Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verschluesselungs Trojaner auch bei mir (https://www.trojaner-board.de/117521-verschluesselungs-trojaner-mir.html)

conny24 18.06.2012 10:03
Verschluesselungs Trojaner auch bei mir
 
Hallo,
ich sitze hier auch vor einem mit dem Verschluesselungs Trojaner befallenen Rechner.
Die OTL.Txt befindet sich hier im Anhang. Kann mir bitte jemand helfen und den Custom Scann zusammenstellen und weiter helfen. Gelsen habe ich schon fast alles und mir ist auch klar wie alles funktioniert nur der Fix Code ist mir unklar nach was ihr da schaut bitte um Hilfe.

Code:
OTL logfile created on: 6/18/2012 1:51:16 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244.14 Gb Total Space | 34.45 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive D: | 698.63 Gb Total Space | 478.17 Gb Free Space | 68.44% Space Free | Partition Type: NTFS
Drive E: | 74.53 Gb Total Space | 34.29 Gb Free Space | 46.01% Space Free | Partition Type: NTFS
Drive F: | 244.14 Gb Total Space | 181.72 Gb Free Space | 74.43% Space Free | Partition Type: NTFS
Drive G: | 210.34 Gb Total Space | 45.87 Gb Free Space | 21.81% Space Free | Partition Type: NTFS
Drive H: | 3.72 Gb Total Space | 2.03 Gb Free Space | 54.54% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/06/06 09:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2011/01/26 07:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2011/01/14 02:57:45 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/27 10:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV:64bit: - [2009/10/15 00:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009/07/23 12:25:28 | 000,626,208 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/23 12:25:28 | 000,206,880 | ---- | M] () [Auto] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 21:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/06/05 12:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012/06/11 15:17:03 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/25 14:12:35 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/21 23:55:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/12 05:57:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/26 10:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2012/02/10 00:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 15:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/06/01 06:41:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/17 05:26:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/02/07 10:41:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/14 09:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 08:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/28 11:25:40 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009/11/01 15:03:02 | 000,075,064 | ---- | M] () [Auto] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/13 21:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003/04/29 20:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/02/15 05:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/03 07:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/09/29 03:54:24 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2011/08/12 03:20:57 | 000,015,416 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2011/06/09 10:54:33 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011/06/09 09:18:18 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011/06/01 04:02:15 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/17 07:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/12/02 06:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010/12/02 06:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 06:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010/12/02 06:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/27 10:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010/09/27 10:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [File_System | Auto] -- C:\Windows\System32\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2010/02/26 08:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010/02/26 08:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/01/12 00:19:32 | 000,095,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2010/01/07 06:31:20 | 000,075,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NmSerial.sys -- (nmserial)
DRV:64bit: - [2010/01/06 18:19:00 | 000,068,224 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2009/12/17 02:10:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009/12/17 02:10:34 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009/12/17 02:10:32 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2009/11/12 15:20:52 | 000,054,888 | ---- | M] (Videology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vidousb.sys -- (vidousb)
DRV:64bit: - [2009/11/06 02:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/10/22 10:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 10:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/10/20 14:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/14 07:49:02 | 000,062,976 | ---- | M] (u-blox) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ubloxVcp.sys -- (ubloxVcp)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mf.sys -- (mf)
DRV:64bit: - [2009/07/08 21:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- C:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008/11/21 05:54:08 | 000,025,600 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AMDx64CUT.sys -- (SUMMACUTamd)
DRV:64bit: - [2008/08/28 06:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/12 02:09:06 | 000,064,512 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mchpusb64.sys -- (MCHPUSB)
DRV:64bit: - [2008/01/02 08:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | On_Demand] -- C:\Windows\System32\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007/07/23 02:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007/03/30 08:42:34 | 012,333,568 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV:64bit: - [2007/03/20 04:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2007/02/16 05:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2005/12/13 19:53:42 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand] -- C:\Windows\System32\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV - [2012/01/05 03:24:51 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2007/03/30 08:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2003/04/29 20:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto] -- C:\Windows\SysWow64\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2003/04/29 20:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot] -- C:\Windows\SysWow64\drivers\TWKMS.SYS -- (TwkMs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 61 8D D1 5A CA 01  [binary data]
IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/09/10 01:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/06/15 12:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/08/04 02:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 02:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/06/08 03:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Extensions
[2012/05/19 04:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Firefox\Profiles\uv8bdff3.default\extensions
[2012/03/18 08:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012/05/12 05:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/06 09:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/06 09:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/06 09:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/06 09:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/27 01:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011/10/06 09:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/06 09:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} -  File not found
O3:64bit: - HKU\conny_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\conny_ON_C\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\conny_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RunPUTasktray]  File not found
O4 - HKU\conny_ON_C..\Run: [049DF36D] C:\Users\conny\AppData\Local\Temp\Irbs\jrndquzvt.exe (Nessuna Registrazione)
O4 - HKU\conny_ON_C..\Run: [AdobeBridge]  File not found
O4 - HKU\conny_ON_C..\Run: [Auto-Import for EuroCUT Professional 7]  File not found
O4 - HKU\conny_ON_C..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\conny_ON_C..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe ()
O4 - HKU\conny_ON_C..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKU\conny_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\conny_ON_C..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\conny_ON_C..\Run: [Windows Audio Driver]  File not found
O4 - HKU\LocalService_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\UpdatusUser_ON_C..\Run: [Sidebar]  File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [mctadmin]  File not found
O4 - HKU\UpdatusUser_ON_C..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {17D0C64A-5283-4125-8256-105694C274ED} hxxp://www.knittel-foto-film.de/interaktiv/objekt/spx33.cab (MozillaPluginHostCtrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://louk.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab (PPI Chipcard-Browser-Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {97DF08C1-4C0E-4913-823B-E8FC1C8444FA} hxxp://192.168.178.105/400series.cab (4Mosa Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - *DISABLED*wlnotify.dll -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/30 02:34:10 | 000,000,000 | ---D | M] - D:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2007/12/23 17:38:31 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell - "" = AutoRun
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\verb\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\win\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/11 15:18:42 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\Macromedia
[2012/06/09 08:57:23 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\3Dconnexion_Inc
[2012/06/09 08:51:05 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\3Dconnexion
[2012/06/09 08:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2012/06/09 08:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012/06/09 08:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion
[2012/06/07 02:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/07 02:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/06 21:42:50 | 000,109,056 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012/06/06 21:36:48 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012/06/04 14:51:57 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber_2012
[2012/06/04 14:51:21 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber
[2012/06/03 12:53:20 | 000,000,000 | ---D | C] -- C:\Users\conny\Documents\Studienbescheinigung
[2011/12/18 17:41:00 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\arDshini.exe.exe
[2011/12/16 02:31:09 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\Dshini.exe.exe
[2010/04/26 04:50:29 | 000,151,552 | ---- | C] ( ) -- C:\Windows\rsnp2std.dll
[2010/04/26 04:50:29 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp2std.dll
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/11 17:22:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/11 17:22:47 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 17:22:47 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/11 17:22:17 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 17:14:02 | 000,000,355 | ---- | M] () -- C:\Windows\SCARDSRV.INI
[2012/06/11 17:13:41 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/11 17:10:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/06/11 17:10:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/06/11 17:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/11 16:46:49 | 000,692,220 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/06/11 16:46:49 | 000,646,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/11 16:46:49 | 000,140,050 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/06/11 16:46:49 | 000,114,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/11 16:37:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/11 15:17:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/11 15:17:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/09 08:49:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012/06/09 08:48:23 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/06/09 08:48:23 | 000,002,304 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/06/09 08:48:23 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/07 02:03:43 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/07 02:03:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/06 21:44:22 | 000,045,056 | ---- | M] () -- C:\Windows\System32\Launch3DxGUI.cpl
[2012/06/06 21:42:50 | 000,109,056 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012/06/06 21:41:56 | 000,055,808 | ---- | M] () -- C:\Windows\System32\spwini.dll
[2012/06/06 21:36:48 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012/06/06 21:35:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\spwini.dll
[2012/06/04 23:51:11 | 006,339,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/03 11:47:27 | 001,424,557 | ---- | M] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012/05/21 00:03:27 | 000,001,456 | ---- | M] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/06/09 08:48:23 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/06/09 08:48:23 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/06/07 02:03:43 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/06 21:44:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Launch3DxGUI.cpl
[2012/06/06 21:41:56 | 000,055,808 | ---- | C] () -- C:\Windows\System32\spwini.dll
[2012/06/06 21:35:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2012/06/03 11:47:27 | 001,424,557 | ---- | C] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012/04/03 02:36:30 | 004,389,441 | ---- | C] () -- C:\Windows\SysWow64\USBAccessLink.dll
[2012/04/03 02:36:30 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\SerialAccessLink.dll
[2012/03/19 04:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2012/03/19 04:10:09 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Images
[2012/03/19 04:10:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2012/03/19 04:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Plug-Ins
[2012/03/19 04:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin
[2012/03/19 04:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Limiter
[2012/03/19 04:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2012/03/19 04:07:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\Image Manipulation
[2012/02/09 15:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/17 10:31:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/17 10:31:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/16 05:27:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2011/11/16 05:27:11 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Hybrid Basic
[2011/11/16 05:27:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/11/16 05:27:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011/10/06 10:54:58 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011/10/06 09:53:06 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011/09/29 02:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Importer
[2011/09/29 02:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Image Units
[2011/09/29 02:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/09/29 02:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/09/29 02:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/08/05 08:59:36 | 000,324,511 | ---- | C] () -- C:\ProgramData\1312521941.bdinstall.bin
[2011/06/09 02:47:59 | 000,000,663 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011/05/20 02:52:15 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/05 08:37:15 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011/02/07 10:42:04 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010/10/28 07:42:34 | 000,000,355 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010/10/28 07:42:25 | 000,001,268 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010/10/28 07:42:02 | 000,002,776 | ---- | C] () -- C:\Windows\twkverck.dat
[2010/10/11 08:28:14 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010/10/11 08:28:14 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010/08/08 03:35:12 | 000,000,132 | ---- | C] () -- C:\Users\conny\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/08/03 06:40:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Jingles
[2010/08/03 06:28:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Help
[2010/06/17 07:50:24 | 000,001,456 | ---- | C] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010/06/12 06:16:42 | 000,000,078 | ---- | C] () -- C:\Windows\CAMDXP.INI
[2010/05/25 03:57:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Receipts
[2010/05/25 03:57:40 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Profiles
[2010/05/25 03:57:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010/05/25 03:57:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\manual
[2010/05/25 03:57:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Repeat Routines
[2010/05/25 03:57:38 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Project Templates
[2010/05/25 03:57:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\vhosts
[2010/05/25 03:55:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010/05/25 03:44:56 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Icons
[2010/05/25 03:40:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010/05/23 06:30:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Reverb
[2010/05/23 06:30:03 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Radio Sounds
[2010/05/23 06:27:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2010/05/21 05:03:53 | 000,000,600 | ---- | C] () -- C:\Users\conny\AppData\Local\PUTTY.RND
[2010/05/05 05:21:00 | 000,000,025 | ---- | C] () -- C:\Users\conny\AppData\Roaming\bdfvconp.ini
[2010/04/26 04:50:29 | 012,033,024 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2010/04/26 04:50:29 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2010/04/26 04:50:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010/04/23 09:31:13 | 000,000,850 | ---- | C] () -- C:\Users\conny\AppData\RoamingProductTweaks.xml
[2010/04/23 09:31:12 | 000,000,385 | ---- | C] () -- C:\Users\conny\AppData\Roaminguser_gensett.xml
[2010/04/22 01:40:37 | 000,000,376 | ---- | C] () -- C:\Users\conny\AppData\Roamingprivacy.xml
[2010/04/16 11:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol417.ini
[2010/04/16 11:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bdpnqch979.dat
[2010/04/13 05:40:39 | 000,234,127 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2010/04/13 05:40:39 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2010/03/31 06:50:45 | 000,005,632 | ---- | C] () -- C:\Users\conny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 02:01:42 | 000,000,118 | ---- | C] () -- C:\Windows\SysWow64\BUERKVER.INI
[2010/03/23 01:52:03 | 000,737,280 | ---- | C] () -- C:\Windows\SysWow64\eztoolslib2.dll
[2010/03/08 03:30:43 | 000,000,297 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/02/26 13:23:00 | 001,579,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/02/19 04:57:02 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2010/02/19 04:57:02 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2010/02/19 04:57:02 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2009/12/23 02:18:29 | 000,023,716 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009/12/19 06:53:59 | 000,007,618 | ---- | C] () -- C:\Users\conny\AppData\Local\Resmon.ResmonCfg
[2009/12/13 15:08:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/11/03 15:29:36 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/01 14:48:58 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009/10/30 14:07:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/10/30 14:07:22 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009/10/30 14:07:21 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009/10/24 12:14:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- C:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/08/21 14:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006/12/13 10:03:14 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2003/05/20 10:05:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\spx33.dll
[2002/09/17 18:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[1999/11/16 08:04:36 | 000,485,376 | ---- | C] () -- C:\Windows\SysWow64\DrRw40.dll
 
========== LOP Check ==========
 
[2012/04/03 02:37:17 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\.mplab_ide
[2012/06/09 08:51:05 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\3Dconnexion
[2011/03/02 03:51:29 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Altium
[2011/03/02 02:06:19 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\AltiumDesignerSummer09
[2010/11/08 08:24:10 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Amazon
[2011/12/11 10:59:01 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Autodesk
[2011/05/26 05:31:22 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Babylon
[2010/05/07 14:00:20 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\C-Free
[2010/03/17 14:28:07 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\CadSoft
[2010/06/21 01:33:33 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/06/20 05:53:22 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\CircuitWorks
[2011/09/30 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2011/06/01 04:06:57 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\DAEMON Tools Lite
[2012/05/19 00:30:36 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\DassaultSystemes
[2011/02/07 10:50:57 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\EDrawings
[2011/10/12 13:24:55 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Estlcam_3
[2010/02/25 03:16:58 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\EUROSYSTEMS
[2012/04/03 09:29:03 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\FileZilla
[2009/11/06 13:11:43 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\GetRightToGo
[2009/11/18 02:45:21 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\GHISLER
[2010/06/04 04:17:17 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\gtk-2.0
[2011/12/22 10:19:22 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Ideazon
[2010/08/24 08:19:54 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\IPACS
[2012/04/14 09:21:12 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\LRTimelapse
[2012/06/04 14:54:58 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Microchip
[2011/12/22 03:40:48 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\My Games
[2011/12/29 09:30:31 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Nikon
[2010/10/14 02:00:15 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Nokia
[2010/02/01 02:48:53 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Nokia Ovi Suite
[2011/12/02 08:49:01 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\onOne Software
[2011/04/27 10:37:21 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\PACE Anti-Piracy
[2010/02/01 02:48:54 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\PC Suite
[2010/05/12 10:48:01 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\PICC
[2011/05/30 08:35:05 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\picpick
[2010/11/10 09:16:28 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\picpick_temp
[2011/08/05 01:26:54 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\QuickScan
[2011/01/11 02:43:37 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/29 05:53:34 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\toolplugin
[2010/01/18 14:13:06 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\TS3Client
[2011/06/09 09:17:23 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Uniblue
[2010/05/18 05:03:41 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\webex
[2009/11/26 06:43:36 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\Wireshark
[2010/05/21 11:48:24 | 000,000,000 | ---D | M] -- C:\Users\conny\AppData\Roaming\X-Control
[2011/03/02 03:51:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Altium
[2011/03/01 10:36:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Altium2004
[2010/02/12 05:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\AltiumDesignerSummer09
[2010/02/12 05:15:48 | 000,000,000 | ---D | M] -- C:\ProgramData\AltiumDesignerSummer09_Security
[2010/07/12 00:31:40 | 000,000,000 | ---D | M] -- C:\ProgramData\AltiumFileCache
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/04/16 02:12:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Autodesk
[2012/04/23 11:52:35 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/12/29 09:32:04 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2010/03/23 01:51:59 | 000,000,000 | ---D | M] -- C:\ProgramData\buerklin
[2010/05/07 14:00:21 | 000,000,000 | ---D | M] -- C:\ProgramData\C-Free
[2010/05/23 06:30:03 | 000,000,000 | ---D | M] -- C:\ProgramData\ColorSync
[2011/06/01 06:27:03 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite
[2011/06/01 07:16:09 | 000,000,000 | ---D | M] -- C:\ProgramData\DassaultSystemes
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/04/05 08:36:39 | 000,000,000 | ---D | M] -- C:\ProgramData\DYMO
[2011/11/16 05:27:11 | 000,000,000 | ---D | M] -- C:\ProgramData\EnterNHelp
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/03/05 03:21:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Helicon
[2010/04/16 11:42:36 | 000,000,000 | ---D | M] -- C:\ProgramData\McNeel
[2011/11/16 05:27:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2010/02/01 02:56:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Nokia
[2010/06/28 01:36:48 | 000,000,000 | ---D | M] -- C:\ProgramData\NokiaInstallerCache
[2011/12/02 06:03:07 | 000,000,000 | ---D | M] -- C:\ProgramData\onOne Software
[2010/06/28 01:40:05 | 000,000,000 | ---D | M] -- C:\ProgramData\OviInstallerCache
[2011/04/27 10:37:21 | 000,000,000 | ---D | M] -- C:\ProgramData\PACE Anti-Piracy
[2012/04/04 07:38:56 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010/06/15 14:03:32 | 000,000,000 | ---D | M] -- C:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/12/22 12:20:28 | 000,000,000 | ---D | M] -- C:\ProgramData\tmp
[2011/11/16 05:27:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Ultima_T15
[2011/06/09 09:13:56 | 000,000,000 | ---D | M] -- C:\ProgramData\Uniblue
[2009/10/24 11:50:34 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2011/12/22 04:09:57 | 000,000,000 | ---D | M] -- C:\ProgramData\WebEx
[2010/05/03 06:16:56 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2010/05/03 06:18:54 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZipSE
[2011/01/04 04:47:17 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/06/09 09:07:31 | 000,000,000 | -H-D | M] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2012/05/30 00:14:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ >
Invalid Switch:
 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp >
Invalid Switch: ?ocid=iehp

 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de >
 
< IE - HKU\conny_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 61 8D D1 5A CA 01  [binary data] >
 
< IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< IE - HKU\conny_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local >
 
< IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 >
 
< FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" >
 
< FF - prefs.js..network.proxy.no_proxies_on: "*.local" >
 
< FF - prefs.js..network.proxy.type: 0 >
 
 
< FF - user.js..browser.search.selectedEngine: "Search the web" >
 
< FF - user.js..browser.search.order.1: "Search the web" >
 
< FF - user.js..browser.search.defaultenginename: "Search the web" >
 
< FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" >
 
 
< FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_257.dll () >
Invalid Switch: FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_257.dll ()

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () >
Invalid Switch: FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  >
Invalid Switch: iTunes,version=:

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () >
Invalid Switch: iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) >
Invalid Switch: GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) >
Invalid Switch: JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) >
Invalid Switch: NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) >
Invalid Switch: OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) >
Invalid Switch: 3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) >
Invalid Switch: 3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) >
Invalid Switch: Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) >
Invalid Switch: wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) >
Invalid Switch: wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) >
 
< FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) >
 
 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/09/10 01:48:16 | 000,000,000 | ---D | M] >
Invalid Switch: 10 01:48:16 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/06/15 12:27:58 | 000,000,000 | ---D | M] >
Invalid Switch: 15 12:27:58 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/08/04 02:27:18 | 000,000,000 | ---D | M] >
Invalid Switch: 04 02:27:18 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/07 02:03:48 | 000,000,000 | ---D | M] >
Invalid Switch: 07 02:03:48 | 000,000,000 | ---D | M]

 
< FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins >
 
 
< [2011/06/08 03:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Extensions >
Invalid Switch: 08 03:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Extensions

 
< [2012/05/19 04:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Firefox\Profiles\uv8bdff3.default\extensions >
Invalid Switch: 19 04:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\Mozilla\Firefox\Profiles\uv8bdff3.default\extensions

 
< [2012/03/18 08:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions >
Invalid Switch: 18 08:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

 
<  () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI >
 
< () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI >
 
< () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI >
 
< () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI >
 
< [2012/05/12 05:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll >
Invalid Switch: 12 05:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

 
< [2011/10/06 09:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

 
< [2011/10/06 09:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml >
Invalid Switch: 06 09:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

 
< [2011/10/06 09:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

 
< [2011/10/06 09:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml >
Invalid Switch: 06 09:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

 
< [2011/10/27 01:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src >
Invalid Switch: 27 01:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src

 
< [2011/10/06 09:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

 
< [2011/10/06 09:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml >
Invalid Switch: 06 09:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 400 bytes -> C:\Users\conny\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1332 bytes -> C:\Users\conny\AppData\Local\Cpkf0160E:6xkm6KbtDND8X9dYpy0DWO
@Alternate Data Stream - 1211 bytes -> C:\Users\conny\AppData\Local\jpjOeycivDPV:VLDzTCeQaqknpQcE1c
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local\Anwendungsdaten:fpg7MY6hDakFhQE7Dw9SYo
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local:fpg7MY6hDakFhQE7Dw9SYo

< End of report >
Liebe Gruesse

conny

Sorry habe den Code Tag vergessen

Chris4You 18.06.2012 10:13
Hi,

auf die Schnelle:
Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O4 - HKU\conny_ON_C..\Run: [049DF36D] C:\Users\conny\AppData\Local\Temp\Irbs\jrndquzvt.exe (Nessuna Registrazione)
@Alternate Data Stream - 400 bytes -> C:\Users\conny\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1332 bytes -> C:\Users\conny\AppData\Local\Cpkf0160E:6xkm6KbtDND8X9dYpy0DWO
@Alternate Data Stream - 1211 bytes -> C:\Users\conny\AppData\Local\jpjOeycivDPV:VLDzTCeQaqknpQcE1c
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local\Anwendungsdaten:fpg7MY6hDakFhQE7Dw9SYo
@Alternate Data Stream - 1164 bytes -> C:\Users\conny\AppData\Local:fpg7MY6hDakFhQE7Dw9SYo
O32 - AutoRun File - [2010/04/30 02:34:10 | 000,000,000 | ---D | M] - D:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2007/12/23 17:38:31 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell - "" = AutoRun
O33 - MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\Shell\verb\command - "" = H:\shelexec.exe .\starter.html
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\win\setup.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL


Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

conny24 18.06.2012 11:34
Erst mal vielen Dank für die fixe Antwort. Ihr seid wirklich ein tolles Team. Vielen Dank hier erstmal!!


OTL-Report:

Code:
========== OTL ==========
Registry key HKEY_USERS\conny_ON_C\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run not found.
C:\Users\conny\AppData\Local\Temp\Irbs\jrndquzvt.exe moved successfully.
ADS C:\Users\conny\AppData\Local\desktop.ini:3a96398c0f384e4adf5faa1736aeaf96 deleted successfully.
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\Users\conny\AppData\Local\Cpkf0160E:6xkm6KbtDND8X9dYpy0DWO deleted successfully.
ADS C:\Users\conny\AppData\Local\jpjOeycivDPV:VLDzTCeQaqknpQcE1c deleted successfully.
Unable to delete ADS C:\Users\conny\AppData\Local\Anwendungsdaten:fpg7MY6hDakFhQE7Dw9SYo .
ADS C:\Users\conny\AppData\Local:fpg7MY6hDakFhQE7Dw9SYo deleted successfully.
File  not found.
File  not found.
G:\autoexec.bat moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9780e4bc-0585-11df-9673-002618249172}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9780e4bc-0585-11df-9673-002618249172}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9780e4bc-0585-11df-9673-002618249172}\ not found.
File L:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
File H:\shelexec.exe .\starter.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d75-c0b3-11de-a75d-806e6f6e6963}\ not found.
File H:\shelexec.exe .\starter.html not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8fa3d76-c0b3-11de-a75d-806e6f6e6963}\ not found.
File I:\win\setup.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: conny
->Temp folder emptied: 341276228 bytes
->Temporary Internet Files folder emptied: 1128765968 bytes
->Java cache emptied: 24155087 bytes
->FireFox cache emptied: 109528057 bytes
->Google Chrome cache emptied: 6587610 bytes
->Apple Safari cache emptied: 12697600 bytes
->Flash cache emptied: 91435 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3948144 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 86896931 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
 
Total Files Cleaned = 1,635.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 06182012_141657

und der Maleware Report:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
conny :: CONNY-PC [Administrator]

Schutz: Deaktiviert

18.06.2012 14:58:11
mbam-log-2012-06-18 (14-58-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 235551
Laufzeit: 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Audio Driver (Backdoor.Agent) -> Daten: "C:\Users\conny\AppData\Roaming\audiohd.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Nach dem verlangten Neustart hat sich OTL nochmal gemeldet und ich habe nochmal einen Scan gemat hier der Report:
Code:
OTL logfile created on: 18.06.2012 15:37:48 - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = C:\
64bit-Windows 7 Ultimate  (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 78,00% Memory free
26,00 Gb Paging File | 24,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 36,04 Gb Free Space | 14,76% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 478,16 Gb Free Space | 68,44% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 36,29 Gb Free Space | 48,69% Space Free | Partition Type: NTFS
Drive F: | 244,14 Gb Total Space | 181,72 Gb Free Space | 74,43% Space Free | Partition Type: NTFS
Drive G: | 210,34 Gb Total Space | 45,86 Gb Free Space | 21,81% Space Free | Partition Type: NTFS
 
Computer Name: CONNY-PC | User Name: conny
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.14 08:57:45 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.10.15 06:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2009.07.14 03:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2012.06.11 21:17:03 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.25 20:12:35 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.22 05:55:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.12 11:57:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.06 15:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2011.06.01 12:41:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.17 11:26:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.02.07 16:41:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.11.01 21:03:02 | 000,075,064 | ---- | M] () [Auto] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.07.23 18:25:28 | 000,626,208 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.23 18:25:28 | 000,206,880 | ---- | M] () [Auto] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2007.03.30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2007.03.30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2003.04.30 02:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto] -- C:\Windows\SysWow64\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2003.04.30 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot] -- C:\Windows\SysWow64\drivers\TWKMS.SYS -- (TwkMs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 61 8D D1 5A CA 01  [binary data]
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.09.10 07:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.06.15 18:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011.08.04 08:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.07 08:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.08 09:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\mozilla\Extensions
[2012.05.19 10:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\mozilla\Firefox\Profiles\uv8bdff3.default\extensions
[2012.03.18 14:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.05.12 11:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.06 15:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 15:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 15:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 15:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.27 07:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011.10.06 15:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 15:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} -  File not found
O3:64bit: - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper]  File not found
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RunPUTasktray]  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar]  File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [049DF36D]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [Auto-Import for EuroCUT Professional 7]  File not found
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe ()
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {17D0C64A-5283-4125-8256-105694C274ED} hxxp://www.knittel-foto-film.de/interaktiv/objekt/spx33.cab (MozillaPluginHostCtrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://louk.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab (PPI Chipcard-Browser-Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {97DF08C1-4C0E-4913-823B-E8FC1C8444FA} hxxp://192.168.178.105/400series.cab (4Mosa Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - Reg Error: Key error. File not found
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Windows\SysWOW64\eztoolslib2.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - Reg Error: Key error. -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.30 08:34:10 | 000,000,000 | ---D | M] - D:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2012.06.18 19:54:56 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 20:16:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.06.18 20:16:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.18 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\Malwarebytes
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.11 21:18:42 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\Macromedia
[2012.06.09 14:57:23 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\3Dconnexion_Inc
[2012.06.09 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\3Dconnexion
[2012.06.09 14:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2012.06.09 14:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012.06.09 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion
[2012.06.07 08:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.07 08:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.07 03:36:48 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012.06.07 03:36:48 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012.06.04 20:51:57 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber_2012
[2012.06.04 20:51:21 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber
[2012.06.03 18:53:20 | 000,000,000 | ---D | C] -- C:\Users\conny\Documents\Studienbescheinigung
[2011.12.18 23:41:00 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\arDshini.exe.exe
[2011.12.16 08:31:09 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\Dshini.exe.exe
[2010.04.26 10:50:29 | 000,151,552 | ---- | C] ( ) -- C:\Windows\rsnp2std.dll
[2010.04.26 10:50:29 | 000,077,824 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp2std.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 15:37:34 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.18 15:36:39 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 15:36:36 | 000,000,355 | ---- | M] () -- C:\Windows\SCARDSRV.INI
[2012.06.18 15:36:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 15:36:24 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 14:56:23 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.18 14:56:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.11 23:10:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.06.11 23:10:27 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012.06.11 23:10:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.06.11 23:10:27 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012.06.11 23:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 21:17:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.11 21:17:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.11 21:17:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.11 21:17:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.09 14:49:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012.06.09 14:48:23 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012.06.09 14:48:23 | 000,002,304 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012.06.09 14:48:23 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012.06.07 08:03:43 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.07 08:03:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.07 03:36:48 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012.06.07 03:36:48 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\System32\siappdll.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\spwini.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | M] () -- C:\Windows\System32\spwini.dll
[2012.06.03 17:47:27 | 001,424,557 | ---- | M] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012.05.21 06:03:27 | 000,001,456 | ---- | M] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.18 14:56:23 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.09 14:48:23 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012.06.09 14:48:23 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012.06.07 08:03:43 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.07 03:35:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\spwini.dll
[2012.06.03 17:47:27 | 001,424,557 | ---- | C] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012.04.03 08:36:30 | 004,389,441 | ---- | C] () -- C:\Windows\SysWow64\USBAccessLink.dll
[2012.04.03 08:36:30 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\SerialAccessLink.dll
[2012.03.19 10:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2012.03.19 10:10:09 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Images
[2012.03.19 10:10:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2012.03.19 10:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Plug-Ins
[2012.03.19 10:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin
[2012.03.19 10:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Limiter
[2012.03.19 10:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2012.03.19 10:07:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\Image Manipulation
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.17 16:31:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.17 16:31:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.11.16 11:27:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2011.11.16 11:27:11 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Hybrid Basic
[2011.11.16 11:27:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.11.16 11:27:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011.10.06 16:54:58 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011.10.06 15:53:06 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011.09.29 08:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Importer
[2011.09.29 08:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Image Units
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.05 14:59:36 | 000,324,511 | ---- | C] () -- C:\ProgramData\1312521941.bdinstall.bin
[2011.06.09 08:47:59 | 000,000,663 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.04.05 14:37:15 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011.02.07 16:42:04 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.10.28 13:42:34 | 000,000,355 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010.10.28 13:42:25 | 000,001,268 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.10.28 13:42:02 | 000,002,776 | ---- | C] () -- C:\Windows\twkverck.dat
[2010.10.11 14:28:14 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010.10.11 14:28:14 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010.08.08 09:35:12 | 000,000,132 | ---- | C] () -- C:\Users\conny\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.08.03 12:40:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Jingles
[2010.08.03 12:28:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Help
[2010.06.17 13:50:24 | 000,001,456 | ---- | C] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.06.12 12:16:42 | 000,000,078 | ---- | C] () -- C:\Windows\CAMDXP.INI
[2010.05.25 09:57:40 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Receipts
[2010.05.25 09:57:40 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Profiles
[2010.05.25 09:57:40 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT
[2010.05.25 09:57:40 | 000,000,012 | RH-- | C] () -- C:\ProgramData\manual
[2010.05.25 09:57:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Repeat Routines
[2010.05.25 09:57:38 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Project Templates
[2010.05.25 09:57:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\vhosts
[2010.05.25 09:55:07 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2010.05.25 09:44:56 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Icons
[2010.05.25 09:40:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2010.05.23 12:30:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Reverb
[2010.05.23 12:30:03 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Radio Sounds
[2010.05.23 12:27:13 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2010.05.21 11:03:53 | 000,000,600 | ---- | C] () -- C:\Users\conny\AppData\Local\PUTTY.RND
[2010.05.05 11:21:00 | 000,000,025 | ---- | C] () -- C:\Users\conny\AppData\Roaming\bdfvconp.ini
[2010.04.26 10:50:29 | 012,033,024 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2010.04.26 10:50:29 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2010.04.26 10:50:29 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010.04.23 15:31:13 | 000,000,850 | ---- | C] () -- C:\Users\conny\AppData\RoamingProductTweaks.xml
[2010.04.23 15:31:12 | 000,000,385 | ---- | C] () -- C:\Users\conny\AppData\Roaminguser_gensett.xml
[2010.04.22 07:40:37 | 000,000,376 | ---- | C] () -- C:\Users\conny\AppData\Roamingprivacy.xml
[2010.04.16 17:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\g_jdmjol417.ini
[2010.04.16 17:42:51 | 000,000,400 | ---- | C] () -- C:\Windows\SysWow64\drivers\bdpnqch979.dat
[2010.04.13 11:40:39 | 000,234,127 | ---- | C] () -- C:\Windows\hpoins35.dat.temp
[2010.04.13 11:40:39 | 000,000,778 | ---- | C] () -- C:\Windows\hpomdl35.dat.temp
[2010.03.31 12:50:45 | 000,005,632 | ---- | C] () -- C:\Users\conny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 08:01:42 | 000,000,118 | ---- | C] () -- C:\Windows\SysWow64\BUERKVER.INI
[2010.03.23 07:52:03 | 000,737,280 | ---- | C] () -- C:\Windows\SysWow64\eztoolslib2.dll
[2010.03.08 09:30:43 | 000,000,297 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.02.26 19:23:00 | 001,579,758 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.02.19 10:57:02 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2010.02.19 10:57:02 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\hlduinst.exe
[2010.02.19 10:57:02 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2009.12.23 08:18:29 | 000,023,716 | ---- | C] () -- C:\Windows\hpqins15.dat
[2009.12.19 12:53:59 | 000,007,618 | ---- | C] () -- C:\Users\conny\AppData\Local\Resmon.ResmonCfg
[2009.12.13 21:08:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.11.03 21:29:36 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.01 20:48:58 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.10.30 20:07:24 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.10.30 20:07:22 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.10.30 20:07:21 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.10.24 18:14:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2006.12.13 16:03:14 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\zlibwapi.dll
[2003.05.20 16:05:12 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\spx33.dll
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[1999.11.16 14:04:36 | 000,485,376 | ---- | C] () -- C:\Windows\SysWow64\DrRw40.dll
< End of report >

Chris4You 18.06.2012 12:45
Hi,

MAM war nur Quickscann, kein Fullscan...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O4 - HKU\S-1-5-21-2953272873-1830419624-44218407-1001..\Run: [049DF36D]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin]  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin]  File not found

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Bitte MAM updaten und dann einen Fulllscan durchführen, Log posten!

chris

conny24 18.06.2012 16:46
Hallo,

so MAM volständig durchgeführt:

Code:
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
conny :: CONNY-PC [Administrator]

Schutz: Aktiviert

18.06.2012 12:55:26
mbam-log-2012-06-18 (12-55-26).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 1696446
Laufzeit: 4 Stunde(n), 14 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
F:\Program Files (x86)\Perfect Icon\perfecticon.exe (Rogue.FakeMSE) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\Users\Conny\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OLT Fix durchgeführt:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2953272873-1830419624-44218407-1001\Software\Microsoft\Windows\CurrentVersion\Run\\049DF36D deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: conny
->Temp folder emptied: 2237293 bytes
->Temporary Internet Files folder emptied: 320842 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55209530 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 670 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8409929 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 990175 bytes
 
Total Files Cleaned = 64,00 mb
 
 
OTL by OldTimer - Version 3.2.49.0 log created on 06182012_173251

Files\Folders moved on Reboot...
C:\Users\conny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SCARDSRV.TMP scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...
TDSS durchgeführt:

Code:
17:39:44.0205 4720        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
17:39:45.0344 4720        ============================================================
17:39:45.0344 4720        Current date / time: 2012/06/18 17:39:45.0344
17:39:45.0344 4720        SystemInfo:
17:39:45.0344 4720       
17:39:45.0344 4720        OS Version: 6.1.7601 ServicePack: 1.0
17:39:45.0344 4720        Product type: Workstation
17:39:45.0344 4720        ComputerName: CONNY-PC
17:39:45.0344 4720        UserName: conny
17:39:45.0344 4720        Windows directory: C:\Windows
17:39:45.0344 4720        System windows directory: C:\Windows
17:39:45.0344 4720        Running under WOW64
17:39:45.0344 4720        Processor architecture: Intel x64
17:39:45.0344 4720        Number of processors: 4
17:39:45.0344 4720        Page size: 0x1000
17:39:45.0344 4720        Boot type: Normal boot
17:39:45.0344 4720        ============================================================
17:39:48.0168 4720        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:48.0168 4720        Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:48.0168 4720        Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:39:48.0183 4720        ============================================================
17:39:48.0183 4720        \Device\Harddisk0\DR0:
17:39:48.0199 4720        MBR partitions:
17:39:48.0199 4720        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
17:39:48.0215 4720        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E849DFE, BlocksNum 0x1E849D80
17:39:48.0230 4720        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D093BBD, BlocksNum 0x1A4AD883
17:39:48.0230 4720        \Device\Harddisk1\DR1:
17:39:48.0230 4720        MBR partitions:
17:39:48.0230 4720        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
17:39:48.0230 4720        \Device\Harddisk2\DR2:
17:39:48.0230 4720        MBR partitions:
17:39:48.0230 4720        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
17:39:48.0230 4720        ============================================================
17:39:48.0261 4720        C: <-> \Device\Harddisk0\DR0\Partition0
17:39:48.0308 4720        D: <-> \Device\Harddisk1\DR1\Partition0
17:39:48.0308 4720        E: <-> \Device\Harddisk2\DR2\Partition0
17:39:48.0355 4720        F: <-> \Device\Harddisk0\DR0\Partition1
17:39:48.0386 4720        G: <-> \Device\Harddisk0\DR0\Partition2
17:39:48.0386 4720        ============================================================
17:39:48.0386 4720        Initialize success
17:39:48.0386 4720        ============================================================
17:40:15.0093 4512        ============================================================
17:40:15.0093 4512        Scan started
17:40:15.0093 4512        Mode: Manual; SigCheck; TDLFS;
17:40:15.0093 4512        ============================================================
17:40:17.0808 4512        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:40:17.0917 4512        1394ohci - ok
17:40:17.0979 4512        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:40:17.0995 4512        ACPI - ok
17:40:18.0026 4512        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:40:18.0260 4512        AcpiPmi - ok
17:40:18.0291 4512        adfs            (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
17:40:18.0354 4512        adfs - ok
17:40:18.0416 4512        ADIHdAudAddService (1c090e86afd15231377ad37436c3c719) C:\Windows\system32\drivers\ADIHdAud.sys
17:40:18.0479 4512        ADIHdAudAddService - ok
17:40:18.0619 4512        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:40:18.0650 4512        AdobeFlashPlayerUpdateSvc - ok
17:40:18.0915 4512        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:40:18.0947 4512        adp94xx - ok
17:40:18.0978 4512        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:40:19.0009 4512        adpahci - ok
17:40:19.0040 4512        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:40:19.0056 4512        adpu320 - ok
17:40:19.0087 4512        AEADIFilters    (3bdb13c79cc8c06e2f8182595903ed69) C:\Windows\system32\AEADISRV.EXE
17:40:19.0118 4512        AEADIFilters - ok
17:40:19.0134 4512        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:40:19.0274 4512        AeLookupSvc - ok
17:40:19.0337 4512        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:40:19.0383 4512        AFD - ok
17:40:19.0415 4512        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:40:19.0430 4512        agp440 - ok
17:40:19.0461 4512        aksdf          (94c0972b06c75456ed574dd46417b1d8) C:\Windows\system32\DRIVERS\aksdf.sys
17:40:19.0493 4512        aksdf - ok
17:40:19.0508 4512        aksfridge      (7b0bc062ca6abab23f88ea483b5a538e) C:\Windows\system32\DRIVERS\aksfridge.sys
17:40:19.0539 4512        aksfridge - ok
17:40:19.0571 4512        akshasp        (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
17:40:19.0602 4512        akshasp - ok
17:40:19.0633 4512        akshhl          (67dff8c8f95cb21c9c3380dd4c0387f2) C:\Windows\system32\DRIVERS\akshhl.sys
17:40:19.0664 4512        akshhl - ok
17:40:19.0664 4512        aksusb          (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
17:40:19.0695 4512        aksusb - ok
17:40:19.0742 4512        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:40:19.0851 4512        ALG - ok
17:40:19.0914 4512        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:40:19.0929 4512        aliide - ok
17:40:20.0054 4512        Alpham1        (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
17:40:20.0085 4512        Alpham1 ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0085 4512        Alpham1 - detected UnsignedFile.Multi.Generic (1)
17:40:20.0101 4512        Alpham2        (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
17:40:20.0132 4512        Alpham2 ( UnsignedFile.Multi.Generic ) - warning
17:40:20.0132 4512        Alpham2 - detected UnsignedFile.Multi.Generic (1)
17:40:20.0163 4512        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:40:20.0179 4512        amdide - ok
17:40:20.0195 4512        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:40:20.0226 4512        AmdK8 - ok
17:40:20.0304 4512        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:40:20.0366 4512        AmdPPM - ok
17:40:20.0522 4512        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:40:20.0553 4512        amdsata - ok
17:40:20.0585 4512        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:40:20.0616 4512        amdsbs - ok
17:40:20.0631 4512        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:40:20.0647 4512        amdxata - ok
17:40:20.0678 4512        AppHostSvc      (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
17:40:20.0725 4512        AppHostSvc - ok
17:40:20.0756 4512        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:40:20.0912 4512        AppID - ok
17:40:20.0943 4512        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:40:20.0990 4512        AppIDSvc - ok
17:40:21.0021 4512        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:40:21.0053 4512        Appinfo - ok
17:40:21.0177 4512        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:21.0193 4512        Apple Mobile Device - ok
17:40:21.0240 4512        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:40:21.0287 4512        AppMgmt - ok
17:40:21.0318 4512        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:40:21.0333 4512        arc - ok
17:40:21.0365 4512        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:40:21.0380 4512        arcsas - ok
17:40:21.0396 4512        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:40:21.0458 4512        AsyncMac - ok
17:40:21.0489 4512        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:40:21.0489 4512        atapi - ok
17:40:21.0599 4512        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:40:21.0677 4512        AudioEndpointBuilder - ok
17:40:21.0677 4512        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:40:21.0708 4512        AudioSrv - ok
17:40:21.0755 4512        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:40:21.0833 4512        AxInstSV - ok
17:40:21.0879 4512        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:40:21.0942 4512        b06bdrv - ok
17:40:21.0973 4512        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:40:22.0020 4512        b57nd60a - ok
17:40:22.0129 4512        BCMH43XX        (e49110a58a32e9450356686a95dd7763) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
17:40:22.0176 4512        BCMH43XX - ok
17:40:22.0207 4512        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:40:22.0254 4512        BDESVC - ok
17:40:22.0269 4512        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:40:22.0301 4512        Beep - ok
17:40:22.0379 4512        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:40:22.0488 4512        BFE - ok
17:40:22.0753 4512        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:40:22.0815 4512        BITS - ok
17:40:22.0878 4512        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:40:22.0893 4512        blbdrive - ok
17:40:22.0987 4512        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:40:23.0018 4512        Bonjour Service - ok
17:40:23.0112 4512        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:40:23.0143 4512        bowser - ok
17:40:23.0174 4512        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:40:23.0268 4512        BrFiltLo - ok
17:40:23.0299 4512        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:40:23.0315 4512        BrFiltUp - ok
17:40:23.0361 4512        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:40:23.0408 4512        Browser - ok
17:40:23.0455 4512        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:40:23.0517 4512        Brserid - ok
17:40:23.0549 4512        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:40:23.0564 4512        BrSerWdm - ok
17:40:23.0580 4512        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:40:23.0611 4512        BrUsbMdm - ok
17:40:23.0627 4512        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:40:23.0658 4512        BrUsbSer - ok
17:40:23.0673 4512        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:40:23.0705 4512        BTHMODEM - ok
17:40:23.0736 4512        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:40:23.0783 4512        bthserv - ok
17:40:23.0798 4512        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:40:23.0829 4512        cdfs - ok
17:40:23.0861 4512        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
17:40:23.0892 4512        cdrom - ok
17:40:23.0923 4512        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:40:23.0985 4512        CertPropSvc - ok
17:40:24.0001 4512        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:40:24.0017 4512        circlass - ok
17:40:24.0063 4512        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:40:24.0095 4512        CLFS - ok
17:40:24.0251 4512        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:24.0266 4512        clr_optimization_v2.0.50727_32 - ok
17:40:24.0329 4512        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:40:24.0344 4512        clr_optimization_v2.0.50727_64 - ok
17:40:24.0407 4512        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:40:24.0469 4512        clr_optimization_v4.0.30319_32 - ok
17:40:24.0531 4512        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:40:24.0547 4512        clr_optimization_v4.0.30319_64 - ok
17:40:24.0578 4512        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:40:24.0594 4512        CmBatt - ok
17:40:24.0625 4512        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:40:24.0641 4512        cmdide - ok
17:40:24.0719 4512        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:40:24.0750 4512        CNG - ok
17:40:24.0797 4512        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:40:24.0812 4512        Compbatt - ok
17:40:24.0890 4512        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:40:24.0921 4512        CompositeBus - ok
17:40:24.0921 4512        COMSysApp - ok
17:40:25.0062 4512        CoordinatorServiceHost (ab82a8885ab9687d82aa51a4b4f62e2d) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
17:40:25.0077 4512        CoordinatorServiceHost - ok
17:40:25.0109 4512        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:40:25.0124 4512        crcdisk - ok
17:40:25.0171 4512        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
17:40:25.0249 4512        CryptSvc - ok
17:40:25.0327 4512        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:40:25.0389 4512        CSC - ok
17:40:25.0467 4512        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:40:25.0530 4512        CscService - ok
17:40:25.0608 4512        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:40:25.0686 4512        DcomLaunch - ok
17:40:25.0733 4512        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:40:25.0779 4512        defragsvc - ok
17:40:25.0857 4512        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:40:25.0889 4512        DfsC - ok
17:40:25.0951 4512        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:40:25.0982 4512        Dhcp - ok
17:40:26.0013 4512        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:40:26.0045 4512        discache - ok
17:40:26.0076 4512        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:40:26.0076 4512        Disk - ok
17:40:26.0123 4512        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:40:26.0201 4512        Dnscache - ok
17:40:26.0294 4512        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:40:26.0357 4512        dot3svc - ok
17:40:26.0466 4512        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:40:26.0513 4512        DPS - ok
17:40:26.0528 4512        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:40:26.0544 4512        drmkaud - ok
17:40:26.0637 4512        dtsoftbus01    (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:40:26.0653 4512        dtsoftbus01 - ok
17:40:26.0762 4512        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:40:26.0793 4512        DXGKrnl - ok
17:40:26.0825 4512        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:40:26.0871 4512        EapHost - ok
17:40:27.0293 4512        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:40:27.0386 4512        ebdrv - ok
17:40:27.0527 4512        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:40:27.0542 4512        EFS - ok
17:40:27.0667 4512        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:40:27.0745 4512        ehRecvr - ok
17:40:27.0792 4512        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:40:27.0823 4512        ehSched - ok
17:40:27.0917 4512        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:40:27.0948 4512        elxstor - ok
17:40:27.0979 4512        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:40:27.0995 4512        ErrDev - ok
17:40:28.0073 4512        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:40:28.0151 4512        EventSystem - ok
17:40:28.0182 4512        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:40:28.0213 4512        exfat - ok
17:40:28.0244 4512        EyeOneDisplay  (a33e0921d0c256e348e0f6d66c77b7f7) C:\Windows\system32\Drivers\i1display_x64.sys
17:40:28.0260 4512        EyeOneDisplay - ok
17:40:28.0291 4512        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:40:28.0369 4512        fastfat - ok
17:40:28.0463 4512        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:40:28.0556 4512        Fax - ok
17:40:28.0587 4512        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:40:28.0587 4512        fdc - ok
17:40:28.0619 4512        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:40:28.0665 4512        fdPHost - ok
17:40:28.0697 4512        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:40:28.0728 4512        FDResPub - ok
17:40:28.0759 4512        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:40:28.0775 4512        FileInfo - ok
17:40:28.0790 4512        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:40:28.0837 4512        Filetrace - ok
17:40:28.0962 4512        FileZilla Server (7e76eed28b8b8696b7f7ed5f757aa304) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
17:40:29.0009 4512        FileZilla Server ( UnsignedFile.Multi.Generic ) - warning
17:40:29.0009 4512        FileZilla Server - detected UnsignedFile.Multi.Generic (1)
17:40:29.0211 4512        FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:40:29.0258 4512        FLEXnet Licensing Service - ok
17:40:29.0477 4512        FLEXnet Licensing Service 64 (a4297244d4f817278a6ae45b1899ca9c) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:40:29.0539 4512        FLEXnet Licensing Service 64 - ok
17:40:29.0664 4512        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:40:29.0695 4512        flpydisk - ok
17:40:29.0820 4512        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:40:30.0069 4512        FltMgr - ok
17:40:30.0397 4512        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:40:30.0506 4512        FontCache - ok
17:40:30.0600 4512        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:40:30.0600 4512        FontCache3.0.0.0 - ok
17:40:30.0756 4512        ForceWare Intelligent Application Manager (IAM) (e190951c5d5670d33ee7a5b7ccb08d7e) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
17:40:30.0771 4512        ForceWare Intelligent Application Manager (IAM) - ok
17:40:30.0896 4512        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:40:30.0912 4512        FsDepends - ok
17:40:30.0943 4512        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:40:30.0943 4512        Fs_Rec - ok
17:40:30.0990 4512        FTDIBUS        (7442bca60ed46cc31c2f39728bbdd9ad) C:\Windows\system32\drivers\ftdibus.sys
17:40:31.0005 4512        FTDIBUS - ok
17:40:31.0099 4512        ftpsvc          (79179c6f8a3784cc3a20cde998d5bd2c) C:\Windows\system32\inetsrv\ftpsvc.dll
17:40:31.0130 4512        ftpsvc - ok
17:40:31.0161 4512        FTSER2K        (121af3148cdda212cffbc4f6240699c2) C:\Windows\system32\drivers\ftser2k.sys
17:40:31.0177 4512        FTSER2K - ok
17:40:31.0224 4512        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:40:31.0255 4512        fvevol - ok
17:40:31.0286 4512        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:40:31.0302 4512        gagp30kx - ok
17:40:31.0380 4512        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:40:31.0395 4512        GEARAspiWDM - ok
17:40:31.0567 4512        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:40:31.0614 4512        gpsvc - ok
17:40:31.0661 4512        grmnusb        (2ed7ff3e1ada4092632393781518b3a7) C:\Windows\system32\drivers\grmnusb.sys
17:40:31.0661 4512        grmnusb - ok
17:40:31.0754 4512        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:31.0754 4512        gupdate - ok
17:40:31.0770 4512        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:31.0770 4512        gupdatem - ok
17:40:31.0832 4512        Hardlock        (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\Hardlock.sys
17:40:31.0863 4512        Hardlock - ok
17:40:31.0879 4512        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:40:31.0910 4512        hcw85cir - ok
17:40:31.0957 4512        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:40:31.0988 4512        HdAudAddService - ok
17:40:32.0004 4512        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:40:32.0035 4512        HDAudBus - ok
17:40:32.0051 4512        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:40:32.0066 4512        HidBatt - ok
17:40:32.0097 4512        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:40:32.0129 4512        HidBth - ok
17:40:32.0144 4512        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:40:32.0160 4512        HidIr - ok
17:40:32.0191 4512        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:40:32.0222 4512        hidserv - ok
17:40:32.0253 4512        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:40:32.0253 4512        HidUsb - ok
17:40:32.0285 4512        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:40:32.0347 4512        hkmsvc - ok
17:40:32.0394 4512        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:40:32.0425 4512        HomeGroupListener - ok
17:40:32.0472 4512        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:40:32.0519 4512        HomeGroupProvider - ok
17:40:32.0550 4512        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:40:32.0565 4512        HpSAMD - ok
17:40:32.0659 4512        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:40:32.0737 4512        HTTP - ok
17:40:32.0753 4512        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:40:32.0768 4512        hwpolicy - ok
17:40:32.0799 4512        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:40:32.0831 4512        i8042prt - ok
17:40:32.0877 4512        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:40:32.0909 4512        iaStorV - ok
17:40:33.0018 4512        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:40:33.0018 4512        IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:40:33.0018 4512        IDriverT - detected UnsignedFile.Multi.Generic (1)
17:40:33.0158 4512        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:40:33.0205 4512        idsvc - ok
17:40:33.0314 4512        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:40:33.0330 4512        iirsp - ok
17:40:33.0423 4512        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:40:33.0486 4512        IKEEXT - ok
17:40:33.0564 4512        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:40:33.0579 4512        intelide - ok
17:40:33.0642 4512        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:40:33.0673 4512        intelppm - ok
17:40:33.0735 4512        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:40:33.0798 4512        IPBusEnum - ok
17:40:33.0845 4512        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:40:33.0891 4512        IpFilterDriver - ok
17:40:33.0969 4512        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:40:34.0016 4512        iphlpsvc - ok
17:40:34.0047 4512        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:40:34.0063 4512        IPMIDRV - ok
17:40:34.0079 4512        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:40:34.0125 4512        IPNAT - ok
17:40:34.0266 4512        iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:40:34.0297 4512        iPod Service - ok
17:40:34.0313 4512        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:40:34.0344 4512        IRENUM - ok
17:40:34.0375 4512        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:40:34.0375 4512        isapnp - ok
17:40:34.0437 4512        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:40:34.0500 4512        iScsiPrt - ok
17:40:34.0547 4512        JRAID          (50de7dd7edb1b512b13666588aefbf6f) C:\Windows\system32\DRIVERS\jraid.sys
17:40:34.0562 4512        JRAID - ok
17:40:34.0578 4512        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:40:34.0593 4512        kbdclass - ok
17:40:34.0625 4512        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:40:34.0640 4512        kbdhid - ok
17:40:34.0671 4512        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:34.0687 4512        KeyIso - ok
17:40:34.0718 4512        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:40:34.0718 4512        KSecDD - ok
17:40:34.0749 4512        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:40:34.0749 4512        KSecPkg - ok
17:40:34.0781 4512        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:40:34.0812 4512        ksthunk - ok
17:40:34.0859 4512        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:40:34.0921 4512        KtmRm - ok
17:40:34.0968 4512        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:40:35.0030 4512        LanmanServer - ok
17:40:35.0108 4512        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:40:35.0139 4512        LanmanWorkstation - ok
17:40:35.0405 4512        Lavasoft Ad-Aware Service (55afd4a9d5ed4ad40d5215ccdf4d65f3) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:40:35.0436 4512        Lavasoft Ad-Aware Service - ok
17:40:35.0483 4512        Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:40:35.0483 4512        Lavasoft Kernexplorer - ok
17:40:35.0623 4512        Lbd            (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
17:40:35.0639 4512        Lbd - ok
17:40:35.0685 4512        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:40:35.0717 4512        lltdio - ok
17:40:35.0857 4512        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:40:35.0904 4512        lltdsvc - ok
17:40:35.0919 4512        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:40:35.0951 4512        lmhosts - ok
17:40:35.0982 4512        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:40:35.0997 4512        LSI_FC - ok
17:40:36.0013 4512        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:40:36.0029 4512        LSI_SAS - ok
17:40:36.0044 4512        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:40:36.0060 4512        LSI_SAS2 - ok
17:40:36.0075 4512        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:40:36.0091 4512        LSI_SCSI - ok
17:40:36.0122 4512        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:40:36.0153 4512        luafv - ok
17:40:36.0200 4512        LUMDriver      (701223c663019b62029fab1a2385ee81) C:\Windows\system32\drivers\LUMDriver.sys
17:40:36.0216 4512        LUMDriver - ok
17:40:36.0247 4512        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:40:36.0247 4512        MBAMProtector - ok
17:40:36.0341 4512        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:40:36.0356 4512        MBAMService - ok
17:40:36.0403 4512        MCHPUSB        (ba3963a603f0504eb2a1475b335eab53) C:\Windows\system32\DRIVERS\mchpusb64.sys
17:40:36.0403 4512        MCHPUSB - ok
17:40:36.0434 4512        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:40:36.0465 4512        Mcx2Svc - ok
17:40:36.0465 4512        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:40:36.0481 4512        megasas - ok
17:40:36.0528 4512        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:40:36.0559 4512        MegaSR - ok
17:40:36.0590 4512        mf              (8d0e52f36a153d099de7d5a1e233fac7) C:\Windows\system32\DRIVERS\mf.sys
17:40:36.0621 4512        mf - ok
17:40:36.0653 4512        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:40:36.0684 4512        MMCSS - ok
17:40:36.0699 4512        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:40:36.0731 4512        Modem - ok
17:40:36.0731 4512        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:40:36.0746 4512        monitor - ok
17:40:36.0777 4512        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:40:36.0793 4512        mouclass - ok
17:40:36.0793 4512        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:40:36.0809 4512        mouhid - ok
17:40:36.0840 4512        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:40:36.0855 4512        mountmgr - ok
17:40:36.0980 4512        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:40:36.0996 4512        MozillaMaintenance - ok
17:40:37.0074 4512        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:40:37.0089 4512        mpio - ok
17:40:37.0105 4512        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:40:37.0136 4512        mpsdrv - ok
17:40:37.0230 4512        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:40:37.0292 4512        MpsSvc - ok
17:40:37.0339 4512        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:40:37.0370 4512        MRxDAV - ok
17:40:37.0401 4512        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:40:37.0448 4512        mrxsmb - ok
17:40:37.0511 4512        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:40:37.0526 4512        mrxsmb10 - ok
17:40:37.0589 4512        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:40:37.0620 4512        mrxsmb20 - ok
17:40:37.0651 4512        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:40:37.0667 4512        msahci - ok
17:40:37.0760 4512        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:40:37.0823 4512        msdsm - ok
17:40:38.0291 4512        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:40:38.0337 4512        MSDTC - ok
17:40:38.0509 4512        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:40:38.0540 4512        Msfs - ok
17:40:38.0587 4512        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:40:38.0649 4512        mshidkmdf - ok
17:40:38.0681 4512        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:40:38.0696 4512        msisadrv - ok
17:40:38.0790 4512        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:40:38.0837 4512        MSiSCSI - ok
17:40:38.0837 4512        msiserver - ok
17:40:38.0883 4512        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:40:38.0899 4512        MSKSSRV - ok
17:40:38.0930 4512        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:40:38.0961 4512        MSPCLOCK - ok
17:40:38.0977 4512        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:40:39.0008 4512        MSPQM - ok
17:40:39.0117 4512        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:40:39.0133 4512        MsRPC - ok
17:40:39.0180 4512        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:40:39.0195 4512        mssmbios - ok
17:40:39.0195 4512        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:40:39.0242 4512        MSTEE - ok
17:40:39.0258 4512        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:40:39.0273 4512        MTConfig - ok
17:40:39.0305 4512        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
17:40:39.0320 4512        MTsensor - ok
17:40:39.0336 4512        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:40:39.0351 4512        Mup - ok
17:40:39.0461 4512        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:40:39.0523 4512        napagent - ok
17:40:39.0570 4512        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:40:39.0601 4512        NativeWifiP - ok
17:40:39.0741 4512        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:40:39.0773 4512        NDIS - ok
17:40:39.0804 4512        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:40:39.0851 4512        NdisCap - ok
17:40:39.0913 4512        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:40:39.0944 4512        NdisTapi - ok
17:40:40.0053 4512        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:40:40.0100 4512        Ndisuio - ok
17:40:40.0147 4512        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:40:40.0178 4512        NdisWan - ok
17:40:40.0225 4512        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:40:40.0256 4512        NDProxy - ok
17:40:40.0303 4512        Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
17:40:40.0319 4512        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:40:40.0319 4512        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:40:40.0365 4512        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:40:40.0412 4512        NetBIOS - ok
17:40:41.0130 4512        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:40:41.0161 4512        NetBT - ok
17:40:41.0223 4512        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:41.0239 4512        Netlogon - ok
17:40:41.0301 4512        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:40:41.0364 4512        Netman - ok
17:40:41.0426 4512        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:40:41.0473 4512        netprofm - ok
17:40:41.0676 4512        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:40:41.0691 4512        NetTcpPortSharing - ok
17:40:41.0785 4512        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:40:41.0801 4512        nfrd960 - ok
17:40:42.0019 4512        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:40:42.0066 4512        NlaSvc - ok
17:40:42.0237 4512        nlsX86cc        (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
17:40:42.0237 4512        nlsX86cc - ok
17:40:42.0300 4512        NmPar          (2f48ab72b6d554a41817020171dc53d6) C:\Windows\system32\DRIVERS\NmPar.sys
17:40:42.0347 4512        NmPar - ok
17:40:42.0440 4512        nmserial        (f88743804730a94a0cddc043ac75d193) C:\Windows\system32\DRIVERS\nmserial.sys
17:40:42.0456 4512        nmserial - ok
17:40:42.0534 4512        nmwcd          (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
17:40:42.0596 4512        nmwcd - ok
17:40:42.0783 4512        nmwcdc          (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
17:40:42.0877 4512        nmwcdc - ok
17:40:42.0877 4512        nmwcdcx64      (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
17:40:42.0893 4512        nmwcdcx64 - ok
17:40:42.0908 4512        nmwcdx64        (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
17:40:42.0924 4512        nmwcdx64 - ok
17:40:43.0049 4512        NPF            (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
17:40:43.0049 4512        NPF - ok
17:40:43.0111 4512        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:40:43.0142 4512        Npfs - ok
17:40:43.0189 4512        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:40:43.0205 4512        nsi - ok
17:40:43.0220 4512        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:40:43.0267 4512        nsiproxy - ok
17:40:43.0532 4512        nSvcIp          (c7252b28453297329755cd83208caabb) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
17:40:43.0532 4512        nSvcIp - ok
17:40:44.0000 4512        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:40:44.0109 4512        Ntfs - ok
17:40:44.0531 4512        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:40:44.0562 4512        Null - ok
17:40:44.0687 4512        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
17:40:44.0733 4512        NVENETFD - ok
17:40:46.0902 4512        nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:40:47.0058 4512        nvlddmkm - ok
17:40:47.0463 4512        NVNET          (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
17:40:47.0479 4512        NVNET - ok
17:40:47.0557 4512        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:40:47.0573 4512        nvraid - ok
17:40:47.0635 4512        nvrd64          (5266d03c0628fae9c35f40eec078fc88) C:\Windows\system32\DRIVERS\nvrd64.sys
17:40:47.0651 4512        nvrd64 - ok
17:40:47.0682 4512        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:40:47.0697 4512        nvstor - ok
17:40:47.0822 4512        nvstor64        (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
17:40:47.0838 4512        nvstor64 - ok
17:40:48.0009 4512        nvsvc          (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
17:40:48.0025 4512        nvsvc - ok
17:40:48.0353 4512        nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:40:48.0384 4512        nvUpdatusService - ok
17:40:48.0602 4512        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:40:48.0618 4512        nv_agp - ok
17:40:48.0821 4512        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:40:48.0852 4512        odserv - ok
17:40:48.0992 4512        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:40:49.0023 4512        ohci1394 - ok
17:40:49.0133 4512        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:40:49.0164 4512        ose - ok
17:40:49.0226 4512        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:40:49.0257 4512        p2pimsvc - ok
17:40:49.0351 4512        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:40:49.0367 4512        p2psvc - ok
17:40:49.0398 4512        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:40:49.0413 4512        Parport - ok
17:40:49.0523 4512        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:40:49.0538 4512        partmgr - ok
17:40:49.0616 4512        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:40:49.0663 4512        PcaSvc - ok
17:40:49.0725 4512        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:40:49.0772 4512        pccsmcfd - ok
17:40:49.0835 4512        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:40:49.0850 4512        pci - ok
17:40:49.0866 4512        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:40:49.0881 4512        pciide - ok
17:40:49.0928 4512        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:40:49.0959 4512        pcmcia - ok
17:40:49.0991 4512        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:40:50.0006 4512        pcw - ok
17:40:50.0006 4512        PDIHWCTL - ok
17:40:50.0115 4512        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:40:50.0178 4512        PEAUTH - ok
17:40:50.0349 4512        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:40:50.0427 4512        PeerDistSvc - ok
17:40:50.0537 4512        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:40:50.0552 4512        PerfHost - ok
17:40:51.0005 4512        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:40:51.0098 4512        pla - ok
17:40:51.0441 4512        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:40:51.0473 4512        PlugPlay - ok
17:40:51.0535 4512        Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
17:40:51.0535 4512        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:40:51.0535 4512        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:40:51.0551 4512        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:40:51.0566 4512        PNRPAutoReg - ok
17:40:51.0707 4512        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:40:51.0722 4512        PNRPsvc - ok
17:40:51.0894 4512        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:40:51.0956 4512        PolicyAgent - ok
17:40:52.0019 4512        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:40:52.0065 4512        Power - ok
17:40:52.0377 4512        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:40:52.0424 4512        PptpMiniport - ok
17:40:52.0471 4512        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:40:52.0487 4512        Processor - ok
17:40:52.0549 4512        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:40:52.0596 4512        ProfSvc - ok
17:40:52.0674 4512        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:52.0674 4512        ProtectedStorage - ok
17:40:52.0783 4512        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:40:52.0845 4512        Psched - ok
17:40:53.0064 4512        PSI_SVC_2      (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:40:53.0079 4512        PSI_SVC_2 - ok
17:40:53.0126 4512        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:40:53.0142 4512        PxHlpa64 - ok
17:40:53.0454 4512        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:40:53.0532 4512        ql2300 - ok
17:40:53.0797 4512        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:40:53.0828 4512        ql40xx - ok
17:40:53.0953 4512        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:40:53.0984 4512        QWAVE - ok
17:40:54.0015 4512        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:40:54.0047 4512        QWAVEdrv - ok
17:40:54.0062 4512        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:40:54.0109 4512        RasAcd - ok
17:40:54.0374 4512        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:40:54.0405 4512        RasAgileVpn - ok
17:40:54.0452 4512        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:40:54.0468 4512        RasAuto - ok
17:40:54.0530 4512        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:40:54.0577 4512        Rasl2tp - ok
17:40:54.0717 4512        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:40:54.0795 4512        RasMan - ok
17:40:54.0905 4512        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:40:54.0936 4512        RasPppoe - ok
17:40:55.0045 4512        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:40:55.0092 4512        RasSstp - ok
17:40:55.0217 4512        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:40:55.0279 4512        rdbss - ok
17:40:55.0326 4512        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:40:55.0357 4512        rdpbus - ok
17:40:55.0388 4512        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:40:55.0435 4512        RDPCDD - ok
17:40:55.0482 4512        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:40:55.0513 4512        RDPDR - ok
17:40:55.0529 4512        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:40:55.0560 4512        RDPENCDD - ok
17:40:55.0575 4512        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:40:55.0607 4512        RDPREFMP - ok
17:40:55.0685 4512        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:40:55.0700 4512        RdpVideoMiniport - ok
17:40:55.0809 4512        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
17:40:55.0856 4512        RDPWD - ok
17:40:56.0168 4512        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:40:56.0355 4512        rdyboost - ok
17:40:56.0387 4512        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:40:56.0433 4512        RemoteAccess - ok
17:40:56.0465 4512        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:40:56.0511 4512        RemoteRegistry - ok
17:40:57.0011 4512        rpcapd          (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe
17:40:57.0057 4512        rpcapd - ok
17:40:57.0089 4512        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:40:57.0120 4512        RpcEptMapper - ok
17:40:57.0135 4512        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:40:57.0151 4512        RpcLocator - ok
17:40:57.0229 4512        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:40:57.0260 4512        RpcSs - ok
17:40:57.0463 4512        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:40:57.0510 4512        rspndr - ok
17:40:57.0572 4512        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:40:57.0619 4512        s3cap - ok
17:40:57.0853 4512        S3XXx64        (d9693eb930b3ff0861d9f454cafe5b10) C:\Windows\system32\DRIVERS\S3XXx64.sys
17:40:57.0884 4512        S3XXx64 - ok
17:40:57.0931 4512        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:40:57.0931 4512        SamSs - ok
17:40:58.0103 4512        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:40:58.0103 4512        sbp2port - ok
17:40:58.0508 4512        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:40:58.0524 4512        SBSDWSCService - ok
17:40:58.0773 4512        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:40:58.0820 4512        SCardSvr - ok
17:40:58.0883 4512        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:40:58.0929 4512        scfilter - ok
17:40:59.0195 4512        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:40:59.0257 4512        Schedule - ok
17:40:59.0288 4512        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:40:59.0319 4512        SCPolicySvc - ok
17:40:59.0444 4512        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:40:59.0475 4512        SDRSVC - ok
17:40:59.0538 4512        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:40:59.0585 4512        secdrv - ok
17:40:59.0663 4512        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:40:59.0694 4512        seclogon - ok
17:40:59.0741 4512        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:40:59.0772 4512        SENS - ok
17:40:59.0787 4512        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:40:59.0819 4512        SensrSvc - ok
17:40:59.0834 4512        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:40:59.0850 4512        Serenum - ok
17:40:59.0881 4512        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:40:59.0897 4512        Serial - ok
17:40:59.0943 4512        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:40:59.0959 4512        sermouse - ok
17:41:00.0209 4512        ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
17:41:00.0240 4512        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
17:41:00.0240 4512        ServiceLayer - detected UnsignedFile.Multi.Generic (1)
17:41:00.0443 4512        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:41:00.0505 4512        SessionEnv - ok
17:41:00.0552 4512        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:41:00.0599 4512        sffdisk - ok
17:41:00.0614 4512        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:41:00.0645 4512        sffp_mmc - ok
17:41:00.0692 4512        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:41:00.0708 4512        sffp_sd - ok
17:41:00.0739 4512        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:41:00.0739 4512        sfloppy - ok
17:41:00.0833 4512        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:41:00.0911 4512        SharedAccess - ok
17:41:01.0191 4512        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:41:01.0238 4512        ShellHWDetection - ok
17:41:01.0254 4512        simptcp        (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe
17:41:01.0269 4512        simptcp - ok
17:41:01.0285 4512        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:41:01.0285 4512        SiSRaid2 - ok
17:41:01.0332 4512        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:41:01.0347 4512        SiSRaid4 - ok
17:41:01.0379 4512        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:41:01.0410 4512        Smb - ok
17:41:01.0488 4512        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:41:01.0535 4512        SNMPTRAP - ok
17:41:04.0249 4512        SNP2STD        (f80e2487b1fee87c74945c4daf0f5cb9) C:\Windows\system32\DRIVERS\snp2sxp.sys
17:41:04.0608 4512        SNP2STD - ok
17:41:04.0670 4512        SolidWorks Licensing Service (4945020bc094c322571184a6e8056b3a) C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
17:41:04.0686 4512        SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
17:41:04.0686 4512        SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
17:41:05.0123 4512        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:41:05.0138 4512        spldr - ok
17:41:05.0294 4512        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:41:05.0325 4512        Spooler - ok
17:41:05.0996 4512        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:41:06.0059 4512        sppsvc - ok
17:41:06.0246 4512        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:41:06.0277 4512        sppuinotify - ok
17:41:06.0527 4512        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:41:06.0589 4512        srv - ok
17:41:06.0651 4512        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:41:06.0683 4512        srv2 - ok
17:41:06.0807 4512        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:41:06.0839 4512        srvnet - ok
17:41:06.0885 4512        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:41:06.0932 4512        SSDPSRV - ok
17:41:06.0963 4512        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:41:06.0995 4512        SstpSvc - ok
17:41:07.0041 4512        Steam Client Service - ok
17:41:07.0416 4512        Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:41:07.0416 4512        Stereo Service - ok
17:41:07.0494 4512        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:41:07.0509 4512        stexstor - ok
17:41:07.0541 4512        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:41:07.0572 4512        StillCam - ok
17:41:07.0743 4512        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:41:07.0790 4512        stisvc - ok
17:41:08.0071 4512        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:41:08.0087 4512        storflt - ok
17:41:08.0352 4512        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:41:08.0383 4512        storvsc - ok
17:41:08.0414 4512        SUMMACUTamd    (a822a6acc33d97e4c939b13f57772989) C:\Windows\system32\Drivers\AMDX64CUT.sys
17:41:08.0445 4512        SUMMACUTamd - ok
17:41:08.0477 4512        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:41:08.0492 4512        swenum - ok
17:41:08.0742 4512        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:41:08.0773 4512        SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:41:08.0773 4512        SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:41:08.0867 4512        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:41:08.0945 4512        swprv - ok
17:41:08.0976 4512        Synth3dVsc - ok
17:41:09.0693 4512        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:41:09.0787 4512        SysMain - ok
17:41:10.0052 4512        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:41:10.0068 4512        TabletInputService - ok
17:41:11.0222 4512        TabletServiceWacom (34d92e8cb04dcaeeae054fede7526282) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
17:41:11.0300 4512        TabletServiceWacom - ok
17:41:11.0519 4512        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:41:11.0581 4512        TapiSrv - ok
17:41:11.0690 4512        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:41:11.0721 4512        TBS - ok
17:41:12.0096 4512        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:41:12.0189 4512        Tcpip - ok
17:41:12.0954 4512        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:41:13.0001 4512        TCPIP6 - ok
17:41:13.0203 4512        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:41:13.0250 4512        tcpipreg - ok
17:41:13.0344 4512        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:41:13.0375 4512        TDPIPE - ok
17:41:13.0437 4512        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:41:13.0469 4512        TDTCP - ok
17:41:13.0609 4512        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:41:13.0656 4512        tdx - ok
17:41:13.0781 4512        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:41:13.0796 4512        TermDD - ok
17:41:14.0155 4512        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:41:14.0217 4512        TermService - ok
17:41:14.0249 4512        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:41:14.0264 4512        Themes - ok
17:41:14.0327 4512        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:41:14.0342 4512        THREADORDER - ok
17:41:14.0467 4512        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:41:14.0545 4512        TrkWks - ok
17:41:14.0685 4512        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:41:14.0732 4512        TrustedInstaller - ok
17:41:14.0826 4512        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:41:14.0873 4512        tssecsrv - ok
17:41:14.0904 4512        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:41:14.0935 4512        TsUsbFlt - ok
17:41:14.0935 4512        tsusbhub - ok
17:41:15.0107 4512        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:41:15.0153 4512        tunnel - ok
17:41:15.0169 4512        TwkMs - ok
17:41:15.0169 4512        TwkPCSC - ok
17:41:15.0231 4512        TWKSCARDSRV    (fe8f7c30289d6fb95ed62b6c8c5dd2f8) C:\Windows\SCARDS32.EXE
17:41:15.0247 4512        TWKSCARDSRV ( UnsignedFile.Multi.Generic ) - warning
17:41:15.0247 4512        TWKSCARDSRV - detected UnsignedFile.Multi.Generic (1)
17:41:15.0403 4512        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:41:15.0419 4512        uagp35 - ok
17:41:15.0575 4512        ubloxVcp        (c4a03bd568f999148be835df5d5158f2) C:\Windows\system32\DRIVERS\ubloxVcp.sys
17:41:15.0637 4512        ubloxVcp ( UnsignedFile.Multi.Generic ) - warning
17:41:15.0637 4512        ubloxVcp - detected UnsignedFile.Multi.Generic (1)
17:41:15.0809 4512        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:41:15.0855 4512        udfs - ok
17:41:15.0887 4512        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:41:15.0918 4512        UI0Detect - ok
17:41:16.0058 4512        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:41:16.0089 4512        uliagpkx - ok
17:41:16.0199 4512        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:41:16.0230 4512        umbus - ok
17:41:16.0261 4512        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:41:16.0292 4512        UmPass - ok
17:41:16.0355 4512        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:41:16.0386 4512        UmRdpService - ok
17:41:16.0433 4512        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:41:16.0479 4512        upnphost - ok
17:41:16.0542 4512        upperdev        (bcd611d240604ceee7f90805361fab50) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
17:41:16.0682 4512        upperdev - ok
17:41:16.0745 4512        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:41:16.0760 4512        USBAAPL64 - ok
17:41:16.0885 4512        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:41:16.0916 4512        usbccgp - ok
17:41:17.0072 4512        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:41:17.0088 4512        usbcir - ok
17:41:17.0103 4512        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:41:17.0119 4512        usbehci - ok
17:41:17.0166 4512        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:41:17.0197 4512        usbhub - ok
17:41:17.0213 4512        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
17:41:17.0228 4512        usbohci - ok
17:41:17.0259 4512        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:41:17.0275 4512        usbprint - ok
17:41:17.0306 4512        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
17:41:17.0384 4512        usbser - ok
17:41:17.0431 4512        UsbserFilt      (d91be2644b18b4e3c69982fe0e1e97d6) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
17:41:17.0447 4512        UsbserFilt - ok
17:41:17.0509 4512        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:41:17.0540 4512        USBSTOR - ok
17:41:17.0571 4512        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:41:17.0603 4512        usbuhci - ok
17:41:17.0618 4512        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:41:17.0649 4512        UxSms - ok
17:41:17.0712 4512        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:41:17.0712 4512        VaultSvc - ok
17:41:17.0821 4512        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:41:17.0837 4512        vdrvroot - ok
17:41:18.0008 4512        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:41:18.0055 4512        vds - ok
17:41:18.0086 4512        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:41:18.0102 4512        vga - ok
17:41:18.0117 4512        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:41:18.0149 4512        VgaSave - ok
17:41:18.0149 4512        VGPU - ok
17:41:18.0601 4512        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:41:18.0632 4512        vhdmp - ok
17:41:18.0710 4512        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:41:18.0726 4512        viaide - ok
17:41:18.0819 4512        vidousb        (f7ad16f2ba3321f71267bdf48a4f0582) C:\Windows\system32\DRIVERS\vidousb.sys
17:41:18.0819 4512        vidousb - ok
17:41:18.0929 4512        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:41:18.0960 4512        vmbus - ok
17:41:19.0038 4512        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:41:19.0085 4512        VMBusHID - ok
17:41:19.0116 4512        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:41:19.0131 4512        volmgr - ok
17:41:19.0256 4512        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:41:19.0272 4512        volmgrx - ok
17:41:19.0334 4512        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:41:19.0350 4512        volsnap - ok
17:41:19.0428 4512        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:41:19.0443 4512        vsmraid - ok
17:41:19.0802 4512        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:41:19.0911 4512        VSS - ok
17:41:20.0223 4512        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:41:20.0255 4512        vwifibus - ok
17:41:20.0286 4512        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:41:20.0301 4512        vwififlt - ok
17:41:20.0379 4512        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:41:20.0426 4512        W32Time - ok
17:41:20.0535 4512        W3SVC          (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:41:20.0551 4512        W3SVC - ok
17:41:20.0613 4512        wacmoumonitor  (fe75777289278a4941fe6139e82b3bd9) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
17:41:20.0676 4512        wacmoumonitor - ok
17:41:20.0707 4512        wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
17:41:20.0707 4512        wacommousefilter - ok
17:41:20.0723 4512        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:41:20.0754 4512        WacomPen - ok
17:41:20.0769 4512        wacomvhid      (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
17:41:20.0785 4512        wacomvhid - ok
17:41:20.0894 4512        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:41:20.0957 4512        WANARP - ok
17:41:20.0972 4512        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:41:21.0003 4512        Wanarpv6 - ok
17:41:21.0003 4512        WAS            (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
17:41:21.0019 4512        WAS - ok
17:41:21.0456 4512        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:41:21.0549 4512        wbengine - ok
17:41:22.0049 4512        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:41:22.0080 4512        WbioSrvc - ok
17:41:22.0189 4512        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:41:22.0236 4512        wcncsvc - ok
17:41:22.0251 4512        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:41:22.0267 4512        WcsPlugInService - ok
17:41:22.0345 4512        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:41:22.0361 4512        Wd - ok
17:41:22.0563 4512        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:41:22.0595 4512        Wdf01000 - ok
17:41:22.0641 4512        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:41:22.0735 4512        WdiServiceHost - ok
17:41:22.0735 4512        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:41:22.0751 4512        WdiSystemHost - ok
17:41:23.0141 4512        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:41:23.0187 4512        WebClient - ok
17:41:23.0219 4512        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:41:23.0265 4512        Wecsvc - ok
17:41:23.0281 4512        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:41:23.0328 4512        wercplsupport - ok
17:41:23.0343 4512        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:41:23.0375 4512        WerSvc - ok
17:41:23.0484 4512        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:41:23.0499 4512        WfpLwf - ok
17:41:23.0577 4512        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:41:23.0593 4512        WIMMount - ok
17:41:23.0796 4512        WinDefend - ok
17:41:23.0811 4512        WinHttpAutoProxySvc - ok
17:41:23.0936 4512        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:41:23.0999 4512        Winmgmt - ok
17:41:24.0451 4512        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:41:24.0545 4512        WinRM - ok
17:41:24.0997 4512        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:41:25.0044 4512        WinUsb - ok
17:41:25.0262 4512        WLANBelkinService (0f695800783c3f9e577b94bf1e71d95a) C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
17:41:25.0278 4512        WLANBelkinService ( UnsignedFile.Multi.Generic ) - warning
17:41:25.0278 4512        WLANBelkinService - detected UnsignedFile.Multi.Generic (1)
17:41:25.0559 4512        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:41:25.0621 4512        Wlansvc - ok
17:41:26.0276 4512        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:41:26.0323 4512        wlidsvc - ok
17:41:26.0604 4512        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:41:26.0619 4512        WmiAcpi - ok
17:41:26.0791 4512        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:41:26.0822 4512        wmiApSrv - ok
17:41:26.0869 4512        WMPNetworkSvc - ok
17:41:26.0900 4512        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:41:26.0931 4512        WPCSvc - ok
17:41:27.0056 4512        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:41:27.0072 4512        WPDBusEnum - ok
17:41:27.0165 4512        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:41:27.0212 4512        ws2ifsl - ok
17:41:27.0243 4512        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:41:27.0275 4512        wscsvc - ok
17:41:27.0462 4512        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:41:27.0477 4512        WSDPrintDevice - ok
17:41:27.0493 4512        WSearch - ok
17:41:27.0821 4512        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
17:41:27.0930 4512        wuauserv - ok
17:41:28.0257 4512        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:41:28.0320 4512        WudfPf - ok
17:41:28.0367 4512        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:41:28.0398 4512        WUDFRd - ok
17:41:28.0429 4512        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:41:28.0460 4512        wudfsvc - ok
17:41:28.0710 4512        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:41:28.0772 4512        WwanSvc - ok
17:41:28.0835 4512        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:41:29.0755 4512        \Device\Harddisk0\DR0 - ok
17:41:29.0771 4512        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
17:41:29.0833 4512        \Device\Harddisk1\DR1 - ok
17:41:29.0833 4512        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
17:41:29.0849 4512        \Device\Harddisk2\DR2 - ok
17:41:29.0864 4512        Boot (0x1200)  (8d0f98f22192ea176e5085ca4886d776) \Device\Harddisk0\DR0\Partition0
17:41:29.0895 4512        \Device\Harddisk0\DR0\Partition0 - ok
17:41:29.0927 4512        Boot (0x1200)  (31ca6a9aacbe818c80f8e3e089f4eb4d) \Device\Harddisk0\DR0\Partition1
17:41:29.0942 4512        \Device\Harddisk0\DR0\Partition1 - ok
17:41:29.0958 4512        Boot (0x1200)  (5ea76a024d032d3842a32208d0451e31) \Device\Harddisk0\DR0\Partition2
17:41:29.0958 4512        \Device\Harddisk0\DR0\Partition2 - ok
17:41:29.0973 4512        Boot (0x1200)  (45628a2e3bfcebd3a08410001b50c39a) \Device\Harddisk1\DR1\Partition0
17:41:29.0973 4512        \Device\Harddisk1\DR1\Partition0 - ok
17:41:29.0989 4512        Boot (0x1200)  (08b8a612a427a4fc78a49adea43cefb9) \Device\Harddisk2\DR2\Partition0
17:41:29.0989 4512        \Device\Harddisk2\DR2\Partition0 - ok
17:41:29.0989 4512        ============================================================
17:41:29.0989 4512        Scan finished
17:41:29.0989 4512        ============================================================
17:41:30.0005 3872        Detected object count: 12
17:41:30.0005 3872        Actual detected object count: 12
17:42:09.0418 3872        Alpham1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872        Alpham1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0418 3872        Alpham2 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872        Alpham2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0418 3872        FileZilla Server ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872        FileZilla Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0418 3872        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0418 3872        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        TWKSCARDSRV ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        TWKSCARDSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        ubloxVcp ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        ubloxVcp ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:42:09.0434 3872        WLANBelkinService ( UnsignedFile.Multi.Generic ) - skipped by user
17:42:09.0434 3872        WLANBelkinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Wie gehts das nun weiter ?

System läuft so weit nur sind halt unmengen an Bildern Verschlüsselt.

Liebe Grüße

conny

Chris4You 19.06.2012 06:56
Hi,

poste noch mal ein neues OTL-Logfile...

Sind Dateien verschlüsselt, dann folge dem Link:http://www.trojaner-board.de/114783-...ubersicht.html

chris

conny24 19.06.2012 09:37
Hallo hier nochmal das OTL:

Code:
OTL logfile created on: 19.06.2012 10:11:04 - Run 2
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\conny\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 67,88% Memory free
25,99 Gb Paging File | 23,65 Gb Available in Paging File | 90,98% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 35,75 Gb Free Space | 14,64% Space Free | Partition Type: NTFS
Drive D: | 698,63 Gb Total Space | 478,16 Gb Free Space | 68,44% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 36,31 Gb Free Space | 48,72% Space Free | Partition Type: NTFS
Drive F: | 244,14 Gb Total Space | 181,72 Gb Free Space | 74,43% Space Free | Partition Type: NTFS
Drive G: | 210,34 Gb Total Space | 45,86 Gb Free Space | 21,81% Space Free | Partition Type: NTFS
 
Computer Name: CONNY-PC | User Name: conny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.19 09:12:17 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.06.18 17:30:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\conny\Desktop\OTL.exe
PRC - [2012.05.25 20:12:37 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.05.25 20:12:35 | 002,152,720 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.24 20:32:12 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.09.06 15:30:17 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011.05.17 11:26:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011.05.06 07:24:30 | 010,822,656 | ---- | M] () -- C:\Program Files (x86)\PicPick\picpick.exe
PRC - [2011.03.21 19:11:44 | 000,068,608 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe
PRC - [2011.03.21 19:08:26 | 000,102,400 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDH.exe
PRC - [2011.03.21 19:08:20 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
PRC - [2009.09.15 19:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) -- C:\Windows\SCARDS32.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.19 09:12:17 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.06.19 09:12:14 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.06.19 09:12:14 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012.06.19 09:12:14 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.06.19 09:12:14 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.03.26 08:39:03 | 002,666,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.22 12:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2011.05.06 07:24:30 | 010,822,656 | ---- | M] () -- C:\Program Files (x86)\PicPick\picpick.exe
MOD - [2009.11.25 18:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\PBN.exe
MOD - [2009.09.15 19:17:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\Belkin\F7D4101\V1\BelkinwcuiDLL.dll
MOD - [2009.02.27 17:40:05 | 001,421,312 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 9.0\PDFMaker\Common\AdobePDFMakerX.DEU
MOD - [2009.02.26 14:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.26 13:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010.09.27 16:42:04 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.06.19 09:12:17 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.11 21:17:03 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.25 20:12:35 | 002,152,720 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.12 11:57:05 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.26 16:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.06.06 15:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2011.06.01 12:41:52 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.17 11:26:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.02.07 16:41:57 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011.01.14 08:57:45 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 14:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 14:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.28 17:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.11.01 21:03:02 | 000,075,064 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.10.15 06:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.23 18:25:28 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.07.23 18:25:28 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto | Running] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.03 13:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.09.29 09:54:24 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2011.08.12 09:20:57 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2011.06.09 16:54:33 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.06.09 15:18:18 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.06.01 10:02:15 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.17 13:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.02 12:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.12.02 12:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010.12.02 12:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.12.02 12:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.09.27 16:42:10 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010.09.27 16:42:06 | 000,075,648 | ---- | M] (SafeNet Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2010.09.27 16:42:02 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.01.12 06:19:32 | 000,095,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NmPar.sys -- (NmPar)
DRV:64bit: - [2010.01.07 12:31:20 | 000,075,264 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NmSerial.sys -- (nmserial)
DRV:64bit: - [2010.01.07 00:19:00 | 000,068,224 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2009.12.17 08:10:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009.12.17 08:10:34 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009.12.17 08:10:32 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2009.11.25 09:25:13 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009.11.12 21:20:52 | 000,054,888 | ---- | M] (Videology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vidousb.sys -- (vidousb)
DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.10.22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.10.22 16:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009.10.20 20:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009.09.14 13:49:02 | 000,062,976 | ---- | M] (u-blox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ubloxVcp.sys -- (ubloxVcp)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:31:06 | 000,142,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mf.sys -- (mf)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 17:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2008.11.21 11:54:08 | 000,025,600 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AMDx64CUT.sys -- (SUMMACUTamd)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.05.12 08:09:06 | 000,064,512 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mchpusb64.sys -- (MCHPUSB)
DRV:64bit: - [2008.01.02 14:11:50 | 000,024,848 | ---- | M] (IBM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUMDriver.sys -- (LUMDriver)
DRV:64bit: - [2007.07.23 08:57:04 | 000,052,992 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham164.sys -- (Alpham1)
DRV:64bit: - [2007.03.30 14:42:34 | 012,333,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD)
DRV:64bit: - [2007.03.20 10:51:04 | 000,021,760 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Alpham264.sys -- (Alpham2)
DRV:64bit: - [2007.02.16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2005.12.14 01:53:42 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV - [2012.01.05 09:24:51 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.03.30 14:41:54 | 012,033,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD)
DRV - [2003.04.30 02:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2003.04.30 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\TWKMS.SYS -- (TwkMs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 47 61 8D D1 5A CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {E18820C5-6771-487F-A94E-69B19E52EDA7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=DCFTDF&PC=DCFM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{E18820C5-6771-487F-A94E-69B19E52EDA7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.09.10 07:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.06.15 18:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011.08.04 08:27:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.07 08:03:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.06.08 09:59:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\mozilla\Extensions
[2012.05.19 10:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\conny\AppData\Roaming\mozilla\Firefox\Profiles\uv8bdff3.default\extensions
[2012.03.18 14:06:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.02 15:21:59 | 000,033,619 | ---- | M] () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI
[2012.01.09 08:59:38 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.19 10:47:25 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.02.12 12:56:29 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\CONNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UV8BDFF3.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.05.12 11:57:05 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.06 15:12:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 15:12:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.06 15:12:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 15:12:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.27 07:40:20 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011.10.06 15:12:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 15:12:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\conny\AppData\Roaming\toolplugin\toolbar.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper] *DISABLED*"C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PUStarter] C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\AppInterfaces\HPPUDS.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RunPUTasktray] "C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\HPPU.exe" --regkeypath=Software\Hewlett-Packard\HP Printer Utility\HPPURun --valuename=InstallTTM File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Auto-Import for EuroCUT Professional 7] *DISABLED*"C:\Program Files (x86)\EUROSYSTEMS\EuroCUT Professional 7\autoimp.exe" File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe ()
O4 - HKCU..\Run: [PowerSuite] C:\Program Files (x86)\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hp.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: hp.com ([]https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {17D0C64A-5283-4125-8256-105694C274ED} hxxp://www.knittel-foto-film.de/interaktiv/objekt/spx33.cab (MozillaPluginHostCtrl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} hxxp://louk.solidworks.com/htdocs/pdownload/edrawings/e2011sp02/cab//eModelsStandard.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin1211.cab (PPI Chipcard-Browser-Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {97DF08C1-4C0E-4913-823B-E8FC1C8444FA} hxxp://192.168.178.105/400series.cab (4Mosa Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{033CB6C8-A685-49C1-9946-DC7D806C25CC}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20530C69-9109-4506-813C-D737741E264E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2E67585-A4EB-4BF7-8B21-62767D116DA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F689F529-62D7-4964-AE0F-FB23CE532589}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\HPPUDCS - No CLSID value found
O18:64bit: - Protocol\Handler\hppufile - No CLSID value found
O18:64bit: - Protocol\Handler\hppusam - No CLSID value found
O18:64bit: - Protocol\Handler\hppuzip - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\x-mem3 - No CLSID value found
O18 - Protocol\Handler\HPPUDCS {522CC7E5-F378-4F97-8BD7-125D17F5B332} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Printer Utility DCS\APP\hplidcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppufile {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppusam {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppuzip {4BCA8E33-E18F-4358-9F6F-3C7206BCF72F} - C:\Program Files (x86)\Hewlett-Packard\HP Printer Utility\hpluCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\x-mem3 {4F6D06DD-44AB-4F89-BF13-9027B505B15A} - C:\Windows\SysWOW64\eztoolslib2.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (*DISABLED*wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.30 08:34:10 | 000,000,000 | ---D | M] - D:\Autocad -- [ NTFS ]
O32 - AutoRun File - [2012.06.18 19:54:56 | 000,000,000 | ---D | M] - D:\Autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 22:47:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.18 22:47:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.18 22:47:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.18 22:47:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.18 22:47:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.18 22:47:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.18 22:47:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.18 22:47:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.18 22:47:01 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.18 22:47:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.18 22:47:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.18 22:47:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.18 22:47:00 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.18 20:16:57 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.06.18 20:16:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.18 17:30:08 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\conny\Desktop\OTL.exe
[2012.06.18 14:56:28 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\Malwarebytes
[2012.06.18 14:56:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.18 14:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.18 12:52:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.18 12:52:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.18 12:52:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.18 12:51:32 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.18 12:51:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.18 12:51:29 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.18 12:51:13 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.06.18 12:51:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.18 12:50:41 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.18 12:50:40 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.15 15:15:16 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\conny\Desktop\TDSSKiller.exe
[2012.06.11 21:18:42 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\Macromedia
[2012.06.09 14:57:23 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Local\3Dconnexion_Inc
[2012.06.09 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\conny\AppData\Roaming\3Dconnexion
[2012.06.09 14:49:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2012.06.09 14:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Dconnexion
[2012.06.09 14:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\3Dconnexion
[2012.06.07 08:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.07 08:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.07 03:42:50 | 000,109,056 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysNative\siappdll.dll
[2012.06.07 03:36:48 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012.06.04 20:51:57 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber_2012
[2012.06.04 20:51:21 | 000,000,000 | ---D | C] -- C:\Users\conny\Desktop\Kletterfieber
[2012.06.03 18:53:20 | 000,000,000 | ---D | C] -- C:\Users\conny\Documents\Studienbescheinigung
[2011.12.18 23:41:00 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\arDshini.exe.exe
[2011.12.16 08:31:09 | 000,016,896 | ---- | C] (Microsoft) -- C:\Users\conny\AppData\Roaming\Dshini.exe.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 10:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.19 09:37:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.19 09:11:13 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.19 09:05:40 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 09:05:40 | 000,013,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 08:57:16 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.19 08:57:08 | 000,000,355 | ---- | M] () -- C:\Windows\SCARDSRV.INI
[2012.06.19 08:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.19 08:56:22 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 08:35:48 | 006,339,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.18 22:55:44 | 001,608,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 22:55:44 | 000,692,220 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 22:55:44 | 000,646,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 22:55:44 | 000,140,050 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 22:55:44 | 000,114,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 17:30:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\conny\Desktop\OTL.exe
[2012.06.18 14:56:23 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.15 15:15:16 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\conny\Desktop\TDSSKiller.exe
[2012.06.11 23:10:27 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.06.11 23:10:27 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.06.11 21:17:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.11 21:17:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.09 14:48:23 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012.06.09 14:48:23 | 000,002,304 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012.06.07 08:03:43 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.07 03:44:22 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\Launch3DxGUI.cpl
[2012.06.07 03:42:50 | 000,109,056 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysNative\siappdll.dll
[2012.06.07 03:41:56 | 000,055,808 | ---- | M] () -- C:\Windows\SysNative\spwini.dll
[2012.06.07 03:36:48 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\spwini.dll
[2012.06.03 17:47:27 | 001,424,557 | ---- | M] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012.05.21 06:03:27 | 000,001,456 | ---- | M] () -- C:\Users\conny\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.19 08:57:15 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.06.18 14:56:23 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.09 14:48:23 | 000,002,413 | ---- | C] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012.06.09 14:48:23 | 000,002,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012.06.07 08:03:43 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.07 03:44:22 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\Launch3DxGUI.cpl
[2012.06.07 03:41:56 | 000,055,808 | ---- | C] () -- C:\Windows\SysNative\spwini.dll
[2012.06.07 03:35:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2012.06.03 17:47:27 | 001,424,557 | ---- | C] () -- C:\Users\conny\Documents\Gesundheitsamt_KE.pdf
[2012.04.03 08:36:30 | 004,389,441 | ---- | C] () -- C:\Windows\SysWow64\USBAccessLink.dll
[2012.04.03 08:36:30 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\SerialAccessLink.dll
[2012.03.19 10:10:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Instrument Library
[2012.03.19 10:10:09 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Images
[2012.03.19 10:10:09 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Licenses
[2012.03.19 10:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Plug-Ins
[2012.03.19 10:09:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin
[2012.03.19 10:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Limiter
[2012.03.19 10:09:32 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Legacy
[2012.03.19 10:07:43 | 000,000,000 | ---- | C] () -- C:\ProgramData\Image Manipulation
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.17 16:31:06 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.01.17 16:31:06 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.11.16 11:27:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Icons
[2011.11.16 11:27:11 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Hybrid Basic
[2011.11.16 11:27:11 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.11.16 11:27:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\InkjetPrinter
[2011.10.06 16:54:58 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2011.10.06 15:53:06 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2011.09.29 08:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Importer
[2011.09.29 08:55:21 | 000,000,268 | RH-- | C] () -- C:\Users\conny\AppData\Roaming\Image Units
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.09.29 08:50:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.08.05 14:59:36 | 000,324,511 | ---- | C] () -- C:\ProgramData\1312521941.bdinstall.bin
[2011.06.09 08:47:59 | 000,000,663 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2011.04.05 14:37:15 | 000,000,037 | ---- | C] () -- C:\Windows\iltwain.ini
[2011.02.07 16:42:04 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.10.28 13:42:34 | 000,000,355 | ---- | C] () -- C:\Windows\SCARDSRV.INI
[2010.10.28 13:42:25 | 000,001,268 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010.10.28 13:42:02 | 000,002,776 | ---- | C] () -- C:\Windows\twkverck.dat
[2010.10.11 14:28:14 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010.10.11 14:28:14 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010.08.08 09:35:12 | 000,000,132 | ---- | C] () -- C:\Users\conny\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.08.03 12:40:12 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Jingles
[2010.08.03 12:28:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Help

< End of report >

Chris4You 19.06.2012 09:47
Hi,

bis auf das nachfolgende ok...

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Users\conny\AppData\Roaming\arDshini.exe.exe
C:\Users\conny\AppData\Roaming\Dshini.exe.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

chris

conny24 19.06.2012 11:32
So hier die Ergebnisse:

HTML-Code:
    Community
    Statistics
    Dokumentation
    FAQ
    About

    Join our community
    Sign in

VirusTotal
SHA256:        9e0085af43d324abc3daa83fae9d7b136b00151201068cb87659ad7b0af3d315
SHA1:        6af04473c425aac2ec3496bed1cf272d6a4732ca
MD5:        a2c69b93a8d30ff09a3810c049b58ef6
File size:        16.5 KB ( 16896 bytes )
File name:        arDshini.exe.exe
File type:        Win32 EXE
Detection ratio:        0 / 42
Analysis date:        2012-06-19 10:25:40 UTC ( 1 Minute ago )
0
0
More details
Antivirus        Result        Update
AhnLab-V3        -        20120619
AntiVir        -        20120619
Antiy-AVL        -        20120619
Avast        -        20120619
AVG        -        20120619
BitDefender        -        20120619
ByteHero        -        20120618
CAT-QuickHeal        -        20120619
ClamAV        -        20120619
Commtouch        -        20120619
Comodo        -        20120619
DrWeb        -        20120619
Emsisoft        -        20120619
eSafe        -        20120617
F-Prot        -        20120619
F-Secure        -        20120619
Fortinet        -        20120619
GData        -        20120619
Ikarus        -        20120619
Jiangmin        -        20120619
K7AntiVirus        -        20120618
Kaspersky        -        20120619
McAfee        -        20120619
McAfee-GW-Edition        -        20120618
Microsoft        -        20120619
NOD32        -        20120619
Norman        -        20120618
nProtect        -        20120619
Panda        -        20120618
PCTools        -        20120619
Rising        -        20120619
Sophos        -        20120619
SUPERAntiSpyware        -        20120619
Symantec        -        20120619
TheHacker        -        20120618
TotalDefense        -        20120619
TrendMicro        -        20120619
TrendMicro-HouseCall        -        20120618
VBA32        -        20120619
VIPRE        -        20120619
ViRobot        -        20120619
VirusBuster        -        20120618

    Comments
    Votes
    Additional information

No comments

You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
Blog | Twitter | contact@virustotal.com | Google groups | TOS & Privacy Policy
Und hier die zweite Datei:

HTML-Code:
    Community
    Statistics
    Dokumentation
    FAQ
    About

    Join our community
    Sign in

VirusTotal
SHA256:        6974d76dfb6cfd7987afcb45c842ab1ac244778c19e39a14d2c2a64e28e446c5
File name:        Dshini.exe.exe
Detection ratio:        0 / 38
Analysis date:        2012-06-19 10:30:45 UTC ( 1 Minute ago )
0
0
More details
Antivirus        Result        Update
AhnLab-V3        -        20120619
AntiVir        -        20120619
Antiy-AVL        -        20120619
Avast        -        20120619
AVG        -        20120619
BitDefender        -        20120619
ByteHero        -        20120618
CAT-QuickHeal        -        20120619
ClamAV        -        20120619
Commtouch        -        20120619
Comodo        -        20120619
Emsisoft        -        20120619
eSafe        -        20120617
F-Prot        -        20120619
Fortinet        -        20120619
GData        -        20120619
Ikarus        -        20120619
Jiangmin        -        20120619
K7AntiVirus        -        20120618
Kaspersky        -        20120619
Microsoft        -        20120619
NOD32        -        20120619
Norman        -        20120618
nProtect        -        20120619
Panda        -        20120618
PCTools        -        20120619
Rising        -        20120619
Sophos        -        20120619
SUPERAntiSpyware        -        20120619
Symantec        -        20120619
TheHacker        -        20120618
TotalDefense        -        20120619
TrendMicro        -        20120619
TrendMicro-HouseCall        -        20120618
VBA32        -        20120619
VIPRE        -        20120619
ViRobot        -        20120619
VirusBuster        -        20120618

    Comments
    Votes
    Additional information

No comments

You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community
Blog | Twitter | contact@virustotal.com | Google groups | TOS & Privacy Policy

Chris4You 19.06.2012 12:46
Hi,

(er)kennt keiner... nun gut... dann wären wir wohl durch...
Kannst jetzt probieren die Entschlüsselingstools zum Einsatz zu bringen...

chris

conny24 19.06.2012 13:02
Super nochmal vielen Dank für deinen Einsatz.

Gruß conny


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:49 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129