Polizei Trojaner Win7

rok · 31.08.2012, 07:01

Hallo ich seit gestern den Polizei Trojaner.
Hab mit OTL einen Scan gemacht und bitte Euch um Auswertung.

Die Datei OTL.txt könnt Ihr unter
https://dl.dropbox.com/u/55781675/OTL-PC.Txt
downloaden.

Danke schon mal für die Hilfe.

kira · 31.08.2012, 07:10

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Hilfeleistung - geplante Vorgehensweise:

Problemsuche
Problembeseitigung/Systembereinigung
Verwendete Programme deinstallieren/entfernen
Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir (falls noch nicht vorhanden) bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

rok · 31.08.2012, 08:01

Danke für die schnelle Antwort.
Also meine Files siehe Anhang:
Die Datei OTL war zu gross zum Upload daher unten eingefügt.

OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.08.2012 08:47:07 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Rok\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,25% Memory free
15,79 Gb Paging File | 13,28 Gb Available in Paging File | 84,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,23 Gb Total Space | 34,98 Gb Free Space | 29,34% Space Free | Partition Type: NTFS
Drive D: | 7,44 Gb Total Space | 0,19 Gb Free Space | 2,61% Space Free | Partition Type: FAT32
Drive E: | 35,75 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 58,59 Gb Total Space | 0,33 Gb Free Space | 0,57% Space Free | Partition Type: NTFS
Drive G: | 97,65 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
Drive H: | 141,84 Gb Total Space | 5,68 Gb Free Space | 4,01% Space Free | Partition Type: NTFS
 
Computer Name: ROK-PC | User Name: Rok | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rok\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Rok\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
PRC - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMgrSvcInt#\bc6978890ebe28d617d1197a9056d9f0\IAStorDataMgrSvcInterfaces.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\434a5b780030de9e42bd16ad00d4c0d6\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c242783d047a6dad58b4918da88b004d\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\a4345e4ff74ec912a5219576049df7fe\System.ServiceModel.Discovery.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\8e3ba21dc083837fdc1c8b9f98c5f4bf\System.ServiceModel.Routing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\509dab10fd00e66d750ac92101fa3d7b\System.ServiceModel.Activities.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\7f49661d0e79763b30e9e99e714409a3\System.ServiceModel.Channels.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\4f8ecf03aa4a4165e6850d1d67dc445f\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2f4ce144f88caf780421d66027355f77\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\ac5d04fd61df57da0f9976440a8c6c58\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\3fe3910474b3e2a08fca9b09330a74f7\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4dd48e938a8834fe950cf0cd11603c71\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6711765f90c0082ec393943b924ed277\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\acrotray.deu ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
MOD - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (SbieSvc) -- C:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (WSWNA1100) -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\drivers\SCMNdisP.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=113480&tt=090812_bab_3212_4&babsrc=HP_ss&mntrId=e82d4ada00000000000030469a3550dd
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AD D5 80 FD 9A 77 CD 01  [binary data]
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&tt=090812_bab_3212_4&babsrc=SP_ss&mntrId=e82d4ada00000000000030469a3550dd
IE - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=113480&tt=090812_bab_3212_4&babsrc=KW_ss&mntrId=e82d4ada00000000000030469a3550dd&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.08.12 12:21:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 06:48:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.31 06:48:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.11 10:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rok\AppData\Roaming\mozilla\Extensions
[2012.08.25 15:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rok\AppData\Roaming\mozilla\Firefox\Profiles\q6rr3ar3.default\extensions
[2012.08.11 10:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.31 06:48:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.11 10:35:04 | 000,002,360 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 06:48:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.12 12:39:40 | 000,002,816 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 192.150.18.101
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.8.100
O1 - Hosts: 127.0.0.1 192.150.8.118
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 40 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-142842162-1627480802-3770059718-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Driver Genius]  File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-142842162-1627480802-3770059718-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-142842162-1627480802-3770059718-1000..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rok\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9167DD5A-369A-490E-A2DC-691D4413C0D7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.02.22 02:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.05.29 10:27:40 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fe3a0b45-e316-11e1-8149-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe3a0b45-e316-11e1-8149-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2008.02.22 02:43:08 | 000,358,248 | R--- | M] (NETGEAR Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 08:07:55 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Malwarebytes
[2012.08.31 08:07:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.31 08:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 08:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.31 08:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.31 08:07:10 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\maleware
[2012.08.31 07:48:28 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Rok\Desktop\OTL.exe
[2012.08.31 07:09:27 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012.08.29 21:56:15 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\• Haus
[2012.08.29 20:47:07 | 000,000,000 | ---D | C] -- C:\Program Files\MAXON
[2012.08.29 20:41:49 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\library
[2012.08.28 19:06:24 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\backup
[2012.08.27 18:11:18 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\__MACOSX
[2012.08.26 17:39:56 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.08.26 09:25:46 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON
[2012.08.25 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\MAXON
[2012.08.25 21:59:21 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012.08.25 21:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON
[2012.08.25 21:55:55 | 000,000,000 | ---D | C] -- C:\Maxon.Cinema.4D.R11. Architecture.Edition.retail-LeGo
[2012.08.24 11:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.08.24 11:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012.08.24 11:24:21 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\FileZilla
[2012.08.18 07:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.08.17 12:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2012.08.17 11:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.08.17 11:50:17 | 000,000,000 | ---D | C] -- C:\Samsung Galaxy S3 ToolKit
[2012.08.17 11:40:44 | 059,473,514 | ---- | C] (skipsoft, markskippen@gmail.com) -- C:\Users\Rok\Desktop\SGS3 ToolKit v2.0.exe
[2012.08.17 10:56:44 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\Kurse
[2012.08.17 10:56:09 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\Bilder Kiteschule
[2012.08.17 10:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012.08.17 10:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012.08.17 10:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.08.17 10:13:10 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2012.08.17 10:13:02 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l092.dll
[2012.08.17 10:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012.08.17 10:12:59 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012.08.17 10:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.08.17 10:12:06 | 000,902,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax9.dll
[2012.08.17 10:12:06 | 000,742,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtscl5.dll
[2012.08.17 10:12:06 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2012.08.17 10:12:06 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2012.08.17 10:12:06 | 000,503,296 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwvst01.dll
[2012.08.17 10:12:06 | 000,043,008 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwentco.dll
[2012.08.16 19:26:49 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.08.15 10:29:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.15 10:29:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.08.15 10:29:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.08.15 10:29:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.08.15 10:29:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.15 10:29:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.08.15 10:29:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.08.15 10:29:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.08.15 10:29:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.08.15 10:29:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.08.15 10:29:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.08.15 10:29:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.08.15 10:29:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.15 09:12:21 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\S3
[2012.08.15 08:20:25 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.08.15 08:20:21 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.15 08:20:21 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012.08.15 08:20:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012.08.15 08:20:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.08.15 08:20:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.08.15 08:20:19 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012.08.15 08:20:14 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.12 13:12:56 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\ATI
[2012.08.12 13:12:56 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\ATI
[2012.08.12 13:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.08.12 13:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.08.12 13:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.08.12 13:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.08.12 13:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.08.12 13:11:30 | 000,000,000 | ---D | C] -- C:\ATI
[2012.08.12 12:26:31 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\Adobe CS6 x64
[2012.08.12 12:26:31 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\Adobe CS6 x32
[2012.08.12 12:26:31 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\Acrobat X
[2012.08.12 12:26:30 | 000,950,200 | ---- | C] (ismail) -- C:\Users\Rok\Desktop\amtlib.dll
[2012.08.12 12:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.08.12 12:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.08.12 12:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.08.12 12:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012.08.12 12:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.08.12 12:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.08.12 12:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.08.12 12:10:39 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\Adobe Photoshop CS6 Patch by PainteR
[2012.08.12 12:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012.08.12 12:03:07 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Intel Corporation
[2012.08.12 12:02:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.08.12 12:02:37 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012.08.12 12:02:37 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.08.12 12:02:37 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.08.12 12:02:37 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.08.12 12:02:37 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.08.12 12:02:36 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012.08.12 12:02:36 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012.08.12 12:02:36 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012.08.12 12:02:36 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012.08.12 12:02:36 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012.08.12 12:02:36 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.08.12 12:02:36 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012.08.12 12:02:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.08.12 12:02:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.08.12 12:02:36 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.08.12 12:02:36 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012.08.12 12:02:36 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2012.08.12 12:02:36 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.08.12 12:02:36 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.08.12 12:02:36 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2012.08.12 12:02:35 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012.08.12 12:02:35 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.08.12 12:02:35 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2012.08.12 12:02:35 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2012.08.12 12:02:35 | 000,626,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll
[2012.08.12 12:02:35 | 000,561,792 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll
[2012.08.12 12:02:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.08.12 12:02:35 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2012.08.12 12:02:35 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys
[2012.08.12 12:02:34 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.08.12 12:02:34 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012.08.12 12:02:34 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012.08.12 12:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.08.12 12:00:13 | 003,223,040 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athurx.sys
[2012.08.12 12:00:13 | 003,223,040 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athurx.sys
[2012.08.12 12:00:13 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2012.08.12 12:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2012.08.12 11:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.08.12 11:59:19 | 000,645,952 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorA.sys
[2012.08.12 11:59:19 | 000,027,456 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStorF.sys
[2012.08.12 11:56:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.08.12 11:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.08.12 11:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA
[2012.08.12 11:52:12 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Leadertech
[2012.08.12 11:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2012.08.12 11:51:53 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.08.12 11:51:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.08.12 11:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.08.12 11:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.08.12 11:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012.08.12 11:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012.08.12 11:51:27 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Logitech
[2012.08.12 11:51:27 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Logishrd
[2012.08.12 11:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012.08.12 11:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012.08.12 11:46:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.08.12 11:45:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012.08.12 11:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012.08.12 11:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012.08.12 11:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2012.08.11 15:06:26 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\Windows Loader
[2012.08.11 14:51:02 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\vlc
[2012.08.11 14:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.08.11 14:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.08.11 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Rok\Documents\Outlook-Dateien
[2012.08.11 14:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.08.11 14:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.08.11 14:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.08.11 14:02:16 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.08.11 14:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.08.11 14:01:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.08.11 14:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012.08.11 14:01:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.08.11 14:01:27 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.08.11 14:00:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Dropbox
[2012.08.11 12:35:36 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\Microsoft Help
[2012.08.11 12:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.08.11 11:35:36 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012.08.11 11:35:36 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012.08.11 11:35:34 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012.08.11 11:35:34 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012.08.11 11:35:34 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012.08.11 11:35:34 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012.08.11 11:35:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012.08.11 11:35:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012.08.11 11:35:34 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012.08.11 11:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.08.11 11:33:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.08.11 11:33:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.08.11 11:29:04 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.11 11:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012.08.11 11:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.08.11 11:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.08.11 11:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.08.11 11:28:13 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\Adobe
[2012.08.11 11:26:58 | 000,000,000 | ---D | C] -- C:\Users\Rok\Desktop\64-bit
[2012.08.11 11:26:28 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\WinRAR
[2012.08.11 11:26:28 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.11 11:26:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.08.11 11:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.08.11 10:59:15 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.08.11 10:59:01 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Dropbox
[2012.08.11 10:55:34 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Macromedia
[2012.08.11 10:55:34 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\Macromedia
[2012.08.11 10:55:34 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Adobe
[2012.08.11 10:55:19 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.11 10:55:19 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.11 10:55:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.08.11 10:55:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.08.11 10:54:34 | 000,000,000 | ---D | C] -- C:\Users\Rok\temp
[2012.08.11 10:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.08.11 10:42:34 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012.08.11 10:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012.08.11 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012.08.11 10:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.08.11 10:35:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.11 10:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.11 10:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012.08.11 10:35:10 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.08.11 10:35:10 | 000,687,544 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.08.11 10:35:10 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.08.11 10:35:09 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.11 10:35:09 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.11 10:35:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.08.11 10:34:59 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Babylon
[2012.08.11 10:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.08.11 10:34:39 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.08.11 10:33:40 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Mozilla
[2012.08.11 10:33:40 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\Mozilla
[2012.08.11 10:33:39 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.08.11 10:33:39 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.08.11 10:33:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.08.11 10:33:39 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.08.11 10:33:39 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.08.11 10:33:39 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.08.11 10:33:39 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.08.11 10:33:39 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.08.11 10:33:39 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.08.11 10:33:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.08.11 10:33:39 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.08.11 10:33:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.08.11 10:33:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.08.11 10:33:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.08.11 10:33:39 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.08.11 10:33:39 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.08.11 10:33:39 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.08.11 10:33:39 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.08.11 10:33:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.08.11 10:33:39 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.08.11 10:33:39 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.08.11 10:33:39 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.08.11 10:33:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.08.11 10:33:39 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.08.11 10:33:39 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.08.11 10:33:39 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.08.11 10:33:39 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.08.11 10:33:39 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.08.11 10:33:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.08.11 10:33:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.08.11 10:33:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.08.11 10:33:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.08.11 10:33:39 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.08.11 10:33:39 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.08.11 10:33:39 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.08.11 10:33:39 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.08.11 10:33:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.08.11 10:33:39 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.08.11 10:33:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.08.11 10:33:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.08.11 10:33:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.08.11 10:33:39 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.08.11 10:33:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.08.11 10:33:39 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.08.11 10:33:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.08.11 10:33:39 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.08.11 10:33:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.08.11 10:33:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.08.11 10:33:39 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.08.11 10:33:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.08.11 10:33:39 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.08.11 10:33:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.08.11 10:33:39 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.08.11 10:33:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.08.11 10:33:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.08.11 10:33:38 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.11 10:33:38 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.11 10:33:38 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.08.11 10:33:38 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.08.11 10:31:06 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.08.11 10:31:06 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.08.11 10:31:06 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.08.11 10:30:07 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.08.11 10:30:06 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.08.11 10:30:06 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Avira
[2012.08.11 10:30:05 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.08.11 10:30:03 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012.08.11 10:30:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012.08.11 10:30:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012.08.11 10:30:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012.08.11 10:30:03 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012.08.11 10:30:03 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012.08.11 10:30:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012.08.11 10:30:03 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012.08.11 10:30:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012.08.11 10:30:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012.08.11 10:30:02 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012.08.11 10:30:02 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012.08.11 10:30:02 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012.08.11 10:30:02 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012.08.11 10:30:01 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.08.11 10:30:01 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.08.11 10:30:01 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.08.11 10:30:01 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.08.11 10:30:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.08.11 10:30:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.08.11 10:30:00 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.08.11 10:30:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.08.11 10:30:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.08.11 10:30:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.08.11 10:30:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.08.11 10:30:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.08.11 10:30:00 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.08.11 10:30:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.08.11 10:30:00 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.08.11 10:30:00 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.08.11 10:30:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.08.11 10:30:00 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.08.11 10:30:00 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.08.11 10:30:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.08.11 10:29:58 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.08.11 10:29:58 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.08.11 10:29:58 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.08.11 10:29:58 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.08.11 10:29:58 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.08.11 10:29:58 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.08.11 10:29:57 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.08.11 10:29:57 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012.08.11 10:29:57 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012.08.11 10:29:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012.08.11 10:29:57 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012.08.11 10:29:57 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012.08.11 10:29:57 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012.08.11 10:29:57 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012.08.11 10:29:57 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012.08.11 10:29:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012.08.11 10:29:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012.08.11 10:29:56 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.08.11 10:29:56 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.08.11 10:29:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.08.11 10:29:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.08.11 10:29:56 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.08.11 10:29:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012.08.11 10:29:56 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.08.11 10:29:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.08.11 10:29:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.08.11 10:29:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.08.11 10:29:55 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.08.11 10:29:55 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.08.11 10:29:55 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.08.11 10:29:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.08.11 10:29:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.08.11 10:29:53 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.08.11 10:29:53 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012.08.11 10:29:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012.08.11 10:29:52 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.08.11 10:29:52 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.08.11 10:29:52 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012.08.11 10:29:52 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.08.11 10:29:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012.08.11 10:29:52 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012.08.11 10:29:51 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.08.11 10:29:51 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.08.11 10:29:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.08.11 10:29:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.08.11 10:29:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.08.11 10:29:50 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012.08.11 10:29:50 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012.08.11 10:29:50 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012.08.11 10:29:50 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012.08.11 10:29:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.08.11 10:29:50 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012.08.11 10:29:50 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012.08.11 10:29:50 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012.08.11 10:29:47 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.08.11 10:29:47 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.08.11 10:29:47 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.08.11 10:29:47 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.08.11 10:29:47 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.08.11 10:29:47 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.08.11 10:29:47 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.08.11 10:29:47 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.08.11 10:29:47 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.08.11 10:29:47 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.08.11 10:29:47 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.08.11 10:29:47 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.08.11 10:29:47 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.08.11 10:29:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.08.11 10:29:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.08.11 10:29:46 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.08.11 10:29:45 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.08.11 10:29:45 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.08.11 10:29:44 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.08.11 10:29:44 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012.08.11 10:29:43 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.08.11 10:29:43 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012.08.11 10:29:43 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012.08.11 10:29:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012.08.11 10:29:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012.08.11 10:29:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012.08.11 10:27:51 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012.08.11 10:27:51 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012.08.11 10:27:46 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.08.11 10:27:46 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.08.11 10:27:41 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.08.11 10:27:41 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.08.11 10:27:40 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.08.11 10:27:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.08.11 10:27:39 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.08.11 10:26:58 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.08.11 10:26:58 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.08.11 10:25:52 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.08.11 10:25:52 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.08.11 10:25:52 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.08.11 10:25:50 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.08.11 10:25:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.08.11 10:25:50 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.08.11 10:25:49 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.08.11 10:25:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.08.11 10:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.08.11 10:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.08.11 10:25:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.08.11 10:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.08.11 10:20:31 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.08.11 10:20:31 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.08.11 10:20:31 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.08.11 10:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.08.11 10:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.08.11 10:13:22 | 000,026,624 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\jswpslwfx.sys
[2012.08.11 10:13:22 | 000,025,312 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2012.08.11 10:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA1100 Setup-Assistent
[2012.08.11 10:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2012.08.11 10:13:08 | 000,000,000 | ---D | C] -- C:\temp
[2012.08.11 10:08:22 | 000,041,984 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\USB3Ver.dll
[2012.08.11 10:07:46 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.08.11 10:06:50 | 000,017,192 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2012.08.11 10:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2012.08.11 10:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2012.08.11 10:06:00 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\ElevatedDiagnostics
[2012.08.10 21:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2012.08.10 21:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2012.08.10 21:10:59 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.08.10 21:10:47 | 000,000,000 | -HSD | C] -- C:\Boot
[2012.08.10 21:08:11 | 000,419,144 | ---- | C] (Lucidlogix Inc.) -- C:\Windows\SysWow64\appinit_dll.dll
[2012.08.10 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lucidlogix Technologies
[2012.08.10 21:08:11 | 000,000,000 | ---D | C] -- C:\Users\Rok\Lucidlogix
[2012.08.10 21:07:45 | 000,015,168 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2012.08.10 21:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.08.10 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2012.08.10 21:07:27 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.08.10 21:07:26 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\InstallShield
[2012.08.10 21:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.08.10 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.08.10 21:05:49 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012.08.10 21:05:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.08.10 21:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
[2012.08.10 21:05:09 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.08.10 21:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.08.10 21:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012.08.10 21:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012.08.10 21:04:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.08.10 21:03:47 | 000,000,000 | ---D | C] -- C:\Windows.old
[2012.08.10 20:18:50 | 000,000,000 | R--D | C] -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.08.10 20:18:50 | 000,000,000 | R--D | C] -- C:\Users\Rok\Searches
[2012.08.10 20:18:50 | 000,000,000 | R--D | C] -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.08.10 20:18:44 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Identities
[2012.08.10 20:18:43 | 000,000,000 | R--D | C] -- C:\Users\Rok\Contacts
[2012.08.10 20:18:42 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\VirtualStore
[2012.08.10 20:18:40 | 000,000,000 | --SD | C] -- C:\Users\Rok\AppData\Roaming\Microsoft
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Videos
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Saved Games
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Pictures
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Music
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Links
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Favorites
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Downloads
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Documents
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\Desktop
[2012.08.10 20:18:40 | 000,000,000 | R--D | C] -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Vorlagen
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\AppData\Local\Verlauf
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\AppData\Local\Temporary Internet Files
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Startmenü
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\SendTo
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Recent
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Netzwerkumgebung
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Lokale Einstellungen
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Documents\Eigene Videos
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Documents\Eigene Musik
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Eigene Dateien
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Documents\Eigene Bilder
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Druckumgebung
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Cookies
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\AppData\Local\Anwendungsdaten
[2012.08.10 20:18:40 | 000,000,000 | -HSD | C] -- C:\Users\Rok\Anwendungsdaten
[2012.08.10 20:18:40 | 000,000,000 | -H-D | C] -- C:\Users\Rok\AppData
[2012.08.10 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\Temp
[2012.08.10 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Local\Microsoft
[2012.08.10 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\Rok\AppData\Roaming\Media Center Programs
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.08.10 20:18:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.08.10 20:17:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.08.10 20:13:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.08.10 19:29:12 | 000,000,000 | ---D | C] -- C:\Intel
[2012.08.10 18:50:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.08.10 18:50:04 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.08.10 18:50:04 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.08.10 18:14:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 08:47:09 | 001,501,928 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.31 08:47:09 | 000,654,966 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.31 08:47:09 | 000,616,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.31 08:47:09 | 000,130,336 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.31 08:47:09 | 000,106,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.31 08:45:28 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 08:45:28 | 000,021,280 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 08:40:14 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.08.31 08:40:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 08:40:09 | 2064,379,903 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 08:07:46 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 08:04:46 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.31 07:41:20 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Rok\Desktop\OTL.exe
[2012.08.31 07:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 06:51:56 | 000,000,795 | ---- | M] () -- C:\Users\Rok\Desktop\Settings.ini
[2012.08.30 19:20:15 | 003,519,873 | ---- | M] () -- C:\Users\Rok\Desktop\haus_mit dach.c4d
[2012.08.30 19:20:04 | 001,258,504 | ---- | M] () -- C:\Users\Rok\Desktop\haus-richtig.c4d
[2012.08.30 17:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.08.30 12:54:10 | 000,001,456 | ---- | M] () -- C:\Users\Rok\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.08.30 11:42:13 | 000,148,971 | ---- | M] () -- C:\Users\Rok\Desktop\haus-v2_1.c4d
[2012.08.30 11:18:32 | 000,156,379 | ---- | M] () -- C:\Users\Rok\Desktop\haus-v2.c4d
[2012.08.28 19:44:23 | 000,096,005 | ---- | M] () -- C:\Users\Rok\Desktop\haus_eg.c4d
[2012.08.28 18:57:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.08.28 17:27:08 | 000,291,835 | ---- | M] () -- C:\Users\Rok\Desktop\haus linienv1.c4d
[2012.08.27 21:48:18 | 000,055,720 | ---- | M] () -- C:\Users\Rok\Desktop\haus linien.c4d
[2012.08.27 20:29:28 | 000,180,393 | ---- | M] () -- C:\Users\Rok\Desktop\haus-plan-c4d.jpg
[2012.08.27 20:28:29 | 000,217,710 | ---- | M] () -- C:\Users\Rok\Desktop\haus-plan-c4d.gif
[2012.08.26 21:09:00 | 000,071,281 | ---- | M] () -- C:\Users\Rok\Desktop\Haus 1.Stockv3.c4d
[2012.08.26 12:05:22 | 000,069,517 | ---- | M] () -- C:\Users\Rok\Desktop\Haus 1.Stockv2.c4d
[2012.08.26 11:21:57 | 000,065,036 | ---- | M] () -- C:\Users\Rok\Desktop\Haus 1.Stockv1.c4d
[2012.08.25 21:59:15 | 000,001,123 | ---- | M] () -- C:\Users\Rok\Desktop\CINEMA 4D Release 11 64 Bit.lnk
[2012.08.25 10:11:07 | 000,385,024 | ---- | M] () -- C:\Users\Rok\Desktop\hausV1.indd
[2012.08.25 09:56:22 | 008,538,361 | ---- | M] () -- C:\Users\Rok\Desktop\Punch Designv1.psd
[2012.08.25 09:55:09 | 000,081,999 | ---- | M] () -- C:\Users\Rok\Desktop\Punch Designv1.pdf
[2012.08.24 21:55:56 | 000,000,382 | ---- | M] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2012.08.24 11:58:24 | 000,015,546 | ---- | M] () -- C:\Users\Rok\Desktop\FileZilla.xml
[2012.08.23 10:15:15 | 000,001,456 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012.08.17 12:58:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.17 12:58:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.17 12:39:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.08.17 11:50:18 | 000,001,612 | ---- | M] () -- C:\Users\Rok\Desktop\Samsung GS3 ToolKit v2.0.lnk
[2012.08.17 11:42:04 | 059,473,514 | ---- | M] (skipsoft, markskippen@gmail.com) -- C:\Users\Rok\Desktop\SGS3 ToolKit v2.0.exe
[2012.08.17 10:50:13 | 002,883,204 | ---- | M] () -- C:\Users\Rok\Desktop\vollmacht-klimstein.pdf
[2012.08.17 10:14:40 | 000,144,857 | ---- | M] () -- C:\Windows\hpwins28.dat
[2012.08.16 20:18:21 | 000,076,255 | ---- | M] () -- C:\Users\Rok\Desktop\haus.pdf
[2012.08.16 20:17:18 | 000,659,456 | ---- | M] () -- C:\Users\Rok\Desktop\haus.indd
[2012.08.16 19:35:13 | 000,941,656 | ---- | M] () -- C:\Users\Rok\Desktop\HAUS_GRUNDRISS1.psd
[2012.08.15 11:24:21 | 004,965,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.12 13:07:53 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.08.12 12:39:40 | 000,002,816 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.12 12:21:57 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.08.12 12:04:06 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.12 11:51:53 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.08.12 11:43:18 | 000,001,215 | ---- | M] () -- C:\Users\Rok\Desktop\Driver Genius Professional Edition.lnk
[2012.08.11 15:21:50 | 000,341,746 | RHS- | M] () -- C:\DAECP
[2012.08.11 10:59:20 | 000,001,053 | ---- | M] () -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.11 10:35:09 | 000,000,315 | ---- | M] () -- C:\user.js
[2012.08.11 10:35:06 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.11 10:35:06 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.11 10:33:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012.08.11 10:33:39 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012.08.11 10:33:39 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.08.11 10:33:39 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.08.11 10:33:39 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012.08.11 10:33:39 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012.08.11 10:33:39 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012.08.11 10:33:39 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012.08.11 10:33:39 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.08.11 10:33:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012.08.11 10:33:39 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012.08.11 10:33:39 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.08.11 10:33:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012.08.11 10:33:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.08.11 10:33:39 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012.08.11 10:33:39 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.08.11 10:33:39 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012.08.11 10:33:39 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012.08.11 10:33:39 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.08.11 10:33:39 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.08.11 10:33:39 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.08.11 10:33:39 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012.08.11 10:33:39 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012.08.11 10:33:39 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012.08.11 10:33:39 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.08.11 10:33:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.08.11 10:33:39 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012.08.11 10:33:39 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.08.11 10:33:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012.08.11 10:33:39 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012.08.11 10:33:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012.08.11 10:33:39 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012.08.11 10:33:39 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012.08.11 10:33:39 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.08.11 10:33:39 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.08.11 10:33:39 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012.08.11 10:33:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012.08.11 10:33:39 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012.08.11 10:33:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012.08.11 10:33:39 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012.08.11 10:33:39 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012.08.11 10:33:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.08.11 10:33:39 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.08.11 10:33:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012.08.11 10:33:39 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.08.11 10:33:39 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012.08.11 10:33:39 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012.08.11 10:33:39 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.08.11 10:33:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012.08.11 10:33:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.08.11 10:33:39 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.08.11 10:33:39 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012.08.11 10:33:39 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.08.11 10:33:39 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012.08.11 10:33:39 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012.08.11 10:33:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012.08.11 10:33:39 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012.08.11 10:33:38 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.11 10:33:38 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.08.11 10:33:38 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012.08.11 10:33:38 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012.08.11 10:13:21 | 000,000,908 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Setup-Assistent.lnk
[2012.08.11 10:08:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012.08.10 21:10:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012.08.10 20:16:43 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.08.10 20:16:43 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.08.10 20:15:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.08.31 08:07:46 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 07:21:38 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.31 07:07:58 | 028,295,168 | ---- | C] () -- C:\Users\Rok\Desktop\Microsoft Toolkit.exe
[2012.08.30 15:29:54 | 001,258,504 | ---- | C] () -- C:\Users\Rok\Desktop\haus-richtig.c4d
[2012.08.30 11:42:29 | 003,519,873 | ---- | C] () -- C:\Users\Rok\Desktop\haus_mit dach.c4d
[2012.08.30 11:22:21 | 000,148,971 | ---- | C] () -- C:\Users\Rok\Desktop\haus-v2_1.c4d
[2012.08.30 10:52:57 | 000,156,379 | ---- | C] () -- C:\Users\Rok\Desktop\haus-v2.c4d
[2012.08.28 19:06:12 | 000,096,005 | ---- | C] () -- C:\Users\Rok\Desktop\haus_eg.c4d
[2012.08.28 18:57:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.08.28 17:27:08 | 000,291,835 | ---- | C] () -- C:\Users\Rok\Desktop\haus linienv1.c4d
[2012.08.27 21:11:31 | 000,055,720 | ---- | C] () -- C:\Users\Rok\Desktop\haus linien.c4d
[2012.08.27 20:29:28 | 000,180,393 | ---- | C] () -- C:\Users\Rok\Desktop\haus-plan-c4d.jpg
[2012.08.27 20:17:54 | 000,217,710 | ---- | C] () -- C:\Users\Rok\Desktop\haus-plan-c4d.gif
[2012.08.26 21:09:00 | 000,071,281 | ---- | C] () -- C:\Users\Rok\Desktop\Haus 1.Stockv3.c4d
[2012.08.26 11:22:04 | 000,069,517 | ---- | C] () -- C:\Users\Rok\Desktop\Haus 1.Stockv2.c4d
[2012.08.26 10:14:40 | 000,065,036 | ---- | C] () -- C:\Users\Rok\Desktop\Haus 1.Stockv1.c4d
[2012.08.25 21:59:15 | 000,001,123 | ---- | C] () -- C:\Users\Rok\Desktop\CINEMA 4D Release 11 64 Bit.lnk
[2012.08.25 10:11:07 | 000,385,024 | ---- | C] () -- C:\Users\Rok\Desktop\hausV1.indd
[2012.08.25 09:56:21 | 008,538,361 | ---- | C] () -- C:\Users\Rok\Desktop\Punch Designv1.psd
[2012.08.25 09:55:09 | 000,081,999 | ---- | C] () -- C:\Users\Rok\Desktop\Punch Designv1.pdf
[2012.08.24 21:55:56 | 000,000,382 | ---- | C] () -- C:\Windows\SysWow64\SystemPreferences.xml
[2012.08.24 11:58:24 | 000,015,546 | ---- | C] () -- C:\Users\Rok\Desktop\FileZilla.xml
[2012.08.17 12:39:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012.08.17 11:50:18 | 000,001,612 | ---- | C] () -- C:\Users\Rok\Desktop\Samsung GS3 ToolKit v2.0.lnk
[2012.08.17 11:07:28 | 000,001,456 | ---- | C] () -- C:\Users\Rok\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2012.08.17 10:50:06 | 002,883,204 | ---- | C] () -- C:\Users\Rok\Desktop\vollmacht-klimstein.pdf
[2012.08.17 10:12:44 | 000,144,857 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.08.17 10:12:44 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2012.08.16 20:18:17 | 000,076,255 | ---- | C] () -- C:\Users\Rok\Desktop\haus.pdf
[2012.08.16 19:40:18 | 000,659,456 | ---- | C] () -- C:\Users\Rok\Desktop\haus.indd
[2012.08.16 19:35:13 | 000,941,656 | ---- | C] () -- C:\Users\Rok\Desktop\HAUS_GRUNDRISS1.psd
[2012.08.12 13:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.12 12:21:57 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.08.12 12:21:57 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.08.12 12:21:57 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012.08.12 12:16:40 | 000,001,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.08.12 12:15:25 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.08.12 12:04:06 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.12 12:02:36 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2012.08.12 12:02:36 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.08.12 12:00:13 | 000,022,819 | ---- | C] () -- C:\Windows\SysNative\netathurx.inf
[2012.08.12 12:00:13 | 000,008,424 | ---- | C] () -- C:\Windows\SysNative\athurextx.cat
[2012.08.12 11:56:48 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012.08.12 11:56:48 | 000,000,828 | ---- | C] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012.08.12 11:43:18 | 000,001,215 | ---- | C] () -- C:\Users\Rok\Desktop\Driver Genius Professional Edition.lnk
[2012.08.11 15:21:50 | 000,341,746 | RHS- | C] () -- C:\DAECP
[2012.08.11 15:15:41 | 000,000,795 | ---- | C] () -- C:\Users\Rok\Desktop\Settings.ini
[2012.08.11 11:29:03 | 000,001,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.08.11 10:59:20 | 000,001,053 | ---- | C] () -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.08.11 10:55:19 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 10:54:34 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.08.11 10:36:52 | 000,001,456 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.08.11 10:35:26 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2012.08.11 10:35:26 | 000,001,953 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2012.08.11 10:35:26 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2012.08.11 10:35:09 | 000,000,315 | ---- | C] () -- C:\user.js
[2012.08.11 10:33:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.08.11 10:33:39 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.08.11 10:25:29 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.11 10:13:21 | 000,000,908 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Setup-Assistent.lnk
[2012.08.11 10:08:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2012.08.10 21:10:47 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2012.08.10 21:10:47 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012.08.10 20:18:52 | 000,001,413 | ---- | C] () -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.08.10 20:18:51 | 000,001,447 | ---- | C] () -- C:\Users\Rok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.08.10 20:16:34 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.08.10 20:16:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.08.10 20:15:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.08.10 18:45:18 | 2064,379,903 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.21 12:09:34 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.05.21 12:09:34 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.05.21 11:57:50 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.05.21 10:49:38 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

< End of report >

--- --- ---

[/code]

kira · 31.08.2012, 23:59

da haben wir ein kleines Problemchen...
Das Installieren von "nicht legal erworbene Software" ist eine ziemlich sichere Methode, ein Rechner zu infizieren:

Zitat:

C:\Users\Rok\Desktop\Adobe Photoshop CS6 Patch by PainteR\adobe.photoshop.cs6-patch.exe (PUP.RiskwareTool.CK) -> Keine Aktion durchgeführt.
F:\O&O PartitionManager Professional Edition 3.0.199 32-Bit-64-Bit\Key-Generator\CORE10k.EXE (Dont.Steal.Our.Software) -> Keine Aktion durchgeführt.
G:\Programme\Adobe.Acrobat.X.Pro.v10.0.3.Multilingual-PLZ\CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Keine Aktion durchgeführt.
G:\Programme\Adobe.Acrobat.X.Pro.v10.0.3.Multilingual-PLZ\CORE\keygen.exe (Trojan.Agent.CK) -> Keine Aktion durchgeführt.

Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, weil ja durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, Hilfe unsererseits ist gar nicht möglich. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:-> Ich möchte dich darauf hinweisen, dass wir bei Verwendung von Keygens & Cracks keine Beihilfe leisten wollen! :-> Forumregel:- Cracks, Keygens und andere illegale Software
Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc formatiers und Windows (ohne Cracks & Keygens) neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

Zitat:

Sinn & Zweck der Sache - Viren Trojaner Würmer:
Ein Wurm, der fast als "guter Wurm" bezeichnet werden kann, zieht durch
das Netz und verbeitet sich über die File-Sharing Netzwerke BearShare, KaZaA
eMule & Co
Der Wurm besitzt unzählige verschiedene Namen bekannter Cracks oder
Keygeneratoren zur illegalen Benutzung von kommerzieller Software. Wer gezielt
nach solchen Dateien sucht, könnte also durchaus auch auf eine Wurmkopie
treffen.

Polizei Trojaner Win7

Log-Analyse und Auswertung: Polizei Trojaner Win7