eventuell Backdoor-Trojaner auf meinem Rechner?

n3m0 · 26.10.2011, 16:41

Hallo,
irgendwie ist eine Datei auf meinem Rechner gelandet, die mir und sehr auffällig erschien (sie hieß: "Ad Muncher.4.71.28140-1742.exe").
Das ist ja eine Software, allerdings habe ich mir keine runtergeladen. Zur Sicherheit habe ich sie mal mit VirusTotal.com gescannt und das ist dabei rausgekommen:
hxxp://www.virustotal.com/file-scan/report.html?id=6426fcfc68059b99391204ff01a7bccac349a92072fb5e64b2ab690324b3dd43-1319640511

Anschließend habe ich auch gleich ein Hijackthis-Scan gemacht und ich würde nur gerne wissen, ob ich mir etwas eingefangen habe oder es es nur "illegale Software" war, die da auf meinem Rechner gelandet ist.
Die Software selbst, habe ich direkt gelöscht, aber ich weis ja nicht, ob eventuell noch etwas anderes mit auf meinem Rechner gelandet ist.

Mein Kaspersky Internet Security hat jedenfalls noch nix gefunden, aber das heißt ja nicht immer etwas.

Hier wäre dann mein Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:36:02, on 26.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
D:\PROGRA~2\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\VMware\VMware VIX\vmware-tray.exe
D:\Portable-Software\Lupo PenSuite\Lupo_PenSuite_v2011.04_Full\Launcher\ASuite.exe
D:\Portable-Software\Lupo PenSuite\Lupo_PenSuite_v2011.04_Full\Apps\FileZilla\filezilla.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Portable-Software\Lupo PenSuite\Lupo_PenSuite_v2011.04_Full\Apps\OperaUSB\opera.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\Portable-Software\Lupo PenSuite\Lupo_PenSuite_v2011.04_Full\Apps\ClamWin Portable\ClamWinPortable.exe
D:\Portable-Software\Lupo PenSuite\Lupo_PenSuite_v2011.04_Full\Apps\ClamWin Portable\App\clamwin\bin\ClamWin.exe
D:\Portable-Software\Lupo PenSuite\Lupo_PenSuite_v2011.04_Full\Apps\ClamWin Portable\App\clamwin\bin\freshclam.exe
C:\Users\Patrick\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wisedock.de/m.php?id=4606d94a18588393cb2e1be587e262b4fb25
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (file missing)
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
O4 - HKLM\..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vmware-tray] "D:\Program Files (x86)\VMware\VMware VIX\vmware-tray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: 20Dollars2Surf.lnk = C:\Program Files (x86)\20Dollars2Surf\20dollars2surf.exe
O4 - Global Startup: GomezPEER.lnk = D:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll (file missing)
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxbc_device -   - C:\Windows\system32\lxbccoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files (x86)\VMware\VMware VIX\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - D:\Program Files (x86)\VMware\VMware VIX\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13011 bytes

Falls ich mir etwas eingefangen habe, werde ich wahrscheinlich eine Formatierung vornehmen, da dies ja doch in den meisten Fällen einfacher und schneller ist.
Ich möchte nur gerne vorher einen professionelle Meinung hören, ob das überhaupt notwendig ist.

cosinus · 26.10.2011, 20:08

Der VT-Link funktioniert nicht.

Bitte beachten

=> http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html

n3m0 · 27.10.2011, 08:49

Hi,
sorry, ich hatte mir die goldenen Regeln zwar angesehen, allerdings habe ich die andere Seite mit dem Hijackthis-Scan ünicht gesehen und da ich schon mal vor längerem in einem anderen Forum war, bin ich irgendwie davon ausgegangen, es würde hier auch erst mit HijackThis und dann mit OTL etc. gescannt.

Na ja, jetzt habe ich die anderen Scans ja nachgeholt:

1.) Als ich defogger gestartet und "disable" geklickt habe, musste ich keinen Neustart machen, hat das was zu bedeuten?

2.) Hier nun meine Logs von OTL.exe:

OTL.txt

Code:

ATTFilter

OTL logfile created on: 27.10.2011 09:17:10 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Patrick\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,91 Gb Total Physical Memory | 13,87 Gb Available Physical Memory | 87,21% Memory free
31,82 Gb Paging File | 29,68 Gb Available in Paging File | 93,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,26 Gb Total Space | 55,07 Gb Free Space | 51,34% Space Free | Partition Type: NTFS
Drive D: | 24,47 Gb Total Space | 19,24 Gb Free Space | 78,61% Space Free | Partition Type: NTFS
Drive E: | 147,62 Gb Total Space | 84,41 Gb Free Space | 57,18% Space Free | Partition Type: NTFS
 
Computer Name: MEIN-PC | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.27 09:12:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
PRC - [2011.10.27 09:06:33 | 000,050,477 | ---- | M] () -- C:\Users\Patrick\Desktop\Defogger.exe
PRC - [2011.08.22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.08.22 17:07:18 | 000,103,536 | ---- | M] (VMware, Inc.) -- D:\Program Files (x86)\VMware\VMware VIX\vmware-tray.exe
PRC - [2011.08.22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- D:\Program Files (x86)\VMware\VMware VIX\vmware-authd.exe
PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.04.28 05:03:30 | 000,073,728 | ---- | M] () -- D:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
PRC - [2011.04.26 11:20:48 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011.04.13 15:15:22 | 001,116,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2011.03.23 15:08:12 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2011.01.17 15:38:20 | 000,702,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
PRC - [2011.01.11 16:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.11.25 09:12:56 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
PRC - [2010.11.24 06:35:56 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\Gomez\GomezPEER\jre\bin\java.exe
PRC - [2010.11.08 15:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.27 09:06:33 | 000,050,477 | ---- | M] () -- C:\Users\Patrick\Desktop\Defogger.exe
MOD - [2011.10.23 19:03:08 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
MOD - [2011.10.20 20:22:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.20 20:22:26 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.20 19:30:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.20 19:30:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.20 19:30:51 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll
MOD - [2011.10.20 19:30:50 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.20 19:30:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.20 19:30:45 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.20 19:30:43 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.06.16 19:05:26 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.04.28 05:03:30 | 000,073,728 | ---- | M] () -- D:\Program Files (x86)\Gomez\GomezPEER\bin\GomezPEER.exe
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.04.07 17:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011.03.23 15:05:04 | 000,964,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011.03.04 10:33:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2011.02.24 10:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2011.02.09 09:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011.01.19 21:23:40 | 001,655,296 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll
MOD - [2011.01.13 16:47:34 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2011.01.07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011.01.06 10:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010.12.01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2010.11.25 15:12:54 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll
MOD - [2010.11.25 15:12:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll
MOD - [2010.11.25 15:12:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll
MOD - [2010.11.25 15:12:54 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll
MOD - [2010.11.24 06:35:58 | 000,010,240 | ---- | M] () -- D:\Program Files (x86)\Gomez\GomezPEER\jre\bin\SystemInfo.dll
MOD - [2010.10.15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2010.08.23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll
MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.05.21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.03.16 01:24:18 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbccoms.exe -- (lxbc_device)
SRV - [2011.08.22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.08.22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.08.22 16:34:52 | 011,837,440 | ---- | M] () [Auto | Stopped] -- D:\Program Files (x86)\VMware\VMware VIX\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011.08.22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- D:\Program Files (x86)\VMware\VMware VIX\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.08.21 23:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011.06.12 11:43:28 | 051,740,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011.03.13 10:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.12.02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.11.03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010.10.21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.16 01:24:02 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxbccoms.exe -- (lxbc_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.20 14:49:54 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.10.20 11:15:23 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011.08.22 17:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.08.22 17:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.08.22 15:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.08.22 15:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.08.21 23:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.06.16 19:11:21 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.06.16 19:11:21 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.04.26 11:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.15 05:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.13 10:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.13 10:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 10:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 10:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.13 10:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.13 10:58:42 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011.03.13 10:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.13 10:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.12.08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010.12.08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 14:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010.08.27 19:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.08.17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2010.08.10 11:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010.05.20 15:26:48 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/mb50?u=1036326497500915990
IE - HKLM\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 1B 49 82 2D 8F CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\firefoxextension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.10.20 15:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.10.20 15:11:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.10.20 15:11:10 | 000,000,000 | ---D | M]
 
[2011.10.26 09:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll File not found
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found.
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [vmware-tray] D:\Program Files (x86)\VMware\VMware VIX\vmware-tray.exe (VMware, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{233044BC-90A5-49EF-B902-097C1378EC6F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe64.dll File not found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg.dll File not found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1081\7.0.1081\TmBpIe32.dll File not found
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1066\TmIEPlg32.dll File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f69df467-fa5d-11e0-80a6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f69df467-fa5d-11e0-80a6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.27 09:10:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.10.26 19:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2011.10.26 19:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IncrediMail_MediaBar_Deutsch_2
[2011.10.26 19:48:48 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Conduit
[2011.10.26 19:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
[2011.10.26 19:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IncrediMail
[2011.10.26 09:21:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Mozilla
[2011.10.26 09:21:09 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Gomez
[2011.10.26 09:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GomezPEER
[2011.10.26 09:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paradiesbar
[2011.10.26 07:27:14 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\IPaid
[2011.10.26 07:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IPaid-Surfbar
[2011.10.26 07:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\20Dollars2Surf
[2011.10.26 07:21:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\20Dollars2Surf
[2011.10.26 07:17:43 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paidmail-Autobot
[2011.10.26 07:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paidmail-Autobot
[2011.10.26 06:45:41 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Media Player Classic
[2011.10.25 18:59:40 | 000,062,064 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2011.10.25 18:59:19 | 000,354,416 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2011.10.25 18:59:15 | 000,432,752 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2011.10.25 18:59:14 | 000,030,320 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2011.10.25 18:59:13 | 000,942,192 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2011.10.25 18:59:11 | 000,039,024 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2011.10.25 18:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011.10.25 18:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2011.10.25 18:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2011.10.25 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2011.10.25 18:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2011.10.25 18:49:52 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\IM
[2011.10.25 18:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2011.10.25 18:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2011.10.25 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\VMware
[2011.10.25 17:50:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.10.25 17:48:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2011.10.25 14:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Z500-Z600 Series
[2011.10.25 14:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z500-Z600 Series
[2011.10.25 14:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark Z500-Z600 Series
[2011.10.25 14:10:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcserv.dll
[2011.10.25 14:10:44 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcusb1.dll
[2011.10.25 14:10:44 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbchbn3.dll
[2011.10.25 14:10:44 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomc.dll
[2011.10.25 14:10:44 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpmui.dll
[2011.10.25 14:10:44 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbclmpm.dll
[2011.10.25 14:10:44 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccoms.exe
[2011.10.25 14:10:44 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccomm.dll
[2011.10.25 14:10:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcinpa.dll
[2011.10.25 14:10:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbciesc.dll
[2011.10.25 14:10:44 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcih.exe
[2011.10.25 14:10:44 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbccfg.exe
[2011.10.25 14:10:44 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcppls.exe
[2011.10.25 14:10:44 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcprox.dll
[2011.10.25 14:10:44 | 000,131,072 | ---- | C] (Lexmark ) -- C:\Windows\SysWow64\lxbcins.dll
[2011.10.25 14:10:44 | 000,094,208 | ---- | C] (Lexmark ) -- C:\Windows\SysWow64\lxbcinsr.dll
[2011.10.25 14:10:44 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbcpplc.dll
[2011.10.25 14:10:24 | 001,418,240 | ---- | C] ( ) -- C:\Windows\SysNative\lxbcserv.dll
[2011.10.25 14:10:24 | 001,099,776 | ---- | C] ( ) -- C:\Windows\SysNative\lxbcusb1.dll
[2011.10.25 14:10:24 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysNative\lxbccomc.dll
[2011.10.25 14:10:24 | 000,660,480 | ---- | C] ( ) -- C:\Windows\SysNative\lxbchbn3.dll
[2011.10.25 14:10:24 | 000,566,704 | ---- | C] ( ) -- C:\Windows\SysNative\lxbccoms.exe
[2011.10.25 14:10:24 | 000,488,448 | ---- | C] ( ) -- C:\Windows\SysNative\lxbclmpm.dll
[2011.10.25 14:10:24 | 000,410,112 | ---- | C] ( ) -- C:\Windows\SysNative\lxbcpmui.dll
[2011.10.25 14:10:24 | 000,305,664 | ---- | C] ( ) -- C:\Windows\SysNative\LXBChcp.dll
[2011.10.25 14:10:24 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxbccomm.dll
[2011.10.25 14:10:24 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxbcinpa.dll
[2011.10.25 14:10:24 | 000,236,464 | ---- | C] ( ) -- C:\Windows\SysNative\lxbccfg.exe
[2011.10.25 14:10:24 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxbcih.exe
[2011.10.25 14:10:24 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxbciesc.dll
[2011.10.25 14:10:24 | 000,177,664 | ---- | C] (Lexmark ) -- C:\Windows\SysNative\lxbcins.dll
[2011.10.25 14:10:24 | 000,077,824 | ---- | C] (Lexmark ) -- C:\Windows\SysNative\lxbcinsr.dll
[2011.10.25 14:10:24 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxbcprox.dll
[2011.10.25 14:10:24 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxbcpplc.dll
[2011.10.25 13:51:02 | 000,000,000 | ---D | C] -- C:\drivers
[2011.10.25 09:29:01 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Outlook-Dateien
[2011.10.25 08:44:50 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Windows Mail in Windows 7 reanimieren
[2011.10.24 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Warez
[2011.10.24 11:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImageShack Uploader
[2011.10.24 09:29:06 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.10.24 07:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011.10.24 07:29:35 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.10.23 18:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.10.23 18:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011.10.23 18:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011.10.23 18:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.10.23 18:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011.10.23 18:52:31 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.10.23 18:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2011.10.23 18:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011.10.23 18:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011.10.23 18:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011.10.23 18:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011.10.23 18:50:26 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2011.10.23 18:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011.10.23 18:50:19 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Microsoft Help
[2011.10.23 18:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.10.23 17:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.10.23 17:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack x64
[2011.10.23 17:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack x64
[2011.10.23 17:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011.10.23 17:34:04 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011.10.23 17:34:04 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2011.10.23 17:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011.10.23 17:28:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2011.10.23 16:16:35 | 000,000,000 | ---D | C] -- C:\ProgramData\redistpart
[2011.10.23 16:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2011.10.23 16:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2011.10.23 16:01:51 | 000,037,392 | ---- | C] (Paragon Software Group) -- C:\Windows\SysNative\drivers\hotcore3.sys
[2011.10.23 16:01:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.10.23 16:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 11 Professional
[2011.10.23 16:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software
[2011.10.22 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.22 19:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.22 19:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.10.22 11:15:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Loggin
[2011.10.22 10:18:07 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\MigWiz
[2011.10.22 09:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\GetRight
[2011.10.21 19:05:37 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\CrashDumps
[2011.10.21 19:04:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\GetRight Pro
[2011.10.21 19:04:28 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\GetRight
[2011.10.21 10:21:32 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\ElevatedDiagnostics
[2011.10.20 20:55:53 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\WinRAR
[2011.10.20 19:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.10.20 19:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.10.20 19:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.10.20 14:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2011.10.20 14:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011.10.20 14:49:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.10.20 14:49:54 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.10.20 14:37:10 | 000,000,000 | R--D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2011.10.20 14:11:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zards software
[2011.10.20 14:11:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cleanse Uninstaller
[2011.10.20 14:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cleanse Uninstaller
[2011.10.20 11:48:48 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011.10.20 11:48:26 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Macromedia
[2011.10.20 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Adobe
[2011.10.20 11:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.10.20 10:29:16 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Trend Micro
[2011.10.20 10:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011.10.20 09:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles
[2011.10.20 08:04:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.10.20 08:02:49 | 000,014,464 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys
[2011.10.20 08:02:20 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll
[2011.10.20 08:02:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
[2011.10.20 08:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS
[2011.10.20 08:00:52 | 000,028,672 | R--- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll
[2011.10.20 08:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2011.10.20 07:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.10.19 17:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.10.19 17:43:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DeviceVM
[2011.10.19 17:42:08 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\BMExplorer
[2011.10.19 17:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011.10.19 17:36:06 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Bluetooth Folder
[2011.10.19 17:35:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2011.10.19 17:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Atheros
[2011.10.19 17:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2011.10.19 17:35:48 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.10.19 17:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2011.10.19 17:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2011.10.19 17:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011.10.19 17:23:39 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell
[2011.10.19 17:23:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell
[2011.10.19 17:23:05 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011.10.19 17:20:41 | 000,000,000 | ---D | C] -- C:\RaidTool
[2011.10.19 17:20:37 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool
[2011.10.19 17:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2011.10.19 17:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2011.10.19 17:15:01 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2011.10.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011.10.19 17:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.10.19 17:05:37 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011.10.19 17:05:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011.10.19 17:05:36 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2011.10.19 17:05:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011.10.19 17:05:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011.10.19 17:05:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011.10.19 17:05:36 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2011.10.19 17:05:36 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011.10.19 17:05:35 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2011.10.19 17:05:30 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011.10.19 17:05:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011.10.19 17:05:30 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011.10.19 17:05:30 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011.10.19 17:05:30 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011.10.19 17:05:30 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011.10.19 17:05:26 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011.10.19 17:05:26 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011.10.19 17:05:26 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011.10.19 17:05:26 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011.10.19 17:05:26 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011.10.19 17:05:26 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011.10.19 17:05:25 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011.10.19 17:05:25 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011.10.19 17:05:25 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011.10.19 17:05:24 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011.10.19 17:05:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2011.10.19 17:05:19 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011.10.19 17:05:18 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011.10.19 17:05:18 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011.10.19 17:05:18 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011.10.19 17:05:17 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011.10.19 17:05:17 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011.10.19 17:05:17 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011.10.19 17:05:17 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011.10.19 17:05:17 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011.10.19 17:05:17 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011.10.19 17:05:17 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011.10.19 17:05:17 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011.10.19 17:05:17 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011.10.19 17:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011.10.19 17:05:10 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011.10.19 17:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.10.19 17:02:08 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Intel Corporation
[2011.10.19 17:00:53 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2011.10.19 17:00:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.10.19 17:00:25 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\InstallShield
[2011.10.19 16:58:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.10.19 16:56:28 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2011.10.19 16:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2011.10.19 16:56:00 | 000,000,000 | ---D | C] -- C:\Intel
[2011.10.19 16:54:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.10.19 16:41:46 | 000,000,000 | R--D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.10.19 16:41:46 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Searches
[2011.10.19 16:41:46 | 000,000,000 | R--D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.10.19 16:41:38 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Identities
[2011.10.19 16:41:36 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Contacts
[2011.10.19 16:41:29 | 000,000,000 | --SD | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Videos
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Saved Games
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Pictures
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Music
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Links
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Favorites
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Downloads
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Documents
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\Desktop
[2011.10.19 16:41:29 | 000,000,000 | R--D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Vorlagen
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\AppData\Local\Verlauf
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\AppData\Local\Temporary Internet Files
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Startmenü
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\SendTo
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Recent
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Netzwerkumgebung
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Lokale Einstellungen
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Documents\Eigene Videos
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Documents\Eigene Musik
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Eigene Dateien
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Documents\Eigene Bilder
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Druckumgebung
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Cookies
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\AppData\Local\Anwendungsdaten
[2011.10.19 16:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Patrick\Anwendungsdaten
[2011.10.19 16:41:29 | 000,000,000 | -H-D | C] -- C:\Users\Patrick\AppData
[2011.10.19 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Temp
[2011.10.19 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Microsoft
[2011.10.19 16:41:29 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Media Center Programs
[2011.10.19 16:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2011.10.19 16:41:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellExt
[2011.10.19 16:41:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ShellExt
[2011.10.19 16:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2011.10.19 16:41:09 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.10.19 16:41:08 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.10.19 16:41:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.10.19 16:23:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.27 09:12:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe
[2011.10.27 09:08:53 | 000,000,000 | ---- | M] () -- C:\Users\Patrick\defogger_reenable
[2011.10.27 09:06:33 | 000,050,477 | ---- | M] () -- C:\Users\Patrick\Desktop\Defogger.exe
[2011.10.27 08:59:46 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.27 08:59:46 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.27 08:56:52 | 001,546,252 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.27 08:56:52 | 000,671,534 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.27 08:56:52 | 000,632,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.27 08:56:52 | 000,135,772 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.27 08:56:52 | 000,111,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.27 08:52:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.27 08:52:13 | 4221,497,342 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.26 09:12:27 | 000,000,936 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GomezPEER.lnk
[2011.10.26 07:21:17 | 000,001,021 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\20Dollars2Surf.lnk
[2011.10.25 18:59:09 | 001,565,688 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.25 14:17:24 | 000,000,220 | ---- | M] () -- C:\Windows\Lexstat.ini
[2011.10.25 14:12:34 | 000,005,187 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[2011.10.25 06:28:53 | 000,002,249 | ---- | M] () -- C:\Users\Patrick\Documents\Fische überwintern.rtf
[2011.10.24 09:09:14 | 000,420,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.24 07:48:35 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011.10.24 07:21:59 | 000,000,162 | -H-- | M] () -- C:\Users\Patrick\Desktop\~$ues RTF-Dokument.rtf
[2011.10.23 16:57:20 | 000,005,690 | ---- | M] () -- C:\Users\Patrick\Desktop\Neues RTF-Dokument.rtf
[2011.10.20 15:11:10 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.10.20 15:11:09 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.10.20 15:03:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.10.20 15:03:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.10.20 14:54:32 | 000,017,408 | ---- | M] () -- C:\Users\Patrick\AppData\Local\WebpageIcons.db
[2011.10.20 14:49:54 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011.10.20 11:15:23 | 000,105,744 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2011.10.20 09:58:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.10.20 09:50:03 | 000,030,663 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2011.10.20 08:04:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2011.10.19 17:37:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2011.10.19 17:36:07 | 000,246,804 | ---- | M] () -- C:\Windows\SysNative\drivers\AtherosBt.bin
[2011.10.19 17:35:48 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll
[2011.10.19 17:16:48 | 000,019,256 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2011.10.19 16:52:24 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2011.10.19 16:26:53 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.10.19 16:26:53 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2011.10.27 09:08:53 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\defogger_reenable
[2011.10.27 09:06:33 | 000,050,477 | ---- | C] () -- C:\Users\Patrick\Desktop\Defogger.exe
[2011.10.26 19:48:37 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
[2011.10.26 09:12:27 | 000,000,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GomezPEER.lnk
[2011.10.26 07:21:17 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\20Dollars2Surf.lnk
[2011.10.26 07:17:43 | 000,196,096 | ---- | C] () -- C:\Program Files (x86)\b1guninst100.exe
[2011.10.25 14:11:29 | 000,000,220 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.10.25 14:10:44 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbcutil.dll
[2011.10.25 14:10:44 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBCinst.dll
[2011.10.25 14:10:44 | 000,001,858 | ---- | C] () -- C:\Windows\SysWow64\lxbc.loc
[2011.10.25 14:10:24 | 000,567,808 | ---- | C] () -- C:\Windows\SysNative\lxbcutil.dll
[2011.10.25 14:10:24 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\LXBCinst.dll
[2011.10.25 14:10:24 | 000,005,187 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2011.10.25 14:10:24 | 000,001,858 | ---- | C] () -- C:\Windows\SysNative\lxbc.loc
[2011.10.25 07:36:33 | 000,001,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2011.10.25 06:28:53 | 000,002,249 | ---- | C] () -- C:\Users\Patrick\Documents\Fische überwintern.rtf
[2011.10.24 07:48:35 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011.10.24 07:48:33 | 001,565,688 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.24 07:21:59 | 000,000,162 | -H-- | C] () -- C:\Users\Patrick\Desktop\~$ues RTF-Dokument.rtf
[2011.10.23 17:34:16 | 000,203,264 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2011.10.23 17:34:16 | 000,083,968 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011.10.23 17:34:05 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.10.23 17:34:05 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.10.23 17:34:04 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.10.23 17:34:04 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.10.23 17:34:04 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.10.20 16:16:56 | 000,005,690 | ---- | C] () -- C:\Users\Patrick\Desktop\Neues RTF-Dokument.rtf
[2011.10.20 15:03:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.10.20 15:03:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.10.20 14:54:32 | 000,017,408 | ---- | C] () -- C:\Users\Patrick\AppData\Local\WebpageIcons.db
[2011.10.20 14:50:14 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011.10.20 14:50:14 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011.10.20 09:58:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.10.20 08:04:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2011.10.20 08:00:52 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.10.20 08:00:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.10.19 17:43:49 | 000,001,238 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2011.10.19 17:37:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2011.10.19 17:29:11 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2011.10.19 17:28:38 | 000,003,114 | ---- | C] () -- C:\Windows\SysNative\e1c62x64.din
[2011.10.19 17:16:48 | 000,019,256 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2011.10.19 17:15:01 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.10.19 17:15:01 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2011.10.19 17:15:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.10.19 17:15:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2011.10.19 17:15:01 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.10.19 17:15:01 | 000,218,304 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2011.10.19 17:15:01 | 000,211,082 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2011.10.19 17:15:01 | 000,197,902 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2011.10.19 17:15:01 | 000,182,514 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2011.10.19 17:15:01 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2011.10.19 17:15:01 | 000,156,057 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2011.10.19 17:15:01 | 000,152,994 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2011.10.19 17:15:01 | 000,148,846 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2011.10.19 17:15:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.10.19 17:15:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2011.10.19 17:15:01 | 000,140,077 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2011.10.19 17:15:01 | 000,138,572 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2011.10.19 17:15:01 | 000,137,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2011.10.19 17:15:01 | 000,137,506 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2011.10.19 17:15:01 | 000,136,449 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2011.10.19 17:15:01 | 000,135,519 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2011.10.19 17:15:01 | 000,135,222 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2011.10.19 17:15:01 | 000,134,686 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2011.10.19 17:15:01 | 000,134,272 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2011.10.19 17:15:01 | 000,134,238 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2011.10.19 17:15:01 | 000,133,706 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2011.10.19 17:15:01 | 000,133,548 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2011.10.19 17:15:01 | 000,133,246 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2011.10.19 17:15:01 | 000,133,014 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2011.10.19 17:15:01 | 000,132,752 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2011.10.19 17:15:01 | 000,132,650 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2011.10.19 17:15:01 | 000,131,705 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2011.10.19 17:15:01 | 000,128,863 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2011.10.19 17:15:01 | 000,128,667 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2011.10.19 17:15:01 | 000,128,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2011.10.19 17:15:01 | 000,123,921 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2011.10.19 17:15:01 | 000,117,522 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2011.10.19 17:15:01 | 000,116,233 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2011.10.19 17:15:01 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2011.10.19 17:15:01 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2011.10.19 17:15:01 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2011.10.19 17:15:01 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2011.10.19 17:15:01 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2011.10.19 17:15:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.10.19 17:15:01 | 000,017,220 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2011.10.19 17:15:01 | 000,000,151 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2011.10.19 17:09:23 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2011.10.19 16:52:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.10.19 16:52:17 | 000,030,663 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.10.19 16:41:49 | 000,001,405 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.10.19 16:41:47 | 000,001,439 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.10.19 16:26:44 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.10.19 16:23:53 | 4221,497,342 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.03 07:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.01.04 07:34:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
 
========== LOP Check ==========
 
[2011.10.21 19:04:28 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\GetRight
[2011.10.22 09:44:35 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\GetRight Pro
[2011.10.26 09:21:09 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Gomez
[2009.07.14 07:08:49 | 000,012,474 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.19 16:41:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.10.19 16:41:08 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.10.26 09:11:56 | 000,000,000 | ---D | M] -- C:\drivers
[2011.10.19 17:14:29 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.24 07:29:35 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.10.25 14:11:22 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.26 19:48:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.10.27 09:08:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.10.19 16:41:08 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.19 17:20:41 | 000,000,000 | ---D | M] -- C:\RaidTool
[2011.10.19 16:41:09 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.27 09:18:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.19 16:41:29 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.25 14:11:29 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2004.06.20 18:32:30 | 000,196,096 | ---- | M] () -- C:\Program Files (x86)\b1guninst100.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.06.16 19:09:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.06.16 19:09:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.06.18 01:30:10 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=5740B1555D51D56547043181789027A5 -- C:\Windows\explorer.exe
[2011.06.18 01:30:10 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=5740B1555D51D56547043181789027A5 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.06.18 01:35:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=88B413E78ADB75A062AB947C1BF6D49A -- C:\Windows\SysWOW64\explorer.exe
[2011.06.18 01:35:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=88B413E78ADB75A062AB947C1BF6D49A -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          Schliesse bitte nun alle Programme. (Wichtig)  >

< End of report >

Extra.txt
Da mein Beitrag zu lang mit beiden Logs ist, habe ich den 2. Log als zip-Archiv in den Anhang gepackt.

Schonmal Danke!

LG,
n3m0

cosinus · 27.10.2011, 11:28

Was ist mit dem Link von Virustotal?

n3m0 · 27.10.2011, 13:16

Hi,
der Link hier:
hxxp://www.virustotal.com/file-scan/report.html?id=6426fcfc68059b99391204ff01a7bccac349a92072fb5e64b2ab690324b3dd43-1319640511

Das ist das Ergebnis dieser Datei "Ad Muncher.4.71.28140-1742.exe" die ich auf meinem Rechner gefunden hatte.

Ich wollte nun auf nur sichergehen - falls das eine verseuchte Datei ist - das mit nicht noch anderes verseucht wurde.

LG,
n3m0

cosinus · 27.10.2011, 14:52

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n3m0 · 28.10.2011, 07:45

Hallo,
so, nun habe ich auch die weiteren Scans gemacht:
Malwarebytes' Anti-Malware
Log

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8030

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27.10.2011 19:39:29
mbam-log-2011-10-27 (19-39-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 329470
Laufzeit: 14 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Sandbox\Patrick\defaultbox\user\current\AppData\Local\Temp\Rar$EX16.400\incredimail 2 v6.03 build 4436\Stubs\66431d0434a14c1cfdbe97d4f69b044fb3d28\ImLpp.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
c:\Sandbox\Patrick\defaultbox\user\current\AppData\Local\Temp\Rar$EX16.400\incredimail 2 v6.03 build 4436\Stubs\e1decdf11c7d168b53808a24b139d55d1f8a316\ImApp.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portable-software\incredimail 2 v6.03 build 4436\Stubs\66431d0434a14c1cfdbe97d4f69b044fb3d28\ImLpp.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portable-software\incredimail 2 v6.03 build 4436\Stubs\e1decdf11c7d168b53808a24b139d55d1f8a316\ImApp.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
d:\portable-software\lupo pensuite\lupo_pensuite_v2011.04_full\Apps\Extra\wirelessnetview\wirelessnetview.exe (PUP.WirelessNetworkTool) -> Quarantined and deleted successfully.
d:\portable-software\lupo pensuite\lupo_pensuite_v2011.04_full\Apps\FDM Lite\dbghelp.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\portable-software\lupo pensuite\lupo_pensuite_v2011.04_full\Apps\FDM Lite\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
d:\portable-software\lupo pensuite\lupo_pensuite_v2011.04_full\Apps\notepad++\notepad++.exe (Trojan.Agent) -> Quarantined and deleted successfully.
e:\alles kopien von patrick-pc\festplatte d\eigene dateien\downloads\ECBarre\ecbarre_v_01.exe (Rogue.Installer) -> Quarantined and deleted successfully.
e:\alles kopien von patrick-pc\festplatte e\zurückgespielte sicherung\foto retouche - aufträge\robert huth\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

ESET-Scan
Log

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f57ad18b3076f243a42d81f39faaae95
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-27 06:55:24
# local_time=2011-10-27 08:55:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 636357 636357 0 0
# compatibility_mode=1280 16777215 100 0 623479 623479 0 0
# compatibility_mode=5893 16776574 100 94 17144253 71368326 0 0
# compatibility_mode=8192 67108863 100 0 194 194 0 0
# scanned=161073
# found=16
# cleaned=0
# scan_time=3262
C:\$Recycle.Bin\S-1-5-21-578715696-1811437081-2356272046-1000\$RYWFJXO.rar	probably a variant of Win32/Agent.BZKQCJL trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Patrick\AppData\Local\Temp\ICReinstall\incredimail_install629.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Patrick\Downloads\incredimail_install629.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Patrick\Downloads\Startparadies\setup.exe	probably a variant of Win32/Agent.NDJYYLS trojan (unable to clean)	00000000000000000000000000000000	I
D:\$RECYCLE.BIN\S-1-5-21-578715696-1811437081-2356272046-1000\$R9EQM6I\IncrediMail Xe Premium v5.8.5.3823\Data\4000002d00002i\ImApp.exe	probably a variant of Win32/Agent.BZKQCJL trojan (unable to clean)	00000000000000000000000000000000	I
E:\$RECYCLE.BIN\S-1-5-21-578715696-1811437081-2356272046-1000\$ROXG2WK.2010\RECYCLER\S-1-5-21-2025429265-813497703-725345543-1004\Dz208.zip	probably a variant of Win32/Agent.GCLTSRP trojan (unable to clean)	00000000000000000000000000000000	I
E:\$RECYCLE.BIN\S-1-5-21-578715696-1811437081-2356272046-1000\$RQOCPZL\Ad Muncher.4.71.28140-1742.exe	probably a variant of Win32/Hupigon.CVJPKSO trojan (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte D\Eigene Dateien\Downloads\SoftonicDownloader_fuer_unlocker-portable.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte D\Eigene Dateien\Downloads\exe-Dateien erstellen\SoftonicDownloader_fuer_inno-setup.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte D\Eigene Dateien\Downloads\Portable Video Avatar Maker\Video-Avatar-Maker-v.2.3.0.53_www.softarchive.net.rar	probably a variant of Win32/Agent.LKLWRII trojan (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte D\Eigene Dateien\Downloads\Startparadies\setup.exe	probably a variant of Win32/Agent.NDJYYLS trojan (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte D\Eigene Dateien\Downloads\Unlocker\Unlocker1.9.1.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte D\Eigene Dateien\Downloads\Xilisoft CD Ripper v6\Xilisoft CD Ripper 6.3.0.0805\Xilisoft_CD_Ripper_6.3.0.0805.zip	a variant of Win32/Injector.ITJ trojan (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte D\Eigene Dateien\Downloads\Youtube Downloader HD Portable\SoftonicDownloader_fuer_youtube-downloader-hd-portable.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte E\Uploads - Selbst gepackt (also Kopien)\Ad Muncher Archive\Ad Muncher 4.71 build 28140 - portable precracked\Ad Muncher.4.71.28140-1742.exe	probably a variant of Win32/Hupigon.CVJPKSO trojan (unable to clean)	00000000000000000000000000000000	I
E:\ALLES Kopien von Patrick-PC\Festplatte F\ehem. Z\Komplettes Laufwerk Z - 11.5.2010\RECYCLER\S-1-5-21-2025429265-813497703-725345543-1004\Dz208.zip	probably a variant of Win32/Agent.GCLTSRP trojan (unable to clean)	00000000000000000000000000000000	I
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f57ad18b3076f243a42d81f39faaae95
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-28 06:08:18
# local_time=2011-10-28 08:08:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 677415 677415 0 0
# compatibility_mode=1280 16777215 100 0 664537 664537 0 0
# compatibility_mode=5893 16776574 100 94 17185311 71409384 0 0
# compatibility_mode=8192 67108863 100 0 41252 41252 0 0
# scanned=132627
# found=4
# cleaned=0
# scan_time=2577
C:\Users\Patrick\AppData\Local\Temp\ICReinstall\incredimail_install629.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Patrick\Downloads\incredimail_install629.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Patrick\Downloads\Startparadies\setup.exe	probably a variant of Win32/Agent.NDJYYLS trojan (unable to clean)	00000000000000000000000000000000	I
E:\Windows 7.rar	a variant of Win32/HackKMS.A application (unable to clean)	00000000000000000000000000000000	I

LG,
n3m0

cosinus · 28.10.2011, 10:38

Zitat:

E:\Windows 7.rar a variant of Win32/HackKMS.A application
IncrediMail Xe Premium v5.8.5.3823\Data\4000002d00002i\ImApp.exe probably a variant of Win32/Agent.BZKQCJL trojan

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

n3m0 · 28.10.2011, 11:48

Hi,

Zitat:

Zitat von cosinus

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

das ist mir vollkommen bewusst, allerdings habe ich nix illegales gedownloadet und installiert.

Das Archov "E:\Windows 7.rar" enthält nur ein paar Daten von mir die ich gesichert habe.
Und die genannte Software "Incredimail" ist ein ganz normaler E-Mail-Client, natürlich Freeware!

Hier gibt's das z.B. zum Download:
Incredimail XE
hxxp://www.pchome.de/download/incredimail_121.html

Warum soll ich ein Freeware-Programm cracken?

Aber wenn die Neuinstallation das Sicherste ist, werde ich das natürlich machen. Ich wollte hier jetzt nur einfach klarstellen, dass ich keine Cracks verwende, die meiste Software gibts's eh auch in Freeware.

Trotzdem danke.

LG,
n3m0

cosinus · 28.10.2011, 11:59

Zitat:

Warum soll ich ein Freeware-Programm cracken?

Du hast keine freeware gecrackt, sondern eine gecrackte Premium-Version.

=> IncrediMail Xe Premium v5.8.5.3823\Data\4000002d00002i\ImApp.exe probably a variant of Win32/Agent.BZKQCJL trojan

Erkennst du den Unterschied?

n3m0 · 28.10.2011, 12:43

Hi,
na ja, jetzt wo du es sagst, bei der einen Version steht Incredimail XE Premium und bei der Freeware Variante steht entwaeder Incredimail 2 oder Incredimail XE.
Allerdings ist es alles irgendwie merkwürdig, denn wenn ich Incredimail auf meinem Rechner starte, dann öffnet sich Incredimail 2, ganz normal in der Freeware Version.
Es streht nirgends Premium und da ich die Freeware-Version kenne - hatte ich auch auf meinem alten Rechner - scheint es mir, als hätte ich auch die Freeware drauf...
Da frage ich mich ehrlich gesagt, wo die Premium herkommt.

Hier mein Screen den ich gerade von Incredimail gemacht habe:

Na ja, aber hilft dann wohl alles nix, ich werde dann nun alle Daten sichern (ausßer Programme) und Windows neu aufsetzen.

Nochmals DANKE!

LG,
n3m0

26.10.2011, 20:08	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	eventuell Backdoor-Trojaner auf meinem Rechner? Der VT-Link funktioniert nicht. Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html __________________ __________________

27.10.2011, 11:28	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	eventuell Backdoor-Trojaner auf meinem Rechner? Was ist mit dem Link von Virustotal? __________________ Logfiles bitte immer in CODE-Tags posten

eventuell Backdoor-Trojaner auf meinem Rechner?

Log-Analyse und Auswertung: eventuell Backdoor-Trojaner auf meinem Rechner?