Verschluesselungs Trojaner auch bei mir

conny24 · 18.06.2012, 10:03

Hallo,
ich sitze hier auch vor einem mit dem Verschluesselungs Trojaner befallenen Rechner.
Die OTL.Txt befindet sich hier im Anhang. Kann mir bitte jemand helfen und den Custom Scann zusammenstellen und weiter helfen. Gelsen habe ich schon fast alles und mir ist auch klar wie alles funktioniert nur der Fix Code ist mir unklar nach was ihr da schaut bitte um Hilfe.

Code:

ATTFilter

OTL logfile created on: 6/18/2012 1:51:16 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.14 Gb Total Space | 34.45 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 478.17 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 34.29 Gb Free Space | 46.01% Space Free | Partition Type: NTFS
Drive F: | 244.14 Gb Total Space | 181.72 Gb Free Space | 74.43% Space Free | Partition Type: NTFS
Drive G: | 210.34 Gb Total Space | 45.87 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
Drive H: | 3.72 Gb Total Space | 2.03 Gb Free Space | 54.54% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/06/06 09:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2011/01/26 07:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2011/01/14 02:57:45 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/27 10:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV:64bit: - [2009/10/15 00:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/07/23 12:25:28 | 000,626,208 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/23 12:25:28 | 000,206,880 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/06/05 12:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/06/11 15:17:03 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/25 14:12:35 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/21 23:55:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/12 05:57:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/26 10:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2012/02/10 00:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 15:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/01 06:41:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/17 05:26:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/02/07 10:41:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/14 09:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 08:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/28 11:25:40 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009/11/01 15:03:02 | 000,075,064 | ---- | M] () [Auto] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/13 21:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003/04/29 20:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/15 05:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/03 07:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/09/29 03:54:24 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2011/08/12 03:20:57 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2011/06/09 10:54:33 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/06/09 09:18:18 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/06/01 04:02:15 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/17 07:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/12/02 06:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/12/02 06:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 06:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/12/02 06:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/27 10:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010/09/27 10:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [File_System | Auto] -- C:\Windows\System32\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2010/02/26 08:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 08:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/01/12 00:19:32 | 000,095,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2010/01/07 06:31:20 | 000,075,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NmSerial.sys -- (nmserial)
DRV:64bit: - [2010/01/06 18:19:00 | 000,068,224 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2009/12/17 02:10:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009/12/17 02:10:34 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009/12/17 02:10:32 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2009/11/12 15:20:52 | 000,054,888 | ---- | M] (Videology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vidousb.sys -- (vidousb)
DRV:64bit: - [2009/11/06 02:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/10/22 10:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 10:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/14 07:49:02 | 000,062,976 | ---- | M] (u-blox) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ubloxVcp.sys -- (ubloxVcp)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/07/08 21:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/11/21 05:54:08 | 000,025,600 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AMDx64CUT.sys -- (SUMMACUTamd)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/12 02:09:06 | 000,064,512 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mchpusb64.sys -- (MCHPUSB)
DRV:64bit: - [2008/01/02 08:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007/07/23 02:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/30 08:42:34 | 012,333,568 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV:64bit: - [2007/03/20 04:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2007/02/16 05:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2005/12/13 19:53:42 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV - [2012/01/05 03:24:51 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2007/03/30 08:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2003/04/29 20:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto] -- C:\Windows\SysWow64\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2003/04/29 20:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot] -- C:\Windows\SysWow64\drivers\TWKMS.SYS -- (TwkMs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 61 8D D1 5A CA 01  [binary data]
IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/09/10 01:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/06/15 12:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/08/04 02:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 02:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/08 03:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Extensions
[2012/05/19 04:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Firefox\Profiles\uv8bdff3.default\extensions
[2012/03/18 08:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/05/12 05:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/06 09:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 09:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 09:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/06 09:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/27 01:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011/10/06 09:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 09:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} -  File not found
O3:64bit: - HKU\conny_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\conny_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\conny_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RunPUTasktray]  File not found
O4 - HKU\conny_ON_C..\Run: [049DF36D] C:\Users\conny\AppData\Local\Temp\Irbs\jrndquzvt.exe (Nessuna Registrazione)
O4 - HKU\conny_ON_C..\Run: [AdobeBridge]  File not found
O4 - HKU\conny_ON_C..\Run: [Auto-Import for EuroCUT Professional 7]  File not found
O4 - HKU\conny_ON_C..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\conny_ON_C..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe ()
O4 - HKU\conny_ON_C..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKU\conny_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\conny_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\conny_ON_C..\Run: [Windows Audio Driver]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {17D0C64A-5283-4125-8256-105694C274ED} hxxp://www.knittel-foto-film.de/interaktiv/objekt/spx33.cab (MozillaPluginHostCtrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://louk.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab (PPI Chipcard-Browser-Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {97DF08C1-4C0E-4913-823B-E8FC1C8444FA} hxxp://192.168.178.105/400series.cab (4Mosa Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - *DISABLED*wlnotify.dll -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/30 02:34:10 | 000,000,000 | ---D | M] - D:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2007/12/23 17:38:31 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell - "" = AutoRun
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\verb\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\win\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/11 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\Macromedia
[2012/06/09 08:57:23 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\3Dconnexion_Inc
[2012/06/09 08:51:05 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\3Dconnexion
[2012/06/09 08:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2012/06/09 08:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012/06/09 08:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion
[2012/06/07 02:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/07 02:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/06 21:42:50 | 000,109,056 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012/06/06 21:36:48 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012/06/04 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber_2012
[2012/06/04 14:51:21 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber
[2012/06/03 12:53:20 | 000,000,000 | ---D | C] -- C:\Users\conny\Documents\Studienbescheinigung
[2011/12/18 17:41:00 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\arDshini.exe.exe
[2011/12/16 02:31:09 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\Dshini.exe.exe
[2010/04/26 04:50:29 | 000,151,552 | ---- | C] ( ) -- C:\Windows\rsnp2std.dll
[2010/04/26 04:50:29 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp2std.dll
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/11 17:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/11 17:22:47 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 17:22:47 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 17:22:17 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 17:14:02 | 000,000,355 | ---- | M] () -- C:\Windows\SCARDSRV.INI
[2012/06/11 17:13:41 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 17:10:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/06/11 17:10:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/06/11 17:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 16:46:49 | 000,692,220 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/11 16:46:49 | 000,646,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/11 16:46:49 | 000,140,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/11 16:46:49 | 000,114,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/11 16:37:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/11 15:17:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/11 15:17:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/09 08:49:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012/06/09 08:48:23 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/06/09 08:48:23 | 000,002,304 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/06/09 08:48:23 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/07 02:03:43 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/07 02:03:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/06 21:44:22 | 000,045,056 | ---- | M] () -- C:\Windows\System32\Launch3DxGUI.cpl
[2012/06/06 21:42:50 | 000,109,056 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012/06/06 21:41:56 | 000,055,808 | ---- | M] () -- C:\Windows\System32\spwini.dll
[2012/06/06 21:36:48 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012/06/06 21:35:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\spwini.dll
[2012/06/04 23:51:11 | 006,339,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/03 11:47:27 | 001,424,557 | ---- | M] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012/05/21 00:03:27 | 000,001,456 | ---- | M] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/09 08:48:23 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/06/09 08:48:23 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/06/07 02:03:43 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/06 21:44:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Launch3DxGUI.cpl
[2012/06/06 21:41:56 | 000,055,808 | ---- | C] () -- C:\Windows\System32\spwini.dll
[2012/06/06 21:35:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2012/06/03 11:47:27 | 001,424,557 | ---- | C] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012/04/03 02:36:30 | 004,389,441 | ---- | C] () -- C:\Windows\SysWow64\USBAccessLink.dll
[2012/04/03 02:36:30 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\SerialAccessLink.dll
[2012/03/19 04:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2012/03/19 04:10:09 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Images
[2012/03/19 04:10:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2012/03/19 04:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Plug-Ins
[2012/03/19 04:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin
[2012/03/19 04:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Limiter
[2012/03/19 04:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2012/03/19 04:07:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\Image Manipulation
[2012/02/09 15:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/17 10:31:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/17 10:31:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/16 05:27:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2011/11/16 05:27:11 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Hybrid Basic
[2011/11/16 05:27:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/11/16 05:27:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011/10/06 10:54:58 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011/10/06 09:53:06 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011/09/29 02:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Importer
[2011/09/29 02:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Image Units
[2011/09/29 02:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/09/29 02:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/09/29 02:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/08/05 08:59:36 | 000,324,511 | ---- | C] () -- C:\ProgramData\1312521941.bdinstall.bin
[2011/06/09 02:47:59 | 000,000,663 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011/05/20 02:52:15 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/05 08:37:15 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/07 10:42:04 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/10/28 07:42:34 | 000,000,355 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010/10/28 07:42:25 | 000,001,268 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010/10/28 07:42:02 | 000,002,776 | ---- | C] () -- C:\Windows\twkverck.dat
[2010/10/11 08:28:14 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010/10/11 08:28:14 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010/08/08 03:35:12 | 000,000,132 | ---- | C] () -- C:\Users\conny\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/03 06:40:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Jingles
[2010/08/03 06:28:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Help
[2010/06/17 07:50:24 | 000,001,456 | ---- | C] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010/06/12 06:16:42 | 000,000,078 | ---- | C] () -- C:\Windows\CAMDXP.INI
[2010/05/25 03:57:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Receipts
[2010/05/25 03:57:40 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Profiles
[2010/05/25 03:57:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010/05/25 03:57:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\manual
[2010/05/25 03:57:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Repeat Routines
[2010/05/25 03:57:38 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Project Templates
[2010/05/25 03:57:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\vhosts
[2010/05/25 03:55:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/05/25 03:44:56 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Icons
[2010/05/25 03:40:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010/05/23 06:30:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Reverb
[2010/05/23 06:30:03 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Radio Sounds
[2010/05/23 06:27:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2010/05/21 05:03:53 | 000,000,600 | ---- | C] () -- C:\Users\conny\AppData\Local\PUTTY.RND
[2010/05/05 05:21:00 | 000,000,025 | ---- | C] () -- C:\Users\conny\AppData\Roaming\bdfvconp.ini
[2010/04/26 04:50:29 | 012,033,024 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2010/04/26 04:50:29 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2010/04/26 04:50:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010/04/23 09:31:13 | 000,000,850 | ---- | C] () -- C:\Users\conny\AppData\RoamingProductTweaks.xml
[2010/04/23 09:31:12 | 000,000,385 | ---- | C] () -- C:\Users\conny\AppData\Roaminguser_gensett.xml
[2010/04/22 01:40:37 | 000,000,376 | ---- | C] () -- C:\Users\conny\AppData\Roamingprivacy.xml
[2010/04/16 11:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol417.ini
[2010/04/16 11:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bdpnqch979.dat
[2010/04/13 05:40:39 | 000,234,127 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2010/04/13 05:40:39 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2010/03/31 06:50:45 | 000,005,632 | ---- | C] () -- C:\Users\conny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 02:01:42 | 000,000,118 | ---- | C] () -- C:\Windows\SysWow64\BUERKVER.INI
[2010/03/23 01:52:03 | 000,737,280 | ---- | C] () -- C:\Windows\SysWow64\eztoolslib2.dll
[2010/03/08 03:30:43 | 000,000,297 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/02/26 13:23:00 | 001,579,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/19 04:57:02 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2010/02/19 04:57:02 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2010/02/19 04:57:02 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2009/12/23 02:18:29 | 000,023,716 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/19 06:53:59 | 000,007,618 | ---- | C] () -- C:\Users\conny\AppData\Local\Resmon.ResmonCfg
[2009/12/13 15:08:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/03 15:29:36 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/01 14:48:58 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/30 14:07:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/30 14:07:22 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/30 14:07:21 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/10/24 12:14:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/08/21 14:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006/12/13 10:03:14 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2003/05/20 10:05:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\spx33.dll
[2002/09/17 18:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[1999/11/16 08:04:36 | 000,485,376 | ---- | C] () -- C:\Windows\SysWow64\DrRw40.dll
 
========== LOP Check ==========
 
[2012/04/03 02:37:17 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\.mplab_ide
[2012/06/09 08:51:05 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\3Dconnexion
[2011/03/02 03:51:29 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Altium
[2011/03/02 02:06:19 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\AltiumDesignerSummer09
[2010/11/08 08:24:10 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Amazon
[2011/12/11 10:59:01 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Autodesk
[2011/05/26 05:31:22 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Babylon
[2010/05/07 14:00:20 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\C-Free
[2010/03/17 14:28:07 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\CadSoft
[2010/06/21 01:33:33 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/20 05:53:22 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\CircuitWorks
[2011/09/30 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/06/01 04:06:57 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\DAEMON Tools Lite
[2012/05/19 00:30:36 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\DassaultSystemes
[2011/02/07 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\EDrawings
[2011/10/12 13:24:55 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Estlcam_3
[2010/02/25 03:16:58 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\EUROSYSTEMS
[2012/04/03 09:29:03 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\FileZilla
[2009/11/06 13:11:43 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\GetRightToGo
[2009/11/18 02:45:21 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\GHISLER
[2010/06/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\gtk-2.0
[2011/12/22 10:19:22 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Ideazon
[2010/08/24 08:19:54 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\IPACS
[2012/04/14 09:21:12 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\LRTimelapse
[2012/06/04 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Microchip
[2011/12/22 03:40:48 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\My Games
[2011/12/29 09:30:31 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Nikon
[2010/10/14 02:00:15 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Nokia
[2010/02/01 02:48:53 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Nokia Ovi Suite
[2011/12/02 08:49:01 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\onOne Software
[2011/04/27 10:37:21 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\PACE Anti-Piracy
[2010/02/01 02:48:54 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\PC Suite
[2010/05/12 10:48:01 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\PICC
[2011/05/30 08:35:05 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\picpick
[2010/11/10 09:16:28 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\picpick_temp
[2011/08/05 01:26:54 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\QuickScan
[2011/01/11 02:43:37 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/29 05:53:34 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\toolplugin
[2010/01/18 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\TS3Client
[2011/06/09 09:17:23 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Uniblue
[2010/05/18 05:03:41 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\webex
[2009/11/26 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Wireshark
[2010/05/21 11:48:24 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\X-Control
[2011/03/02 03:51:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Altium
[2011/03/01 10:36:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Altium2004
[2010/02/12 05:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AltiumDesignerSummer09
[2010/02/12 05:15:48 | 000,000,000 | ---D | M] -- C:\ProgramData\AltiumDesignerSummer09_Security
[2010/07/12 00:31:40 | 000,000,000 | ---D | M] -- C:\ProgramData\AltiumFileCache
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/04/16 02:12:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2012/04/23 11:52:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/12/29 09:32:04 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/03/23 01:51:59 | 000,000,000 | ---D | M] -- C:\ProgramData\buerklin
[2010/05/07 14:00:21 | 000,000,000 | ---D | M] -- C:\ProgramData\C-Free
[2010/05/23 06:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\ColorSync
[2011/06/01 06:27:03 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2011/06/01 07:16:09 | 000,000,000 | ---D | M] -- C:\ProgramData\DassaultSystemes
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/04/05 08:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\DYMO
[2011/11/16 05:27:11 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/03/05 03:21:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Helicon
[2010/04/16 11:42:36 | 000,000,000 | ---D | M] -- C:\ProgramData\McNeel
[2011/11/16 05:27:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2010/02/01 02:56:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2010/06/28 01:36:48 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/12/02 06:03:07 | 000,000,000 | ---D | M] -- C:\ProgramData\onOne Software
[2010/06/28 01:40:05 | 000,000,000 | ---D | M] -- C:\ProgramData\OviInstallerCache
[2011/04/27 10:37:21 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2012/04/04 07:38:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010/06/15 14:03:32 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/22 12:20:28 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2011/11/16 05:27:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2011/06/09 09:13:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/12/22 04:09:57 | 000,000,000 | ---D | M] -- C:\ProgramData\WebEx
[2010/05/03 06:16:56 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2010/05/03 06:18:54 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZipSE
[2011/01/04 04:47:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/09 09:07:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2012/05/30 00:14:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ >
Invalid Switch: 
 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp >
Invalid Switch: ?ocid=iehp

 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 61 8D D1 5A CA 01  [binary data] >
 
< IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local >
 
< IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" >
 
< FF - prefs.js..network.proxy.no_proxies_on: "*.local" >
 
< FF - prefs.js..network.proxy.type: 0 >
 
 
< FF - user.js..browser.search.selectedEngine: "Search the web" >
 
< FF - user.js..browser.search.order.1: "Search the web" >
 
< FF - user.js..browser.search.defaultenginename: "Search the web" >
 
< FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" >
 
 
< FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_257.dll () >
Invalid Switch: FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () >
Invalid Switch: FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:   >
Invalid Switch: iTunes,version=:

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () >
Invalid Switch: iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) >
Invalid Switch: GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) >
Invalid Switch: NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) >
Invalid Switch: OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) >
Invalid Switch: 3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) >
Invalid Switch: 3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) >
Invalid Switch: wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) >
Invalid Switch: wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) >
 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) >
 
 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/09/10 01:48:16 | 000,000,000 | ---D | M] >
Invalid Switch: 10 01:48:16 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/06/15 12:27:58 | 000,000,000 | ---D | M] >
Invalid Switch: 15 12:27:58 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/08/04 02:27:18 | 000,000,000 | ---D | M] >
Invalid Switch: 04 02:27:18 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 02:03:48 | 000,000,000 | ---D | M] >
Invalid Switch: 07 02:03:48 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins >
 
 
< [2011/06/08 03:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Extensions >
Invalid Switch: 08 03:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Extensions

 
< [2012/05/19 04:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Firefox\Profiles\uv8bdff3.default\extensions >
Invalid Switch: 19 04:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Firefox\Profiles\uv8bdff3.default\extensions

 
< [2012/03/18 08:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions >
Invalid Switch: 18 08:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

 
<  () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI >
 
< () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI >
 
< () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI >
 
< () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI >
 
< [2012/05/12 05:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll >
Invalid Switch: 12 05:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

 
< [2011/10/06 09:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

 
< [2011/10/06 09:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml >
Invalid Switch: 06 09:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

 
< [2011/10/06 09:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

 
< [2011/10/06 09:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml >
Invalid Switch: 06 09:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

 
< [2011/10/27 01:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src >
Invalid Switch: 27 01:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src

 
< [2011/10/06 09:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

 
< [2011/10/06 09:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 400 bytes -> C:\Users\conny\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1332 bytes -> C:\Users\conny\AppData\Local\Cpkf0160E:6xkm6KbtDND8X9dYpy0DWO
@Alternate Data Stream - 1211 bytes -> C:\Users\conny\AppData\Local\jpjOeycivDPV:VLDzTCeQaqknpQcE1c
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local\Anwendungsdaten:fpg7MY6hDakFhQE7Dw9SYo
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local:fpg7MY6hDakFhQE7Dw9SYo

< End of report >

Liebe Gruesse

conny

Sorry habe den Code Tag vergessen

Chris4You · 18.06.2012, 10:13

Hi,

auf die Schnelle:
Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O4 - HKU\conny_ON_C..\Run: [049DF36D] C:\Users\conny\AppData\Local\Temp\Irbs\jrndquzvt.exe (Nessuna Registrazione)
@Alternate Data Stream - 400 bytes -> C:\Users\conny\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1332 bytes -> C:\Users\conny\AppData\Local\Cpkf0160E:6xkm6KbtDND8X9dYpy0DWO
@Alternate Data Stream - 1211 bytes -> C:\Users\conny\AppData\Local\jpjOeycivDPV:VLDzTCeQaqknpQcE1c
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local\Anwendungsdaten:fpg7MY6hDakFhQE7Dw9SYo
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local:fpg7MY6hDakFhQE7Dw9SYo
O32 - AutoRun File - [2010/04/30 02:34:10 | 000,000,000 | ---D | M] - D:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2007/12/23 17:38:31 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell - "" = AutoRun
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\verb\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\win\setup.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

conny24 · 18.06.2012, 11:34

Erst mal vielen Dank für die fixe Antwort. Ihr seid wirklich ein tolles Team. Vielen Dank hier erstmal!!

OTL-Report:

Code:

ATTFilter

========== OTL ==========
Registry key HKEY_USERS\conny_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Users\conny\AppData\Local\Temp\Irbs\jrndquzvt.exe moved successfully.
ADS C:\Users\conny\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96 deleted successfully.
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\Users\conny\AppData\Local\Cpkf0160E:6xkm6KbtDND8X9dYpy0DWO deleted successfully.
ADS C:\Users\conny\AppData\Local\jpjOeycivDPV:VLDzTCeQaqknpQcE1c deleted successfully.
Unable to delete ADS C:\Users\conny\AppData\Local\Anwendungsdaten:fpg7MY6hDakFhQE7Dw9SYo .
ADS C:\Users\conny\AppData\Local:fpg7MY6hDakFhQE7Dw9SYo deleted successfully.
File  not found.
File  not found.
G:\autoexec.bat moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9780e4bc-0585-11df-9673-002618249172}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9780e4bc-0585-11df-9673-002618249172}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
File H:\shelexec.exe .\starter.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
File H:\shelexec.exe .\starter.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ not found.
File I:\win\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: conny
->Temp folder emptied: 341276228 bytes
->Temporary Internet Files folder emptied: 1128765968 bytes
->Java cache emptied: 24155087 bytes
->FireFox cache emptied: 109528057 bytes
->Google Chrome cache emptied: 6587610 bytes
->Apple Safari cache emptied: 12697600 bytes
->Flash cache emptied: 91435 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3948144 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86896931 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
 
Total Files Cleaned = 1,635.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06182012_141657

und der Maleware Report:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
conny :: CONNY-PC [Administrator]

Schutz: Deaktiviert

18.06.2012 14:58:11
mbam-log-2012-06-18 (14-58-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235551
Laufzeit: 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Audio Driver (Backdoor.Agent) -> Daten: "C:\Users\conny\AppData\Roaming\audiohd.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Nach dem verlangten Neustart hat sich OTL nochmal gemeldet und ich habe nochmal einen Scan gemat hier der Report:

Code:

ATTFilter

OTL logfile created on: 18.06.2012 15:37:48 - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = C:\
64bit-Windows 7 Ultimate  (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 78,00% Memory free
26,00 Gb Paging File | 24,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 36,04 Gb Free Space | 14,76% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 478,16 Gb Free Space | 68,44% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 36,29 Gb Free Space | 48,69% Space Free | Partition Type: NTFS
Drive F: | 244,14 Gb Total Space | 181,72 Gb Free Space | 74,43% Space Free | Partition Type: NTFS
Drive G: | 210,34 Gb Total Space | 45,86 Gb Free Space | 21,81% Space Free | Partition Type: NTFS
 
Computer Name: CONNY-PC | User Name: conny
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.14 08:57:45 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.10.15 06:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009.07.14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2012.06.11 21:17:03 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.25 20:12:35 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.22 05:55:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.12 11:57:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.06 15:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2011.06.01 12:41:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.17 11:26:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.02.07 16:41:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.11.01 21:03:02 | 000,075,064 | ---- | M] () [Auto] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.07.23 18:25:28 | 000,626,208 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.23 18:25:28 | 000,206,880 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2007.03.30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2007.03.30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2003.04.30 02:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto] -- C:\Windows\SysWow64\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2003.04.30 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot] -- C:\Windows\SysWow64\drivers\TWKMS.SYS -- (TwkMs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 61 8D D1 5A CA 01  [binary data]
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.09.10 07:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.06.15 18:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011.08.04 08:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.07 08:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.08 09:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\mozilla\Extensions
[2012.05.19 10:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\mozilla\Firefox\Profiles\uv8bdff3.default\extensions
[2012.03.18 14:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.05.12 11:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.06 15:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 15:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 15:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 15:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.27 07:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011.10.06 15:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 15:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} -  File not found
O3:64bit: - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RunPUTasktray]  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar]  File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [049DF36D]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [Auto-Import for EuroCUT Professional 7]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe ()
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {17D0C64A-5283-4125-8256-105694C274ED} hxxp://www.knittel-foto-film.de/interaktiv/objekt/spx33.cab (MozillaPluginHostCtrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://louk.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab (PPI Chipcard-Browser-Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {97DF08C1-4C0E-4913-823B-E8FC1C8444FA} hxxp://192.168.178.105/400series.cab (4Mosa Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - Reg Error: Key error. File not found
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Windows\SysWOW64\eztoolslib2.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.30 08:34:10 | 000,000,000 | ---D | M] - D:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2012.06.18 19:54:56 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 20:16:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.06.18 20:16:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.18 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\Malwarebytes
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.11 21:18:42 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\Macromedia
[2012.06.09 14:57:23 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\3Dconnexion_Inc
[2012.06.09 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\3Dconnexion
[2012.06.09 14:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2012.06.09 14:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012.06.09 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion
[2012.06.07 08:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.07 08:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.07 03:36:48 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012.06.07 03:36:48 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012.06.04 20:51:57 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber_2012
[2012.06.04 20:51:21 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber
[2012.06.03 18:53:20 | 000,000,000 | ---D | C] -- C:\Users\conny\Documents\Studienbescheinigung
[2011.12.18 23:41:00 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\arDshini.exe.exe
[2011.12.16 08:31:09 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\Dshini.exe.exe
[2010.04.26 10:50:29 | 000,151,552 | ---- | C] ( ) -- C:\Windows\rsnp2std.dll
[2010.04.26 10:50:29 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp2std.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 15:37:34 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 15:36:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 15:36:36 | 000,000,355 | ---- | M] () -- C:\Windows\SCARDSRV.INI
[2012.06.18 15:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 15:36:24 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 14:56:23 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.18 14:56:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.11 23:10:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.06.11 23:10:27 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.06.11 23:10:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.06.11 23:10:27 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.06.11 23:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 21:17:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.11 21:17:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.11 21:17:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.11 21:17:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.09 14:49:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012.06.09 14:48:23 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012.06.09 14:48:23 | 000,002,304 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012.06.09 14:48:23 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.07 08:03:43 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.07 08:03:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.07 03:36:48 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012.06.07 03:36:48 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\spwini.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | M] () -- C:\Windows\System32\spwini.dll
[2012.06.03 17:47:27 | 001,424,557 | ---- | M] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012.05.21 06:03:27 | 000,001,456 | ---- | M] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.18 14:56:23 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.09 14:48:23 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012.06.09 14:48:23 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012.06.07 08:03:43 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.07 03:35:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\spwini.dll
[2012.06.03 17:47:27 | 001,424,557 | ---- | C] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012.04.03 08:36:30 | 004,389,441 | ---- | C] () -- C:\Windows\SysWow64\USBAccessLink.dll
[2012.04.03 08:36:30 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\SerialAccessLink.dll
[2012.03.19 10:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2012.03.19 10:10:09 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Images
[2012.03.19 10:10:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2012.03.19 10:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Plug-Ins
[2012.03.19 10:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin
[2012.03.19 10:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Limiter
[2012.03.19 10:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2012.03.19 10:07:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\Image Manipulation
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.17 16:31:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.17 16:31:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.11.16 11:27:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2011.11.16 11:27:11 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Hybrid Basic
[2011.11.16 11:27:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.11.16 11:27:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011.10.06 16:54:58 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011.10.06 15:53:06 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011.09.29 08:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Importer
[2011.09.29 08:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Image Units
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.05 14:59:36 | 000,324,511 | ---- | C] () -- C:\ProgramData\1312521941.bdinstall.bin
[2011.06.09 08:47:59 | 000,000,663 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.04.05 14:37:15 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011.02.07 16:42:04 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.10.28 13:42:34 | 000,000,355 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010.10.28 13:42:25 | 000,001,268 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.10.28 13:42:02 | 000,002,776 | ---- | C] () -- C:\Windows\twkverck.dat
[2010.10.11 14:28:14 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010.10.11 14:28:14 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010.08.08 09:35:12 | 000,000,132 | ---- | C] () -- C:\Users\conny\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.08.03 12:40:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Jingles
[2010.08.03 12:28:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Help
[2010.06.17 13:50:24 | 000,001,456 | ---- | C] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.06.12 12:16:42 | 000,000,078 | ---- | C] () -- C:\Windows\CAMDXP.INI
[2010.05.25 09:57:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Receipts
[2010.05.25 09:57:40 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Profiles
[2010.05.25 09:57:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.05.25 09:57:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\manual
[2010.05.25 09:57:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Repeat Routines
[2010.05.25 09:57:38 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Project Templates
[2010.05.25 09:57:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\vhosts
[2010.05.25 09:55:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.25 09:44:56 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Icons
[2010.05.25 09:40:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010.05.23 12:30:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Reverb
[2010.05.23 12:30:03 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Radio Sounds
[2010.05.23 12:27:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2010.05.21 11:03:53 | 000,000,600 | ---- | C] () -- C:\Users\conny\AppData\Local\PUTTY.RND
[2010.05.05 11:21:00 | 000,000,025 | ---- | C] () -- C:\Users\conny\AppData\Roaming\bdfvconp.ini
[2010.04.26 10:50:29 | 012,033,024 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2010.04.26 10:50:29 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2010.04.26 10:50:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010.04.23 15:31:13 | 000,000,850 | ---- | C] () -- C:\Users\conny\AppData\RoamingProductTweaks.xml
[2010.04.23 15:31:12 | 000,000,385 | ---- | C] () -- C:\Users\conny\AppData\Roaminguser_gensett.xml
[2010.04.22 07:40:37 | 000,000,376 | ---- | C] () -- C:\Users\conny\AppData\Roamingprivacy.xml
[2010.04.16 17:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol417.ini
[2010.04.16 17:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bdpnqch979.dat
[2010.04.13 11:40:39 | 000,234,127 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2010.04.13 11:40:39 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2010.03.31 12:50:45 | 000,005,632 | ---- | C] () -- C:\Users\conny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 08:01:42 | 000,000,118 | ---- | C] () -- C:\Windows\SysWow64\BUERKVER.INI
[2010.03.23 07:52:03 | 000,737,280 | ---- | C] () -- C:\Windows\SysWow64\eztoolslib2.dll
[2010.03.08 09:30:43 | 000,000,297 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.02.26 19:23:00 | 001,579,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.19 10:57:02 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2010.02.19 10:57:02 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2010.02.19 10:57:02 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2009.12.23 08:18:29 | 000,023,716 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009.12.19 12:53:59 | 000,007,618 | ---- | C] () -- C:\Users\conny\AppData\Local\Resmon.ResmonCfg
[2009.12.13 21:08:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.11.03 21:29:36 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.01 20:48:58 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.10.30 20:07:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.10.30 20:07:22 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.10.30 20:07:21 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.10.24 18:14:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006.12.13 16:03:14 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2003.05.20 16:05:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\spx33.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[1999.11.16 14:04:36 | 000,485,376 | ---- | C] () -- C:\Windows\SysWow64\DrRw40.dll
< End of report >

Chris4You · 18.06.2012, 12:45

Hi,

MAM war nur Quickscann, kein Fullscan...

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [049DF36D]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found

:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Bitte MAM updaten und dann einen Fulllscan durchführen, Log posten!

chris

conny24 · 18.06.2012, 16:46

Hallo,

so MAM volständig durchgeführt:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
conny :: CONNY-PC [Administrator]

Schutz: Aktiviert

18.06.2012 12:55:26
mbam-log-2012-06-18 (12-55-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1696446
Laufzeit: 4 Stunde(n), 14 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
F:\Program Files (x86)\Perfect Icon\perfecticon.exe (Rogue.FakeMSE) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\Users\Conny\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OLT Fix durchgeführt:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Windows\CurrentVersion\Run\\049DF36D deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: conny
->Temp folder emptied: 2237293 bytes
->Temporary Internet Files folder emptied: 320842 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55209530 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 670 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8409929 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 990175 bytes
 
Total Files Cleaned = 64,00 mb
 
 
OTL by OldTimer - Version 3.2.49.0 log created on 06182012_173251

Files\Folders moved on Reboot...
C:\Users\conny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SCARDSRV.TMP scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

TDSS durchgeführt:

Code:

ATTFilter

17:39:44.0205 4720	TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:39:45.0344 4720	============================================================
17:39:45.0344 4720	Current date / time: 2012/06/18 17:39:45.0344
17:39:45.0344 4720	SystemInfo:
17:39:45.0344 4720	
17:39:45.0344 4720	OS Version: 6.1.7601 ServicePack: 1.0
17:39:45.0344 4720	Product type: Workstation
17:39:45.0344 4720	ComputerName: CONNY-PC
17:39:45.0344 4720	UserName: conny
17:39:45.0344 4720	Windows directory: C:\Windows
17:39:45.0344 4720	System windows directory: C:\Windows
17:39:45.0344 4720	Running under WOW64
17:39:45.0344 4720	Processor architecture: Intel x64
17:39:45.0344 4720	Number of processors: 4
17:39:45.0344 4720	Page size: 0x1000
17:39:45.0344 4720	Boot type: Normal boot
17:39:45.0344 4720	============================================================
17:39:48.0168 4720	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:48.0168 4720	Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:48.0168 4720	Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:48.0183 4720	============================================================
17:39:48.0183 4720	\Device\Harddisk0\DR0:
17:39:48.0199 4720	MBR partitions:
17:39:48.0199 4720	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
17:39:48.0215 4720	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E849DFE, BlocksNum 0x1E849D80
17:39:48.0230 4720	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D093BBD, BlocksNum 0x1A4AD883
17:39:48.0230 4720	\Device\Harddisk1\DR1:
17:39:48.0230 4720	MBR partitions:
17:39:48.0230 4720	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
17:39:48.0230 4720	\Device\Harddisk2\DR2:
17:39:48.0230 4720	MBR partitions:
17:39:48.0230 4720	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
17:39:48.0230 4720	============================================================
17:39:48.0261 4720	C: <-> \Device\Harddisk0\DR0\Partition0
17:39:48.0308 4720	D: <-> \Device\Harddisk1\DR1\Partition0
17:39:48.0308 4720	E: <-> \Device\Harddisk2\DR2\Partition0
17:39:48.0355 4720	F: <-> \Device\Harddisk0\DR0\Partition1
17:39:48.0386 4720	G: <-> \Device\Harddisk0\DR0\Partition2
17:39:48.0386 4720	============================================================
17:39:48.0386 4720	Initialize success
17:39:48.0386 4720	============================================================
17:40:15.0093 4512	============================================================
17:40:15.0093 4512	Scan started
17:40:15.0093 4512	Mode: Manual; SigCheck; TDLFS; 
17:40:15.0093 4512	============================================================
17:40:17.0808 4512	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:40:17.0917 4512	1394ohci - ok
17:40:17.0979 4512	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:40:17.0995 4512	ACPI - ok
17:40:18.0026 4512	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:40:18.0260 4512	AcpiPmi - ok
17:40:18.0291 4512	adfs            (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
17:40:18.0354 4512	adfs - ok
17:40:18.0416 4512	ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
17:40:18.0479 4512	ADIHdAudAddService - ok
17:40:18.0619 4512	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:40:18.0650 4512	AdobeFlashPlayerUpdateSvc - ok
17:40:18.0915 4512	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:40:18.0947 4512	adp94xx - ok
17:40:18.0978 4512	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:40:19.0009 4512	adpahci - ok
17:40:19.0040 4512	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:40:19.0056 4512	adpu320 - ok
17:40:19.0087 4512	AEADIFilters    (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
17:40:19.0118 4512	AEADIFilters - ok
17:40:19.0134 4512	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:40:19.0274 4512	AeLookupSvc - ok
17:40:19.0337 4512	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:40:19.0383 4512	AFD - ok
17:40:19.0415 4512	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:40:19.0430 4512	agp440 - ok
17:40:19.0461 4512	aksdf           (94c0972b06c75456ed574dd46417b1d8) C:\Windows\system32\DRIVERS\aksdf.sys
17:40:19.0493 4512	aksdf - ok
17:40:19.0508 4512	aksfridge       (7b0bc062ca6abab23f88ea483b5a538e) C:\Windows\system32\DRIVERS\aksfridge.sys
17:40:19.0539 4512	aksfridge - ok
17:40:19.0571 4512	akshasp         (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
17:40:19.0602 4512	akshasp - ok
17:40:19.0633 4512	akshhl          (67dff8c8f95cb21c9c3380dd4c0387f2) C:\Windows\system32\DRIVERS\akshhl.sys
17:40:19.0664 4512	akshhl - ok
17:40:19.0664 4512	aksusb          (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
17:40:19.0695 4512	aksusb - ok
17:40:19.0742 4512	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:40:19.0851 4512	ALG - ok
17:40:19.0914 4512	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:40:19.0929 4512	aliide - ok
17:40:20.0054 4512	Alpham1         (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
17:40:20.0085 4512	Alpham1 ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0085 4512	Alpham1 - detected UnsignedFile.Multi.Generic (1)
17:40:20.0101 4512	Alpham2         (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
17:40:20.0132 4512	Alpham2 ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0132 4512	Alpham2 - detected UnsignedFile.Multi.Generic (1)
17:40:20.0163 4512	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:40:20.0179 4512	amdide - ok
17:40:20.0195 4512	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:40:20.0226 4512	AmdK8 - ok
17:40:20.0304 4512	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:40:20.0366 4512	AmdPPM - ok
17:40:20.0522 4512	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:40:20.0553 4512	amdsata - ok
17:40:20.0585 4512	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:40:20.0616 4512	amdsbs - ok
17:40:20.0631 4512	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:40:20.0647 4512	amdxata - ok
17:40:20.0678 4512	AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
17:40:20.0725 4512	AppHostSvc - ok
17:40:20.0756 4512	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:40:20.0912 4512	AppID - ok
17:40:20.0943 4512	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:40:20.0990 4512	AppIDSvc - ok
17:40:21.0021 4512	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:40:21.0053 4512	Appinfo - ok
17:40:21.0177 4512	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:21.0193 4512	Apple Mobile Device - ok
17:40:21.0240 4512	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:40:21.0287 4512	AppMgmt - ok
17:40:21.0318 4512	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:40:21.0333 4512	arc - ok
17:40:21.0365 4512	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:40:21.0380 4512	arcsas - ok
17:40:21.0396 4512	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:40:21.0458 4512	AsyncMac - ok
17:40:21.0489 4512	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:40:21.0489 4512	atapi - ok
17:40:21.0599 4512	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:40:21.0677 4512	AudioEndpointBuilder - ok
17:40:21.0677 4512	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:40:21.0708 4512	AudioSrv - ok
17:40:21.0755 4512	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:40:21.0833 4512	AxInstSV - ok
17:40:21.0879 4512	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:40:21.0942 4512	b06bdrv - ok
17:40:21.0973 4512	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:40:22.0020 4512	b57nd60a - ok
17:40:22.0129 4512	BCMH43XX        (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
17:40:22.0176 4512	BCMH43XX - ok
17:40:22.0207 4512	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:40:22.0254 4512	BDESVC - ok
17:40:22.0269 4512	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:40:22.0301 4512	Beep - ok
17:40:22.0379 4512	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:40:22.0488 4512	BFE - ok
17:40:22.0753 4512	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:40:22.0815 4512	BITS - ok
17:40:22.0878 4512	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:40:22.0893 4512	blbdrive - ok
17:40:22.0987 4512	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:40:23.0018 4512	Bonjour Service - ok
17:40:23.0112 4512	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:40:23.0143 4512	bowser - ok
17:40:23.0174 4512	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:40:23.0268 4512	BrFiltLo - ok
17:40:23.0299 4512	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:40:23.0315 4512	BrFiltUp - ok
17:40:23.0361 4512	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:40:23.0408 4512	Browser - ok
17:40:23.0455 4512	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:40:23.0517 4512	Brserid - ok
17:40:23.0549 4512	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:40:23.0564 4512	BrSerWdm - ok
17:40:23.0580 4512	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:40:23.0611 4512	BrUsbMdm - ok
17:40:23.0627 4512	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:40:23.0658 4512	BrUsbSer - ok
17:40:23.0673 4512	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:40:23.0705 4512	BTHMODEM - ok
17:40:23.0736 4512	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:40:23.0783 4512	bthserv - ok
17:40:23.0798 4512	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:40:23.0829 4512	cdfs - ok
17:40:23.0861 4512	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:40:23.0892 4512	cdrom - ok
17:40:23.0923 4512	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:40:23.0985 4512	CertPropSvc - ok
17:40:24.0001 4512	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:40:24.0017 4512	circlass - ok
17:40:24.0063 4512	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:40:24.0095 4512	CLFS - ok
17:40:24.0251 4512	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:24.0266 4512	clr_optimization_v2.0.50727_32 - ok
17:40:24.0329 4512	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:40:24.0344 4512	clr_optimization_v2.0.50727_64 - ok
17:40:24.0407 4512	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:40:24.0469 4512	clr_optimization_v4.0.30319_32 - ok
17:40:24.0531 4512	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:40:24.0547 4512	clr_optimization_v4.0.30319_64 - ok
17:40:24.0578 4512	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:40:24.0594 4512	CmBatt - ok
17:40:24.0625 4512	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:40:24.0641 4512	cmdide - ok
17:40:24.0719 4512	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:40:24.0750 4512	CNG - ok
17:40:24.0797 4512	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:40:24.0812 4512	Compbatt - ok
17:40:24.0890 4512	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:40:24.0921 4512	CompositeBus - ok
17:40:24.0921 4512	COMSysApp - ok
17:40:25.0062 4512	CoordinatorServiceHost (ab82a8885ab9687d82aa51a4b4f62e2d) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
17:40:25.0077 4512	CoordinatorServiceHost - ok
17:40:25.0109 4512	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:40:25.0124 4512	crcdisk - ok
17:40:25.0171 4512	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:40:25.0249 4512	CryptSvc - ok
17:40:25.0327 4512	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:40:25.0389 4512	CSC - ok
17:40:25.0467 4512	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:40:25.0530 4512	CscService - ok
17:40:25.0608 4512	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:40:25.0686 4512	DcomLaunch - ok
17:40:25.0733 4512	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:40:25.0779 4512	defragsvc - ok
17:40:25.0857 4512	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:40:25.0889 4512	DfsC - ok
17:40:25.0951 4512	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:40:25.0982 4512	Dhcp - ok
17:40:26.0013 4512	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:40:26.0045 4512	discache - ok
17:40:26.0076 4512	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:40:26.0076 4512	Disk - ok
17:40:26.0123 4512	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:40:26.0201 4512	Dnscache - ok
17:40:26.0294 4512	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:40:26.0357 4512	dot3svc - ok
17:40:26.0466 4512	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:40:26.0513 4512	DPS - ok
17:40:26.0528 4512	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:40:26.0544 4512	drmkaud - ok
17:40:26.0637 4512	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:40:26.0653 4512	dtsoftbus01 - ok
17:40:26.0762 4512	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:40:26.0793 4512	DXGKrnl - ok
17:40:26.0825 4512	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:40:26.0871 4512	EapHost - ok
17:40:27.0293 4512	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:40:27.0386 4512	ebdrv - ok
17:40:27.0527 4512	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:40:27.0542 4512	EFS - ok
17:40:27.0667 4512	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:40:27.0745 4512	ehRecvr - ok
17:40:27.0792 4512	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:40:27.0823 4512	ehSched - ok
17:40:27.0917 4512	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:40:27.0948 4512	elxstor - ok
17:40:27.0979 4512	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:40:27.0995 4512	ErrDev - ok
17:40:28.0073 4512	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:40:28.0151 4512	EventSystem - ok
17:40:28.0182 4512	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:40:28.0213 4512	exfat - ok
17:40:28.0244 4512	EyeOneDisplay   (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\Drivers\i1display_x64.sys
17:40:28.0260 4512	EyeOneDisplay - ok
17:40:28.0291 4512	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:40:28.0369 4512	fastfat - ok
17:40:28.0463 4512	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:40:28.0556 4512	Fax - ok
17:40:28.0587 4512	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:40:28.0587 4512	fdc - ok
17:40:28.0619 4512	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:40:28.0665 4512	fdPHost - ok
17:40:28.0697 4512	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:40:28.0728 4512	FDResPub - ok
17:40:28.0759 4512	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:40:28.0775 4512	FileInfo - ok
17:40:28.0790 4512	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:40:28.0837 4512	Filetrace - ok
17:40:28.0962 4512	FileZilla Server (7e76eed28b8b8696b7f7ed5f757aa304) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
17:40:29.0009 4512	FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
17:40:29.0009 4512	FileZilla Server - detected UnsignedFile.Multi.Generic (1)
17:40:29.0211 4512	FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:40:29.0258 4512	FLEXnet Licensing Service - ok
17:40:29.0477 4512	FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:40:29.0539 4512	FLEXnet Licensing Service 64 - ok
17:40:29.0664 4512	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:40:29.0695 4512	flpydisk - ok
17:40:29.0820 4512	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:40:30.0069 4512	FltMgr - ok
17:40:30.0397 4512	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:40:30.0506 4512	FontCache - ok
17:40:30.0600 4512	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:40:30.0600 4512	FontCache3.0.0.0 - ok
17:40:30.0756 4512	ForceWare Intelligent Application Manager (IAM) (e190951c5d5670d33ee7a5b7ccb08d7e) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:40:30.0771 4512	ForceWare Intelligent Application Manager (IAM) - ok
17:40:30.0896 4512	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:40:30.0912 4512	FsDepends - ok
17:40:30.0943 4512	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:40:30.0943 4512	Fs_Rec - ok
17:40:30.0990 4512	FTDIBUS         (7442bca60ed46cc31c2f39728bbdd9ad) C:\Windows\system32\drivers\ftdibus.sys
17:40:31.0005 4512	FTDIBUS - ok
17:40:31.0099 4512	ftpsvc          (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
17:40:31.0130 4512	ftpsvc - ok
17:40:31.0161 4512	FTSER2K         (121af3148cdda212cffbc4f6240699c2) C:\Windows\system32\drivers\ftser2k.sys
17:40:31.0177 4512	FTSER2K - ok
17:40:31.0224 4512	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:40:31.0255 4512	fvevol - ok
17:40:31.0286 4512	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:40:31.0302 4512	gagp30kx - ok
17:40:31.0380 4512	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:40:31.0395 4512	GEARAspiWDM - ok
17:40:31.0567 4512	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:40:31.0614 4512	gpsvc - ok
17:40:31.0661 4512	grmnusb         (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
17:40:31.0661 4512	grmnusb - ok
17:40:31.0754 4512	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:31.0754 4512	gupdate - ok
17:40:31.0770 4512	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:31.0770 4512	gupdatem - ok
17:40:31.0832 4512	Hardlock        (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\Hardlock.sys
17:40:31.0863 4512	Hardlock - ok
17:40:31.0879 4512	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:40:31.0910 4512	hcw85cir - ok
17:40:31.0957 4512	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:40:31.0988 4512	HdAudAddService - ok
17:40:32.0004 4512	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:40:32.0035 4512	HDAudBus - ok
17:40:32.0051 4512	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:40:32.0066 4512	HidBatt - ok
17:40:32.0097 4512	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:40:32.0129 4512	HidBth - ok
17:40:32.0144 4512	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:40:32.0160 4512	HidIr - ok
17:40:32.0191 4512	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:40:32.0222 4512	hidserv - ok
17:40:32.0253 4512	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:40:32.0253 4512	HidUsb - ok
17:40:32.0285 4512	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:40:32.0347 4512	hkmsvc - ok
17:40:32.0394 4512	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:40:32.0425 4512	HomeGroupListener - ok
17:40:32.0472 4512	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:40:32.0519 4512	HomeGroupProvider - ok
17:40:32.0550 4512	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:40:32.0565 4512	HpSAMD - ok
17:40:32.0659 4512	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:40:32.0737 4512	HTTP - ok
17:40:32.0753 4512	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:40:32.0768 4512	hwpolicy - ok
17:40:32.0799 4512	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:40:32.0831 4512	i8042prt - ok
17:40:32.0877 4512	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:40:32.0909 4512	iaStorV - ok
17:40:33.0018 4512	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:40:33.0018 4512	IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:40:33.0018 4512	IDriverT - detected UnsignedFile.Multi.Generic (1)
17:40:33.0158 4512	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:40:33.0205 4512	idsvc - ok
17:40:33.0314 4512	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:40:33.0330 4512	iirsp - ok
17:40:33.0423 4512	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:40:33.0486 4512	IKEEXT - ok
17:40:33.0564 4512	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:40:33.0579 4512	intelide - ok
17:40:33.0642 4512	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:40:33.0673 4512	intelppm - ok
17:40:33.0735 4512	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:40:33.0798 4512	IPBusEnum - ok
17:40:33.0845 4512	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:40:33.0891 4512	IpFilterDriver - ok
17:40:33.0969 4512	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:40:34.0016 4512	iphlpsvc - ok
17:40:34.0047 4512	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:40:34.0063 4512	IPMIDRV - ok
17:40:34.0079 4512	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:40:34.0125 4512	IPNAT - ok
17:40:34.0266 4512	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:40:34.0297 4512	iPod Service - ok
17:40:34.0313 4512	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:40:34.0344 4512	IRENUM - ok
17:40:34.0375 4512	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:40:34.0375 4512	isapnp - ok
17:40:34.0437 4512	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:40:34.0500 4512	iScsiPrt - ok
17:40:34.0547 4512	JRAID           (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
17:40:34.0562 4512	JRAID - ok
17:40:34.0578 4512	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:40:34.0593 4512	kbdclass - ok
17:40:34.0625 4512	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:40:34.0640 4512	kbdhid - ok
17:40:34.0671 4512	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:34.0687 4512	KeyIso - ok
17:40:34.0718 4512	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:40:34.0718 4512	KSecDD - ok
17:40:34.0749 4512	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:40:34.0749 4512	KSecPkg - ok
17:40:34.0781 4512	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:40:34.0812 4512	ksthunk - ok
17:40:34.0859 4512	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:40:34.0921 4512	KtmRm - ok
17:40:34.0968 4512	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:40:35.0030 4512	LanmanServer - ok
17:40:35.0108 4512	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:40:35.0139 4512	LanmanWorkstation - ok
17:40:35.0405 4512	Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:40:35.0436 4512	Lavasoft Ad-Aware Service - ok
17:40:35.0483 4512	Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:40:35.0483 4512	Lavasoft Kernexplorer - ok
17:40:35.0623 4512	Lbd             (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
17:40:35.0639 4512	Lbd - ok
17:40:35.0685 4512	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:40:35.0717 4512	lltdio - ok
17:40:35.0857 4512	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:40:35.0904 4512	lltdsvc - ok
17:40:35.0919 4512	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:40:35.0951 4512	lmhosts - ok
17:40:35.0982 4512	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:40:35.0997 4512	LSI_FC - ok
17:40:36.0013 4512	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:40:36.0029 4512	LSI_SAS - ok
17:40:36.0044 4512	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:40:36.0060 4512	LSI_SAS2 - ok
17:40:36.0075 4512	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:40:36.0091 4512	LSI_SCSI - ok
17:40:36.0122 4512	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:40:36.0153 4512	luafv - ok
17:40:36.0200 4512	LUMDriver       (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
17:40:36.0216 4512	LUMDriver - ok
17:40:36.0247 4512	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:40:36.0247 4512	MBAMProtector - ok
17:40:36.0341 4512	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:40:36.0356 4512	MBAMService - ok
17:40:36.0403 4512	MCHPUSB         (ba3963a603f0504eb2a1475b335eab53) C:\Windows\system32\DRIVERS\mchpusb64.sys
17:40:36.0403 4512	MCHPUSB - ok
17:40:36.0434 4512	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:40:36.0465 4512	Mcx2Svc - ok
17:40:36.0465 4512	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:40:36.0481 4512	megasas - ok
17:40:36.0528 4512	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:40:36.0559 4512	MegaSR - ok
17:40:36.0590 4512	mf              (8d0e52f36a153d099de7d5a1e233fac7) C:\Windows\system32\DRIVERS\mf.sys
17:40:36.0621 4512	mf - ok
17:40:36.0653 4512	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:40:36.0684 4512	MMCSS - ok
17:40:36.0699 4512	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:40:36.0731 4512	Modem - ok
17:40:36.0731 4512	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:40:36.0746 4512	monitor - ok
17:40:36.0777 4512	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:40:36.0793 4512	mouclass - ok
17:40:36.0793 4512	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:40:36.0809 4512	mouhid - ok
17:40:36.0840 4512	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:40:36.0855 4512	mountmgr - ok
17:40:36.0980 4512	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:40:36.0996 4512	MozillaMaintenance - ok
17:40:37.0074 4512	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:40:37.0089 4512	mpio - ok
17:40:37.0105 4512	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:40:37.0136 4512	mpsdrv - ok
17:40:37.0230 4512	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:40:37.0292 4512	MpsSvc - ok
17:40:37.0339 4512	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:40:37.0370 4512	MRxDAV - ok
17:40:37.0401 4512	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:40:37.0448 4512	mrxsmb - ok
17:40:37.0511 4512	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:40:37.0526 4512	mrxsmb10 - ok
17:40:37.0589 4512	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:40:37.0620 4512	mrxsmb20 - ok
17:40:37.0651 4512	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:40:37.0667 4512	msahci - ok
17:40:37.0760 4512	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:40:37.0823 4512	msdsm - ok
17:40:38.0291 4512	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:40:38.0337 4512	MSDTC - ok
17:40:38.0509 4512	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:40:38.0540 4512	Msfs - ok
17:40:38.0587 4512	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:40:38.0649 4512	mshidkmdf - ok
17:40:38.0681 4512	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:40:38.0696 4512	msisadrv - ok
17:40:38.0790 4512	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:40:38.0837 4512	MSiSCSI - ok
17:40:38.0837 4512	msiserver - ok
17:40:38.0883 4512	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:40:38.0899 4512	MSKSSRV - ok
17:40:38.0930 4512	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:40:38.0961 4512	MSPCLOCK - ok
17:40:38.0977 4512	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:40:39.0008 4512	MSPQM - ok
17:40:39.0117 4512	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:40:39.0133 4512	MsRPC - ok
17:40:39.0180 4512	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:40:39.0195 4512	mssmbios - ok
17:40:39.0195 4512	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:40:39.0242 4512	MSTEE - ok
17:40:39.0258 4512	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:40:39.0273 4512	MTConfig - ok
17:40:39.0305 4512	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
17:40:39.0320 4512	MTsensor - ok
17:40:39.0336 4512	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:40:39.0351 4512	Mup - ok
17:40:39.0461 4512	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:40:39.0523 4512	napagent - ok
17:40:39.0570 4512	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:40:39.0601 4512	NativeWifiP - ok
17:40:39.0741 4512	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:40:39.0773 4512	NDIS - ok
17:40:39.0804 4512	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:40:39.0851 4512	NdisCap - ok
17:40:39.0913 4512	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:40:39.0944 4512	NdisTapi - ok
17:40:40.0053 4512	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:40:40.0100 4512	Ndisuio - ok
17:40:40.0147 4512	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:40:40.0178 4512	NdisWan - ok
17:40:40.0225 4512	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:40:40.0256 4512	NDProxy - ok
17:40:40.0303 4512	Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
17:40:40.0319 4512	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:40:40.0319 4512	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:40:40.0365 4512	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:40:40.0412 4512	NetBIOS - ok
17:40:41.0130 4512	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:40:41.0161 4512	NetBT - ok
17:40:41.0223 4512	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:41.0239 4512	Netlogon - ok
17:40:41.0301 4512	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:40:41.0364 4512	Netman - ok
17:40:41.0426 4512	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:40:41.0473 4512	netprofm - ok
17:40:41.0676 4512	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:40:41.0691 4512	NetTcpPortSharing - ok
17:40:41.0785 4512	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:40:41.0801 4512	nfrd960 - ok
17:40:42.0019 4512	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:40:42.0066 4512	NlaSvc - ok
17:40:42.0237 4512	nlsX86cc        (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
17:40:42.0237 4512	nlsX86cc - ok
17:40:42.0300 4512	NmPar           (2f48ab72b6d554a41817020171dc53d6) C:\Windows\system32\DRIVERS\NmPar.sys
17:40:42.0347 4512	NmPar - ok
17:40:42.0440 4512	nmserial        (f88743804730a94a0cddc043ac75d193) C:\Windows\system32\DRIVERS\nmserial.sys
17:40:42.0456 4512	nmserial - ok
17:40:42.0534 4512	nmwcd           (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
17:40:42.0596 4512	nmwcd - ok
17:40:42.0783 4512	nmwcdc          (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
17:40:42.0877 4512	nmwcdc - ok
17:40:42.0877 4512	nmwcdcx64       (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
17:40:42.0893 4512	nmwcdcx64 - ok
17:40:42.0908 4512	nmwcdx64        (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
17:40:42.0924 4512	nmwcdx64 - ok
17:40:43.0049 4512	NPF             (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
17:40:43.0049 4512	NPF - ok
17:40:43.0111 4512	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:40:43.0142 4512	Npfs - ok
17:40:43.0189 4512	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:40:43.0205 4512	nsi - ok
17:40:43.0220 4512	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:40:43.0267 4512	nsiproxy - ok
17:40:43.0532 4512	nSvcIp          (c7252b28453297329755cd83208caabb) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:40:43.0532 4512	nSvcIp - ok
17:40:44.0000 4512	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:40:44.0109 4512	Ntfs - ok
17:40:44.0531 4512	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:40:44.0562 4512	Null - ok
17:40:44.0687 4512	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:40:44.0733 4512	NVENETFD - ok
17:40:46.0902 4512	nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:40:47.0058 4512	nvlddmkm - ok
17:40:47.0463 4512	NVNET           (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
17:40:47.0479 4512	NVNET - ok
17:40:47.0557 4512	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:40:47.0573 4512	nvraid - ok
17:40:47.0635 4512	nvrd64          (5266d03c0628fae9c35f40eec078fc88) C:\Windows\system32\DRIVERS\nvrd64.sys
17:40:47.0651 4512	nvrd64 - ok
17:40:47.0682 4512	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:40:47.0697 4512	nvstor - ok
17:40:47.0822 4512	nvstor64        (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
17:40:47.0838 4512	nvstor64 - ok
17:40:48.0009 4512	nvsvc           (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
17:40:48.0025 4512	nvsvc - ok
17:40:48.0353 4512	nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:40:48.0384 4512	nvUpdatusService - ok
17:40:48.0602 4512	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:40:48.0618 4512	nv_agp - ok
17:40:48.0821 4512	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:40:48.0852 4512	odserv - ok
17:40:48.0992 4512	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:40:49.0023 4512	ohci1394 - ok
17:40:49.0133 4512	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:40:49.0164 4512	ose - ok
17:40:49.0226 4512	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:40:49.0257 4512	p2pimsvc - ok
17:40:49.0351 4512	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:40:49.0367 4512	p2psvc - ok
17:40:49.0398 4512	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:40:49.0413 4512	Parport - ok
17:40:49.0523 4512	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:40:49.0538 4512	partmgr - ok
17:40:49.0616 4512	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:40:49.0663 4512	PcaSvc - ok
17:40:49.0725 4512	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:40:49.0772 4512	pccsmcfd - ok
17:40:49.0835 4512	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:40:49.0850 4512	pci - ok
17:40:49.0866 4512	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:40:49.0881 4512	pciide - ok
17:40:49.0928 4512	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:40:49.0959 4512	pcmcia - ok
17:40:49.0991 4512	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:40:50.0006 4512	pcw - ok
17:40:50.0006 4512	PDIHWCTL - ok
17:40:50.0115 4512	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:40:50.0178 4512	PEAUTH - ok
17:40:50.0349 4512	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:40:50.0427 4512	PeerDistSvc - ok
17:40:50.0537 4512	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:40:50.0552 4512	PerfHost - ok
17:40:51.0005 4512	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:40:51.0098 4512	pla - ok
17:40:51.0441 4512	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:40:51.0473 4512	PlugPlay - ok
17:40:51.0535 4512	Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
17:40:51.0535 4512	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:40:51.0535 4512	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:40:51.0551 4512	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:40:51.0566 4512	PNRPAutoReg - ok
17:40:51.0707 4512	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:40:51.0722 4512	PNRPsvc - ok
17:40:51.0894 4512	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:40:51.0956 4512	PolicyAgent - ok
17:40:52.0019 4512	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:40:52.0065 4512	Power - ok
17:40:52.0377 4512	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:40:52.0424 4512	PptpMiniport - ok
17:40:52.0471 4512	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:40:52.0487 4512	Processor - ok
17:40:52.0549 4512	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:40:52.0596 4512	ProfSvc - ok
17:40:52.0674 4512	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:52.0674 4512	ProtectedStorage - ok
17:40:52.0783 4512	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:40:52.0845 4512	Psched - ok
17:40:53.0064 4512	PSI_SVC_2       (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:40:53.0079 4512	PSI_SVC_2 - ok
17:40:53.0126 4512	PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:40:53.0142 4512	PxHlpa64 - ok
17:40:53.0454 4512	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:40:53.0532 4512	ql2300 - ok
17:40:53.0797 4512	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:40:53.0828 4512	ql40xx - ok
17:40:53.0953 4512	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:40:53.0984 4512	QWAVE - ok
17:40:54.0015 4512	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:40:54.0047 4512	QWAVEdrv - ok
17:40:54.0062 4512	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:40:54.0109 4512	RasAcd - ok
17:40:54.0374 4512	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:40:54.0405 4512	RasAgileVpn - ok
17:40:54.0452 4512	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:40:54.0468 4512	RasAuto - ok
17:40:54.0530 4512	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:40:54.0577 4512	Rasl2tp - ok
17:40:54.0717 4512	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:40:54.0795 4512	RasMan - ok
17:40:54.0905 4512	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:40:54.0936 4512	RasPppoe - ok
17:40:55.0045 4512	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:40:55.0092 4512	RasSstp - ok
17:40:55.0217 4512	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:40:55.0279 4512	rdbss - ok
17:40:55.0326 4512	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:40:55.0357 4512	rdpbus - ok
17:40:55.0388 4512	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:40:55.0435 4512	RDPCDD - ok
17:40:55.0482 4512	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:40:55.0513 4512	RDPDR - ok
17:40:55.0529 4512	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:40:55.0560 4512	RDPENCDD - ok
17:40:55.0575 4512	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:40:55.0607 4512	RDPREFMP - ok
17:40:55.0685 4512	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:40:55.0700 4512	RdpVideoMiniport - ok
17:40:55.0809 4512	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:40:55.0856 4512	RDPWD - ok
17:40:56.0168 4512	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:40:56.0355 4512	rdyboost - ok
17:40:56.0387 4512	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:40:56.0433 4512	RemoteAccess - ok
17:40:56.0465 4512	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:40:56.0511 4512	RemoteRegistry - ok
17:40:57.0011 4512	rpcapd          (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
17:40:57.0057 4512	rpcapd - ok
17:40:57.0089 4512	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:40:57.0120 4512	RpcEptMapper - ok
17:40:57.0135 4512	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:40:57.0151 4512	RpcLocator - ok
17:40:57.0229 4512	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:40:57.0260 4512	RpcSs - ok
17:40:57.0463 4512	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:40:57.0510 4512	rspndr - ok
17:40:57.0572 4512	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:40:57.0619 4512	s3cap - ok
17:40:57.0853 4512	S3XXx64         (d9693eb930b3ff0861d9f454cafe5b10) C:\Windows\system32\DRIVERS\S3XXx64.sys
17:40:57.0884 4512	S3XXx64 - ok
17:40:57.0931 4512	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:57.0931 4512	SamSs - ok
17:40:58.0103 4512	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:40:58.0103 4512	sbp2port - ok
17:40:58.0508 4512	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:40:58.0524 4512	SBSDWSCService - ok
17:40:58.0773 4512	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:40:58.0820 4512	SCardSvr - ok
17:40:58.0883 4512	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:40:58.0929 4512	scfilter - ok
17:40:59.0195 4512	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:40:59.0257 4512	Schedule - ok
17:40:59.0288 4512	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:40:59.0319 4512	SCPolicySvc - ok
17:40:59.0444 4512	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:40:59.0475 4512	SDRSVC - ok
17:40:59.0538 4512	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:40:59.0585 4512	secdrv - ok
17:40:59.0663 4512	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:40:59.0694 4512	seclogon - ok
17:40:59.0741 4512	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:40:59.0772 4512	SENS - ok
17:40:59.0787 4512	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:40:59.0819 4512	SensrSvc - ok
17:40:59.0834 4512	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:40:59.0850 4512	Serenum - ok
17:40:59.0881 4512	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:40:59.0897 4512	Serial - ok
17:40:59.0943 4512	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:40:59.0959 4512	sermouse - ok
17:41:00.0209 4512	ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:41:00.0240 4512	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:41:00.0240 4512	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:41:00.0443 4512	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:41:00.0505 4512	SessionEnv - ok
17:41:00.0552 4512	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:41:00.0599 4512	sffdisk - ok
17:41:00.0614 4512	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:41:00.0645 4512	sffp_mmc - ok
17:41:00.0692 4512	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:41:00.0708 4512	sffp_sd - ok
17:41:00.0739 4512	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:41:00.0739 4512	sfloppy - ok
17:41:00.0833 4512	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:41:00.0911 4512	SharedAccess - ok
17:41:01.0191 4512	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:41:01.0238 4512	ShellHWDetection - ok
17:41:01.0254 4512	simptcp         (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
17:41:01.0269 4512	simptcp - ok
17:41:01.0285 4512	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:41:01.0285 4512	SiSRaid2 - ok
17:41:01.0332 4512	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:41:01.0347 4512	SiSRaid4 - ok
17:41:01.0379 4512	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:41:01.0410 4512	Smb - ok
17:41:01.0488 4512	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:41:01.0535 4512	SNMPTRAP - ok
17:41:04.0249 4512	SNP2STD         (f80e2487b1fee87c74945c4daf0f5cb9) C:\Windows\system32\DRIVERS\snp2sxp.sys
17:41:04.0608 4512	SNP2STD - ok
17:41:04.0670 4512	SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
17:41:04.0686 4512	SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:41:04.0686 4512	SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:41:05.0123 4512	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:41:05.0138 4512	spldr - ok
17:41:05.0294 4512	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:41:05.0325 4512	Spooler - ok
17:41:05.0996 4512	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:41:06.0059 4512	sppsvc - ok
17:41:06.0246 4512	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:41:06.0277 4512	sppuinotify - ok
17:41:06.0527 4512	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:41:06.0589 4512	srv - ok
17:41:06.0651 4512	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:41:06.0683 4512	srv2 - ok
17:41:06.0807 4512	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:41:06.0839 4512	srvnet - ok
17:41:06.0885 4512	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:41:06.0932 4512	SSDPSRV - ok
17:41:06.0963 4512	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:41:06.0995 4512	SstpSvc - ok
17:41:07.0041 4512	Steam Client Service - ok
17:41:07.0416 4512	Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:41:07.0416 4512	Stereo Service - ok
17:41:07.0494 4512	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:41:07.0509 4512	stexstor - ok
17:41:07.0541 4512	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:41:07.0572 4512	StillCam - ok
17:41:07.0743 4512	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:41:07.0790 4512	stisvc - ok
17:41:08.0071 4512	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:41:08.0087 4512	storflt - ok
17:41:08.0352 4512	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:41:08.0383 4512	storvsc - ok
17:41:08.0414 4512	SUMMACUTamd     (a822a6acc33d97e4c939b13f57772989) C:\Windows\system32\Drivers\AMDX64CUT.sys
17:41:08.0445 4512	SUMMACUTamd - ok
17:41:08.0477 4512	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:41:08.0492 4512	swenum - ok
17:41:08.0742 4512	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:41:08.0773 4512	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:41:08.0773 4512	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:41:08.0867 4512	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:41:08.0945 4512	swprv - ok
17:41:08.0976 4512	Synth3dVsc - ok
17:41:09.0693 4512	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:41:09.0787 4512	SysMain - ok
17:41:10.0052 4512	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:41:10.0068 4512	TabletInputService - ok
17:41:11.0222 4512	TabletServiceWacom (34d92e8cb04dcaeeae054fede7526282) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
17:41:11.0300 4512	TabletServiceWacom - ok
17:41:11.0519 4512	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:41:11.0581 4512	TapiSrv - ok
17:41:11.0690 4512	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:41:11.0721 4512	TBS - ok
17:41:12.0096 4512	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:41:12.0189 4512	Tcpip - ok
17:41:12.0954 4512	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:41:13.0001 4512	TCPIP6 - ok
17:41:13.0203 4512	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:41:13.0250 4512	tcpipreg - ok
17:41:13.0344 4512	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:41:13.0375 4512	TDPIPE - ok
17:41:13.0437 4512	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:41:13.0469 4512	TDTCP - ok
17:41:13.0609 4512	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:41:13.0656 4512	tdx - ok
17:41:13.0781 4512	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:41:13.0796 4512	TermDD - ok
17:41:14.0155 4512	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:41:14.0217 4512	TermService - ok
17:41:14.0249 4512	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:41:14.0264 4512	Themes - ok
17:41:14.0327 4512	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:41:14.0342 4512	THREADORDER - ok
17:41:14.0467 4512	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:41:14.0545 4512	TrkWks - ok
17:41:14.0685 4512	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:41:14.0732 4512	TrustedInstaller - ok
17:41:14.0826 4512	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:41:14.0873 4512	tssecsrv - ok
17:41:14.0904 4512	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:41:14.0935 4512	TsUsbFlt - ok
17:41:14.0935 4512	tsusbhub - ok
17:41:15.0107 4512	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:41:15.0153 4512	tunnel - ok
17:41:15.0169 4512	TwkMs - ok
17:41:15.0169 4512	TwkPCSC - ok
17:41:15.0231 4512	TWKSCARDSRV     (fe8f7c30289d6fb95ed62b6c8c5dd2f8) C:\Windows\SCARDS32.EXE
17:41:15.0247 4512	TWKSCARDSRV ( UnsignedFile.Multi.Generic ) - warning
17:41:15.0247 4512	TWKSCARDSRV - detected UnsignedFile.Multi.Generic (1)
17:41:15.0403 4512	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:41:15.0419 4512	uagp35 - ok
17:41:15.0575 4512	ubloxVcp        (c4a03bd568f999148be835df5d5158f2) C:\Windows\system32\DRIVERS\ubloxVcp.sys
17:41:15.0637 4512	ubloxVcp ( UnsignedFile.Multi.Generic ) - warning
17:41:15.0637 4512	ubloxVcp - detected UnsignedFile.Multi.Generic (1)
17:41:15.0809 4512	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:41:15.0855 4512	udfs - ok
17:41:15.0887 4512	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:41:15.0918 4512	UI0Detect - ok
17:41:16.0058 4512	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:41:16.0089 4512	uliagpkx - ok
17:41:16.0199 4512	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:41:16.0230 4512	umbus - ok
17:41:16.0261 4512	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:41:16.0292 4512	UmPass - ok
17:41:16.0355 4512	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:41:16.0386 4512	UmRdpService - ok
17:41:16.0433 4512	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:41:16.0479 4512	upnphost - ok
17:41:16.0542 4512	upperdev        (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:41:16.0682 4512	upperdev - ok
17:41:16.0745 4512	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:41:16.0760 4512	USBAAPL64 - ok
17:41:16.0885 4512	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:41:16.0916 4512	usbccgp - ok
17:41:17.0072 4512	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:41:17.0088 4512	usbcir - ok
17:41:17.0103 4512	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:41:17.0119 4512	usbehci - ok
17:41:17.0166 4512	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:41:17.0197 4512	usbhub - ok
17:41:17.0213 4512	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:41:17.0228 4512	usbohci - ok
17:41:17.0259 4512	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:41:17.0275 4512	usbprint - ok
17:41:17.0306 4512	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
17:41:17.0384 4512	usbser - ok
17:41:17.0431 4512	UsbserFilt      (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
17:41:17.0447 4512	UsbserFilt - ok
17:41:17.0509 4512	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:41:17.0540 4512	USBSTOR - ok
17:41:17.0571 4512	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:41:17.0603 4512	usbuhci - ok
17:41:17.0618 4512	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:41:17.0649 4512	UxSms - ok
17:41:17.0712 4512	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:41:17.0712 4512	VaultSvc - ok
17:41:17.0821 4512	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:41:17.0837 4512	vdrvroot - ok
17:41:18.0008 4512	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:41:18.0055 4512	vds - ok
17:41:18.0086 4512	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:41:18.0102 4512	vga - ok
17:41:18.0117 4512	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:41:18.0149 4512	VgaSave - ok
17:41:18.0149 4512	VGPU - ok
17:41:18.0601 4512	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:41:18.0632 4512	vhdmp - ok
17:41:18.0710 4512	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:41:18.0726 4512	viaide - ok
17:41:18.0819 4512	vidousb         (f7ad16f2ba3321f71267bdf48a4f0582) C:\Windows\system32\DRIVERS\vidousb.sys
17:41:18.0819 4512	vidousb - ok
17:41:18.0929 4512	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:41:18.0960 4512	vmbus - ok
17:41:19.0038 4512	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:41:19.0085 4512	VMBusHID - ok
17:41:19.0116 4512	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:41:19.0131 4512	volmgr - ok
17:41:19.0256 4512	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:41:19.0272 4512	volmgrx - ok
17:41:19.0334 4512	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:41:19.0350 4512	volsnap - ok
17:41:19.0428 4512	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:41:19.0443 4512	vsmraid - ok
17:41:19.0802 4512	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:41:19.0911 4512	VSS - ok
17:41:20.0223 4512	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:41:20.0255 4512	vwifibus - ok
17:41:20.0286 4512	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:41:20.0301 4512	vwififlt - ok
17:41:20.0379 4512	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:41:20.0426 4512	W32Time - ok
17:41:20.0535 4512	W3SVC           (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:41:20.0551 4512	W3SVC - ok
17:41:20.0613 4512	wacmoumonitor   (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:41:20.0676 4512	wacmoumonitor - ok
17:41:20.0707 4512	wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:41:20.0707 4512	wacommousefilter - ok
17:41:20.0723 4512	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:41:20.0754 4512	WacomPen - ok
17:41:20.0769 4512	wacomvhid       (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
17:41:20.0785 4512	wacomvhid - ok
17:41:20.0894 4512	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:41:20.0957 4512	WANARP - ok
17:41:20.0972 4512	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:41:21.0003 4512	Wanarpv6 - ok
17:41:21.0003 4512	WAS             (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:41:21.0019 4512	WAS - ok
17:41:21.0456 4512	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:41:21.0549 4512	wbengine - ok
17:41:22.0049 4512	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:41:22.0080 4512	WbioSrvc - ok
17:41:22.0189 4512	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:41:22.0236 4512	wcncsvc - ok
17:41:22.0251 4512	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:41:22.0267 4512	WcsPlugInService - ok
17:41:22.0345 4512	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:41:22.0361 4512	Wd - ok
17:41:22.0563 4512	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:41:22.0595 4512	Wdf01000 - ok
17:41:22.0641 4512	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:41:22.0735 4512	WdiServiceHost - ok
17:41:22.0735 4512	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:41:22.0751 4512	WdiSystemHost - ok
17:41:23.0141 4512	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:41:23.0187 4512	WebClient - ok
17:41:23.0219 4512	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:41:23.0265 4512	Wecsvc - ok
17:41:23.0281 4512	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:41:23.0328 4512	wercplsupport - ok
17:41:23.0343 4512	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:41:23.0375 4512	WerSvc - ok
17:41:23.0484 4512	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:41:23.0499 4512	WfpLwf - ok
17:41:23.0577 4512	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:41:23.0593 4512	WIMMount - ok
17:41:23.0796 4512	WinDefend - ok
17:41:23.0811 4512	WinHttpAutoProxySvc - ok
17:41:23.0936 4512	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:41:23.0999 4512	Winmgmt - ok
17:41:24.0451 4512	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:41:24.0545 4512	WinRM - ok
17:41:24.0997 4512	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:41:25.0044 4512	WinUsb - ok
17:41:25.0262 4512	WLANBelkinService (0f695800783c3f9e577b94bf1e71d95a) C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
17:41:25.0278 4512	WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
17:41:25.0278 4512	WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
17:41:25.0559 4512	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:41:25.0621 4512	Wlansvc - ok
17:41:26.0276 4512	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:41:26.0323 4512	wlidsvc - ok
17:41:26.0604 4512	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:41:26.0619 4512	WmiAcpi - ok
17:41:26.0791 4512	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:41:26.0822 4512	wmiApSrv - ok
17:41:26.0869 4512	WMPNetworkSvc - ok
17:41:26.0900 4512	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:41:26.0931 4512	WPCSvc - ok
17:41:27.0056 4512	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:41:27.0072 4512	WPDBusEnum - ok
17:41:27.0165 4512	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:41:27.0212 4512	ws2ifsl - ok
17:41:27.0243 4512	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:41:27.0275 4512	wscsvc - ok
17:41:27.0462 4512	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:41:27.0477 4512	WSDPrintDevice - ok
17:41:27.0493 4512	WSearch - ok
17:41:27.0821 4512	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:41:27.0930 4512	wuauserv - ok
17:41:28.0257 4512	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:41:28.0320 4512	WudfPf - ok
17:41:28.0367 4512	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:41:28.0398 4512	WUDFRd - ok
17:41:28.0429 4512	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:41:28.0460 4512	wudfsvc - ok
17:41:28.0710 4512	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:41:28.0772 4512	WwanSvc - ok
17:41:28.0835 4512	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:41:29.0755 4512	\Device\Harddisk0\DR0 - ok
17:41:29.0771 4512	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
17:41:29.0833 4512	\Device\Harddisk1\DR1 - ok
17:41:29.0833 4512	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
17:41:29.0849 4512	\Device\Harddisk2\DR2 - ok
17:41:29.0864 4512	Boot (0x1200)   (8d0f98f22192ea176e5085ca4886d776) \Device\Harddisk0\DR0\Partition0
17:41:29.0895 4512	\Device\Harddisk0\DR0\Partition0 - ok
17:41:29.0927 4512	Boot (0x1200)   (31ca6a9aacbe818c80f8e3e089f4eb4d) \Device\Harddisk0\DR0\Partition1
17:41:29.0942 4512	\Device\Harddisk0\DR0\Partition1 - ok
17:41:29.0958 4512	Boot (0x1200)   (5ea76a024d032d3842a32208d0451e31) \Device\Harddisk0\DR0\Partition2
17:41:29.0958 4512	\Device\Harddisk0\DR0\Partition2 - ok
17:41:29.0973 4512	Boot (0x1200)   (45628a2e3bfcebd3a08410001b50c39a) \Device\Harddisk1\DR1\Partition0
17:41:29.0973 4512	\Device\Harddisk1\DR1\Partition0 - ok
17:41:29.0989 4512	Boot (0x1200)   (08b8a612a427a4fc78a49adea43cefb9) \Device\Harddisk2\DR2\Partition0
17:41:29.0989 4512	\Device\Harddisk2\DR2\Partition0 - ok
17:41:29.0989 4512	============================================================
17:41:29.0989 4512	Scan finished
17:41:29.0989 4512	============================================================
17:41:30.0005 3872	Detected object count: 12
17:41:30.0005 3872	Actual detected object count: 12
17:42:09.0418 3872	Alpham1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872	Alpham1 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0418 3872	Alpham2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872	Alpham2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0418 3872	FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872	FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0418 3872	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	TWKSCARDSRV ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	TWKSCARDSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	ubloxVcp ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	ubloxVcp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:42:09.0434 3872	WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872	WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Wie gehts das nun weiter ?

System läuft so weit nur sind halt unmengen an Bildern Verschlüsselt.

Liebe Grüße

conny

Chris4You · 19.06.2012, 06:56

Hi,

poste noch mal ein neues OTL-Logfile...

Sind Dateien verschlüsselt, dann folge dem Link:http://www.trojaner-board.de/114783-...ubersicht.html

chris

Verschluesselungs Trojaner auch bei mir

Plagegeister aller Art und deren Bekämpfung: Verschluesselungs Trojaner auch bei mir