2013.04.24 21:26:22 | 000,187,392 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\UIAnimation.dll [2013.04.24 21:26:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1.dll [2013.04.24 15:34:36 | 000,001,163 | ---- | M] () -- H:\Users\Public\Desktop\Internet Manager.lnk [2013.04.24 15:33:03 | 001,108,320 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wdfcoinstaller01007.dll [2013.04.24 15:33:03 | 001,108,320 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfCoInstaller01007.dll [2013.04.24 15:33:03 | 000,861,696 | ---- | M] (DiBcom SA) -- H:\Windows\System32\drivers\mod7700.sys [2013.04.24 15:33:03 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbwwan.sys [2013.04.24 15:33:03 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbmdm.sys [2013.04.24 15:33:03 | 000,181,760 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juwwanecm.sys [2013.04.24 15:33:03 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwusbdev.sys [2013.04.24 15:33:03 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcacm.sys [2013.04.24 15:33:03 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jubusenum.sys [2013.04.24 15:33:03 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcecm.sys [2013.04.24 15:33:03 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juextctrl.sys [2013.04.24 15:33:03 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- H:\Windows\System32\drivers\ewdcsc.sys [2013.04.24 15:33:03 | 000,024,192 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\drivers\tcpipBM.sys [2013.04.24 15:33:03 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwupgrade.sys [2013.04.24 15:33:03 | 000,013,712 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\sporder.dll [2013.04.24 15:33:03 | 000,013,184 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\drivers\BMLoad.sys [2013.04.24 15:33:03 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.04.24 15:33:02 | 000,724,608 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\bmutil.dll [2013.04.24 15:33:02 | 000,480,384 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bmnet.dll [2013.04.24 15:33:02 | 000,308,352 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bminstall.dll [2013.04.24 15:32:57 | 000,132,224 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bmdumpd.bin ========== Files Created - No Company Name ========== [2013.05.23 17:54:03 | 000,079,360 | ---- | C] () -- H:\Windows\System32\ff_vfw.dll [2013.05.23 17:53:34 | 000,000,804 | ---- | C] () -- H:\Users\Horst\Desktop\HDVidCodec.lnk [2013.05.22 20:04:05 | 000,000,886 | ---- | C] () -- H:\Users\Horst\Desktop\Movie2KDownloader.lnk [2013.05.17 20:42:07 | 000,000,318 | ---- | C] () -- H:\Users\Horst\Desktop\Curse Client.appref-ms [2013.05.17 20:39:28 | 000,000,264 | ---- | C] () -- H:\Windows\tasks\PC Performer_DEFAULT.job [2013.05.17 20:39:24 | 000,000,272 | ---- | C] () -- H:\Windows\tasks\PC Performer_UPDATES.job [2013.05.17 20:23:15 | 000,000,000 | ---- | C] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013.05.17 20:20:53 | 000,000,213 | ---- | C] () -- H:\Users\Horst\Desktop\Dota 2.url [2013.05.17 19:10:25 | 000,000,775 | ---- | C] () -- H:\Users\Public\Desktop\World of Warcraft.lnk [2013.05.17 15:43:40 | 000,000,835 | ---- | C] () -- H:\Users\Public\Desktop\Steam.lnk [2013.05.05 11:38:38 | 000,001,725 | ---- | C] () -- H:\Users\Public\Desktop\Start BlueStacks.lnk [2013.05.05 11:28:28 | 000,001,385 | ---- | C] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.24 21:35:34 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.24 21:35:01 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.24 21:27:33 | 000,025,185 | ---- | C] () -- H:\Windows\System32\ieuinit.inf [2013.04.24 15:34:36 | 000,001,163 | ---- | C] () -- H:\Users\Public\Desktop\Internet Manager.lnk [2012.07.15 11:07:27 | 000,007,597 | ---- | C] () -- H:\Users\Horst\AppData\Local\Resmon.ResmonCfg [2011.11.15 12:22:15 | 000,640,512 | ---- | C] () -- H:\Windows\System32\wonauth.dll [2011.09.29 14:29:27 | 000,000,806 | ---- | C] () -- H:\Windows\eReg.dat [2011.08.28 03:00:40 | 000,166,912 | ---- | C] () -- H:\Windows\System32\APOMngr.DLL [2011.08.28 03:00:40 | 000,073,728 | ---- | C] () -- H:\Windows\System32\CmdRtr.DLL [2011.08.25 08:41:47 | 000,002,177 | ---- | C] () -- H:\Windows\P17EP.ini [2011.08.25 08:41:47 | 000,001,578 | ---- | C] () -- H:\Windows\P17EPLS.ini [2011.08.25 08:41:47 | 000,001,489 | ---- | C] () -- H:\Windows\P17EP51.ini [2011.08.21 00:14:45 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2013.05.17 20:39:52 | 000,000,227 | RHS- | M] () -- H:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.17 14:32:20 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\3DataManager [2013.05.22 20:05:39 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\BabSolution [2012.07.01 12:46:40 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Babylon [2013.05.17 22:06:39 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Curse Advertising [2013.05.22 20:05:31 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Delta [2013.05.17 20:39:07 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\PerformerSoft [2013.05.17 20:39:24 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Softonic [2012.05.09 10:27:28 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\T-Mobile [2012.05.11 18:25:57 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\TS3Client [2013.05.22 20:05:08 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Yontoo ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.29 22:08:46 | 000,000,000 | -HSD | M] -- H:\$Recycle.Bin [2011.08.21 01:10:35 | 000,000,000 | -HSD | M] -- H:\Boot [2013.05.18 03:26:01 | 000,000,000 | -H-D | M] -- H:\Config.Msi [2012.05.23 18:38:51 | 000,000,000 | ---D | M] -- H:\Diablo III [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- H:\Documents and Settings [2012.05.02 19:40:42 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen [2008.11.23 12:25:21 | 000,000,000 | RH-D | M] -- H:\MSOCache [2013.05.05 12:16:14 | 000,000,000 | ---D | M] -- H:\NVIDIA [2013.05.23 17:54:03 | 000,000,000 | ---D | M] -- H:\Program Files [2013.05.22 20:11:06 | 000,000,000 | -H-D | M] -- H:\ProgramData [2011.11.15 13:45:39 | 000,000,000 | R--D | M] -- H:\Programme [2011.08.21 00:24:31 | 000,000,000 | -HSD | M] -- H:\Recovery [2008.09.25 18:28:30 | 000,000,000 | -HSD | M] -- H:\RECYCLER [2013.05.23 18:35:40 | 000,000,000 | -HSD | M] -- H:\System Volume Information [2012.05.21 03:02:45 | 000,000,000 | R--D | M] -- H:\Users [2013.05.14 11:02:47 | 000,000,000 | ---D | M] -- H:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- H:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- H:\Windows\Tasks\SA.DAT [2011.08.21 01:07:27 | 000,001,092 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.08.21 01:07:28 | 000,001,096 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.08.25 10:18:36 | 000,001,068 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2011.08.25 10:18:37 | 000,001,120 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2011.11.27 13:16:06 | 000,000,332 | ---- | C] () -- H:\Windows\Tasks\RegistryBooster.job [2012.03.04 15:43:21 | 000,000,906 | ---- | C] () -- H:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2012.03.04 15:43:22 | 000,000,928 | ---- | C] () -- H:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2012.05.20 12:59:06 | 000,000,884 | ---- | C] () -- H:\Windows\Tasks\Adobe Flash Player Updater.job [2013.05.17 20:39:24 | 000,000,272 | ---- | C] () -- H:\Windows\Tasks\PC Performer_UPDATES.job [2013.05.17 20:39:28 | 000,000,264 | ---- | C] () -- H:\Windows\Tasks\PC Performer_DEFAULT.job < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- H:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- H:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- H:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- H:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- H:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- H:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- H:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- H:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- H:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\System32\netlogon.dll [2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- H:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- H:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- H:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- H:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\System32\scecli.dll [2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- H:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- H:\Windows\System32\user32.dll [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- H:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\System32\userinit.exe [2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- H:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- H:\Windows\System32\winlogon.exe [2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- H:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- H:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- H:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.05.23 18:43:34 | 004,456,448 | -HS- | M] () -- H:\Users\Horst\ntuser.dat [2013.05.23 18:43:34 | 000,262,144 | -HS- | M] () -- H:\Users\Horst\ntuser.dat.LOG1 [2011.08.21 00:24:37 | 000,000,000 | -HS- | M] () -- H:\Users\Horst\ntuser.dat.LOG2 [2012.04.02 15:21:22 | 000,065,536 | RHS- | M] () -- H:\Users\Horst\ntuser.dat{0b94eb1e-7c9d-11e1-a97d-001d60db6421}.TM.blf [2012.04.02 15:21:22 | 000,524,288 | RHS- | M] () -- H:\Users\Horst\ntuser.dat{0b94eb1e-7c9d-11e1-a97d-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.04.02 15:21:22 | 000,524,288 | RHS- | M] () -- H:\Users\Horst\ntuser.dat{0b94eb1e-7c9d-11e1-a97d-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.05.21 20:39:41 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{3c404129-a262-11e1-a2f1-001d60db6421}.TM.blf [2012.05.21 20:39:41 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{3c404129-a262-11e1-a2f1-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.05.21 20:39:41 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{3c404129-a262-11e1-a2f1-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.05.02 19:39:43 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{4d6d488e-9477-11e1-88a1-001d60db6421}.TM.blf [2012.05.02 19:39:43 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{4d6d488e-9477-11e1-88a1-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.05.02 19:39:43 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{4d6d488e-9477-11e1-88a1-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.05.02 20:30:45 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{519c645d-947d-11e1-8d08-001d60db6421}.TM.blf [2012.05.02 20:30:45 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{519c645d-947d-11e1-8d08-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.05.02 20:30:45 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{519c645d-947d-11e1-8d08-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2013.04.24 21:22:21 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{56d43140-acde-11e2-9a36-001d60db6421}.TM.blf [2013.04.24 21:22:21 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{56d43140-acde-11e2-9a36-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2013.04.24 21:22:21 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{56d43140-acde-11e2-9a36-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.04.04 17:16:45 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{724b700b-7e2d-11e1-a42a-001d60db6421}.TM.blf [2012.04.04 17:16:45 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{724b700b-7e2d-11e1-a42a-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.04.04 17:16:45 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{724b700b-7e2d-11e1-a42a-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.05.20 12:00:29 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{abb53138-a260-11e1-b3a5-001d60db6421}.TM.blf [2012.05.20 12:00:29 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{abb53138-a260-11e1-b3a5-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.05.20 12:00:29 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{abb53138-a260-11e1-b3a5-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.05.20 11:45:39 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{d13b78ec-a25c-11e1-bccf-001d60db6421}.TM.blf [2012.05.20 11:45:39 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{d13b78ec-a25c-11e1-bccf-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.05.20 11:45:39 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{d13b78ec-a25c-11e1-bccf-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.05.02 19:03:46 | 000,065,536 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{d2c90cfe-9427-11e1-87fd-001d60db6421}.TM.blf [2012.05.02 19:03:46 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{d2c90cfe-9427-11e1-87fd-001d60db6421}.TMContainer00000000000000000001.regtrans-ms [2012.05.02 19:03:46 | 000,524,288 | -HS- | M] () -- H:\Users\Horst\ntuser.dat{d2c90cfe-9427-11e1-87fd-001d60db6421}.TMContainer00000000000000000002.regtrans-ms [2012.04.04 10:09:38 | 000,000,020 | -HS- | M] () -- H:\Users\Horst\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> H:\ProgramData\TEMP:05EE1EEF < End of report > sorr muss es zitieren weil Antwort kann ich nicht schreiben, lässt mich nicht anmelden. |
23.05.2013, 18:01 | #6 |
/// Malware-holic | serach nu, bitte um hilfe Hi, wie kommt man bitte an so viele unnütze Toolbars? Lade Software bitte nur beim Hersteller, und instaliere immer Nutzerdefiniert um Toolbars abwählen zu können Informiere dich darüber was du instalierst, in den AGB's bzw via Google otl fix Fixen mit OTL
Code:
ATTFilter :OTL O20 - AppInit_DLLs: (H:\PROGRA~3\Wincert\WIN32C~1.DLL) - H:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (H:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () O20 - AppInit_DLLs: (h:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell\AutoRun\command - "" = M:\Autorun.exe O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell - "" = AutoRun O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell\AutoRun\command - "" = O:\AutoRun.exe O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AutoRun.exe O36 - AppCertDlls: x86 - (H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll () :files H:\ProgramData\Wincert H:\Program Files\Search Results Toolbar h:\ProgramData\BrowserProtect :Commands [emptytemp]
__________________ --> serach nu, bitte um hilfe |
23.05.2013, 18:26 | #7 |
| serach nu, bitte um hilfe OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2013 19:18:00 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = L:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 38,93% Memory free 5,75 Gb Paging File | 3,74 Gb Available in Paging File | 65,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files Drive H: | 78,13 Gb Total Space | 6,68 Gb Free Space | 8,55% Space Free | Partition Type: NTFS Drive I: | 97,65 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive J: | 94,66 Gb Total Space | 94,37 Gb Free Space | 99,70% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 76,40 Gb Free Space | 78,23% Space Free | Partition Type: NTFS Drive L: | 97,65 Gb Total Space | 17,19 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - L:\OTL (2).exe (OldTimer Tools) PRC - H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) PRC - H:\Program Files\Yontoo Layers Runtime\Y2Desktop.Updater.exe (Microsoft) PRC - H:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - H:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.) PRC - H:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) PRC - H:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - H:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-SharedFolder.exe (BlueStack Systems) PRC - H:\Program Files\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) PRC - H:\Program Files\BlueStacks\HD-Network.exe (BlueStack Systems) PRC - H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () PRC - H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - H:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - H:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - H:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - H:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - H:\Program Files\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd) PRC - H:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) PRC - H:\Windows\explorer.exe (Microsoft Corporation) PRC - H:\ProgramData\DatacardService\HWDeviceService.exe () PRC - H:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - H:\Windows\System32\atieclxx.exe (AMD) PRC - H:\Windows\System32\atiesrxx.exe (AMD) PRC - H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - H:\Users\Horst\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\814a45188ec5fe4b0ab709168cf4f81b\HD-Agent.ni.exe () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll () MOD - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\c94d8eba16a1c51a1cf7d7ac7f330843\JSON.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - H:\ProgramData\Wincert\win32prop.dll () MOD - H:\ProgramData\Wincert\win32cert.dll () MOD - H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () MOD - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () MOD - H:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - H:\Program Files\WinRAR\RarExt.dll () MOD - H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - H:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - H:\Windows\System32\APOMngr.DLL () MOD - H:\Windows\System32\CmdRtr.DLL () ========== Services (SafeList) ========== SRV - (ZuneWlanCfgSvc) -- H:\Program Files\Zune\ZuneWlanCfgSvc.exe File not found SRV - (ZuneNetworkSvc) -- H:\Program Files\Zune\ZuneNss.exe File not found SRV - (Yontoo Desktop Updater) -- H:\Program Files\Yontoo Layers Runtime\Y2Desktop.Updater.exe H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe File not found SRV - (WMZuneComm) -- H:\Program Files\Zune\WMZuneComm.exe File not found SRV - (wlcrasvc) -- H:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found SRV - (gusvc) -- H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdatem) -- H:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found SRV - (gupdate) -- H:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found SRV - (fsssvc) -- H:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found SRV - (Creative Audio Engine Licensing Service) -- H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- H:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DatamngrCoordinator) -- H:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) SRV - (Steam Client Service) -- H:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BstHdLogRotatorSvc) -- H:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- H:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (BrowserProtect) -- H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () SRV - (nvUpdatusService) -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (McComponentHostService) -- H:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- H:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (WatAdminSvc) -- H:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (HWDeviceService.exe) -- H:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (AMD External Events Utility) -- H:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- H:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- H:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CTAudSvcService) -- H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (hwdatacard) -- H:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_wwanecm) -- H:\Windows\System32\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- H:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- H:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- H:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_ext_ctrl) -- H:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- H:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- H:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ew_usbenumfilter) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (BstHdDrv) -- H:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems) DRV - (nvlddmkm) -- H:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (FTSER2K) -- H:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (FTDIBUS) -- H:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (EuMusDesignVirtualAudioCableWdm) -- H:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV - (RzSynapse) -- H:\Windows\System32\drivers\RzSynapse.sys (Razer USA Ltd) DRV - (TsUsbFlt) -- H:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (winusb) -- H:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- H:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (P17) -- H:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.) DRV - (atikmdag) -- H:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Atc002) -- H:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.) DRV - (MTsensor) -- H:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\ IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 D4 D4 09 29 A1 CC 01 [binary data] IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{04C780E6-C682-4F97-B151-6932DBDE79AC}: "URL" = hxxp://search.softonic.com/MOY00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=00000000000000000000001d60db6421&r=397 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119781&tt=gc_&babsrc=SP_ss&mntrId=E4E6001D60DB6421 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{4CC30D01-69C8-4993-8BE2-EEDD8904D876}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT445 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB}?q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\ IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN AT: Hotmail, Outlook, Messenger, Skype, Unterhaltung, Nachrichten & Lifestyle IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 BB 9D 23 8C 5F CC 01 [binary data] IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=00000000000000000000582c80139263 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{4CC30D01-69C8-4993-8BE2-EEDD8904D876}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB}?q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{C65F971D-0D1A-4667-BDA9-6AE58C9C805F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406?appid=559" FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: {C4A4F5A0-4B89-4392-AFAC-D58010E349AF}:5.0.0.7254 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5476213633344063&o=APN10645&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: H:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: H:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Users\Horst\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Users\Horst\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012.06.30 21:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012.06.30 21:50:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2012.05.09 18:39:48 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Extensions [2013.05.23 17:53:47 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions [2013.05.22 20:10:57 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0} [2013.05.22 20:10:52 | 000,000,000 | ---D | M] (New Tab) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} [2013.05.22 20:05:32 | 000,000,000 | ---D | M] (Delta Toolbar) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\ffxtlbr@delta.com [2013.05.22 20:04:56 | 000,000,000 | ---D | M] (Yontoo) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\plugin@yontoo.com [2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\gophoto@gophoto.it.xpi [2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\hdvc@hdvc.com.xpi [2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\m2k@m2kdownloader.com.xpi [2013.04.24 15:55:52 | 000,190,000 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.05.22 20:05:19 | 000,006,505 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\babylon.xml [2013.05.22 20:05:34 | 000,001,294 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\delta.xml [2013.05.22 20:10:52 | 000,002,646 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\Search_Results.xml [2013.05.17 20:40:31 | 000,001,434 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\softonic.xml [2012.07.01 13:47:14 | 000,004,117 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\sweetim.xml [2012.05.09 18:39:30 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions [2012.06.30 21:50:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- H:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.30 21:50:24 | 000,001,392 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.01 12:46:51 | 000,002,352 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.30 21:50:24 | 000,002,252 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.30 21:50:24 | 000,001,153 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 21:50:24 | 000,006,805 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.22 20:10:52 | 000,002,646 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.30 21:50:24 | 000,001,178 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 21:50:24 | 000,001,105 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: Search CHR - Extension: Softonic Chrome Toolbar = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ CHR - Extension: Delta Toolbar = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: iLivid New Tabs = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\jbajpeofkjjeiamcglnmldoboonfkiol\5.0.0.7254_0\ CHR - Extension: HDvid Codec = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.0_0\ CHR - Extension: M2k Downloader = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn\1.0_0\ CHR - Extension: Yontoo = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: GoPhoto.it = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - H:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Program Files\Winamp Toolbar\winamptb.dll File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - H:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - H:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - H:\Program Files\Winload\prxtbWin0.dll File not found O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - H:\Program Files\BittorrentBar_DE\prxtbBitt.dll File not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - H:\Program Files\Windows Live\Companion\companioncore.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll File not found O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - H:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - H:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - H:\Program Files\Softonic\Softonic\1.8.19.3\bh\Softonic.dll (Softonic.com) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - H:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - H:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - H:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - H:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - H:\Program Files\Winload\prxtbWin0.dll File not found O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - H:\Program Files\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - H:\Program Files\BittorrentBar_DE\prxtbBitt.dll File not found O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - H:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - H:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Program Files\Winamp Toolbar\winamptb.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - H:\Program Files\Winload\prxtbWin0.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - H:\Program Files\Winload\prxtbWin0.dll File not found O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BlueStacks Agent] H:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [DATAMNGR] H:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.) O4 - HKLM..\Run: [P17RunE] H:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [QuickTime Plugin Install] H:\Program Files\QuickTime\Plugins\DeleteMe1.exe () O4 - HKLM..\Run: [Razer Anansi Driver] H:\Program Files\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [Razer Naga Driver] H:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Zune Launcher] H:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [EADM] "H:\Program Files\Origin\Origin.exe" -AutoStart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Facebook Update] "H:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [RegistryBooster] "H:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Spotify] "H:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Steam] H:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Yontoo Desktop] H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [EADM] "H:\Program Files\Origin\Origin.exe" -AutoStart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [Facebook Update] "H:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [RegistryBooster] "H:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [Spotify] "H:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [swg] "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [CTAutoUpdate] "H:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [FlashPlayerUpdate] H:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [InetReg] "H:\Program Files\Creative\Produktregistrierung\German\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Web-Suche - H:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: @H:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - H:\Program Files\Windows Live\Companion\companioncore.dll File not found O9 - Extra Button: @H:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found O9 - Extra 'Tools' menuitem : @H:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C0279CB-C7EC-4E56-812A-16CD781ABAB8}: NameServer = 213.162.69.170 213.162.69.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D966CB7E-CEDB-4CB0-AF5E-E011ABA4BB8F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll File not found O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O20 - AppInit_DLLs: (H:\PROGRA~3\Wincert\WIN32C~1.DLL) - H:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (H:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () O20 - AppInit_DLLs: (h:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.03.26 21:26:05 | 000,000,000 | ---D | M] - J:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell\AutoRun\command - "" = M:\Autorun.exe O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell - "" = AutoRun O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell\AutoRun\command - "" = O:\AutoRun.exe O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: x86 - (H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 17:54:03 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.05.23 17:54:03 | 000,000,000 | ---D | C] -- H:\Program Files\ffdshow [2013.05.23 17:53:47 | 000,000,000 | ---D | C] -- H:\Program Files\Gophoto.it [2013.05.23 17:53:34 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com [2013.05.23 17:53:34 | 000,000,000 | ---D | C] -- H:\Program Files\hdvidcodec.com [2013.05.22 20:11:06 | 000,000,000 | ---D | C] -- H:\ProgramData\Wincert [2013.05.22 20:10:49 | 000,000,000 | ---D | C] -- H:\Program Files\Search Results Toolbar [2013.05.22 20:10:49 | 000,000,000 | ---D | C] -- H:\ProgramData\Datamngr [2013.05.22 20:09:51 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\iLivid [2013.05.22 20:05:50 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.22 20:05:46 | 000,000,000 | ---D | C] -- H:\ProgramData\BrowserProtect [2013.05.22 20:05:38 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\BabSolution [2013.05.22 20:05:32 | 000,000,000 | ---D | C] -- H:\Program Files\Delta [2013.05.22 20:05:31 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Delta [2013.05.22 20:04:55 | 000,000,000 | ---D | C] -- H:\Program Files\Yontoo Layers Runtime [2013.05.22 20:04:55 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Yontoo [2013.05.22 20:04:13 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\PutLockerDownloader [2013.05.22 20:04:05 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.05.22 20:04:05 | 000,000,000 | ---D | C] -- H:\Program Files\Movie2KDownloader.com [2013.05.21 15:36:33 | 000,000,000 | ---D | C] -- H:\Users\Horst\Desktop\addons [2013.05.21 14:58:46 | 000,000,000 | ---D | C] -- H:\Users\Horst\Desktop\gramsch2 [2013.05.19 16:28:55 | 013,011,504 | ---- | C] (Blizzard Entertainment) -- H:\Users\Horst\Desktop\Wow.exe [2013.05.18 12:35:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_5.dll [2013.05.18 12:35:25 | 002,106,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_43.dll [2013.05.18 12:35:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_43.dll [2013.05.18 12:35:25 | 001,868,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dcsx_43.dll [2013.05.18 12:35:25 | 000,528,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_6.dll [2013.05.18 12:35:25 | 000,527,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_7.dll [2013.05.18 12:35:25 | 000,470,880 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_43.dll [2013.05.18 12:35:25 | 000,248,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx11_43.dll [2013.05.18 12:35:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_7.dll [2013.05.18 12:35:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_6.dll [2013.05.18 12:35:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_4.dll [2013.05.18 12:35:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_7.dll [2013.05.18 12:35:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_5.dll [2013.05.18 12:35:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_41.dll [2013.05.18 12:35:21 | 000,517,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_4.dll [2013.05.18 12:35:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_40.dll [2013.05.18 12:35:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_40.dll [2013.05.18 12:35:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_40.dll [2013.05.18 12:35:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_4.dll [2013.05.18 12:35:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_6.dll [2013.05.18 12:35:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_39.dll [2013.05.18 12:35:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_3.dll [2013.05.18 12:35:19 | 000,509,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_2.dll [2013.05.18 12:35:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_39.dll [2013.05.18 12:35:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_2.dll [2013.05.18 12:35:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_3.dll [2013.05.18 12:35:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_2.dll [2013.05.18 12:35:19 | 000,068,616 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_1.dll [2013.05.18 12:35:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_5.dll [2013.05.18 12:35:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_39.dll [2013.05.18 12:35:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_1.dll [2013.05.18 12:35:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_0.dll [2013.05.18 12:35:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_38.dll [2013.05.18 12:35:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_38.dll [2013.05.18 12:35:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_0.dll [2013.05.18 12:35:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_38.dll [2013.05.18 12:35:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_1.dll [2013.05.18 12:35:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_0.dll [2013.05.18 12:35:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_4.dll [2013.05.18 12:35:16 | 003,786,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_37.dll [2013.05.18 12:35:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_37.dll [2013.05.18 12:35:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_37.dll [2013.05.18 12:35:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_36.dll [2013.05.18 12:35:16 | 000,267,272 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_10.dll [2013.05.18 12:35:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_3.dll [2013.05.18 12:35:15 | 003,734,536 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_36.dll [2013.05.18 12:35:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_35.dll [2013.05.18 12:35:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_36.dll [2013.05.18 12:35:15 | 001,358,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_35.dll [2013.05.18 12:35:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_35.dll [2013.05.18 12:35:15 | 000,267,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_9.dll [2013.05.18 12:35:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_34.dll [2013.05.18 12:35:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_34.dll [2013.05.18 12:35:14 | 001,123,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_33.dll [2013.05.18 12:35:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_34.dll [2013.05.18 12:35:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_33.dll [2013.05.18 12:35:14 | 000,266,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_8.dll [2013.05.18 12:35:14 | 000,261,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_7.dll [2013.05.18 12:35:14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_2.dll [2013.05.18 12:35:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_33.dll [2013.05.18 12:35:13 | 000,440,080 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10.dll [2013.05.18 12:35:13 | 000,255,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_6.dll [2013.05.18 12:35:13 | 000,251,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_5.dll [2013.05.18 12:35:12 | 000,237,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_4.dll [2013.05.18 12:35:12 | 000,015,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\x3daudio1_1.dll [2013.05.18 12:35:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_3.dll [2013.05.18 12:35:11 | 000,230,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_2.dll [2013.05.18 12:35:11 | 000,229,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_1.dll [2013.05.18 12:35:11 | 000,062,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xinput1_2.dll [2013.05.18 12:35:11 | 000,062,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xinput1_1.dll [2013.05.18 12:35:06 | 002,388,176 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_30.dll [2013.05.18 12:35:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_29.dll [2013.05.18 12:35:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_28.dll [2013.05.18 12:35:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_27.dll [2013.05.18 12:35:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_0.dll [2013.05.18 12:35:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\x3daudio1_0.dll [2013.05.18 12:35:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_25.dll [2013.05.18 12:35:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_26.dll [2013.05.18 12:35:05 | 002,222,800 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_24.dll [2013.05.18 03:08:02 | 002,706,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb [2013.05.18 03:08:01 | 002,877,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll [2013.05.18 03:08:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll [2013.05.18 03:08:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll [2013.05.18 03:08:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll [2013.05.18 03:07:59 | 000,493,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll [2013.05.18 03:07:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll [2013.05.18 03:07:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe [2013.05.18 03:07:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe [2013.05.18 03:07:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll [2013.05.17 20:42:34 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Curse Advertising [2013.05.17 20:42:07 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2013.05.17 20:40:02 | 000,000,000 | ---D | C] -- H:\Program Files\Softonic [2013.05.17 20:39:24 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Softonic [2013.05.17 20:39:07 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\PerformerSoft [2013.05.17 20:39:07 | 000,000,000 | ---D | C] -- H:\ProgramData\IBUpdaterService [2013.05.17 20:39:05 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- H:\Windows\System32\roboot.exe [2013.05.17 20:39:03 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013.05.17 20:39:02 | 000,000,000 | ---D | C] -- H:\Program Files\PC Performer [2013.05.17 20:29:58 | 000,000,000 | ---D | C] -- H:\Users\Horst\Documents\My Curse [2013.05.17 20:20:54 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.17 20:20:19 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\Deployment [2013.05.17 19:23:37 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\ElevatedDiagnostics [2013.05.17 19:10:25 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.05.17 16:12:31 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.17 15:46:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wwanprotdim.dll [2013.05.17 15:46:32 | 002,347,520 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\win32k.sys [2013.05.17 15:46:22 | 000,218,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\dxgmms1.sys [2013.05.17 15:46:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll [2013.05.17 15:46:15 | 000,101,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\consent.exe [2013.05.17 15:43:45 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\PopCap Games [2013.05.17 15:43:30 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Steam [2013.05.17 15:43:28 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.17 15:43:26 | 000,000,000 | ---D | C] -- H:\Program Files\Steam [2013.05.05 12:20:00 | 000,000,000 | ---D | C] -- H:\Program Files\AGEIA Technologies [2013.05.05 12:19:33 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games [2013.05.05 12:19:29 | 000,000,000 | ---D | C] -- H:\ProgramData\PopCap Games [2013.05.05 12:19:29 | 000,000,000 | ---D | C] -- H:\Program Files\PopCap Games [2013.05.05 12:16:59 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvoglv32.dll [2013.05.05 12:16:59 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcompiler.dll [2013.05.05 12:16:59 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\drivers\nvlddmkm.sys [2013.05.05 12:16:59 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuda.dll [2013.05.05 12:16:59 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvopencl.dll [2013.05.05 12:16:59 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuvid.dll [2013.05.05 12:16:59 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuvenc.dll [2013.05.05 12:16:59 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvdispco3231422.dll [2013.05.05 12:16:59 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvdispgenco3231422.dll [2013.05.05 12:16:14 | 000,000,000 | ---D | C] -- H:\NVIDIA [2013.05.05 11:43:13 | 003,913,560 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntoskrnl.exe [2013.05.05 11:43:12 | 003,968,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntkrnlpa.exe [2013.05.05 11:43:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\csrsrv.dll [2013.05.05 11:42:59 | 000,131,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\aaclient.dll [2013.05.05 11:42:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\tsgqec.dll [2013.05.05 11:38:19 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.05.05 11:38:19 | 000,000,000 | ---D | C] -- H:\Program Files\BlueStacks [2013.05.05 11:38:12 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\NVIDIA [2013.05.05 11:37:58 | 000,000,000 | ---D | C] -- H:\ProgramData\BlueStacksSetup [2013.05.05 11:37:58 | 000,000,000 | ---D | C] -- H:\ProgramData\BlueStacks [2013.05.05 11:28:28 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.24 21:54:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll [2013.04.24 21:54:00 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll [2013.04.24 21:35:33 | 000,047,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys [2013.04.24 21:35:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll [2013.04.24 21:35:01 | 000,613,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll [2013.04.24 21:35:01 | 000,172,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll [2013.04.24 21:35:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll [2013.04.24 21:27:33 | 001,441,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl [2013.04.24 21:27:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat [2013.04.24 21:27:33 | 000,745,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.24 21:27:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll [2013.04.24 21:27:33 | 000,629,248 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll [2013.04.24 21:27:33 | 000,361,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\html.iec [2013.04.24 21:27:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll [2013.04.24 21:27:33 | 000,242,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll [2013.04.24 21:27:33 | 000,232,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll [2013.04.24 21:27:33 | 000,226,816 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll [2013.04.24 21:27:33 | 000,185,344 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll [2013.04.24 21:27:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll [2013.04.24 21:27:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll [2013.04.24 21:27:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe [2013.04.24 21:27:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe [2013.04.24 21:27:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe [2013.04.24 21:27:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll [2013.04.24 21:27:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll [2013.04.24 21:27:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll [2013.04.24 21:27:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe [2013.04.24 21:27:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll [2013.04.24 21:27:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll [2013.04.24 21:27:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll [2013.04.24 21:27:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll [2013.04.24 21:27:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll [2013.04.24 21:27:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe [2013.04.24 21:27:09 | 000,049,152 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe [2013.04.24 21:26:23 | 002,284,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msmpeg2vdec.dll [2013.04.24 21:26:23 | 001,504,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d11.dll [2013.04.24 21:26:23 | 001,247,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll [2013.04.24 21:26:23 | 001,158,144 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XpsPrint.dll [2013.04.24 21:26:23 | 001,080,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10.dll [2013.04.24 21:26:23 | 000,417,792 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WMPhoto.dll [2013.04.24 21:26:23 | 000,364,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XpsGdiConverter.dll [2013.04.24 21:26:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10core.dll [2013.04.24 21:26:23 | 000,207,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WindowsCodecsExt.dll [2013.04.24 21:26:23 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.24 21:26:23 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.24 21:26:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.24 21:26:23 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.24 21:26:22 | 003,419,136 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d2d1.dll [2013.04.24 21:26:22 | 001,988,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10warp.dll [2013.04.24 21:26:22 | 000,604,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10level9.dll [2013.04.24 21:26:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxgi.dll [2013.04.24 21:26:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1core.dll [2013.04.24 21:26:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\UIAnimation.dll [2013.04.24 21:26:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1.dll [2013.04.24 16:03:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\RNDISMP.sys [2013.04.24 16:03:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\usb8023.sys [2013.04.24 16:02:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll [2013.04.24 16:02:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\OxpsConverter.exe [2013.04.24 16:01:55 | 000,187,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\FWPKCLNT.SYS [2013.04.24 16:01:50 | 000,240,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\netio.sys [2013.04.24 16:01:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\netcorehc.dll [2013.04.24 16:01:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncsi.dll [2013.04.24 16:01:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\netevent.dll [2013.04.24 16:01:36 | 000,271,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\conhost.exe [2013.04.24 16:01:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.04.24 16:01:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.04.24 16:01:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.04.24 16:01:22 | 000,400,896 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\srcore.dll [2013.04.24 16:01:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\browcli.dll [2013.04.24 16:00:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\gameux.dll [2013.04.24 16:00:52 | 000,308,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wpc.dll [2013.04.24 16:00:52 | 000,046,592 | ---- | C] (Microsoft) -- H:\Windows\System32\fpb.rs [2013.04.24 16:00:52 | 000,045,568 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc-nz.rs [2013.04.24 16:00:52 | 000,044,544 | ---- | C] (Microsoft) -- H:\Windows\System32\pegibbfc.rs [2013.04.24 16:00:52 | 000,043,520 | ---- | C] (Microsoft) -- H:\Windows\System32\csrr.rs [2013.04.24 16:00:52 | 000,040,960 | ---- | C] (Microsoft) -- H:\Windows\System32\cob-au.rs [2013.04.24 16:00:52 | 000,030,720 | ---- | C] (Microsoft) -- H:\Windows\System32\usk.rs [2013.04.24 16:00:52 | 000,021,504 | ---- | C] (Microsoft) -- H:\Windows\System32\grb.rs [2013.04.24 16:00:52 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-pt.rs [2013.04.24 16:00:52 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi.rs [2013.04.24 16:00:52 | 000,015,360 | ---- | C] (Microsoft) -- H:\Windows\System32\djctq.rs [2013.04.24 16:00:51 | 000,055,296 | ---- | C] (Microsoft) -- H:\Windows\System32\cero.rs [2013.04.24 16:00:51 | 000,051,712 | ---- | C] (Microsoft) -- H:\Windows\System32\esrb.rs [2013.04.24 16:00:51 | 000,023,552 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc.rs [2013.04.24 16:00:51 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-fi.rs [2013.04.24 16:00:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\synceng.dll [2013.04.24 16:00:35 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll [2013.04.24 16:00:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\tzres.dll [2013.04.24 15:59:14 | 000,193,536 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dhcpcore6.dll [2013.04.24 15:59:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dhcpcsvc6.dll [2013.04.24 15:58:54 | 000,169,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winsrv.dll [2013.04.24 15:33:46 | 000,861,696 | ---- | C] (DiBcom SA) -- H:\Windows\System32\drivers\mod7700.sys [2013.04.24 15:33:46 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbwwan.sys [2013.04.24 15:33:46 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbmdm.sys [2013.04.24 15:33:46 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juwwanecm.sys [2013.04.24 15:33:46 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwusbdev.sys [2013.04.24 15:33:46 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcacm.sys [2013.04.24 15:33:46 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jubusenum.sys [2013.04.24 15:33:46 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcecm.sys [2013.04.24 15:33:46 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juextctrl.sys [2013.04.24 15:33:46 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- H:\Windows\System32\drivers\ewdcsc.sys [2013.04.24 15:33:46 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwupgrade.sys [2013.04.24 15:33:46 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.04.24 15:33:19 | 000,724,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\bmutil.dll [2013.04.24 15:33:19 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bmnet.dll [2013.04.24 15:33:19 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bminstall.dll [2013.04.24 15:33:19 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bmdumpd.bin ========== Files - Modified Within 30 Days ========== [2013.05.23 19:11:00 | 000,001,096 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 19:04:04 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 18:26:00 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2013.05.23 17:53:34 | 000,000,804 | ---- | M] () -- H:\Users\Horst\Desktop\HDVidCodec.lnk [2013.05.23 17:48:00 | 000,000,928 | ---- | M] () -- H:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2013.05.23 17:04:04 | 000,021,888 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 17:04:04 | 000,021,888 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 16:57:34 | 000,000,332 | ---- | M] () -- H:\Windows\tasks\RegistryBooster.job [2013.05.23 16:57:13 | 000,001,092 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 16:56:36 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat [2013.05.23 16:56:32 | 2314,657,792 | -HS- | M] () -- H:\hiberfil.sys [2013.05.22 20:04:05 | 000,000,886 | ---- | M] () -- H:\Users\Horst\Desktop\Movie2KDownloader.lnk [2013.05.21 15:02:13 | 000,000,264 | ---- | M] () -- H:\Windows\tasks\PC Performer_DEFAULT.job [2013.05.21 14:48:00 | 000,000,906 | ---- | M] () -- H:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2013.05.20 21:26:01 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2013.05.19 12:19:53 | 004,852,004 | ---- | M] () -- H:\Windows\System32\perfh007.dat [2013.05.19 12:19:53 | 001,840,076 | ---- | M] () -- H:\Windows\System32\perfh009.dat [2013.05.19 12:19:53 | 001,430,940 | ---- | M] () -- H:\Windows\System32\perfc007.dat [2013.05.19 12:19:53 | 001,274,968 | ---- | M] () -- H:\Windows\System32\perfc009.dat [2013.05.18 03:27:00 | 000,269,712 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT [2013.05.18 03:26:46 | 000,000,272 | ---- | M] () -- H:\Windows\tasks\PC Performer_UPDATES.job [2013.05.17 20:42:07 | 000,000,318 | ---- | M] () -- H:\Users\Horst\Desktop\Curse Client.appref-ms [2013.05.17 20:23:15 | 000,000,000 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013.05.17 20:20:54 | 000,000,213 | ---- | M] () -- H:\Users\Horst\Desktop\Dota 2.url [2013.05.17 19:13:26 | 013,011,504 | ---- | M] (Blizzard Entertainment) -- H:\Users\Horst\Desktop\Wow.exe [2013.05.17 19:10:30 | 000,000,775 | ---- | M] () -- H:\Users\Public\Desktop\World of Warcraft.lnk [2013.05.17 17:04:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\FlashPlayerApp.exe [2013.05.17 17:04:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.17 16:12:31 | 000,001,964 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.17 15:43:40 | 000,000,835 | ---- | M] () -- H:\Users\Public\Desktop\Steam.lnk [2013.05.05 11:38:38 | 000,001,725 | ---- | M] () -- H:\Users\Public\Desktop\Start BlueStacks.lnk [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MpSigStub.exe [2013.04.24 21:27:33 | 001,441,280 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl [2013.04.24 21:27:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat [2013.04.24 21:27:33 | 000,745,472 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.24 21:27:33 | 000,719,360 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll [2013.04.24 21:27:33 | 000,629,248 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll [2013.04.24 21:27:33 | 000,361,984 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\html.iec [2013.04.24 21:27:33 | 000,357,888 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll [2013.04.24 21:27:33 | 000,242,200 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll [2013.04.24 21:27:33 | 000,232,960 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\url.dll [2013.04.24 21:27:33 | 000,226,816 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll [2013.04.24 21:27:33 | 000,185,344 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll [2013.04.24 21:27:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll [2013.04.24 21:27:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll [2013.04.24 21:27:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe [2013.04.24 21:27:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe [2013.04.24 21:27:33 | 000,137,216 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe [2013.04.24 21:27:33 | 000,117,248 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll [2013.04.24 21:27:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll [2013.04.24 21:27:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll [2013.04.24 21:27:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe [2013.04.24 21:27:33 | 000,057,344 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll [2013.04.24 21:27:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll [2013.04.24 21:27:33 | 000,041,984 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll [2013.04.24 21:27:33 | 000,038,400 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll [2013.04.24 21:27:33 | 000,025,185 | ---- | M] () -- H:\Windows\System32\ieuinit.inf [2013.04.24 21:27:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll [2013.04.24 21:27:33 | 000,011,776 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe [2013.04.24 21:27:09 | 000,049,152 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe [2013.04.24 21:26:23 | 002,284,544 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msmpeg2vdec.dll [2013.04.24 21:26:23 | 001,504,768 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d11.dll [2013.04.24 21:26:23 | 001,247,744 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll [2013.04.24 21:26:23 | 001,158,144 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\XpsPrint.dll [2013.04.24 21:26:23 | 001,080,832 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10.dll [2013.04.24 21:26:23 | 000,417,792 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\WMPhoto.dll [2013.04.24 21:26:23 | 000,364,544 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\XpsGdiConverter.dll [2013.04.24 21:26:23 | 000,220,160 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10core.dll [2013.04.24 21:26:23 | 000,207,872 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\WindowsCodecsExt.dll [2013.04.24 21:26:23 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.24 21:26:23 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.24 21:26:23 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.24 21:26:23 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.24 21:26:22 | 003,419,136 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d2d1.dll [2013.04.24 21:26:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10warp.dll [2013.04.24 21:26:22 | 000,604,160 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10level9.dll [2013.04.24 21:26:22 | 000,293,376 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxgi.dll [2013.04.24 21:26:22 | 000,249,856 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1core.dll [2013.04.24 21:26:22 | 000,187,392 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\UIAnimation.dll [2013.04.24 21:26:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1.dll [2013.04.24 15:34:36 | 000,001,163 | ---- | M] () -- H:\Users\Public\Desktop\Internet Manager.lnk [2013.04.24 15:33:03 | 001,108,320 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wdfcoinstaller01007.dll [2013.04.24 15:33:03 | 001,108,320 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfCoInstaller01007.dll [2013.04.24 15:33:03 | 000,861,696 | ---- | M] (DiBcom SA) -- H:\Windows\System32\drivers\mod7700.sys [2013.04.24 15:33:03 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbwwan.sys [2013.04.24 15:33:03 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbmdm.sys [2013.04.24 15:33:03 | 000,181,760 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juwwanecm.sys [2013.04.24 15:33:03 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwusbdev.sys [2013.04.24 15:33:03 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcacm.sys [2013.04.24 15:33:03 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jubusenum.sys [2013.04.24 15:33:03 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcecm.sys [2013.04.24 15:33:03 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juextctrl.sys [2013.04.24 15:33:03 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- H:\Windows\System32\drivers\ewdcsc.sys [2013.04.24 15:33:03 | 000,024,192 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\drivers\tcpipBM.sys [2013.04.24 15:33:03 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwupgrade.sys [2013.04.24 15:33:03 | 000,013,712 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\sporder.dll [2013.04.24 15:33:03 | 000,013,184 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\drivers\BMLoad.sys [2013.04.24 15:33:03 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.04.24 15:33:02 | 000,724,608 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\bmutil.dll [2013.04.24 15:33:02 | 000,480,384 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bmnet.dll [2013.04.24 15:33:02 | 000,308,352 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bminstall.dll [2013.04.24 15:32:57 | 000,132,224 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bmdumpd.bin ========== Files Created - No Company Name ========== [2013.05.23 17:54:03 | 000,079,360 | ---- | C] () -- H:\Windows\System32\ff_vfw.dll [2013.05.23 17:53:34 | 000,000,804 | ---- | C] () -- H:\Users\Horst\Desktop\HDVidCodec.lnk [2013.05.22 20:04:05 | 000,000,886 | ---- | C] () -- H:\Users\Horst\Desktop\Movie2KDownloader.lnk [2013.05.17 20:42:07 | 000,000,318 | ---- | C] () -- H:\Users\Horst\Desktop\Curse Client.appref-ms [2013.05.17 20:39:28 | 000,000,264 | ---- | C] () -- H:\Windows\tasks\PC Performer_DEFAULT.job [2013.05.17 20:39:24 | 000,000,272 | ---- | C] () -- H:\Windows\tasks\PC Performer_UPDATES.job [2013.05.17 20:23:15 | 000,000,000 | ---- | C] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013.05.17 20:20:53 | 000,000,213 | ---- | C] () -- H:\Users\Horst\Desktop\Dota 2.url [2013.05.17 19:10:25 | 000,000,775 | ---- | C] () -- H:\Users\Public\Desktop\World of Warcraft.lnk [2013.05.17 15:43:40 | 000,000,835 | ---- | C] () -- H:\Users\Public\Desktop\Steam.lnk [2013.05.05 11:38:38 | 000,001,725 | ---- | C] () -- H:\Users\Public\Desktop\Start BlueStacks.lnk [2013.05.05 11:28:28 | 000,001,385 | ---- | C] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.24 21:35:34 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.24 21:35:01 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.24 21:27:33 | 000,025,185 | ---- | C] () -- H:\Windows\System32\ieuinit.inf [2013.04.24 15:34:36 | 000,001,163 | ---- | C] () -- H:\Users\Public\Desktop\Internet Manager.lnk [2012.07.15 11:07:27 | 000,007,597 | ---- | C] () -- H:\Users\Horst\AppData\Local\Resmon.ResmonCfg [2011.11.15 12:22:15 | 000,640,512 | ---- | C] () -- H:\Windows\System32\wonauth.dll [2011.09.29 14:29:27 | 000,000,806 | ---- | C] () -- H:\Windows\eReg.dat [2011.08.28 03:00:40 | 000,166,912 | ---- | C] () -- H:\Windows\System32\APOMngr.DLL [2011.08.28 03:00:40 | 000,073,728 | ---- | C] () -- H:\Windows\System32\CmdRtr.DLL [2011.08.25 08:41:47 | 000,002,177 | ---- | C] () -- H:\Windows\P17EP.ini [2011.08.25 08:41:47 | 000,001,578 | ---- | C] () -- H:\Windows\P17EPLS.ini [2011.08.25 08:41:47 | 000,001,489 | ---- | C] () -- H:\Windows\P17EP51.ini [2011.08.21 00:14:45 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2013.05.17 20:39:52 | 000,000,227 | RHS- | M] () -- H:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.17 14:32:20 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\3DataManager [2013.05.22 20:05:39 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\BabSolution [2012.07.01 12:46:40 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Babylon [2013.05.17 22:06:39 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Curse Advertising [2013.05.22 20:05:31 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Delta [2013.05.17 20:39:07 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\PerformerSoft [2013.05.17 20:39:24 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Softonic [2012.05.09 10:27:28 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\T-Mobile [2012.05.11 18:25:57 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\TS3Client [2013.05.22 20:05:08 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Yontoo ========== Purity Check ========== ========== Custom Scans ========== < :OTL > [2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- H:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- H:\Windows\Tasks\SA.DAT [2011.08.21 01:07:27 | 000,001,092 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.08.21 01:07:28 | 000,001,096 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.08.25 10:18:36 | 000,001,068 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2011.08.25 10:18:37 | 000,001,120 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2011.11.27 13:16:06 | 000,000,332 | ---- | C] () -- H:\Windows\Tasks\RegistryBooster.job [2012.03.04 15:43:21 | 000,000,906 | ---- | C] () -- H:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2012.03.04 15:43:22 | 000,000,928 | ---- | C] () -- H:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2012.05.20 12:59:06 | 000,000,884 | ---- | C] () -- H:\Windows\Tasks\Adobe Flash Player Updater.job [2013.05.17 20:39:24 | 000,000,272 | ---- | C] () -- H:\Windows\Tasks\PC Performer_UPDATES.job [2013.05.17 20:39:28 | 000,000,264 | ---- | C] () -- H:\Windows\Tasks\PC Performer_DEFAULT.job < O20 - AppInit_DLLs: (H:\PROGRA~3\Wincert\WIN32C~1.DLL) - H:\ProgramData\Wincert\win32cert.dll () > < O20 - AppInit_DLLs: (H:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () > < O20 - AppInit_DLLs: (h:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll > < () > < O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell - "" = AutoRun > < O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell\AutoRun\command - "" = M:\Autorun.exe > < O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell - "" = AutoRun > < O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell - "" = AutoRun > < O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell\AutoRun\command - "" = O:\AutoRun.exe > < O33 - MountPoints2\M\Shell - "" = AutoRun > < O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\N\Shell - "" = AutoRun > < O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AutoRun.exe > < O36 - AppCertDlls: x86 - (H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll > < () > < > < :files > < H:\ProgramData\Wincert > < H:\Program Files\Search Results Toolbar > < h:\ProgramData\BrowserProtect > < :Commands > < [emptytemp] > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> H:\ProgramData\TEMP:05EE1EEF < End of report > |
23.05.2013, 18:28 | #8 |
| serach nu, bitte um hilfe ja wird nun in Zukunft e besonders acht drauf geben was ich downloade. danke für deine hilfeOTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2013 19:18:00 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = L:\ Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 38,93% Memory free 5,75 Gb Paging File | 3,74 Gb Available in Paging File | 65,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files Drive H: | 78,13 Gb Total Space | 6,68 Gb Free Space | 8,55% Space Free | Partition Type: NTFS Drive I: | 97,65 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive J: | 94,66 Gb Total Space | 94,37 Gb Free Space | 99,70% Space Free | Partition Type: NTFS Drive K: | 97,65 Gb Total Space | 76,40 Gb Free Space | 78,23% Space Free | Partition Type: NTFS Drive L: | 97,65 Gb Total Space | 17,19 Gb Free Space | 17,61% Space Free | Partition Type: NTFS Computer Name: HORST-PC | User Name: Horst | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - L:\OTL (2).exe (OldTimer Tools) PRC - H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) PRC - H:\Program Files\Yontoo Layers Runtime\Y2Desktop.Updater.exe (Microsoft) PRC - H:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe (Adobe Systems Incorporated) PRC - H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - H:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.) PRC - H:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) PRC - H:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - H:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) PRC - H:\Program Files\BlueStacks\HD-SharedFolder.exe (BlueStack Systems) PRC - H:\Program Files\BlueStacks\HD-BlockDevice.exe (BlueStack Systems) PRC - H:\Program Files\BlueStacks\HD-Network.exe (BlueStack Systems) PRC - H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () PRC - H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - H:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - H:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - H:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - H:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - H:\Program Files\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd) PRC - H:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) PRC - H:\Windows\explorer.exe (Microsoft Corporation) PRC - H:\ProgramData\DatacardService\HWDeviceService.exe () PRC - H:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - H:\Windows\System32\atieclxx.exe (AMD) PRC - H:\Windows\System32\atiesrxx.exe (AMD) PRC - H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Modules (No Company Name) ========== MOD - H:\Users\Horst\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\814a45188ec5fe4b0ab709168cf4f81b\HD-Agent.ni.exe () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll () MOD - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\JSON\c94d8eba16a1c51a1cf7d7ac7f330843\JSON.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - H:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - H:\ProgramData\Wincert\win32prop.dll () MOD - H:\ProgramData\Wincert\win32cert.dll () MOD - H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () MOD - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () MOD - H:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - H:\Program Files\WinRAR\RarExt.dll () MOD - H:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - H:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll () MOD - H:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - H:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - H:\Windows\System32\APOMngr.DLL () MOD - H:\Windows\System32\CmdRtr.DLL () ========== Services (SafeList) ========== SRV - (ZuneWlanCfgSvc) -- H:\Program Files\Zune\ZuneWlanCfgSvc.exe File not found SRV - (ZuneNetworkSvc) -- H:\Program Files\Zune\ZuneNss.exe File not found SRV - (Yontoo Desktop Updater) -- H:\Program Files\Yontoo Layers Runtime\Y2Desktop.Updater.exe H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe File not found SRV - (WMZuneComm) -- H:\Program Files\Zune\WMZuneComm.exe File not found SRV - (wlcrasvc) -- H:\Program Files\Windows Live\Mesh\wlcrasvc.exe File not found SRV - (gusvc) -- H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found SRV - (gupdatem) -- H:\Program Files\Google\Update\GoogleUpdate.exe /medsvc File not found SRV - (gupdate) -- H:\Program Files\Google\Update\GoogleUpdate.exe /svc File not found SRV - (fsssvc) -- H:\Program Files\Windows Live\Family Safety\fsssvc.exe File not found SRV - (Creative Audio Engine Licensing Service) -- H:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- H:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (DatamngrCoordinator) -- H:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.) SRV - (Steam Client Service) -- H:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (BstHdLogRotatorSvc) -- H:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- H:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (BrowserProtect) -- H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe () SRV - (nvUpdatusService) -- H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (McComponentHostService) -- H:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- H:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MozillaMaintenance) -- H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (WatAdminSvc) -- H:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (HWDeviceService.exe) -- H:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (AMD External Events Utility) -- H:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- H:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- H:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CTAudSvcService) -- H:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (hwdatacard) -- H:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_wwanecm) -- H:\Windows\System32\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- H:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- H:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- H:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_ext_ctrl) -- H:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- H:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (BMLoad) -- H:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (ew_usbenumfilter) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (BstHdDrv) -- H:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems) DRV - (nvlddmkm) -- H:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (FTSER2K) -- H:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (FTDIBUS) -- H:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (EuMusDesignVirtualAudioCableWdm) -- H:\Windows\System32\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV - (RzSynapse) -- H:\Windows\System32\drivers\RzSynapse.sys (Razer USA Ltd) DRV - (TsUsbFlt) -- H:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (winusb) -- H:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- H:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (P17) -- H:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.) DRV - (atikmdag) -- H:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Atc002) -- H:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.) DRV - (MTsensor) -- H:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?affID=119781&tt=gc_&babsrc=HP_ss&mntrId=E4E6001D60DB6421 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\ IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406?appid=559 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 D4 D4 09 29 A1 CC 01 [binary data] IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{04C780E6-C682-4F97-B151-6932DBDE79AC}: "URL" = hxxp://search.softonic.com/MOY00006/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=00000000000000000000001d60db6421&r=397 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119781&tt=gc_&babsrc=SP_ss&mntrId=E4E6001D60DB6421 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{4CC30D01-69C8-4993-8BE2-EEDD8904D876}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deAT445 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB}?q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = L:\ IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 BB 9D 23 8C 5F CC 01 [binary data] IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32 File not found IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=00000000000000000000582c80139263 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{4CC30D01-69C8-4993-8BE2-EEDD8904D876}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_de IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://www.bigseekpro.com/search/browser/hypercam/{8008C83A-FEF9-43BE-85A8-6FFE0A4425DB}?q={searchTerms} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{C65F971D-0D1A-4667-BDA9-6AE58C9C805F}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={17FB94E8-CC2A-4A08-A089-1D5E0C4B1E2A} IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120120083518926&tb_oid=20-01-2012&tb_mrud=20-01-2012 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = : ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Search Results" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406?appid=559" FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: {C4A4F5A0-4B89-4392-AFAC-D58010E349AF}:5.0.0.7254 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=559&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=5476213633344063&o=APN10645&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.bearshare.com" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: H:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: H:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: H:\Users\Horst\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Users\Horst\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Users\Horst\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012.06.30 21:50:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2012.06.30 21:50:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2012.05.09 18:39:48 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Extensions [2013.05.23 17:53:47 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions [2013.05.22 20:10:57 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0} [2013.05.22 20:10:52 | 000,000,000 | ---D | M] (New Tab) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} [2013.05.22 20:05:32 | 000,000,000 | ---D | M] (Delta Toolbar) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\ffxtlbr@delta.com [2013.05.22 20:04:56 | 000,000,000 | ---D | M] (Yontoo) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\plugin@yontoo.com [2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\gophoto@gophoto.it.xpi [2013.04.17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\hdvc@hdvc.com.xpi [2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\m2k@m2kdownloader.com.xpi [2013.04.24 15:55:52 | 000,190,000 | ---- | M] () (No name found) -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.05.22 20:05:19 | 000,006,505 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\babylon.xml [2013.05.22 20:05:34 | 000,001,294 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\delta.xml [2013.05.22 20:10:52 | 000,002,646 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\Search_Results.xml [2013.05.17 20:40:31 | 000,001,434 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\softonic.xml [2012.07.01 13:47:14 | 000,004,117 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Mozilla\Firefox\Profiles\xykkrd78.default\searchplugins\sweetim.xml [2012.05.09 18:39:30 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files\Mozilla Firefox\extensions [2012.06.30 21:50:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- H:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.30 21:50:24 | 000,001,392 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.01 12:46:51 | 000,002,352 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.06.30 21:50:24 | 000,002,252 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.30 21:50:24 | 000,001,153 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 21:50:24 | 000,006,805 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.22 20:10:52 | 000,002,646 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\Search_Results.xml [2012.06.30 21:50:24 | 000,001,178 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 21:50:24 | 000,001,105 | ---- | M] () -- H:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results () CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=559&systemid=406&apn_uid=5476213633344063&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/406?appid=559 CHR - Extension: Softonic Chrome Toolbar = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ CHR - Extension: Delta Toolbar = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\ CHR - Extension: iLivid New Tabs = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\jbajpeofkjjeiamcglnmldoboonfkiol\5.0.0.7254_0\ CHR - Extension: HDvid Codec = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.0_0\ CHR - Extension: M2k Downloader = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn\1.0_0\ CHR - Extension: Yontoo = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: GoPhoto.it = H:\Users\Horst\AppData\Local\Google\Chrome\User Data\Default\extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - H:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - H:\Program Files\Winamp Toolbar\winamptb.dll File not found O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - H:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - H:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - H:\Program Files\Winload\prxtbWin0.dll File not found O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - H:\Program Files\BittorrentBar_DE\prxtbBitt.dll File not found O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - H:\Program Files\Windows Live\Companion\companioncore.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll File not found O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - H:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - H:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - H:\Program Files\Softonic\Softonic\1.8.19.3\bh\Softonic.dll (Softonic.com) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - H:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - H:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - H:\Program Files\Hyperionics DB Toolbar\tbcore3.dll File not found O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - H:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - H:\Program Files\Winload\prxtbWin0.dll File not found O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - H:\Program Files\Softonic\Softonic\1.8.19.3\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - H:\Program Files\BittorrentBar_DE\prxtbBitt.dll File not found O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - H:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - H:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll () O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - H:\Program Files\Winamp Toolbar\winamptb.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - H:\Program Files\Winload\prxtbWin0.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - H:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found O3 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - H:\Program Files\Winload\prxtbWin0.dll File not found O4 - HKLM..\Run: [APSDaemon] H:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BlueStacks Agent] H:\Program Files\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [DATAMNGR] H:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.) O4 - HKLM..\Run: [P17RunE] H:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [QuickTime Plugin Install] H:\Program Files\QuickTime\Plugins\DeleteMe1.exe () O4 - HKLM..\Run: [Razer Anansi Driver] H:\Program Files\Razer\Anansi\RazerAnansiSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [Razer Naga Driver] H:\Program Files\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [SweetIM] H:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] H:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Zune Launcher] H:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [EADM] "H:\Program Files\Origin\Origin.exe" -AutoStart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Facebook Update] "H:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [RegistryBooster] "H:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Spotify] "H:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Steam] H:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1000..\Run: [Yontoo Desktop] H:\Users\Horst\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [EADM] "H:\Program Files\Origin\Origin.exe" -AutoStart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [Facebook Update] "H:\Users\Horst\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [RegistryBooster] "H:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [Spotify] "H:\Users\Horst\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\Run: [swg] "H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [CTAutoUpdate] "H:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe" /RunFromInstaller File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [FlashPlayerUpdate] H:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [InetReg] "H:\Program Files\Creative\Produktregistrierung\German\InetReg.exe" /PreProcess=RegFlash.exe /Delay=6 File not found O4 - HKU\S-1-5-21-4228084635-3980246230-1984058717-1001..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Web-Suche - H:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O9 - Extra Button: @H:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - H:\Program Files\Windows Live\Companion\companioncore.dll File not found O9 - Extra Button: @H:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found O9 - Extra 'Tools' menuitem : @H:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C0279CB-C7EC-4E56-812A-16CD781ABAB8}: NameServer = 213.162.69.170 213.162.69.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D966CB7E-CEDB-4CB0-AF5E-E011ABA4BB8F}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - H:\Program Files\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - H:\Program Files\Windows Live\Mail\mailcomm.dll File not found O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - H:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll File not found O20 - AppInit_DLLs: (H:\PROGRA~3\Wincert\WIN32C~1.DLL) - H:\ProgramData\Wincert\win32cert.dll () O20 - AppInit_DLLs: (H:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () O20 - AppInit_DLLs: (h:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (H:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - H:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2012.03.26 21:26:05 | 000,000,000 | ---D | M] - J:\Automatisch zu iTunes hinzufügen -- [ NTFS ] O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell\AutoRun\command - "" = M:\Autorun.exe O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell - "" = AutoRun O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell\AutoRun\command - "" = O:\AutoRun.exe O33 - MountPoints2\M\Shell - "" = AutoRun O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: x86 - (H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 17:54:03 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2013.05.23 17:54:03 | 000,000,000 | ---D | C] -- H:\Program Files\ffdshow [2013.05.23 17:53:47 | 000,000,000 | ---D | C] -- H:\Program Files\Gophoto.it [2013.05.23 17:53:34 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com [2013.05.23 17:53:34 | 000,000,000 | ---D | C] -- H:\Program Files\hdvidcodec.com [2013.05.22 20:11:06 | 000,000,000 | ---D | C] -- H:\ProgramData\Wincert [2013.05.22 20:10:49 | 000,000,000 | ---D | C] -- H:\Program Files\Search Results Toolbar [2013.05.22 20:10:49 | 000,000,000 | ---D | C] -- H:\ProgramData\Datamngr [2013.05.22 20:09:51 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\iLivid [2013.05.22 20:05:50 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.22 20:05:46 | 000,000,000 | ---D | C] -- H:\ProgramData\BrowserProtect [2013.05.22 20:05:38 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\BabSolution [2013.05.22 20:05:32 | 000,000,000 | ---D | C] -- H:\Program Files\Delta [2013.05.22 20:05:31 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Delta [2013.05.22 20:04:55 | 000,000,000 | ---D | C] -- H:\Program Files\Yontoo Layers Runtime [2013.05.22 20:04:55 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Yontoo [2013.05.22 20:04:13 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\PutLockerDownloader [2013.05.22 20:04:05 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com [2013.05.22 20:04:05 | 000,000,000 | ---D | C] -- H:\Program Files\Movie2KDownloader.com [2013.05.21 15:36:33 | 000,000,000 | ---D | C] -- H:\Users\Horst\Desktop\addons [2013.05.21 14:58:46 | 000,000,000 | ---D | C] -- H:\Users\Horst\Desktop\gramsch2 [2013.05.19 16:28:55 | 013,011,504 | ---- | C] (Blizzard Entertainment) -- H:\Users\Horst\Desktop\Wow.exe [2013.05.18 12:35:26 | 000,074,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_5.dll [2013.05.18 12:35:25 | 002,106,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_43.dll [2013.05.18 12:35:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_43.dll [2013.05.18 12:35:25 | 001,868,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dcsx_43.dll [2013.05.18 12:35:25 | 000,528,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_6.dll [2013.05.18 12:35:25 | 000,527,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_7.dll [2013.05.18 12:35:25 | 000,470,880 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_43.dll [2013.05.18 12:35:25 | 000,248,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx11_43.dll [2013.05.18 12:35:25 | 000,239,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_7.dll [2013.05.18 12:35:25 | 000,238,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_6.dll [2013.05.18 12:35:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_4.dll [2013.05.18 12:35:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_7.dll [2013.05.18 12:35:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_5.dll [2013.05.18 12:35:21 | 004,178,264 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_41.dll [2013.05.18 12:35:21 | 000,517,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_4.dll [2013.05.18 12:35:20 | 004,379,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_40.dll [2013.05.18 12:35:20 | 002,036,576 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_40.dll [2013.05.18 12:35:20 | 000,452,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_40.dll [2013.05.18 12:35:20 | 000,235,352 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_4.dll [2013.05.18 12:35:20 | 000,022,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_6.dll [2013.05.18 12:35:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_39.dll [2013.05.18 12:35:19 | 000,514,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_3.dll [2013.05.18 12:35:19 | 000,509,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_2.dll [2013.05.18 12:35:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_39.dll [2013.05.18 12:35:19 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_2.dll [2013.05.18 12:35:19 | 000,235,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_3.dll [2013.05.18 12:35:19 | 000,070,992 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_2.dll [2013.05.18 12:35:19 | 000,068,616 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_1.dll [2013.05.18 12:35:19 | 000,023,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_5.dll [2013.05.18 12:35:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_39.dll [2013.05.18 12:35:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_1.dll [2013.05.18 12:35:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAPOFX1_0.dll [2013.05.18 12:35:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_38.dll [2013.05.18 12:35:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_38.dll [2013.05.18 12:35:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XAudio2_0.dll [2013.05.18 12:35:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_38.dll [2013.05.18 12:35:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_1.dll [2013.05.18 12:35:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine3_0.dll [2013.05.18 12:35:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_4.dll [2013.05.18 12:35:16 | 003,786,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DX9_37.dll [2013.05.18 12:35:16 | 001,420,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_37.dll [2013.05.18 12:35:16 | 000,462,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_37.dll [2013.05.18 12:35:16 | 000,444,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_36.dll [2013.05.18 12:35:16 | 000,267,272 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_10.dll [2013.05.18 12:35:16 | 000,025,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_3.dll [2013.05.18 12:35:15 | 003,734,536 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_36.dll [2013.05.18 12:35:15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_35.dll [2013.05.18 12:35:15 | 001,374,232 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_36.dll [2013.05.18 12:35:15 | 001,358,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_35.dll [2013.05.18 12:35:15 | 000,444,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_35.dll [2013.05.18 12:35:15 | 000,267,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_9.dll [2013.05.18 12:35:14 | 003,497,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_34.dll [2013.05.18 12:35:14 | 001,124,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_34.dll [2013.05.18 12:35:14 | 001,123,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\D3DCompiler_33.dll [2013.05.18 12:35:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_34.dll [2013.05.18 12:35:14 | 000,443,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10_33.dll [2013.05.18 12:35:14 | 000,266,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_8.dll [2013.05.18 12:35:14 | 000,261,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_7.dll [2013.05.18 12:35:14 | 000,017,928 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\X3DAudio1_2.dll [2013.05.18 12:35:13 | 003,495,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_33.dll [2013.05.18 12:35:13 | 000,440,080 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx10.dll [2013.05.18 12:35:13 | 000,255,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_6.dll [2013.05.18 12:35:13 | 000,251,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_5.dll [2013.05.18 12:35:12 | 000,237,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_4.dll [2013.05.18 12:35:12 | 000,015,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\x3daudio1_1.dll [2013.05.18 12:35:11 | 000,236,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_3.dll [2013.05.18 12:35:11 | 000,230,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_2.dll [2013.05.18 12:35:11 | 000,229,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_1.dll [2013.05.18 12:35:11 | 000,062,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xinput1_2.dll [2013.05.18 12:35:11 | 000,062,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xinput1_1.dll [2013.05.18 12:35:06 | 002,388,176 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_30.dll [2013.05.18 12:35:06 | 002,332,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_29.dll [2013.05.18 12:35:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_28.dll [2013.05.18 12:35:06 | 002,319,568 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_27.dll [2013.05.18 12:35:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\xactengine2_0.dll [2013.05.18 12:35:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\x3daudio1_0.dll [2013.05.18 12:35:05 | 002,337,488 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_25.dll [2013.05.18 12:35:05 | 002,297,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_26.dll [2013.05.18 12:35:05 | 002,222,800 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3dx9_24.dll [2013.05.18 03:08:02 | 002,706,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtml.tlb [2013.05.18 03:08:01 | 002,877,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll [2013.05.18 03:08:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll [2013.05.18 03:08:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll [2013.05.18 03:08:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jsproxy.dll [2013.05.18 03:07:59 | 000,493,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll [2013.05.18 03:07:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll [2013.05.18 03:07:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe [2013.05.18 03:07:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe [2013.05.18 03:07:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll [2013.05.17 20:42:34 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Curse Advertising [2013.05.17 20:42:07 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2013.05.17 20:40:02 | 000,000,000 | ---D | C] -- H:\Program Files\Softonic [2013.05.17 20:39:24 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Softonic [2013.05.17 20:39:07 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\PerformerSoft [2013.05.17 20:39:07 | 000,000,000 | ---D | C] -- H:\ProgramData\IBUpdaterService [2013.05.17 20:39:05 | 000,018,096 | ---- | C] (PerformerSoft LLC) -- H:\Windows\System32\roboot.exe [2013.05.17 20:39:03 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Performer [2013.05.17 20:39:02 | 000,000,000 | ---D | C] -- H:\Program Files\PC Performer [2013.05.17 20:29:58 | 000,000,000 | ---D | C] -- H:\Users\Horst\Documents\My Curse [2013.05.17 20:20:54 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.17 20:20:19 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\Deployment [2013.05.17 19:23:37 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\ElevatedDiagnostics [2013.05.17 19:10:25 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2013.05.17 16:12:31 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.05.17 15:46:33 | 000,040,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wwanprotdim.dll [2013.05.17 15:46:32 | 002,347,520 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\win32k.sys [2013.05.17 15:46:22 | 000,218,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\dxgmms1.sys [2013.05.17 15:46:15 | 001,796,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\authui.dll [2013.05.17 15:46:15 | 000,101,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\consent.exe [2013.05.17 15:43:45 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Local\PopCap Games [2013.05.17 15:43:30 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Steam [2013.05.17 15:43:28 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.05.17 15:43:26 | 000,000,000 | ---D | C] -- H:\Program Files\Steam [2013.05.05 12:20:00 | 000,000,000 | ---D | C] -- H:\Program Files\AGEIA Technologies [2013.05.05 12:19:33 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games [2013.05.05 12:19:29 | 000,000,000 | ---D | C] -- H:\ProgramData\PopCap Games [2013.05.05 12:19:29 | 000,000,000 | ---D | C] -- H:\Program Files\PopCap Games [2013.05.05 12:16:59 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvoglv32.dll [2013.05.05 12:16:59 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcompiler.dll [2013.05.05 12:16:59 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\drivers\nvlddmkm.sys [2013.05.05 12:16:59 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuda.dll [2013.05.05 12:16:59 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvopencl.dll [2013.05.05 12:16:59 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuvid.dll [2013.05.05 12:16:59 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvcuvenc.dll [2013.05.05 12:16:59 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvdispco3231422.dll [2013.05.05 12:16:59 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- H:\Windows\System32\nvdispgenco3231422.dll [2013.05.05 12:16:14 | 000,000,000 | ---D | C] -- H:\NVIDIA [2013.05.05 11:43:13 | 003,913,560 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntoskrnl.exe [2013.05.05 11:43:12 | 003,968,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntkrnlpa.exe [2013.05.05 11:43:12 | 000,038,912 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\csrsrv.dll [2013.05.05 11:42:59 | 000,131,584 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\aaclient.dll [2013.05.05 11:42:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\tsgqec.dll [2013.05.05 11:38:19 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2013.05.05 11:38:19 | 000,000,000 | ---D | C] -- H:\Program Files\BlueStacks [2013.05.05 11:38:12 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\NVIDIA [2013.05.05 11:37:58 | 000,000,000 | ---D | C] -- H:\ProgramData\BlueStacksSetup [2013.05.05 11:37:58 | 000,000,000 | ---D | C] -- H:\ProgramData\BlueStacks [2013.05.05 11:28:28 | 000,000,000 | ---D | C] -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.24 21:54:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll [2013.04.24 21:54:00 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll [2013.04.24 21:35:33 | 000,047,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys [2013.04.24 21:35:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll [2013.04.24 21:35:01 | 000,613,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll [2013.04.24 21:35:01 | 000,172,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll [2013.04.24 21:35:01 | 000,038,912 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll [2013.04.24 21:27:33 | 001,441,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl [2013.04.24 21:27:33 | 001,400,416 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat [2013.04.24 21:27:33 | 000,745,472 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.24 21:27:33 | 000,719,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll [2013.04.24 21:27:33 | 000,629,248 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll [2013.04.24 21:27:33 | 000,361,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\html.iec [2013.04.24 21:27:33 | 000,357,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll [2013.04.24 21:27:33 | 000,242,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll [2013.04.24 21:27:33 | 000,232,960 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll [2013.04.24 21:27:33 | 000,226,816 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll [2013.04.24 21:27:33 | 000,185,344 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll [2013.04.24 21:27:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll [2013.04.24 21:27:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll [2013.04.24 21:27:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe [2013.04.24 21:27:33 | 000,138,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe [2013.04.24 21:27:33 | 000,137,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe [2013.04.24 21:27:33 | 000,117,248 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll [2013.04.24 21:27:33 | 000,110,592 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll [2013.04.24 21:27:33 | 000,082,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll [2013.04.24 21:27:33 | 000,073,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe [2013.04.24 21:27:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll [2013.04.24 21:27:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll [2013.04.24 21:27:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll [2013.04.24 21:27:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll [2013.04.24 21:27:33 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll [2013.04.24 21:27:33 | 000,011,776 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe [2013.04.24 21:27:09 | 000,049,152 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe [2013.04.24 21:26:23 | 002,284,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msmpeg2vdec.dll [2013.04.24 21:26:23 | 001,504,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d11.dll [2013.04.24 21:26:23 | 001,247,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll [2013.04.24 21:26:23 | 001,158,144 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XpsPrint.dll [2013.04.24 21:26:23 | 001,080,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10.dll [2013.04.24 21:26:23 | 000,417,792 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WMPhoto.dll [2013.04.24 21:26:23 | 000,364,544 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\XpsGdiConverter.dll [2013.04.24 21:26:23 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10core.dll [2013.04.24 21:26:23 | 000,207,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WindowsCodecsExt.dll [2013.04.24 21:26:23 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.24 21:26:23 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.24 21:26:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.24 21:26:23 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.24 21:26:22 | 003,419,136 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d2d1.dll [2013.04.24 21:26:22 | 001,988,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10warp.dll [2013.04.24 21:26:22 | 000,604,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10level9.dll [2013.04.24 21:26:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dxgi.dll [2013.04.24 21:26:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1core.dll [2013.04.24 21:26:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\UIAnimation.dll [2013.04.24 21:26:22 | 000,161,792 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1.dll [2013.04.24 16:03:42 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\RNDISMP.sys [2013.04.24 16:03:15 | 000,015,872 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\usb8023.sys [2013.04.24 16:02:53 | 000,376,832 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll [2013.04.24 16:02:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\OxpsConverter.exe [2013.04.24 16:01:55 | 000,187,752 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\FWPKCLNT.SYS [2013.04.24 16:01:50 | 000,240,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\netio.sys [2013.04.24 16:01:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\netcorehc.dll [2013.04.24 16:01:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncsi.dll [2013.04.24 16:01:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\netevent.dll [2013.04.24 16:01:36 | 000,271,360 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\conhost.exe [2013.04.24 16:01:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.04.24 16:01:35 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.04.24 16:01:35 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.04.24 16:01:35 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.04.24 16:01:35 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.04.24 16:01:22 | 000,400,896 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\srcore.dll [2013.04.24 16:01:21 | 000,041,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\browcli.dll [2013.04.24 16:00:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\gameux.dll [2013.04.24 16:00:52 | 000,308,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wpc.dll [2013.04.24 16:00:52 | 000,046,592 | ---- | C] (Microsoft) -- H:\Windows\System32\fpb.rs [2013.04.24 16:00:52 | 000,045,568 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc-nz.rs [2013.04.24 16:00:52 | 000,044,544 | ---- | C] (Microsoft) -- H:\Windows\System32\pegibbfc.rs [2013.04.24 16:00:52 | 000,043,520 | ---- | C] (Microsoft) -- H:\Windows\System32\csrr.rs [2013.04.24 16:00:52 | 000,040,960 | ---- | C] (Microsoft) -- H:\Windows\System32\cob-au.rs [2013.04.24 16:00:52 | 000,030,720 | ---- | C] (Microsoft) -- H:\Windows\System32\usk.rs [2013.04.24 16:00:52 | 000,021,504 | ---- | C] (Microsoft) -- H:\Windows\System32\grb.rs [2013.04.24 16:00:52 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-pt.rs [2013.04.24 16:00:52 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi.rs [2013.04.24 16:00:52 | 000,015,360 | ---- | C] (Microsoft) -- H:\Windows\System32\djctq.rs [2013.04.24 16:00:51 | 000,055,296 | ---- | C] (Microsoft) -- H:\Windows\System32\cero.rs [2013.04.24 16:00:51 | 000,051,712 | ---- | C] (Microsoft) -- H:\Windows\System32\esrb.rs [2013.04.24 16:00:51 | 000,023,552 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc.rs [2013.04.24 16:00:51 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-fi.rs [2013.04.24 16:00:37 | 000,078,336 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\synceng.dll [2013.04.24 16:00:35 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll [2013.04.24 16:00:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\tzres.dll [2013.04.24 15:59:14 | 000,193,536 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dhcpcore6.dll [2013.04.24 15:59:14 | 000,044,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dhcpcsvc6.dll [2013.04.24 15:58:54 | 000,169,984 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winsrv.dll [2013.04.24 15:33:46 | 000,861,696 | ---- | C] (DiBcom SA) -- H:\Windows\System32\drivers\mod7700.sys [2013.04.24 15:33:46 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbwwan.sys [2013.04.24 15:33:46 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbmdm.sys [2013.04.24 15:33:46 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juwwanecm.sys [2013.04.24 15:33:46 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwusbdev.sys [2013.04.24 15:33:46 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcacm.sys [2013.04.24 15:33:46 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jubusenum.sys [2013.04.24 15:33:46 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcecm.sys [2013.04.24 15:33:46 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juextctrl.sys [2013.04.24 15:33:46 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- H:\Windows\System32\drivers\ewdcsc.sys [2013.04.24 15:33:46 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwupgrade.sys [2013.04.24 15:33:46 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.04.24 15:33:19 | 000,724,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\bmutil.dll [2013.04.24 15:33:19 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bmnet.dll [2013.04.24 15:33:19 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bminstall.dll [2013.04.24 15:33:19 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- H:\Windows\System32\bmdumpd.bin ========== Files - Modified Within 30 Days ========== [2013.05.23 19:11:00 | 000,001,096 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 19:04:04 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 18:26:00 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2013.05.23 17:53:34 | 000,000,804 | ---- | M] () -- H:\Users\Horst\Desktop\HDVidCodec.lnk [2013.05.23 17:48:00 | 000,000,928 | ---- | M] () -- H:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2013.05.23 17:04:04 | 000,021,888 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 17:04:04 | 000,021,888 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 16:57:34 | 000,000,332 | ---- | M] () -- H:\Windows\tasks\RegistryBooster.job [2013.05.23 16:57:13 | 000,001,092 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 16:56:36 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat [2013.05.23 16:56:32 | 2314,657,792 | -HS- | M] () -- H:\hiberfil.sys [2013.05.22 20:04:05 | 000,000,886 | ---- | M] () -- H:\Users\Horst\Desktop\Movie2KDownloader.lnk [2013.05.21 15:02:13 | 000,000,264 | ---- | M] () -- H:\Windows\tasks\PC Performer_DEFAULT.job [2013.05.21 14:48:00 | 000,000,906 | ---- | M] () -- H:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2013.05.20 21:26:01 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2013.05.19 12:19:53 | 004,852,004 | ---- | M] () -- H:\Windows\System32\perfh007.dat [2013.05.19 12:19:53 | 001,840,076 | ---- | M] () -- H:\Windows\System32\perfh009.dat [2013.05.19 12:19:53 | 001,430,940 | ---- | M] () -- H:\Windows\System32\perfc007.dat [2013.05.19 12:19:53 | 001,274,968 | ---- | M] () -- H:\Windows\System32\perfc009.dat [2013.05.18 03:27:00 | 000,269,712 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT [2013.05.18 03:26:46 | 000,000,272 | ---- | M] () -- H:\Windows\tasks\PC Performer_UPDATES.job [2013.05.17 20:42:07 | 000,000,318 | ---- | M] () -- H:\Users\Horst\Desktop\Curse Client.appref-ms [2013.05.17 20:23:15 | 000,000,000 | ---- | M] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013.05.17 20:20:54 | 000,000,213 | ---- | M] () -- H:\Users\Horst\Desktop\Dota 2.url [2013.05.17 19:13:26 | 013,011,504 | ---- | M] (Blizzard Entertainment) -- H:\Users\Horst\Desktop\Wow.exe [2013.05.17 19:10:30 | 000,000,775 | ---- | M] () -- H:\Users\Public\Desktop\World of Warcraft.lnk [2013.05.17 17:04:24 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\FlashPlayerApp.exe [2013.05.17 17:04:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.17 16:12:31 | 000,001,964 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.05.17 15:43:40 | 000,000,835 | ---- | M] () -- H:\Users\Public\Desktop\Steam.lnk [2013.05.05 11:38:38 | 000,001,725 | ---- | M] () -- H:\Users\Public\Desktop\Start BlueStacks.lnk [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MpSigStub.exe [2013.04.24 21:27:33 | 001,441,280 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl [2013.04.24 21:27:33 | 001,400,416 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dat [2013.04.24 21:27:33 | 000,745,472 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.24 21:27:33 | 000,719,360 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmlmedia.dll [2013.04.24 21:27:33 | 000,629,248 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieapfltr.dll [2013.04.24 21:27:33 | 000,361,984 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\html.iec [2013.04.24 21:27:33 | 000,357,888 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtmsft.dll [2013.04.24 21:27:33 | 000,242,200 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iedkcs32.dll [2013.04.24 21:27:33 | 000,232,960 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\url.dll [2013.04.24 21:27:33 | 000,226,816 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxtrans.dll [2013.04.24 21:27:33 | 000,185,344 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\elshyph.dll [2013.04.24 21:27:33 | 000,163,840 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msrating.dll [2013.04.24 21:27:33 | 000,158,720 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msls31.dll [2013.04.24 21:27:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iexpress.exe [2013.04.24 21:27:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wextract.exe [2013.04.24 21:27:33 | 000,137,216 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe [2013.04.24 21:27:33 | 000,117,248 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\iepeers.dll [2013.04.24 21:27:33 | 000,110,592 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\IEAdvpack.dll [2013.04.24 21:27:33 | 000,082,432 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\inseng.dll [2013.04.24 21:27:33 | 000,073,728 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\SetIEInstalledDate.exe [2013.04.24 21:27:33 | 000,057,344 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\pngfilt.dll [2013.04.24 21:27:33 | 000,048,640 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\mshtmler.dll [2013.04.24 21:27:33 | 000,041,984 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedsbs.dll [2013.04.24 21:27:33 | 000,038,400 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\imgutil.dll [2013.04.24 21:27:33 | 000,025,185 | ---- | M] () -- H:\Windows\System32\ieuinit.inf [2013.04.24 21:27:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\licmgr10.dll [2013.04.24 21:27:33 | 000,011,776 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msfeedssync.exe [2013.04.24 21:27:09 | 000,049,152 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe [2013.04.24 21:26:23 | 002,284,544 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\msmpeg2vdec.dll [2013.04.24 21:26:23 | 001,504,768 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d11.dll [2013.04.24 21:26:23 | 001,247,744 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll [2013.04.24 21:26:23 | 001,158,144 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\XpsPrint.dll [2013.04.24 21:26:23 | 001,080,832 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10.dll [2013.04.24 21:26:23 | 000,417,792 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\WMPhoto.dll [2013.04.24 21:26:23 | 000,364,544 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\XpsGdiConverter.dll [2013.04.24 21:26:23 | 000,220,160 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10core.dll [2013.04.24 21:26:23 | 000,207,872 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\WindowsCodecsExt.dll [2013.04.24 21:26:23 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.24 21:26:23 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.24 21:26:23 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.24 21:26:23 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.24 21:26:23 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.24 21:26:23 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.24 21:26:22 | 003,419,136 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d2d1.dll [2013.04.24 21:26:22 | 001,988,096 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10warp.dll [2013.04.24 21:26:22 | 000,604,160 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10level9.dll [2013.04.24 21:26:22 | 000,293,376 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\dxgi.dll [2013.04.24 21:26:22 | 000,249,856 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1core.dll [2013.04.24 21:26:22 | 000,187,392 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\UIAnimation.dll [2013.04.24 21:26:22 | 000,161,792 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\d3d10_1.dll [2013.04.24 15:34:36 | 000,001,163 | ---- | M] () -- H:\Users\Public\Desktop\Internet Manager.lnk [2013.04.24 15:33:03 | 001,108,320 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\wdfcoinstaller01007.dll [2013.04.24 15:33:03 | 001,108,320 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfCoInstaller01007.dll [2013.04.24 15:33:03 | 000,861,696 | ---- | M] (DiBcom SA) -- H:\Windows\System32\drivers\mod7700.sys [2013.04.24 15:33:03 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbwwan.sys [2013.04.24 15:33:03 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ewusbmdm.sys [2013.04.24 15:33:03 | 000,181,760 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juwwanecm.sys [2013.04.24 15:33:03 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwusbdev.sys [2013.04.24 15:33:03 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcacm.sys [2013.04.24 15:33:03 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jubusenum.sys [2013.04.24 15:33:03 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_jucdcecm.sys [2013.04.24 15:33:03 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_juextctrl.sys [2013.04.24 15:33:03 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- H:\Windows\System32\drivers\ewdcsc.sys [2013.04.24 15:33:03 | 000,024,192 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\drivers\tcpipBM.sys [2013.04.24 15:33:03 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_hwupgrade.sys [2013.04.24 15:33:03 | 000,013,712 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\sporder.dll [2013.04.24 15:33:03 | 000,013,184 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\drivers\BMLoad.sys [2013.04.24 15:33:03 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- H:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.04.24 15:33:02 | 000,724,608 | ---- | M] (Microsoft Corporation) -- H:\Windows\System32\bmutil.dll [2013.04.24 15:33:02 | 000,480,384 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bmnet.dll [2013.04.24 15:33:02 | 000,308,352 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bminstall.dll [2013.04.24 15:32:57 | 000,132,224 | ---- | M] (Bytemobile, Inc.) -- H:\Windows\System32\bmdumpd.bin ========== Files Created - No Company Name ========== [2013.05.23 17:54:03 | 000,079,360 | ---- | C] () -- H:\Windows\System32\ff_vfw.dll [2013.05.23 17:53:34 | 000,000,804 | ---- | C] () -- H:\Users\Horst\Desktop\HDVidCodec.lnk [2013.05.22 20:04:05 | 000,000,886 | ---- | C] () -- H:\Users\Horst\Desktop\Movie2KDownloader.lnk [2013.05.17 20:42:07 | 000,000,318 | ---- | C] () -- H:\Users\Horst\Desktop\Curse Client.appref-ms [2013.05.17 20:39:28 | 000,000,264 | ---- | C] () -- H:\Windows\tasks\PC Performer_DEFAULT.job [2013.05.17 20:39:24 | 000,000,272 | ---- | C] () -- H:\Windows\tasks\PC Performer_UPDATES.job [2013.05.17 20:23:15 | 000,000,000 | ---- | C] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2013.05.17 20:20:53 | 000,000,213 | ---- | C] () -- H:\Users\Horst\Desktop\Dota 2.url [2013.05.17 19:10:25 | 000,000,775 | ---- | C] () -- H:\Users\Public\Desktop\World of Warcraft.lnk [2013.05.17 15:43:40 | 000,000,835 | ---- | C] () -- H:\Users\Public\Desktop\Steam.lnk [2013.05.05 11:38:38 | 000,001,725 | ---- | C] () -- H:\Users\Public\Desktop\Start BlueStacks.lnk [2013.05.05 11:28:28 | 000,001,385 | ---- | C] () -- H:\Users\Horst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.24 21:35:34 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.24 21:35:01 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.24 21:27:33 | 000,025,185 | ---- | C] () -- H:\Windows\System32\ieuinit.inf [2013.04.24 15:34:36 | 000,001,163 | ---- | C] () -- H:\Users\Public\Desktop\Internet Manager.lnk [2012.07.15 11:07:27 | 000,007,597 | ---- | C] () -- H:\Users\Horst\AppData\Local\Resmon.ResmonCfg [2011.11.15 12:22:15 | 000,640,512 | ---- | C] () -- H:\Windows\System32\wonauth.dll [2011.09.29 14:29:27 | 000,000,806 | ---- | C] () -- H:\Windows\eReg.dat [2011.08.28 03:00:40 | 000,166,912 | ---- | C] () -- H:\Windows\System32\APOMngr.DLL [2011.08.28 03:00:40 | 000,073,728 | ---- | C] () -- H:\Windows\System32\CmdRtr.DLL [2011.08.25 08:41:47 | 000,002,177 | ---- | C] () -- H:\Windows\P17EP.ini [2011.08.25 08:41:47 | 000,001,578 | ---- | C] () -- H:\Windows\P17EPLS.ini [2011.08.25 08:41:47 | 000,001,489 | ---- | C] () -- H:\Windows\P17EP51.ini [2011.08.21 00:14:45 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2013.05.17 20:39:52 | 000,000,227 | RHS- | M] () -- H:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.05.17 14:32:20 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\3DataManager [2013.05.22 20:05:39 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\BabSolution [2012.07.01 12:46:40 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Babylon [2013.05.17 22:06:39 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Curse Advertising [2013.05.22 20:05:31 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Delta [2013.05.17 20:39:07 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\PerformerSoft [2013.05.17 20:39:24 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Softonic [2012.05.09 10:27:28 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\T-Mobile [2012.05.11 18:25:57 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\TS3Client [2013.05.22 20:05:08 | 000,000,000 | ---D | M] -- H:\Users\Horst\AppData\Roaming\Yontoo ========== Purity Check ========== ========== Custom Scans ========== < :OTL > [2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- H:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- H:\Windows\Tasks\SA.DAT [2011.08.21 01:07:27 | 000,001,092 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.08.21 01:07:28 | 000,001,096 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2011.08.25 10:18:36 | 000,001,068 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2011.08.25 10:18:37 | 000,001,120 | ---- | C] () -- H:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2011.11.27 13:16:06 | 000,000,332 | ---- | C] () -- H:\Windows\Tasks\RegistryBooster.job [2012.03.04 15:43:21 | 000,000,906 | ---- | C] () -- H:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000Core.job [2012.03.04 15:43:22 | 000,000,928 | ---- | C] () -- H:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228084635-3980246230-1984058717-1000UA.job [2012.05.20 12:59:06 | 000,000,884 | ---- | C] () -- H:\Windows\Tasks\Adobe Flash Player Updater.job [2013.05.17 20:39:24 | 000,000,272 | ---- | C] () -- H:\Windows\Tasks\PC Performer_UPDATES.job [2013.05.17 20:39:28 | 000,000,264 | ---- | C] () -- H:\Windows\Tasks\PC Performer_DEFAULT.job < O20 - AppInit_DLLs: (H:\PROGRA~3\Wincert\WIN32C~1.DLL) - H:\ProgramData\Wincert\win32cert.dll () > < O20 - AppInit_DLLs: (H:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll () > < O20 - AppInit_DLLs: (h:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - h:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll > < () > < O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{0fd8f482-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{0fd8f668-a263-11e1-af79-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{10b49b01-0256-11e1-8d2e-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell - "" = AutoRun > < O33 - MountPoints2\{1e741b35-026a-11e1-ac8b-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{1e741b87-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{1e741c03-026a-11e1-ac8b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{2ee3ce16-acdc-11e2-9e25-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{335db628-acdf-11e2-8d6b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{38ddda1b-d863-11e0-91b4-001d60db6421}\Shell\AutoRun\command - "" = M:\Autorun.exe > < O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{4a39d60b-0257-11e1-b255-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{6691a3ef-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{6691a3fd-cb7a-11e0-b1ba-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{81287055-cd66-11e0-b514-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell - "" = AutoRun > < O33 - MountPoints2\{9cf2855c-b565-11e2-8cb4-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{a4d3cbe9-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{a4d3cbf4-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{a4d3cc0a-8947-11e1-8839-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{b89a39b1-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{b89a3a49-9b63-11e1-931b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{c0ce58e7-cee5-11e0-9200-001d60db6421}\Shell\AutoRun\command - "" = M:\.\Autorun.exe AUTORUN=1 > < O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{c1d3f2ed-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{c1d3f314-9601-11e1-b02b-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{d148c5ae-baf3-11e1-95ec-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{d3c43a9f-1053-11e1-a876-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{da039341-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell - "" = AutoRun > < O33 - MountPoints2\{da039394-99ae-11e1-a605-001d60db6421}\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell - "" = AutoRun > < O33 - MountPoints2\{e2d50edc-ea7d-11e0-9e80-001e101f8ed0}\Shell\AutoRun\command - "" = O:\AutoRun.exe > < O33 - MountPoints2\M\Shell - "" = AutoRun > < O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe > < O33 - MountPoints2\N\Shell - "" = AutoRun > < O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AutoRun.exe > < O36 - AppCertDlls: x86 - (H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - H:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll > < () > < > < :files > < H:\ProgramData\Wincert > < H:\Program Files\Search Results Toolbar > < h:\ProgramData\BrowserProtect > < :Commands > < [emptytemp] > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> H:\ProgramData\TEMP:05EE1EEF < End of report > |
23.05.2013, 18:30 | #9 |
/// Malware-holic | serach nu, bitte um hilfe du hast auf scan, nicht auf fix geklickt, bitte noch mal
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
23.05.2013, 18:51 | #10 |
| serach nu, bitte um hilfe Mein pc startet sich danach neu und ivh find kein Textdokument aufm Desktop, umf das Programm muss ich für jeden durchlaug Neu starten, ist das richtig? |
23.05.2013, 20:44 | #11 |
/// Malware-holic | serach nu, bitte um hilfe ja muss man jedesmal neu öffnen... Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
24.05.2013, 13:35 | #12 | |
| serach nu, bitte um hilfeZitat:
14:29:23.0403 5816 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:29:23.0684 5816 ============================================================ 14:29:23.0684 5816 Current date / time: 2013/05/24 14:29:23.0684 14:29:23.0684 5816 SystemInfo: 14:29:23.0684 5816 14:29:23.0684 5816 OS Version: 6.1.7601 ServicePack: 1.0 14:29:23.0684 5816 Product type: Workstation 14:29:23.0684 5816 ComputerName: HORST-PC 14:29:23.0684 5816 UserName: Horst 14:29:23.0684 5816 Windows directory: H:\Windows 14:29:23.0684 5816 System windows directory: H:\Windows 14:29:23.0684 5816 Processor architecture: Intel x86 14:29:23.0684 5816 Number of processors: 2 14:29:23.0684 5816 Page size: 0x1000 14:29:23.0684 5816 Boot type: Normal boot 14:29:23.0684 5816 ============================================================ 14:29:27.0852 5816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:29:27.0907 5816 ============================================================ 14:29:27.0907 5816 \Device\Harddisk0\DR0: 14:29:27.0910 5816 MBR partitions: 14:29:27.0910 5816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9C41AD8 14:29:27.0927 5816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0xC34F28D 14:29:27.0942 5816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x15F91000, BlocksNum 0xC34E000 14:29:28.0000 5816 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x222E00EE, BlocksNum 0xC34F28D 14:29:28.0050 5816 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2E62F800, BlocksNum 0xBD51000 14:29:28.0050 5816 ============================================================ 14:29:28.0192 5816 H: <-> \Device\Harddisk0\DR0\Partition1 14:29:28.0270 5816 I: <-> \Device\Harddisk0\DR0\Partition2 14:29:28.0457 5816 K: <-> \Device\Harddisk0\DR0\Partition4 14:29:28.0645 5816 J: <-> \Device\Harddisk0\DR0\Partition5 14:29:28.0863 5816 L: <-> \Device\Harddisk0\DR0\Partition3 14:29:28.0863 5816 ============================================================ 14:29:28.0863 5816 Initialize success 14:29:28.0863 5816 ============================================================ 14:31:14.0623 2672 ============================================================ 14:31:14.0639 2672 Scan started 14:31:14.0639 2672 Mode: Manual; SigCheck; TDLFS; 14:31:14.0639 2672 ============================================================ 14:31:15.0575 2672 ================ Scan system memory ======================== 14:31:15.0575 2672 System memory - ok 14:31:15.0575 2672 ================ Scan services ============================= 14:31:15.0731 2672 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci H:\Windows\system32\drivers\1394ohci.sys 14:31:15.0840 2672 1394ohci - ok 14:31:15.0871 2672 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI H:\Windows\system32\drivers\ACPI.sys 14:31:15.0887 2672 ACPI - ok 14:31:15.0902 2672 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi H:\Windows\system32\drivers\acpipmi.sys 14:31:15.0934 2672 AcpiPmi - ok 14:31:16.0027 2672 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice H:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 14:31:16.0043 2672 AdobeARMservice - ok 14:31:16.0121 2672 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc H:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 14:31:16.0152 2672 AdobeFlashPlayerUpdateSvc - ok 14:31:16.0183 2672 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx H:\Windows\system32\drivers\adp94xx.sys 14:31:16.0214 2672 adp94xx - ok 14:31:16.0246 2672 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci H:\Windows\system32\drivers\adpahci.sys 14:31:16.0277 2672 adpahci - ok 14:31:16.0277 2672 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 H:\Windows\system32\drivers\adpu320.sys 14:31:16.0292 2672 adpu320 - ok 14:31:16.0339 2672 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc H:\Windows\System32\aelupsvc.dll 14:31:16.0433 2672 AeLookupSvc - ok 14:31:16.0480 2672 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD H:\Windows\system32\drivers\afd.sys 14:31:16.0542 2672 AFD - ok 14:31:16.0573 2672 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 H:\Windows\system32\drivers\agp440.sys 14:31:16.0604 2672 agp440 - ok 14:31:16.0620 2672 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx H:\Windows\system32\drivers\djsvs.sys 14:31:16.0636 2672 aic78xx - ok 14:31:16.0682 2672 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG H:\Windows\System32\alg.exe 14:31:16.0745 2672 ALG - ok 14:31:16.0760 2672 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide H:\Windows\system32\drivers\aliide.sys 14:31:16.0792 2672 aliide - ok 14:31:16.0823 2672 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility H:\Windows\system32\atiesrxx.exe 14:31:16.0885 2672 AMD External Events Utility - ok 14:31:16.0932 2672 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp H:\Windows\system32\drivers\amdagp.sys 14:31:16.0948 2672 amdagp - ok 14:31:16.0963 2672 [ CD5914170297126B6266860198D1D4F0 ] amdide H:\Windows\system32\drivers\amdide.sys 14:31:16.0994 2672 amdide - ok 14:31:17.0010 2672 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 H:\Windows\system32\drivers\amdk8.sys 14:31:17.0041 2672 AmdK8 - ok 14:31:17.0072 2672 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM H:\Windows\system32\drivers\amdppm.sys 14:31:17.0104 2672 AmdPPM - ok 14:31:17.0150 2672 [ D320BF87125326F996D4904FE24300FC ] amdsata H:\Windows\system32\drivers\amdsata.sys 14:31:17.0166 2672 amdsata - ok 14:31:17.0182 2672 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs H:\Windows\system32\drivers\amdsbs.sys 14:31:17.0213 2672 amdsbs - ok 14:31:17.0228 2672 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata H:\Windows\system32\drivers\amdxata.sys 14:31:17.0244 2672 amdxata - ok 14:31:17.0275 2672 [ AEA177F783E20150ACE5383EE368DA19 ] AppID H:\Windows\system32\drivers\appid.sys 14:31:17.0322 2672 AppID - ok 14:31:17.0353 2672 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc H:\Windows\System32\appidsvc.dll 14:31:17.0400 2672 AppIDSvc - ok 14:31:17.0431 2672 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo H:\Windows\System32\appinfo.dll 14:31:17.0494 2672 Appinfo - ok 14:31:17.0540 2672 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:31:17.0572 2672 Apple Mobile Device - ok 14:31:17.0603 2672 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc H:\Windows\system32\drivers\arc.sys 14:31:17.0618 2672 arc - ok 14:31:17.0634 2672 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas H:\Windows\system32\drivers\arcsas.sys 14:31:17.0650 2672 arcsas - ok 14:31:17.0665 2672 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac H:\Windows\system32\DRIVERS\asyncmac.sys 14:31:17.0759 2672 AsyncMac - ok 14:31:17.0759 2672 [ 338C86357871C167A96AB976519BF59E ] atapi H:\Windows\system32\drivers\atapi.sys 14:31:17.0790 2672 atapi - ok 14:31:17.0806 2672 [ EE67F3634096D49DF6ED2D43DDABF290 ] Atc002 H:\Windows\system32\DRIVERS\l260x86.sys 14:31:17.0852 2672 Atc002 - ok 14:31:17.0993 2672 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag H:\Windows\system32\DRIVERS\atikmdag.sys 14:31:18.0102 2672 atikmdag - ok 14:31:18.0133 2672 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder H:\Windows\System32\Audiosrv.dll 14:31:18.0211 2672 AudioEndpointBuilder - ok 14:31:18.0211 2672 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv H:\Windows\System32\Audiosrv.dll 14:31:18.0242 2672 Audiosrv - ok 14:31:18.0274 2672 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV H:\Windows\System32\AxInstSV.dll 14:31:18.0305 2672 AxInstSV - ok 14:31:18.0352 2672 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv H:\Windows\system32\drivers\bxvbdx.sys 14:31:18.0414 2672 b06bdrv - ok 14:31:18.0445 2672 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x H:\Windows\system32\DRIVERS\b57nd60x.sys 14:31:18.0476 2672 b57nd60x - ok 14:31:18.0539 2672 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC H:\Windows\System32\bdesvc.dll 14:31:18.0601 2672 BDESVC - ok 14:31:18.0617 2672 [ 505506526A9D467307B3C393DEDAF858 ] Beep H:\Windows\system32\drivers\Beep.sys 14:31:18.0679 2672 Beep - ok 14:31:18.0710 2672 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE H:\Windows\System32\bfe.dll 14:31:18.0773 2672 BFE - ok 14:31:18.0804 2672 [ E585445D5021971FAE10393F0F1C3961 ] BITS H:\Windows\System32\qmgr.dll 14:31:18.0835 2672 BITS - ok 14:31:18.0851 2672 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive H:\Windows\system32\DRIVERS\blbdrive.sys 14:31:18.0882 2672 blbdrive - ok 14:31:18.0929 2672 [ 70CD6D71FC48BBBD1385D7B35AEADECC ] BMLoad H:\Windows\system32\drivers\BMLoad.sys 14:31:18.0960 2672 BMLoad ( UnsignedFile.Multi.Generic ) - warning 14:31:18.0960 2672 BMLoad - detected UnsignedFile.Multi.Generic (1) 14:31:19.0054 2672 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service H:\Program Files\Bonjour\mDNSResponder.exe 14:31:19.0085 2672 Bonjour Service - ok 14:31:19.0100 2672 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser H:\Windows\system32\DRIVERS\bowser.sys 14:31:19.0163 2672 bowser - ok 14:31:19.0178 2672 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo H:\Windows\system32\drivers\BrFiltLo.sys 14:31:19.0225 2672 BrFiltLo - ok 14:31:19.0241 2672 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp H:\Windows\system32\drivers\BrFiltUp.sys 14:31:19.0272 2672 BrFiltUp - ok 14:31:19.0303 2672 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser H:\Windows\System32\browser.dll 14:31:19.0366 2672 Browser - ok 14:31:19.0490 2672 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect H:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe 14:31:19.0553 2672 BrowserProtect - ok 14:31:19.0584 2672 [ 845B8CE732E67F3B4133164868C666EA ] Brserid H:\Windows\System32\Drivers\Brserid.sys 14:31:19.0631 2672 Brserid - ok 14:31:19.0646 2672 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm H:\Windows\System32\Drivers\BrSerWdm.sys 14:31:19.0678 2672 BrSerWdm - ok 14:31:19.0709 2672 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm H:\Windows\System32\Drivers\BrUsbMdm.sys 14:31:19.0740 2672 BrUsbMdm - ok 14:31:19.0756 2672 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer H:\Windows\System32\Drivers\BrUsbSer.sys 14:31:19.0787 2672 BrUsbSer - ok 14:31:19.0849 2672 [ 1A268813E062903C9FCA3783F6D88AD4 ] BstHdAndroidSvc H:\Program Files\BlueStacks\HD-Service.exe 14:31:19.0880 2672 BstHdAndroidSvc - ok 14:31:19.0912 2672 [ 9C95094D52B6722E19F8F5CAF127581D ] BstHdDrv H:\Program Files\BlueStacks\HD-Hypervisor-x86.sys 14:31:19.0927 2672 BstHdDrv - ok 14:31:19.0958 2672 [ 97C6013E48F0F2319540175C173662E4 ] BstHdLogRotatorSvc H:\Program Files\BlueStacks\HD-LogRotatorService.exe 14:31:19.0974 2672 BstHdLogRotatorSvc - ok 14:31:19.0990 2672 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM H:\Windows\system32\drivers\bthmodem.sys 14:31:20.0005 2672 BTHMODEM - ok 14:31:20.0052 2672 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv H:\Windows\system32\bthserv.dll 14:31:20.0130 2672 bthserv - ok 14:31:20.0146 2672 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs H:\Windows\system32\DRIVERS\cdfs.sys 14:31:20.0192 2672 cdfs - ok 14:31:20.0239 2672 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom H:\Windows\system32\DRIVERS\cdrom.sys 14:31:20.0270 2672 cdrom - ok 14:31:20.0286 2672 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc H:\Windows\System32\certprop.dll 14:31:20.0333 2672 CertPropSvc - ok 14:31:20.0364 2672 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass H:\Windows\system32\drivers\circlass.sys 14:31:20.0395 2672 circlass - ok 14:31:20.0426 2672 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS H:\Windows\system32\CLFS.sys 14:31:20.0442 2672 CLFS - ok 14:31:20.0504 2672 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:31:20.0520 2672 clr_optimization_v2.0.50727_32 - ok 14:31:20.0598 2672 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:31:20.0676 2672 clr_optimization_v4.0.30319_32 - ok 14:31:20.0692 2672 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt H:\Windows\system32\drivers\CmBatt.sys 14:31:20.0723 2672 CmBatt - ok 14:31:20.0738 2672 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide H:\Windows\system32\drivers\cmdide.sys 14:31:20.0754 2672 cmdide - ok 14:31:20.0785 2672 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG H:\Windows\system32\Drivers\cng.sys 14:31:20.0801 2672 CNG - ok 14:31:20.0816 2672 [ A6023D3823C37043986713F118A89BEE ] Compbatt H:\Windows\system32\drivers\compbatt.sys 14:31:20.0832 2672 Compbatt - ok 14:31:20.0863 2672 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus H:\Windows\system32\DRIVERS\CompositeBus.sys 14:31:20.0879 2672 CompositeBus - ok 14:31:20.0910 2672 COMSysApp - ok 14:31:20.0926 2672 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk H:\Windows\system32\drivers\crcdisk.sys 14:31:20.0941 2672 crcdisk - ok 14:31:20.0957 2672 Creative Audio Engine Licensing Service - ok 14:31:21.0004 2672 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc H:\Windows\system32\cryptsvc.dll 14:31:21.0050 2672 CryptSvc - ok 14:31:21.0113 2672 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService H:\Program Files\Creative\Shared Files\CTAudSvc.exe 14:31:21.0144 2672 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 14:31:21.0144 2672 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 14:31:21.0316 2672 [ C851B2FE7D15B42745355FD9E4141CC6 ] DatamngrCoordinator H:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe 14:31:21.0409 2672 DatamngrCoordinator - ok 14:31:21.0440 2672 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch H:\Windows\system32\rpcss.dll 14:31:21.0503 2672 DcomLaunch - ok 14:31:21.0534 2672 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc H:\Windows\System32\defragsvc.dll 14:31:21.0581 2672 defragsvc - ok 14:31:21.0612 2672 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC H:\Windows\system32\Drivers\dfsc.sys 14:31:21.0628 2672 DfsC - ok 14:31:21.0659 2672 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp H:\Windows\system32\dhcpcore.dll 14:31:21.0706 2672 Dhcp - ok 14:31:21.0737 2672 [ 1A050B0274BFB3890703D490F330C0DA ] discache H:\Windows\system32\drivers\discache.sys 14:31:21.0799 2672 discache - ok 14:31:21.0846 2672 [ 565003F326F99802E68CA78F2A68E9FF ] Disk H:\Windows\system32\drivers\disk.sys 14:31:21.0862 2672 Disk - ok 14:31:21.0893 2672 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache H:\Windows\System32\dnsrslvr.dll 14:31:21.0940 2672 Dnscache - ok 14:31:21.0986 2672 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc H:\Windows\System32\dot3svc.dll 14:31:22.0033 2672 dot3svc - ok 14:31:22.0033 2672 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS H:\Windows\system32\dps.dll 14:31:22.0080 2672 DPS - ok 14:31:22.0111 2672 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud H:\Windows\system32\drivers\drmkaud.sys 14:31:22.0158 2672 drmkaud - ok 14:31:22.0205 2672 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl H:\Windows\System32\drivers\dxgkrnl.sys 14:31:22.0236 2672 DXGKrnl - ok 14:31:22.0267 2672 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost H:\Windows\System32\eapsvc.dll 14:31:22.0314 2672 EapHost - ok 14:31:22.0392 2672 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv H:\Windows\system32\drivers\evbdx.sys 14:31:22.0470 2672 ebdrv - ok 14:31:22.0501 2672 [ 81951F51E318AECC2D68559E47485CC4 ] EFS H:\Windows\System32\lsass.exe 14:31:22.0548 2672 EFS - ok 14:31:22.0626 2672 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr H:\Windows\ehome\ehRecvr.exe 14:31:22.0657 2672 ehRecvr - ok 14:31:22.0673 2672 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched H:\Windows\ehome\ehsched.exe 14:31:22.0704 2672 ehSched - ok 14:31:22.0766 2672 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor H:\Windows\system32\drivers\elxstor.sys 14:31:22.0798 2672 elxstor - ok 14:31:22.0813 2672 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev H:\Windows\system32\drivers\errdev.sys 14:31:22.0844 2672 ErrDev - ok 14:31:22.0891 2672 [ 6B93B103242C3C30F850F53DBE39ED88 ] EuMusDesignVirtualAudioCableWdm H:\Windows\system32\DRIVERS\vrtaucbl.sys 14:31:22.0907 2672 EuMusDesignVirtualAudioCableWdm - ok 14:31:22.0938 2672 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem H:\Windows\system32\es.dll 14:31:23.0000 2672 EventSystem - ok 14:31:23.0032 2672 ewusbnet - ok 14:31:23.0047 2672 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev H:\Windows\system32\DRIVERS\ew_hwusbdev.sys 14:31:23.0110 2672 ew_hwusbdev - ok 14:31:23.0125 2672 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter H:\Windows\system32\DRIVERS\ew_usbenumfilter.sys 14:31:23.0172 2672 ew_usbenumfilter - ok 14:31:23.0188 2672 [ 2DC9108D74081149CC8B651D3A26207F ] exfat H:\Windows\system32\drivers\exfat.sys 14:31:23.0219 2672 exfat - ok 14:31:23.0250 2672 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat H:\Windows\system32\drivers\fastfat.sys 14:31:23.0312 2672 fastfat - ok 14:31:23.0359 2672 [ 967EA5B213E9984CBE270205DF37755B ] Fax H:\Windows\system32\fxssvc.exe 14:31:23.0422 2672 Fax - ok 14:31:23.0437 2672 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc H:\Windows\system32\drivers\fdc.sys 14:31:23.0453 2672 fdc - ok 14:31:23.0484 2672 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost H:\Windows\system32\fdPHost.dll 14:31:23.0531 2672 fdPHost - ok 14:31:23.0546 2672 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub H:\Windows\system32\fdrespub.dll 14:31:23.0578 2672 FDResPub - ok 14:31:23.0624 2672 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo H:\Windows\system32\drivers\fileinfo.sys 14:31:23.0624 2672 FileInfo - ok 14:31:23.0640 2672 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace H:\Windows\system32\drivers\filetrace.sys 14:31:23.0671 2672 Filetrace - ok 14:31:23.0687 2672 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk H:\Windows\system32\drivers\flpydisk.sys 14:31:23.0718 2672 flpydisk - ok 14:31:23.0749 2672 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr H:\Windows\system32\drivers\fltmgr.sys 14:31:23.0765 2672 FltMgr - ok 14:31:23.0812 2672 [ E12C4928B32ACE04610259647F072635 ] FontCache H:\Windows\system32\FntCache.dll 14:31:23.0890 2672 FontCache - ok 14:31:23.0936 2672 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 H:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:31:23.0968 2672 FontCache3.0.0.0 - ok 14:31:23.0983 2672 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends H:\Windows\system32\drivers\FsDepends.sys 14:31:23.0999 2672 FsDepends - ok 14:31:24.0030 2672 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr H:\Windows\system32\DRIVERS\fssfltr.sys 14:31:24.0046 2672 fssfltr - ok 14:31:24.0077 2672 fsssvc - ok 14:31:24.0092 2672 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec H:\Windows\system32\drivers\Fs_Rec.sys 14:31:24.0092 2672 Fs_Rec - ok 14:31:24.0155 2672 [ 8C89DAB1061E3D04E902404754D3FA29 ] FTDIBUS H:\Windows\system32\drivers\ftdibus.sys 14:31:24.0186 2672 FTDIBUS - ok 14:31:24.0202 2672 [ B14C967A0ADF2348258DD8312B6C0C58 ] FTSER2K H:\Windows\system32\drivers\ftser2k.sys 14:31:24.0217 2672 FTSER2K - ok 14:31:24.0264 2672 [ E306A24D9694C724FA2491278BF50FDB ] fvevol H:\Windows\system32\DRIVERS\fvevol.sys 14:31:24.0295 2672 fvevol - ok 14:31:24.0326 2672 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx H:\Windows\system32\drivers\gagp30kx.sys 14:31:24.0342 2672 gagp30kx - ok 14:31:24.0389 2672 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM H:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:31:24.0404 2672 GEARAspiWDM - ok 14:31:24.0451 2672 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc H:\Windows\System32\gpsvc.dll 14:31:24.0514 2672 gpsvc - ok 14:31:24.0529 2672 gupdate - ok 14:31:24.0529 2672 gupdatem - ok 14:31:24.0545 2672 gusvc - ok 14:31:24.0560 2672 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir H:\Windows\system32\drivers\hcw85cir.sys 14:31:24.0607 2672 hcw85cir - ok 14:31:24.0654 2672 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService H:\Windows\system32\drivers\HdAudio.sys 14:31:24.0670 2672 HdAudAddService - ok 14:31:24.0716 2672 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus H:\Windows\system32\DRIVERS\HDAudBus.sys 14:31:24.0732 2672 HDAudBus - ok 14:31:24.0748 2672 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt H:\Windows\system32\drivers\HidBatt.sys 14:31:24.0794 2672 HidBatt - ok 14:31:24.0810 2672 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth H:\Windows\system32\drivers\hidbth.sys 14:31:24.0857 2672 HidBth - ok 14:31:24.0888 2672 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr H:\Windows\system32\drivers\hidir.sys 14:31:24.0919 2672 HidIr - ok 14:31:24.0950 2672 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv H:\Windows\system32\hidserv.dll 14:31:25.0013 2672 hidserv - ok 14:31:25.0060 2672 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb H:\Windows\system32\DRIVERS\hidusb.sys 14:31:25.0091 2672 HidUsb - ok 14:31:25.0122 2672 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc H:\Windows\system32\kmsvc.dll 14:31:25.0153 2672 hkmsvc - ok 14:31:25.0169 2672 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener H:\Windows\system32\ListSvc.dll 14:31:25.0216 2672 HomeGroupListener - ok 14:31:25.0247 2672 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider H:\Windows\system32\provsvc.dll 14:31:25.0309 2672 HomeGroupProvider - ok 14:31:25.0340 2672 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD H:\Windows\system32\drivers\HpSAMD.sys 14:31:25.0372 2672 HpSAMD - ok 14:31:25.0403 2672 [ 871917B07A141BFF43D76D8844D48106 ] HTTP H:\Windows\system32\drivers\HTTP.sys 14:31:25.0434 2672 HTTP - ok 14:31:25.0465 2672 [ 42A64382A0607B80C99C37170911B346 ] huawei_cdcacm H:\Windows\system32\DRIVERS\ew_jucdcacm.sys 14:31:25.0481 2672 huawei_cdcacm - ok 14:31:25.0496 2672 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator H:\Windows\system32\DRIVERS\ew_jubusenum.sys 14:31:25.0543 2672 huawei_enumerator - ok 14:31:25.0590 2672 [ 69A103138B77AC0950EC3846E2E6F655 ] huawei_ext_ctrl H:\Windows\system32\DRIVERS\ew_juextctrl.sys 14:31:25.0637 2672 huawei_ext_ctrl - ok 14:31:25.0668 2672 [ 7DE001BAB4056257E1792AF1FCFA489F ] huawei_wwanecm H:\Windows\system32\DRIVERS\ew_juwwanecm.sys 14:31:25.0684 2672 huawei_wwanecm - ok 14:31:25.0746 2672 [ F547F862B8907F1BCBD9B72A72A6449E ] hwdatacard H:\Windows\system32\DRIVERS\ewusbmdm.sys 14:31:25.0808 2672 hwdatacard - ok 14:31:25.0840 2672 HWDeviceService.exe - ok 14:31:25.0855 2672 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy H:\Windows\system32\drivers\hwpolicy.sys 14:31:25.0871 2672 hwpolicy - ok 14:31:25.0886 2672 hwusbdev - ok 14:31:25.0949 2672 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt H:\Windows\system32\DRIVERS\i8042prt.sys 14:31:25.0980 2672 i8042prt - ok 14:31:26.0027 2672 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV H:\Windows\system32\drivers\iaStorV.sys 14:31:26.0058 2672 iaStorV - ok 14:31:26.0105 2672 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc H:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:31:26.0152 2672 idsvc - ok 14:31:26.0261 2672 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx H:\Windows\system32\DRIVERS\igdkmd32.sys 14:31:26.0386 2672 igfx - ok 14:31:26.0417 2672 [ 4173FF5708F3236CF25195FECD742915 ] iirsp H:\Windows\system32\drivers\iirsp.sys 14:31:26.0448 2672 iirsp - ok 14:31:26.0495 2672 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT H:\Windows\System32\ikeext.dll 14:31:26.0557 2672 IKEEXT - ok 14:31:26.0588 2672 IntcAzAudAddService - ok 14:31:26.0604 2672 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide H:\Windows\system32\drivers\intelide.sys 14:31:26.0620 2672 intelide - ok 14:31:26.0635 2672 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm H:\Windows\system32\DRIVERS\intelppm.sys 14:31:26.0651 2672 intelppm - ok 14:31:26.0666 2672 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum H:\Windows\system32\ipbusenum.dll 14:31:26.0698 2672 IPBusEnum - ok 14:31:26.0729 2672 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver H:\Windows\system32\DRIVERS\ipfltdrv.sys 14:31:26.0744 2672 IpFilterDriver - ok 14:31:26.0791 2672 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc H:\Windows\System32\iphlpsvc.dll 14:31:26.0869 2672 iphlpsvc - ok 14:31:26.0885 2672 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV H:\Windows\system32\drivers\IPMIDrv.sys 14:31:26.0900 2672 IPMIDRV - ok 14:31:26.0932 2672 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT H:\Windows\system32\drivers\ipnat.sys 14:31:26.0978 2672 IPNAT - ok 14:31:27.0025 2672 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service H:\Program Files\iPod\bin\iPodService.exe 14:31:27.0056 2672 iPod Service - ok 14:31:27.0072 2672 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM H:\Windows\system32\drivers\irenum.sys 14:31:27.0103 2672 IRENUM - ok 14:31:27.0134 2672 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp H:\Windows\system32\drivers\isapnp.sys 14:31:27.0150 2672 isapnp - ok 14:31:27.0181 2672 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt H:\Windows\system32\drivers\msiscsi.sys 14:31:27.0197 2672 iScsiPrt - ok 14:31:27.0228 2672 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass H:\Windows\system32\DRIVERS\kbdclass.sys 14:31:27.0259 2672 kbdclass - ok 14:31:27.0290 2672 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid H:\Windows\system32\DRIVERS\kbdhid.sys 14:31:27.0322 2672 kbdhid - ok 14:31:27.0322 2672 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso H:\Windows\system32\lsass.exe 14:31:27.0368 2672 KeyIso - ok 14:31:27.0400 2672 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD H:\Windows\system32\Drivers\ksecdd.sys 14:31:27.0415 2672 KSecDD - ok 14:31:27.0431 2672 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg H:\Windows\system32\Drivers\ksecpkg.sys 14:31:27.0446 2672 KSecPkg - ok 14:31:27.0493 2672 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm H:\Windows\system32\msdtckrm.dll 14:31:27.0524 2672 KtmRm - ok 14:31:27.0571 2672 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer H:\Windows\system32\srvsvc.dll 14:31:27.0618 2672 LanmanServer - ok 14:31:27.0665 2672 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation H:\Windows\System32\wkssvc.dll 14:31:27.0696 2672 LanmanWorkstation - ok 14:31:27.0727 2672 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio H:\Windows\system32\DRIVERS\lltdio.sys 14:31:27.0774 2672 lltdio - ok 14:31:27.0805 2672 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc H:\Windows\System32\lltdsvc.dll 14:31:27.0836 2672 lltdsvc - ok 14:31:27.0852 2672 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts H:\Windows\System32\lmhsvc.dll 14:31:27.0899 2672 lmhosts - ok 14:31:27.0930 2672 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC H:\Windows\system32\drivers\lsi_fc.sys 14:31:27.0946 2672 LSI_FC - ok 14:31:27.0946 2672 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS H:\Windows\system32\drivers\lsi_sas.sys 14:31:27.0961 2672 LSI_SAS - ok 14:31:27.0977 2672 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 H:\Windows\system32\drivers\lsi_sas2.sys 14:31:27.0992 2672 LSI_SAS2 - ok 14:31:28.0008 2672 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI H:\Windows\system32\drivers\lsi_scsi.sys 14:31:28.0024 2672 LSI_SCSI - ok 14:31:28.0039 2672 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv H:\Windows\system32\drivers\luafv.sys 14:31:28.0070 2672 luafv - ok 14:31:28.0117 2672 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService H:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe 14:31:28.0148 2672 McComponentHostService - ok 14:31:28.0180 2672 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc H:\Windows\system32\Mcx2Svc.dll 14:31:28.0195 2672 Mcx2Svc - ok 14:31:28.0242 2672 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas H:\Windows\system32\drivers\megasas.sys 14:31:28.0258 2672 megasas - ok 14:31:28.0289 2672 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR H:\Windows\system32\drivers\MegaSR.sys 14:31:28.0304 2672 MegaSR - ok 14:31:28.0336 2672 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS H:\Windows\system32\mmcss.dll 14:31:28.0414 2672 MMCSS - ok 14:31:28.0429 2672 [ F001861E5700EE84E2D4E52C712F4964 ] Modem H:\Windows\system32\drivers\modem.sys 14:31:28.0476 2672 Modem - ok 14:31:28.0523 2672 [ 79D10964DE86B292320E9DFE02282A23 ] monitor H:\Windows\system32\DRIVERS\monitor.sys 14:31:28.0554 2672 monitor - ok 14:31:28.0585 2672 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass H:\Windows\system32\DRIVERS\mouclass.sys 14:31:28.0601 2672 mouclass - ok 14:31:28.0616 2672 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid H:\Windows\system32\DRIVERS\mouhid.sys 14:31:28.0648 2672 mouhid - ok 14:31:28.0679 2672 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr H:\Windows\system32\drivers\mountmgr.sys 14:31:28.0694 2672 mountmgr - ok 14:31:28.0741 2672 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance H:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 14:31:28.0772 2672 MozillaMaintenance - ok 14:31:28.0788 2672 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio H:\Windows\system32\drivers\mpio.sys 14:31:28.0804 2672 mpio - ok 14:31:28.0819 2672 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv H:\Windows\system32\drivers\mpsdrv.sys 14:31:28.0850 2672 mpsdrv - ok 14:31:28.0897 2672 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc H:\Windows\system32\mpssvc.dll 14:31:28.0928 2672 MpsSvc - ok 14:31:28.0960 2672 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV H:\Windows\system32\drivers\mrxdav.sys 14:31:28.0991 2672 MRxDAV - ok 14:31:29.0038 2672 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb H:\Windows\system32\DRIVERS\mrxsmb.sys 14:31:29.0069 2672 mrxsmb - ok 14:31:29.0084 2672 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 H:\Windows\system32\DRIVERS\mrxsmb10.sys 14:31:29.0116 2672 mrxsmb10 - ok 14:31:29.0131 2672 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 H:\Windows\system32\DRIVERS\mrxsmb20.sys 14:31:29.0178 2672 mrxsmb20 - ok 14:31:29.0209 2672 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci H:\Windows\system32\drivers\msahci.sys 14:31:29.0225 2672 msahci - ok 14:31:29.0256 2672 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm H:\Windows\system32\drivers\msdsm.sys 14:31:29.0287 2672 msdsm - ok 14:31:29.0334 2672 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC H:\Windows\System32\msdtc.exe 14:31:29.0381 2672 MSDTC - ok 14:31:29.0396 2672 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs H:\Windows\system32\drivers\Msfs.sys 14:31:29.0428 2672 Msfs - ok 14:31:29.0443 2672 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf H:\Windows\System32\drivers\mshidkmdf.sys 14:31:29.0474 2672 mshidkmdf - ok 14:31:29.0474 2672 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv H:\Windows\system32\drivers\msisadrv.sys 14:31:29.0490 2672 msisadrv - ok 14:31:29.0537 2672 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI H:\Windows\system32\iscsiexe.dll 14:31:29.0584 2672 MSiSCSI - ok 14:31:29.0584 2672 msiserver - ok 14:31:29.0615 2672 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV H:\Windows\system32\drivers\MSKSSRV.sys 14:31:29.0630 2672 MSKSSRV - ok 14:31:29.0677 2672 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK H:\Windows\system32\drivers\MSPCLOCK.sys 14:31:29.0724 2672 MSPCLOCK - ok 14:31:29.0755 2672 [ F456E973590D663B1073E9C463B40932 ] MSPQM H:\Windows\system32\drivers\MSPQM.sys 14:31:29.0786 2672 MSPQM - ok 14:31:29.0818 2672 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC H:\Windows\system32\drivers\MsRPC.sys 14:31:29.0833 2672 MsRPC - ok 14:31:29.0864 2672 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios H:\Windows\system32\DRIVERS\mssmbios.sys 14:31:29.0880 2672 mssmbios - ok 14:31:29.0896 2672 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE H:\Windows\system32\drivers\MSTEE.sys 14:31:29.0911 2672 MSTEE - ok 14:31:29.0927 2672 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig H:\Windows\system32\drivers\MTConfig.sys 14:31:29.0958 2672 MTConfig - ok 14:31:29.0989 2672 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor H:\Windows\system32\DRIVERS\ASACPI.sys 14:31:30.0005 2672 MTsensor - ok 14:31:30.0020 2672 [ 159FAD02F64E6381758C990F753BCC80 ] Mup H:\Windows\system32\Drivers\mup.sys 14:31:30.0036 2672 Mup - ok 14:31:30.0067 2672 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent H:\Windows\system32\qagentRT.dll 14:31:30.0114 2672 napagent - ok 14:31:30.0161 2672 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP H:\Windows\system32\DRIVERS\nwifi.sys 14:31:30.0208 2672 NativeWifiP - ok 14:31:30.0254 2672 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS H:\Windows\system32\drivers\ndis.sys 14:31:30.0286 2672 NDIS - ok 14:31:30.0286 2672 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap H:\Windows\system32\DRIVERS\ndiscap.sys 14:31:30.0317 2672 NdisCap - ok 14:31:30.0379 2672 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi H:\Windows\system32\DRIVERS\ndistapi.sys 14:31:30.0442 2672 NdisTapi - ok 14:31:30.0473 2672 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio H:\Windows\system32\DRIVERS\ndisuio.sys 14:31:30.0504 2672 Ndisuio - ok 14:31:30.0520 2672 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan H:\Windows\system32\DRIVERS\ndiswan.sys 14:31:30.0566 2672 NdisWan - ok 14:31:30.0598 2672 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy H:\Windows\system32\drivers\NDProxy.sys 14:31:30.0629 2672 NDProxy - ok 14:31:30.0660 2672 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS H:\Windows\system32\DRIVERS\netbios.sys 14:31:30.0722 2672 NetBIOS - ok 14:31:30.0738 2672 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT H:\Windows\system32\DRIVERS\netbt.sys 14:31:30.0816 2672 NetBT - ok 14:31:30.0832 2672 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon H:\Windows\system32\lsass.exe 14:31:30.0847 2672 Netlogon - ok 14:31:30.0894 2672 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman H:\Windows\System32\netman.dll 14:31:30.0925 2672 Netman - ok 14:31:30.0956 2672 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm H:\Windows\System32\netprofm.dll 14:31:31.0003 2672 netprofm - ok 14:31:31.0034 2672 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing H:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:31:31.0034 2672 NetTcpPortSharing - ok 14:31:31.0081 2672 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 H:\Windows\system32\drivers\nfrd960.sys 14:31:31.0081 2672 nfrd960 - ok 14:31:31.0144 2672 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc H:\Windows\System32\nlasvc.dll 14:31:31.0190 2672 NlaSvc - ok 14:31:31.0206 2672 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs H:\Windows\system32\drivers\Npfs.sys 14:31:31.0237 2672 Npfs - ok 14:31:31.0268 2672 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi H:\Windows\system32\nsisvc.dll 14:31:31.0315 2672 nsi - ok 14:31:31.0331 2672 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy H:\Windows\system32\drivers\nsiproxy.sys 14:31:31.0362 2672 nsiproxy - ok 14:31:31.0471 2672 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs H:\Windows\system32\drivers\Ntfs.sys 14:31:31.0534 2672 Ntfs - ok 14:31:31.0580 2672 [ F9756A98D69098DCA8945D62858A812C ] Null H:\Windows\system32\drivers\Null.sys 14:31:31.0612 2672 Null - ok 14:31:31.0908 2672 [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm H:\Windows\system32\DRIVERS\nvlddmkm.sys 14:31:32.0048 2672 nvlddmkm - ok 14:31:32.0095 2672 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid H:\Windows\system32\drivers\nvraid.sys 14:31:32.0111 2672 nvraid - ok 14:31:32.0126 2672 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor H:\Windows\system32\drivers\nvstor.sys 14:31:32.0142 2672 nvstor - ok 14:31:32.0189 2672 [ 439FD6A5A34113388C51C48D0E5092AA ] nvsvc H:\Windows\system32\nvvsvc.exe 14:31:32.0220 2672 nvsvc - ok 14:31:32.0298 2672 [ E3C7676582502C5E4BB9288C3617AB59 ] nvUpdatusService H:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 14:31:32.0329 2672 nvUpdatusService - ok 14:31:32.0345 2672 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp H:\Windows\system32\drivers\nv_agp.sys 14:31:32.0360 2672 nv_agp - ok 14:31:32.0392 2672 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 H:\Windows\system32\drivers\ohci1394.sys 14:31:32.0423 2672 ohci1394 - ok 14:31:32.0470 2672 [ F2519D547A6AC2AFE0DF0DC826A085A7 ] P17 H:\Windows\system32\drivers\P17.sys 14:31:32.0501 2672 P17 - ok 14:31:32.0532 2672 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc H:\Windows\system32\pnrpsvc.dll 14:31:32.0579 2672 p2pimsvc - ok 14:31:32.0594 2672 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc H:\Windows\system32\p2psvc.dll 14:31:32.0626 2672 p2psvc - ok 14:31:32.0657 2672 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport H:\Windows\system32\drivers\parport.sys 14:31:32.0672 2672 Parport - ok 14:31:32.0688 2672 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr H:\Windows\system32\drivers\partmgr.sys 14:31:32.0704 2672 partmgr - ok 14:31:32.0735 2672 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm H:\Windows\system32\drivers\parvdm.sys 14:31:32.0750 2672 Parvdm - ok 14:31:32.0766 2672 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc H:\Windows\System32\pcasvc.dll 14:31:32.0797 2672 PcaSvc - ok 14:31:32.0813 2672 [ 673E55C3498EB970088E812EA820AA8F ] pci H:\Windows\system32\drivers\pci.sys 14:31:32.0828 2672 pci - ok 14:31:32.0844 2672 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide H:\Windows\system32\drivers\pciide.sys 14:31:32.0860 2672 pciide - ok 14:31:32.0875 2672 [ F396431B31693E71E8A80687EF523506 ] pcmcia H:\Windows\system32\drivers\pcmcia.sys 14:31:32.0891 2672 pcmcia - ok 14:31:32.0906 2672 [ 250F6B43D2B613172035C6747AEEB19F ] pcw H:\Windows\system32\drivers\pcw.sys 14:31:32.0922 2672 pcw - ok 14:31:32.0953 2672 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH H:\Windows\system32\drivers\peauth.sys 14:31:33.0016 2672 PEAUTH - ok 14:31:33.0062 2672 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla H:\Windows\system32\pla.dll 14:31:33.0140 2672 pla - ok 14:31:33.0187 2672 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay H:\Windows\system32\umpnpmgr.dll 14:31:33.0250 2672 PlugPlay - ok 14:31:33.0265 2672 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg H:\Windows\system32\pnrpauto.dll 14:31:33.0296 2672 PNRPAutoReg - ok 14:31:33.0328 2672 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc H:\Windows\system32\pnrpsvc.dll 14:31:33.0343 2672 PNRPsvc - ok 14:31:33.0374 2672 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent H:\Windows\System32\ipsecsvc.dll 14:31:33.0421 2672 PolicyAgent - ok 14:31:33.0452 2672 [ F87D30E72E03D579A5199CCB3831D6EA ] Power H:\Windows\system32\umpo.dll 14:31:33.0499 2672 Power - ok 14:31:33.0546 2672 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport H:\Windows\system32\DRIVERS\raspptp.sys 14:31:33.0608 2672 PptpMiniport - ok 14:31:33.0624 2672 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor H:\Windows\system32\drivers\processr.sys 14:31:33.0671 2672 Processor - ok 14:31:33.0718 2672 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc H:\Windows\system32\profsvc.dll 14:31:33.0764 2672 ProfSvc - ok 14:31:33.0780 2672 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage H:\Windows\system32\lsass.exe 14:31:33.0811 2672 ProtectedStorage - ok 14:31:33.0827 2672 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched H:\Windows\system32\DRIVERS\pacer.sys 14:31:33.0874 2672 Psched - ok 14:31:33.0920 2672 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 H:\Windows\system32\drivers\ql2300.sys 14:31:33.0967 2672 ql2300 - ok 14:31:33.0967 2672 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx H:\Windows\system32\drivers\ql40xx.sys 14:31:33.0983 2672 ql40xx - ok 14:31:34.0014 2672 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE H:\Windows\system32\qwave.dll 14:31:34.0045 2672 QWAVE - ok 14:31:34.0076 2672 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv H:\Windows\system32\drivers\qwavedrv.sys 14:31:34.0092 2672 QWAVEdrv - ok 14:31:34.0108 2672 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd H:\Windows\system32\DRIVERS\rasacd.sys 14:31:34.0154 2672 RasAcd - ok 14:31:34.0186 2672 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn H:\Windows\system32\DRIVERS\AgileVpn.sys 14:31:34.0232 2672 RasAgileVpn - ok 14:31:34.0248 2672 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto H:\Windows\System32\rasauto.dll 14:31:34.0295 2672 RasAuto - ok 14:31:34.0326 2672 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp H:\Windows\system32\DRIVERS\rasl2tp.sys 14:31:34.0373 2672 Rasl2tp - ok 14:31:34.0420 2672 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan H:\Windows\System32\rasmans.dll 14:31:34.0466 2672 RasMan - ok 14:31:34.0498 2672 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe H:\Windows\system32\DRIVERS\raspppoe.sys 14:31:34.0529 2672 RasPppoe - ok 14:31:34.0560 2672 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp H:\Windows\system32\DRIVERS\rassstp.sys 14:31:34.0591 2672 RasSstp - ok 14:31:34.0622 2672 [ D528BC58A489409BA40334EBF96A311B ] rdbss H:\Windows\system32\DRIVERS\rdbss.sys 14:31:34.0654 2672 rdbss - ok 14:31:34.0669 2672 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus H:\Windows\system32\drivers\rdpbus.sys 14:31:34.0685 2672 rdpbus - ok 14:31:34.0700 2672 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD H:\Windows\system32\DRIVERS\RDPCDD.sys 14:31:34.0732 2672 RDPCDD - ok 14:31:34.0763 2672 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD H:\Windows\system32\drivers\rdpencdd.sys 14:31:34.0794 2672 RDPENCDD - ok 14:31:34.0825 2672 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP H:\Windows\system32\drivers\rdprefmp.sys 14:31:34.0888 2672 RDPREFMP - ok 14:31:34.0919 2672 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD H:\Windows\system32\drivers\RDPWD.sys 14:31:34.0966 2672 RDPWD - ok 14:31:35.0012 2672 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost H:\Windows\system32\drivers\rdyboost.sys 14:31:35.0044 2672 rdyboost - ok 14:31:35.0075 2672 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess H:\Windows\System32\mprdim.dll 14:31:35.0106 2672 RemoteAccess - ok 14:31:35.0137 2672 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry H:\Windows\system32\regsvc.dll 14:31:35.0168 2672 RemoteRegistry - ok 14:31:35.0184 2672 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper H:\Windows\System32\RpcEpMap.dll 14:31:35.0231 2672 RpcEptMapper - ok 14:31:35.0246 2672 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator H:\Windows\system32\locator.exe 14:31:35.0293 2672 RpcLocator - ok 14:31:35.0309 2672 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs H:\Windows\system32\rpcss.dll 14:31:35.0340 2672 RpcSs - ok 14:31:35.0356 2672 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr H:\Windows\system32\DRIVERS\rspndr.sys 14:31:35.0418 2672 rspndr - ok 14:31:35.0434 2672 [ F68BDFAB9DC5E516AE38BB64116E6C52 ] RzSynapse H:\Windows\system32\DRIVERS\RzSynapse.sys 14:31:35.0480 2672 RzSynapse - ok 14:31:35.0496 2672 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs H:\Windows\system32\lsass.exe 14:31:35.0512 2672 SamSs - ok 14:31:35.0558 2672 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port H:\Windows\system32\drivers\sbp2port.sys 14:31:35.0574 2672 sbp2port - ok 14:31:35.0605 2672 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr H:\Windows\System32\SCardSvr.dll 14:31:35.0652 2672 SCardSvr - ok 14:31:35.0668 2672 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter H:\Windows\system32\DRIVERS\scfilter.sys 14:31:35.0714 2672 scfilter - ok 14:31:35.0746 2672 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule H:\Windows\system32\schedsvc.dll 14:31:35.0808 2672 Schedule - ok 14:31:35.0824 2672 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc H:\Windows\System32\certprop.dll 14:31:35.0855 2672 SCPolicySvc - ok 14:31:35.0855 2672 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC H:\Windows\System32\SDRSVC.dll 14:31:35.0917 2672 SDRSVC - ok 14:31:35.0948 2672 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv H:\Windows\system32\drivers\secdrv.sys 14:31:35.0980 2672 secdrv - ok 14:31:35.0995 2672 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon H:\Windows\system32\seclogon.dll 14:31:36.0042 2672 seclogon - ok 14:31:36.0073 2672 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS H:\Windows\System32\sens.dll 14:31:36.0120 2672 SENS - ok 14:31:36.0151 2672 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc H:\Windows\system32\sensrsvc.dll 14:31:36.0198 2672 SensrSvc - ok 14:31:36.0229 2672 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum H:\Windows\system32\DRIVERS\serenum.sys 14:31:36.0245 2672 Serenum - ok 14:31:36.0276 2672 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial H:\Windows\system32\DRIVERS\serial.sys 14:31:36.0307 2672 Serial - ok 14:31:36.0338 2672 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse H:\Windows\system32\drivers\sermouse.sys 14:31:36.0354 2672 sermouse - ok 14:31:36.0385 2672 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv H:\Windows\system32\sessenv.dll 14:31:36.0432 2672 SessionEnv - ok 14:31:36.0448 2672 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk H:\Windows\system32\drivers\sffdisk.sys 14:31:36.0479 2672 sffdisk - ok 14:31:36.0494 2672 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc H:\Windows\system32\drivers\sffp_mmc.sys 14:31:36.0526 2672 sffp_mmc - ok 14:31:36.0541 2672 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd H:\Windows\system32\drivers\sffp_sd.sys 14:31:36.0572 2672 sffp_sd - ok 14:31:36.0588 2672 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy H:\Windows\system32\DRIVERS\sfloppy.sys 14:31:36.0604 2672 sfloppy - ok 14:31:36.0635 2672 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess H:\Windows\System32\ipnathlp.dll 14:31:36.0697 2672 SharedAccess - ok 14:31:36.0744 2672 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection H:\Windows\System32\shsvcs.dll 14:31:36.0806 2672 ShellHWDetection - ok 14:31:36.0822 2672 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp H:\Windows\system32\drivers\sisagp.sys 14:31:36.0838 2672 sisagp - ok 14:31:36.0853 2672 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 H:\Windows\system32\drivers\SiSRaid2.sys 14:31:36.0869 2672 SiSRaid2 - ok 14:31:36.0884 2672 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 H:\Windows\system32\drivers\sisraid4.sys 14:31:36.0900 2672 SiSRaid4 - ok 14:31:36.0947 2672 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate H:\Program Files\Skype\Updater\Updater.exe 14:31:36.0978 2672 SkypeUpdate - ok 14:31:37.0009 2672 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb H:\Windows\system32\DRIVERS\smb.sys 14:31:37.0056 2672 Smb - ok 14:31:37.0087 2672 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP H:\Windows\System32\snmptrap.exe 14:31:37.0118 2672 SNMPTRAP - ok 14:31:37.0134 2672 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr H:\Windows\system32\drivers\spldr.sys 14:31:37.0150 2672 spldr - ok 14:31:37.0181 2672 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler H:\Windows\System32\spoolsv.exe 14:31:37.0243 2672 Spooler - ok 14:31:37.0306 2672 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc H:\Windows\system32\sppsvc.exe 14:31:37.0384 2672 sppsvc - ok 14:31:37.0415 2672 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify H:\Windows\system32\sppuinotify.dll 14:31:37.0430 2672 sppuinotify - ok 14:31:37.0462 2672 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv H:\Windows\system32\DRIVERS\srv.sys 14:31:37.0508 2672 srv - ok 14:31:37.0540 2672 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 H:\Windows\system32\DRIVERS\srv2.sys 14:31:37.0571 2672 srv2 - ok 14:31:37.0586 2672 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet H:\Windows\system32\DRIVERS\srvnet.sys 14:31:37.0633 2672 srvnet - ok 14:31:37.0664 2672 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV H:\Windows\System32\ssdpsrv.dll 14:31:37.0696 2672 SSDPSRV - ok 14:31:37.0711 2672 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc H:\Windows\system32\sstpsvc.dll 14:31:37.0758 2672 SstpSvc - ok 14:31:37.0774 2672 Steam Client Service - ok 14:31:37.0836 2672 [ 81F177C1954453AF407604160BD149CB ] Stereo Service H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 14:31:37.0852 2672 Stereo Service - ok 14:31:37.0883 2672 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor H:\Windows\system32\drivers\stexstor.sys 14:31:37.0898 2672 stexstor - ok 14:31:37.0945 2672 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc H:\Windows\System32\wiaservc.dll 14:31:38.0008 2672 StiSvc - ok 14:31:38.0023 2672 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum H:\Windows\system32\DRIVERS\swenum.sys 14:31:38.0039 2672 swenum - ok 14:31:38.0086 2672 [ A28BD92DF340E57B024BA433165D34D7 ] swprv H:\Windows\System32\swprv.dll 14:31:38.0132 2672 swprv - ok 14:31:38.0164 2672 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain H:\Windows\system32\sysmain.dll 14:31:38.0210 2672 SysMain - ok 14:31:38.0226 2672 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService H:\Windows\System32\TabSvc.dll 14:31:38.0257 2672 TabletInputService - ok 14:31:38.0273 2672 [ 613BF4820361543956909043A265C6AC ] TapiSrv H:\Windows\System32\tapisrv.dll 14:31:38.0320 2672 TapiSrv - ok 14:31:38.0351 2672 [ B799D9FDB26111737F58288D8DC172D9 ] TBS H:\Windows\System32\tbssvc.dll 14:31:38.0398 2672 TBS - ok 14:31:38.0444 2672 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip H:\Windows\system32\drivers\tcpip.sys 14:31:38.0491 2672 Tcpip - ok 14:31:38.0507 2672 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 H:\Windows\system32\DRIVERS\tcpip.sys 14:31:38.0554 2672 TCPIP6 - ok 14:31:38.0569 2672 [ 74905EBCBB8CBDB1F3C0B1778BBCB4BC ] tcpipBM H:\Windows\system32\drivers\tcpipBM.sys 14:31:38.0585 2672 tcpipBM ( UnsignedFile.Multi.Generic ) - warning 14:31:38.0585 2672 tcpipBM - detected UnsignedFile.Multi.Generic (1) 14:31:38.0616 2672 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg H:\Windows\system32\drivers\tcpipreg.sys 14:31:38.0647 2672 tcpipreg - ok 14:31:38.0678 2672 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE H:\Windows\system32\drivers\tdpipe.sys 14:31:38.0694 2672 TDPIPE - ok 14:31:38.0710 2672 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP H:\Windows\system32\drivers\tdtcp.sys 14:31:38.0725 2672 TDTCP - ok 14:31:38.0756 2672 [ B459575348C20E8121D6039DA063C704 ] tdx H:\Windows\system32\DRIVERS\tdx.sys 14:31:38.0788 2672 tdx - ok 14:31:38.0803 2672 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD H:\Windows\system32\DRIVERS\termdd.sys 14:31:38.0819 2672 TermDD - ok 14:31:38.0850 2672 [ 382C804C92811BE57829D8E550A900E2 ] TermService H:\Windows\System32\termsrv.dll 14:31:38.0881 2672 TermService - ok 14:31:38.0912 2672 [ 59CFDA4EACB3788F8B17F87B49B0AC0E ] Themes H:\Windows\system32\themeservice.dll 14:31:38.0912 2672 Themes ( UnsignedFile.Multi.Generic ) - warning 14:31:38.0912 2672 Themes - detected UnsignedFile.Multi.Generic (1) 14:31:38.0928 2672 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER H:\Windows\system32\mmcss.dll 14:31:38.0959 2672 THREADORDER - ok 14:31:38.0959 2672 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks H:\Windows\System32\trkwks.dll 14:31:39.0006 2672 TrkWks - ok 14:31:39.0068 2672 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller H:\Windows\servicing\TrustedInstaller.exe 14:31:39.0131 2672 TrustedInstaller - ok 14:31:39.0162 2672 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv H:\Windows\system32\DRIVERS\tssecsrv.sys 14:31:39.0209 2672 tssecsrv - ok 14:31:39.0224 2672 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt H:\Windows\system32\drivers\tsusbflt.sys 14:31:39.0240 2672 TsUsbFlt - ok 14:31:39.0271 2672 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD H:\Windows\system32\drivers\TsUsbGD.sys 14:31:39.0287 2672 TsUsbGD - ok 14:31:39.0318 2672 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel H:\Windows\system32\DRIVERS\tunnel.sys 14:31:39.0365 2672 tunnel - ok 14:31:39.0380 2672 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 H:\Windows\system32\drivers\uagp35.sys 14:31:39.0396 2672 uagp35 - ok 14:31:39.0412 2672 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs H:\Windows\system32\DRIVERS\udfs.sys 14:31:39.0458 2672 udfs - ok 14:31:39.0505 2672 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect H:\Windows\system32\UI0Detect.exe 14:31:39.0536 2672 UI0Detect - ok 14:31:39.0552 2672 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx H:\Windows\system32\drivers\uliagpkx.sys 14:31:39.0568 2672 uliagpkx - ok 14:31:39.0583 2672 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus H:\Windows\system32\DRIVERS\umbus.sys 14:31:39.0599 2672 umbus - ok 14:31:39.0630 2672 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass H:\Windows\system32\drivers\umpass.sys 14:31:39.0677 2672 UmPass - ok 14:31:39.0692 2672 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost H:\Windows\System32\upnphost.dll 14:31:39.0755 2672 upnphost - ok 14:31:39.0786 2672 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL H:\Windows\system32\Drivers\usbaapl.sys 14:31:39.0833 2672 USBAAPL - ok 14:31:39.0864 2672 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp H:\Windows\system32\DRIVERS\usbccgp.sys 14:31:39.0880 2672 usbccgp - ok 14:31:39.0911 2672 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir H:\Windows\system32\drivers\usbcir.sys 14:31:39.0942 2672 usbcir - ok 14:31:39.0973 2672 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci H:\Windows\system32\DRIVERS\usbehci.sys 14:31:40.0020 2672 usbehci - ok 14:31:40.0051 2672 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub H:\Windows\system32\DRIVERS\usbhub.sys 14:31:40.0082 2672 usbhub - ok 14:31:40.0098 2672 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci H:\Windows\system32\drivers\usbohci.sys 14:31:40.0129 2672 usbohci - ok 14:31:40.0145 2672 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint H:\Windows\system32\drivers\usbprint.sys 14:31:40.0176 2672 usbprint - ok 14:31:40.0192 2672 [ F991AB9CC6B908DB552166768176896A ] USBSTOR H:\Windows\system32\DRIVERS\USBSTOR.SYS 14:31:40.0207 2672 USBSTOR - ok 14:31:40.0223 2672 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci H:\Windows\system32\DRIVERS\usbuhci.sys 14:31:40.0254 2672 usbuhci - ok 14:31:40.0270 2672 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms H:\Windows\System32\uxsms.dll 14:31:40.0301 2672 UxSms - ok 14:31:40.0332 2672 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc H:\Windows\system32\lsass.exe 14:31:40.0348 2672 VaultSvc - ok 14:31:40.0379 2672 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot H:\Windows\system32\drivers\vdrvroot.sys 14:31:40.0394 2672 vdrvroot - ok 14:31:40.0410 2672 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds H:\Windows\System32\vds.exe 14:31:40.0472 2672 vds - ok 14:31:40.0488 2672 [ 17C408214EA61696CEC9C66E388B14F3 ] vga H:\Windows\system32\DRIVERS\vgapnp.sys 14:31:40.0519 2672 vga - ok 14:31:40.0550 2672 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave H:\Windows\System32\drivers\vga.sys 14:31:40.0566 2672 VgaSave - ok 14:31:40.0597 2672 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp H:\Windows\system32\drivers\vhdmp.sys 14:31:40.0613 2672 vhdmp - ok 14:31:40.0628 2672 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp H:\Windows\system32\drivers\viaagp.sys 14:31:40.0644 2672 viaagp - ok 14:31:40.0660 2672 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 H:\Windows\system32\drivers\viac7.sys 14:31:40.0691 2672 ViaC7 - ok 14:31:40.0706 2672 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide H:\Windows\system32\drivers\viaide.sys 14:31:40.0722 2672 viaide - ok 14:31:40.0753 2672 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr H:\Windows\system32\drivers\volmgr.sys 14:31:40.0769 2672 volmgr - ok 14:31:40.0784 2672 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx H:\Windows\system32\drivers\volmgrx.sys 14:31:40.0816 2672 volmgrx - ok 14:31:40.0816 2672 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap H:\Windows\system32\drivers\volsnap.sys 14:31:40.0847 2672 volsnap - ok 14:31:40.0862 2672 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid H:\Windows\system32\drivers\vsmraid.sys 14:31:40.0878 2672 vsmraid - ok 14:31:40.0925 2672 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS H:\Windows\system32\vssvc.exe 14:31:41.0003 2672 VSS - ok 14:31:41.0018 2672 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus H:\Windows\System32\drivers\vwifibus.sys 14:31:41.0050 2672 vwifibus - ok 14:31:41.0081 2672 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time H:\Windows\system32\w32time.dll 14:31:41.0143 2672 W32Time - ok 14:31:41.0174 2672 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen H:\Windows\system32\drivers\wacompen.sys 14:31:41.0206 2672 WacomPen - ok 14:31:41.0237 2672 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP H:\Windows\system32\DRIVERS\wanarp.sys 14:31:41.0268 2672 WANARP - ok 14:31:41.0284 2672 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 H:\Windows\system32\DRIVERS\wanarp.sys 14:31:41.0299 2672 Wanarpv6 - ok 14:31:41.0377 2672 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc H:\Windows\system32\Wat\WatAdminSvc.exe 14:31:41.0440 2672 WatAdminSvc - ok 14:31:41.0486 2672 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine H:\Windows\system32\wbengine.exe 14:31:41.0533 2672 wbengine - ok 14:31:41.0549 2672 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc H:\Windows\System32\wbiosrvc.dll 14:31:41.0580 2672 WbioSrvc - ok 14:31:41.0596 2672 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc H:\Windows\System32\wcncsvc.dll 14:31:41.0627 2672 wcncsvc - ok 14:31:41.0642 2672 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService H:\Windows\System32\WcsPlugInService.dll 14:31:41.0674 2672 WcsPlugInService - ok 14:31:41.0705 2672 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd H:\Windows\system32\drivers\wd.sys 14:31:41.0720 2672 Wd - ok 14:31:41.0767 2672 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 H:\Windows\system32\drivers\Wdf01000.sys 14:31:41.0783 2672 Wdf01000 - ok 14:31:41.0798 2672 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost H:\Windows\system32\wdi.dll 14:31:41.0845 2672 WdiServiceHost - ok 14:31:41.0845 2672 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost H:\Windows\system32\wdi.dll 14:31:41.0861 2672 WdiSystemHost - ok 14:31:41.0908 2672 [ A9D880F97530D5B8FEE278923349929D ] WebClient H:\Windows\System32\webclnt.dll 14:31:41.0954 2672 WebClient - ok 14:31:41.0986 2672 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc H:\Windows\system32\wecsvc.dll 14:31:42.0017 2672 Wecsvc - ok 14:31:42.0032 2672 [ AC804569BB2364FB6017370258A4091B ] wercplsupport H:\Windows\System32\wercplsupport.dll 14:31:42.0079 2672 wercplsupport - ok 14:31:42.0095 2672 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc H:\Windows\System32\WerSvc.dll 14:31:42.0142 2672 WerSvc - ok 14:31:42.0157 2672 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf H:\Windows\system32\DRIVERS\wfplwf.sys 14:31:42.0188 2672 WfpLwf - ok 14:31:42.0220 2672 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount H:\Windows\system32\drivers\wimmount.sys 14:31:42.0235 2672 WIMMount - ok 14:31:42.0282 2672 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend H:\Program Files\Windows Defender\mpsvc.dll 14:31:42.0329 2672 WinDefend - ok 14:31:42.0344 2672 WinHttpAutoProxySvc - ok 14:31:42.0407 2672 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt H:\Windows\system32\wbem\WMIsvc.dll 14:31:42.0454 2672 Winmgmt - ok 14:31:42.0500 2672 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM H:\Windows\system32\WsmSvc.dll 14:31:42.0563 2672 WinRM - ok 14:31:42.0594 2672 [ A67E5F9A400F3BD1BE3D80613B45F708 ] winusb H:\Windows\system32\DRIVERS\winusb.sys 14:31:42.0641 2672 winusb - ok 14:31:42.0672 2672 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc H:\Windows\System32\wlansvc.dll 14:31:42.0719 2672 Wlansvc - ok 14:31:42.0734 2672 wlcrasvc - ok 14:31:42.0828 2672 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:31:42.0890 2672 wlidsvc - ok 14:31:42.0906 2672 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi H:\Windows\system32\drivers\wmiacpi.sys 14:31:42.0937 2672 WmiAcpi - ok 14:31:42.0968 2672 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv H:\Windows\system32\wbem\WmiApSrv.exe 14:31:43.0015 2672 wmiApSrv - ok 14:31:43.0078 2672 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc H:\Program Files\Windows Media Player\wmpnetwk.exe 14:31:43.0156 2672 WMPNetworkSvc - ok 14:31:43.0187 2672 WMZuneComm - ok 14:31:43.0218 2672 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc H:\Windows\System32\wpcsvc.dll 14:31:43.0280 2672 WPCSvc - ok 14:31:43.0280 2672 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum H:\Windows\system32\wpdbusenum.dll 14:31:43.0327 2672 WPDBusEnum - ok 14:31:43.0343 2672 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl H:\Windows\system32\drivers\ws2ifsl.sys 14:31:43.0374 2672 ws2ifsl - ok 14:31:43.0405 2672 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc H:\Windows\System32\wscsvc.dll 14:31:43.0421 2672 wscsvc - ok 14:31:43.0421 2672 WSearch - ok 14:31:43.0483 2672 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv H:\Windows\system32\wuaueng.dll 14:31:43.0530 2672 wuauserv - ok 14:31:43.0577 2672 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf H:\Windows\system32\drivers\WudfPf.sys 14:31:43.0608 2672 WudfPf - ok 14:31:43.0655 2672 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd H:\Windows\system32\DRIVERS\WUDFRd.sys 14:31:43.0702 2672 WUDFRd - ok 14:31:43.0733 2672 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc H:\Windows\System32\WUDFSvc.dll 14:31:43.0764 2672 wudfsvc - ok 14:31:43.0795 2672 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc H:\Windows\System32\wwansvc.dll 14:31:43.0826 2672 WwanSvc - ok 14:31:43.0904 2672 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater H:\Program Files\Yontoo Layers Runtime\Y2Desktop.Updater.exe 14:31:43.0904 2672 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning 14:31:43.0904 2672 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1) 14:31:43.0920 2672 ZuneNetworkSvc - ok 14:31:43.0936 2672 ZuneWlanCfgSvc - ok 14:31:43.0967 2672 ================ Scan global =============================== 14:31:43.0998 2672 [ DAB748AE0439955ED2FA22357533DDDB ] H:\Windows\system32\basesrv.dll 14:31:44.0045 2672 [ 1F5F07091D50244F17DD8D5147A628CC ] H:\Windows\system32\winsrv.dll 14:31:44.0060 2672 [ 1F5F07091D50244F17DD8D5147A628CC ] H:\Windows\system32\winsrv.dll 14:31:44.0092 2672 [ 364455805E64882844EE9ACB72522830 ] H:\Windows\system32\sxssrv.dll 14:31:44.0123 2672 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] H:\Windows\system32\services.exe 14:31:44.0123 2672 [Global] - ok 14:31:44.0123 2672 ================ Scan MBR ================================== 14:31:44.0138 2672 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:31:44.0404 2672 \Device\Harddisk0\DR0 - ok 14:31:44.0404 2672 ================ Scan VBR ================================== 14:31:44.0404 2672 [ 57E3F482BD6C367FA18C49AF69548CA0 ] \Device\Harddisk0\DR0\Partition1 14:31:44.0404 2672 \Device\Harddisk0\DR0\Partition1 - ok 14:31:44.0450 2672 [ 9F5A6A872184B363A93B0ACA159D82C2 ] \Device\Harddisk0\DR0\Partition2 14:31:44.0450 2672 \Device\Harddisk0\DR0\Partition2 - ok 14:31:44.0466 2672 [ 29FE1C801A1AED9F8C3C2C6EDF1DDC93 ] \Device\Harddisk0\DR0\Partition3 14:31:44.0466 2672 \Device\Harddisk0\DR0\Partition3 - ok 14:31:44.0497 2672 [ 4727F2F5F3E54533640937C9AE7DF880 ] \Device\Harddisk0\DR0\Partition4 14:31:44.0497 2672 \Device\Harddisk0\DR0\Partition4 - ok 14:31:44.0528 2672 [ 6FBDBCA440D593F3C1361D632B313630 ] \Device\Harddisk0\DR0\Partition5 14:31:44.0528 2672 \Device\Harddisk0\DR0\Partition5 - ok 14:31:44.0528 2672 ============================================================ 14:31:44.0528 2672 Scan finished 14:31:44.0528 2672 ============================================================ 14:31:44.0544 6056 Detected object count: 5 14:31:44.0544 6056 Actual detected object count: 5 14:32:04.0559 6056 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:04.0559 6056 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:04.0559 6056 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:04.0559 6056 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:04.0559 6056 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:04.0559 6056 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:04.0559 6056 Themes ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:04.0559 6056 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:32:04.0559 6056 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user 14:32:04.0559 6056 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip danke |
24.05.2013, 13:42 | #13 |
/// Malware-holic | serach nu, bitte um hilfe Hi, ist nich nötig meine Beiträge komplett zu zitieren :-) Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
24.05.2013, 16:13 | #14 |
| serach nu, bitte um hilfe Hejj, Du das läuft nun svhon seit ca 2h und lässt sich nicht mehr schließen |
24.05.2013, 17:15 | #15 |
/// Malware-holic | serach nu, bitte um hilfe geht es weiter, also die Stufen, dann lass es laufen, ansonsten mal neustarten, f8 drücken, abgesicherter Modus wählen in deinem Konto anmelden und erneut ausführen, dann wieder in den normalen Modus starten und Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu serach nu, bitte um hilfe |
browser, empfehlen, fehlermeldungen, firefox, gutes, komplett, kostenlos, loswerden, mail, min, neu, problem, programm, search, seite, startseite, stürzt, tagen, täglich, versucht, virenprogramm, virus, windows, windows 7, ändern |