auslesen von logfile

snow82 · 21.02.2010, 11:21

OTL logfile created on: 21.02.2010 11:10:07 - Run 6
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\snow\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 755,45 Gb Free Space | 82,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNOW-PC
Current User Name: snow
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.02.16 18:51:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\snow\Downloads\OTL.exe
PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.10 15:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

========== Modules (SafeList) ==========

MOD - [2010.02.16 18:51:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\snow\Downloads\OTL.exe
MOD - [2010.01.22 17:26:16 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_extra.m32
MOD - [2010.01.22 17:26:04 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_nt.m32
MOD - [2010.01.22 17:25:44 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_net.m32
MOD - [2010.01.22 17:25:36 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_fragments.m32
MOD - [2010.01.22 17:25:20 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_registry.m32
MOD - [2010.01.22 17:25:12 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_base.m32
MOD - [2010.01.22 17:22:50 | 000,217,088 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\midas32.dll
MOD - [2009.04.11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.02.05 18:41:20 | 002,296,024 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010.02.01 12:57:24 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.01.11 13:04:10 | 000,405,920 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2009.10.19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009.09.25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.03.30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.02.15 22:37:38 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.02.01 13:02:24 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.01 12:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.10.23 14:45:44 | 000,392,192 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009.03.30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008.10.21 13:00:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2006.11.02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.02.15 16:36:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.02.15 15:25:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.02.15 22:57:53 | 000,000,000 | ---D | M]

[2010.02.15 15:26:06 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\mozilla\Extensions
[2010.02.20 08:21:56 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\mozilla\Firefox\Profiles\wqgletmg.default\extensions
[2010.02.15 23:01:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\snow\AppData\Roaming\mozilla\Firefox\Profiles\wqgletmg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.19 15:04:41 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\mozilla\Firefox\Profiles\wqgletmg.default\extensions\DTToolbar@toolbarnet.com
[2010.02.19 15:04:32 | 000,002,055 | ---- | M] () -- C:\Users\snow\AppData\Roaming\Mozilla\FireFox\Profiles\wqgletmg.default\searchplugins\daemon-search.xml
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\snow\AppData\Roaming\Mozilla\FireFox\Profiles\wqgletmg.default\searchplugins\icqplugin.xml
[2010.02.15 22:57:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\snow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\snow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{66bd30ca-1e55-11df-9a3e-001d0fb1579b}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.02.20 22:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010.02.20 14:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy2
[2010.02.20 14:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeeGTs Games
[2010.02.20 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2010.02.20 13:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2010.02.20 10:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010.02.20 10:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.02.20 10:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.02.20 09:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.02.20 09:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.02.20 09:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.02.20 09:51:35 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Engelmann Media
[2010.02.20 09:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S.A.D
[2010.02.20 08:18:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.02.19 15:48:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.02.19 15:45:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.02.19 15:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.02.19 15:44:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010.02.19 15:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.02.19 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.02.19 15:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010.02.19 15:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.02.19 14:53:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\DAEMON Tools Lite
[2010.02.19 14:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.02.17 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Malwarebytes
[2010.02.17 17:34:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.17 17:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.17 17:34:41 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.17 17:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.17 17:32:45 | 000,000,000 | ---D | C] -- C:\Snort
[2010.02.16 18:32:49 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.02.15 23:54:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\TrueCrypt
[2010.02.15 23:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.02.15 23:51:39 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.15 23:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt
[2010.02.15 23:50:31 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\WinRAR
[2010.02.15 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\snow\Documents\AnyDVDHD
[2010.02.15 23:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010.02.15 23:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2010.02.15 23:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
[2010.02.15 23:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010.02.15 23:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.02.15 23:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.02.15 22:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.15 22:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.02.15 22:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.02.15 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\NoNameScript
[2010.02.15 22:49:25 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\mIRC
[2010.02.15 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010.02.15 22:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.02.15 22:44:32 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\TeamViewer
[2010.02.15 22:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010.02.15 22:40:01 | 000,000,000 | ---D | C] -- C:\Programme\PeerBlock
[2010.02.15 22:38:40 | 000,000,000 | ---D | C] -- C:\Users\snow\Documents\DVDVideoSoft
[2010.02.15 22:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.02.15 22:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.02.15 22:37:40 | 000,034,632 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.02.15 22:37:39 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.02.15 22:37:39 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.02.15 22:37:39 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.02.15 22:37:39 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.02.15 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\TuneUp Software
[2010.02.15 22:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2010.02.15 22:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.02.15 22:36:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.02.15 22:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.02.15 22:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.02.15 22:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.02.15 22:29:07 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\ICQ
[2010.02.15 22:29:07 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\AOL
[2010.02.15 22:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0
[2010.02.15 22:28:38 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.02.15 22:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2010.02.15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\uTorrent
[2010.02.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.02.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010.02.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010.02.15 21:19:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010.02.15 20:19:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010.02.15 19:02:40 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\LogiShrd
[2010.02.15 19:02:26 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Leadertech
[2010.02.15 19:02:10 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.02.15 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.02.15 17:27:29 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Microsoft Help
[2010.02.15 16:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\BitDefender
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.02.15 16:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2010.02.15 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Mozilla
[2010.02.15 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Mozilla
[2010.02.15 15:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.02.15 14:56:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\logishrd
[2010.02.15 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Macromedia
[2010.02.15 14:50:02 | 000,257,536 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\rt73.sys
[2010.02.15 14:42:36 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Nero
[2010.02.15 14:29:43 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Google
[2010.02.15 14:27:57 | 000,324,920 | ---- | C] (Packard Bell) -- C:\Windows\SysWow64\chwallp.exe
[2010.02.15 14:24:27 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Adobe
[2010.02.15 14:23:00 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysNative\drivers\int15_64.sys
[2010.02.15 14:22:49 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15_64.sys
[2010.02.15 14:22:49 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15.sys
[2010.02.15 14:22:19 | 000,000,000 | ---D | C] -- C:\Programme\PACKARDBELL
[2010.02.15 14:21:36 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Symantec
[2010.02.15 14:21:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Packard Bell
[2010.02.15 14:21:13 | 000,000,000 | R--D | C] -- C:\Users\snow\Searches
[2010.02.15 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Identities
[2010.02.15 14:21:02 | 000,000,000 | R--D | C] -- C:\Users\snow\Contacts
[2010.02.15 14:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.02.15 14:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.02.15 14:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.02.15 14:20:10 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\VirtualStore
[2010.02.15 14:20:08 | 000,000,000 | --SD | C] -- C:\Users\snow\AppData\Roaming\Microsoft
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Videos
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Saved Games
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Pictures
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Music
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Links
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Favorites
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Downloads
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Documents
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Desktop
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Vorlagen
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\AppData\Local\Verlauf
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\AppData\Local\Temporary Internet Files
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Startmenü
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\SendTo
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Recent
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Netzwerkumgebung
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Lokale Einstellungen
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Documents\Eigene Videos
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Documents\Eigene Musik
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Eigene Dateien
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Documents\Eigene Bilder
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Druckumgebung
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Cookies
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\AppData\Local\Anwendungsdaten
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Anwendungsdaten
[2010.02.15 14:20:08 | 000,000,000 | -H-D | C] -- C:\Users\snow\AppData
[2010.02.15 14:20:08 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Temp
[2010.02.15 14:20:08 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Microsoft
[2010.02.15 14:20:08 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Media Center Programs
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.02.15 13:13:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.02.15 13:09:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 14 Days ==========

[2010.02.21 11:15:03 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.21 11:15:03 | 000,582,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.21 11:15:03 | 000,096,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.21 11:15:02 | 000,603,048 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.02.21 11:15:02 | 000,117,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.02.21 11:14:28 | 001,310,720 | ---- | M] () -- C:\Users\snow\NTUSER.DAT
[2010.02.21 11:09:02 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.02.21 11:09:01 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.02.21 11:08:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.21 11:08:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.21 11:08:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.02.21 11:08:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.21 11:08:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.21 11:08:45 | 4293,120,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.21 07:59:03 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.21 07:58:22 | 003,951,945 | -H-- | M] () -- C:\Users\snow\AppData\Local\IconCache.db
[2010.02.21 07:38:01 | 000,000,020 | -HS- | M] () -- C:\Users\snow\ntuser.ini
[2010.02.21 00:18:08 | 000,524,288 | -HS- | M] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.02.21 00:18:08 | 000,065,536 | -HS- | M] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TM.blf
[2010.02.21 00:17:40 | 000,018,944 | ---- | M] () -- C:\Users\snow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.20 22:14:27 | 000,001,101 | ---- | M] () -- C:\Users\snow\Desktop\Revo Uninstaller.lnk
[2010.02.20 14:05:46 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\farm2.exe.lnk
[2010.02.20 09:48:24 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\GameJack 6.lnk
[2010.02.19 23:22:02 | 000,524,288 | -HS- | M] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.02.19 15:04:18 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.02.19 14:54:31 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.02.17 17:34:47 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.16 18:39:59 | 000,000,036 | ---- | M] () -- C:\Users\snow\AppData\Local\housecall.guid.cache
[2010.02.16 10:18:52 | 000,076,664 | ---- | M] () -- C:\Users\snow\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.15 23:51:44 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.02.15 23:51:39 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.15 23:31:21 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.02.15 23:30:43 | 000,322,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.02.15 23:28:33 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010.02.15 23:24:25 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010.02.15 23:01:16 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.02.15 22:52:00 | 000,001,800 | ---- | M] () -- C:\Users\snow\Desktop\Launch NNScript.lnk
[2010.02.15 22:49:25 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.02.15 22:44:30 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.02.15 22:40:01 | 000,000,820 | ---- | M] () -- C:\Users\snow\Desktop\PeerBlock.lnk
[2010.02.15 22:38:41 | 000,001,076 | ---- | M] () -- C:\Users\snow\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.15 22:37:37 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.02.15 22:37:37 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.15 22:34:28 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.02.15 22:29:32 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.02.15 21:43:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.02.15 20:16:35 | 000,000,025 | ---- | M] () -- C:\Users\snow\AppData\Roaming\bdfvconp.ini
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\wsbl.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\phar_unmip.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\phar_histprot.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_white.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_summ.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_spoof.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_fuzzy.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_black.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_sbl.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_bl.sig
[2010.02.15 16:40:22 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\asdict.dat
[2010.02.15 16:40:22 | 000,000,004 | ---- | M] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.02.15 16:39:42 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.15 16:36:58 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2010.lnk
[2010.02.15 15:26:00 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.02.15 15:25:57 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.15 14:42:44 | 000,001,024 | ---- | M] () -- C:\Users\snow\.rnd
[2010.02.15 14:24:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\PACKARDBELLBV_IMEDIAX5500GE_MCP73_103801880373.MRK
[2010.02.15 13:16:39 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2010.02.21 07:38:01 | 000,000,020 | -HS- | C] () -- C:\Users\snow\ntuser.ini
[2010.02.20 22:14:27 | 000,001,101 | ---- | C] () -- C:\Users\snow\Desktop\Revo Uninstaller.lnk
[2010.02.20 14:05:46 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\farm2.exe.lnk
[2010.02.20 09:48:24 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\GameJack 6.lnk
[2010.02.19 23:19:34 | 000,524,288 | -HS- | C] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.02.19 23:19:34 | 000,524,288 | -HS- | C] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.02.19 23:19:34 | 000,065,536 | -HS- | C] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TM.blf
[2010.02.19 15:04:18 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.02.19 14:54:31 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.02.18 19:14:53 | 000,018,944 | ---- | C] () -- C:\Users\snow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.17 17:34:47 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.16 19:06:59 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.16 19:06:48 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.02.16 18:39:59 | 000,000,036 | ---- | C] () -- C:\Users\snow\AppData\Local\housecall.guid.cache
[2010.02.16 18:36:41 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010.02.16 18:36:41 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010.02.15 23:51:44 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.02.15 23:28:33 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010.02.15 23:28:03 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.15 23:24:25 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010.02.15 23:01:16 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.02.15 22:52:00 | 000,001,800 | ---- | C] () -- C:\Users\snow\Desktop\Launch NNScript.lnk
[2010.02.15 22:49:25 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.02.15 22:44:30 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.02.15 22:40:01 | 000,000,820 | ---- | C] () -- C:\Users\snow\Desktop\PeerBlock.lnk
[2010.02.15 22:38:41 | 000,001,076 | ---- | C] () -- C:\Users\snow\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.15 22:37:37 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.02.15 22:37:37 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.15 22:34:28 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.02.15 22:34:28 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.02.15 22:34:28 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.02.15 22:29:32 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.02.15 21:43:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.02.15 20:16:35 | 000,000,025 | ---- | C] () -- C:\Users\snow\AppData\Roaming\bdfvconp.ini
[2010.02.15 20:12:21 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2010.02.15 20:12:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.02.15 20:12:14 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2010.02.15 20:12:02 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2010.02.15 20:12:01 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2010.02.15 20:11:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.02.15 20:11:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010.02.15 20:11:57 | 003,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2010.02.15 20:11:57 | 003,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2010.02.15 20:11:57 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2010.02.15 20:11:41 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2010.02.15 20:11:39 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010.02.15 20:11:39 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2010.02.15 20:11:36 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.02.15 20:11:18 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2010.02.15 20:11:18 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2010.02.15 20:11:00 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2010.02.15 20:11:00 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2010.02.15 19:32:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.02.15 19:32:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010.02.15 19:32:34 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010.02.15 19:32:34 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\wsbl.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\phar_unmip.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\phar_histprot.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_white.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_summ.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_spoof.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_fuzzy.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_black.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_sbl.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_bl.sig
[2010.02.15 16:42:52 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.15 16:40:22 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\asdict.dat
[2010.02.15 16:40:22 | 000,000,004 | ---- | C] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.02.15 16:39:42 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.15 16:36:58 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2010.lnk
[2010.02.15 15:49:39 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010.02.15 15:26:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.15 15:25:57 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.15 14:42:54 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2010.02.15 14:42:43 | 000,001,024 | ---- | C] () -- C:\Users\snow\.rnd
[2010.02.15 14:24:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\PACKARDBELLBV_IMEDIAX5500GE_MCP73_103801880373.MRK
[2010.02.15 14:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.02.15 14:23:00 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\INT15_64.dll
[2010.02.15 14:20:12 | 4293,120,000 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.15 14:20:08 | 001,310,720 | ---- | C] () -- C:\Users\snow\NTUSER.DAT
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.10.21 13:08:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010.02.15 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\BitDefender
[2010.02.19 15:25:24 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\DAEMON Tools Lite
[2010.02.20 09:51:35 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\Engelmann Media
[2010.02.15 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\ICQ
[2010.02.15 19:02:26 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\Leadertech
[2010.02.19 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\NoNameScript
[2010.02.15 22:44:32 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\TeamViewer
[2010.02.15 23:54:35 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\TrueCrypt
[2010.02.15 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\TuneUp Software
[2010.02.20 21:36:10 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\uTorrent
[2010.02.21 07:59:02 | 000,016,840 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

denke habe mir da was eingefangen,wäre nett wenn mir jemand helfen könnte die files auszulesen was mir soweit suspekt vorkommt sind die ganzen files mit windows/sysnative und dann die endungen wie hate oder ähnliches

bitte um schnelle hilfe,schon mal danke im vorraus

snow82 · 21.02.2010, 11:56

OTL logfile created on: 21.02.2010 11:10:07 - Run 6
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\snow\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 755,45 Gb Free Space | 82,40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SNOW-PC
Current User Name: snow
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.02.16 18:51:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\snow\Downloads\OTL.exe
PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.10 15:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

========== Modules (SafeList) ==========

MOD - [2010.02.16 18:51:50 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\snow\Downloads\OTL.exe
MOD - [2010.01.22 17:26:16 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_extra.m32
MOD - [2010.01.22 17:26:04 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_nt.m32
MOD - [2010.01.22 17:25:44 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_net.m32
MOD - [2010.01.22 17:25:36 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_fragments.m32
MOD - [2010.01.22 17:25:20 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_registry.m32
MOD - [2010.01.22 17:25:12 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_base.m32
MOD - [2010.01.22 17:22:50 | 000,217,088 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\midas32.dll
MOD - [2009.04.11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.02.05 18:41:20 | 002,296,024 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010.02.01 12:57:24 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.01.11 13:04:10 | 000,405,920 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2009.10.19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009.09.25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.03.30 17:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.02.15 22:37:38 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.02.01 13:02:24 | 001,393,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.01 12:57:16 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.10.23 14:45:44 | 000,392,192 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009.03.30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008.10.21 13:00:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2006.11.02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.02.15 16:36:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.02.15 15:25:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.02.15 22:57:53 | 000,000,000 | ---D | M]

[2010.02.15 15:26:06 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\mozilla\Extensions
[2010.02.20 08:21:56 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\mozilla\Firefox\Profiles\wqgletmg.default\extensions
[2010.02.15 23:01:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\snow\AppData\Roaming\mozilla\Firefox\Profiles\wqgletmg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.19 15:04:41 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\mozilla\Firefox\Profiles\wqgletmg.default\extensions\DTToolbar@toolbar net.com
[2010.02.19 15:04:32 | 000,002,055 | ---- | M] () -- C:\Users\snow\AppData\Roaming\Mozilla\FireFox\Profiles\wqgletmg.default\searchplugins\daemon-search.xml
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\snow\AppData\Roaming\Mozilla\FireFox\Profiles\wqgletmg.default\searchplugins\icqplugin.xml
[2010.02.15 22:57:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\snow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\snow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{66bd30ca-1e55-11df-9a3e-001d0fb1579b}\Shell\AutoRun\command - "" = J:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.02.20 22:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010.02.20 14:05:52 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy2
[2010.02.20 14:05:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LeeGTs Games
[2010.02.20 13:47:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2010.02.20 13:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2010.02.20 10:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010.02.20 10:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.02.20 10:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.02.20 09:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.02.20 09:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.02.20 09:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.02.20 09:51:35 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Engelmann Media
[2010.02.20 09:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S.A.D
[2010.02.20 08:18:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.02.19 15:48:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.02.19 15:45:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.02.19 15:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.02.19 15:44:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2010.02.19 15:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.02.19 15:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.02.19 15:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2010.02.19 15:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.02.19 14:53:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\DAEMON Tools Lite
[2010.02.19 14:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.02.17 17:34:48 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Malwarebytes
[2010.02.17 17:34:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.17 17:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.17 17:34:41 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.17 17:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.17 17:32:45 | 000,000,000 | ---D | C] -- C:\Snort
[2010.02.16 18:32:49 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.02.15 23:54:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\TrueCrypt
[2010.02.15 23:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.02.15 23:51:39 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.15 23:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt
[2010.02.15 23:50:31 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\WinRAR
[2010.02.15 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\snow\Documents\AnyDVDHD
[2010.02.15 23:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010.02.15 23:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2010.02.15 23:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
[2010.02.15 23:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010.02.15 23:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.02.15 23:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.02.15 22:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.15 22:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.02.15 22:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.02.15 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\NoNameScript
[2010.02.15 22:49:25 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\mIRC
[2010.02.15 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010.02.15 22:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.02.15 22:44:32 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\TeamViewer
[2010.02.15 22:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010.02.15 22:40:01 | 000,000,000 | ---D | C] -- C:\Programme\PeerBlock
[2010.02.15 22:38:40 | 000,000,000 | ---D | C] -- C:\Users\snow\Documents\DVDVideoSoft
[2010.02.15 22:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.02.15 22:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.02.15 22:37:40 | 000,034,632 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.02.15 22:37:39 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.02.15 22:37:39 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.02.15 22:37:39 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.02.15 22:37:39 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.02.15 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\TuneUp Software
[2010.02.15 22:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2010.02.15 22:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.02.15 22:36:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.02.15 22:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.02.15 22:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.02.15 22:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.02.15 22:29:07 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\ICQ
[2010.02.15 22:29:07 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\AOL
[2010.02.15 22:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0
[2010.02.15 22:28:38 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.02.15 22:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2010.02.15 22:21:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\uTorrent
[2010.02.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.02.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010.02.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010.02.15 21:19:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010.02.15 21:19:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010.02.15 20:19:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010.02.15 19:02:40 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\LogiShrd
[2010.02.15 19:02:26 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Leadertech
[2010.02.15 19:02:10 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.02.15 18:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.02.15 17:27:29 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Microsoft Help
[2010.02.15 16:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\BitDefender
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender
[2010.02.15 16:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.02.15 16:35:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2010.02.15 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Mozilla
[2010.02.15 15:25:59 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Mozilla
[2010.02.15 15:25:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.02.15 14:56:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\logishrd
[2010.02.15 14:52:37 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Macromedia
[2010.02.15 14:50:02 | 000,257,536 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\rt73.sys
[2010.02.15 14:42:36 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Nero
[2010.02.15 14:29:43 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Google
[2010.02.15 14:27:57 | 000,324,920 | ---- | C] (Packard Bell) -- C:\Windows\SysWow64\chwallp.exe
[2010.02.15 14:24:27 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Adobe
[2010.02.15 14:23:00 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysNative\drivers\int15_64.sys
[2010.02.15 14:22:49 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15_64.sys
[2010.02.15 14:22:49 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15.sys
[2010.02.15 14:22:19 | 000,000,000 | ---D | C] -- C:\Programme\PACKARDBELL
[2010.02.15 14:21:36 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Symantec
[2010.02.15 14:21:20 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Packard Bell
[2010.02.15 14:21:13 | 000,000,000 | R--D | C] -- C:\Users\snow\Searches
[2010.02.15 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Identities
[2010.02.15 14:21:02 | 000,000,000 | R--D | C] -- C:\Users\snow\Contacts
[2010.02.15 14:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.02.15 14:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.02.15 14:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.02.15 14:20:10 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\VirtualStore
[2010.02.15 14:20:08 | 000,000,000 | --SD | C] -- C:\Users\snow\AppData\Roaming\Microsoft
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Videos
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Saved Games
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Pictures
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Music
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Links
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Favorites
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Downloads
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Documents
[2010.02.15 14:20:08 | 000,000,000 | R--D | C] -- C:\Users\snow\Desktop
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Vorlagen
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\AppData\Local\Verlauf
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\AppData\Local\Temporary Internet Files
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Startmenü
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\SendTo
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Recent
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Netzwerkumgebung
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Lokale Einstellungen
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Documents\Eigene Videos
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Documents\Eigene Musik
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Eigene Dateien
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Documents\Eigene Bilder
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Druckumgebung
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Cookies
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\AppData\Local\Anwendungsdaten
[2010.02.15 14:20:08 | 000,000,000 | -HSD | C] -- C:\Users\snow\Anwendungsdaten
[2010.02.15 14:20:08 | 000,000,000 | -H-D | C] -- C:\Users\snow\AppData
[2010.02.15 14:20:08 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Temp
[2010.02.15 14:20:08 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Local\Microsoft
[2010.02.15 14:20:08 | 000,000,000 | ---D | C] -- C:\Users\snow\AppData\Roaming\Media Center Programs
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.02.15 14:17:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.02.15 13:13:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.02.15 13:09:55 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 14 Days ==========

[2010.02.21 11:15:03 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.21 11:15:03 | 000,582,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.21 11:15:03 | 000,096,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.21 11:15:02 | 000,603,048 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.02.21 11:15:02 | 000,117,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.02.21 11:14:28 | 001,310,720 | ---- | M] () -- C:\Users\snow\NTUSER.DAT
[2010.02.21 11:09:02 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.02.21 11:09:01 | 000,034,800 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.02.21 11:08:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.21 11:08:56 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.21 11:08:52 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.02.21 11:08:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.21 11:08:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.21 11:08:45 | 4293,120,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.21 07:59:03 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.21 07:58:22 | 003,951,945 | -H-- | M] () -- C:\Users\snow\AppData\Local\IconCache.db
[2010.02.21 07:38:01 | 000,000,020 | -HS- | M] () -- C:\Users\snow\ntuser.ini
[2010.02.21 00:18:08 | 000,524,288 | -HS- | M] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.02.21 00:18:08 | 000,065,536 | -HS- | M] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TM.blf
[2010.02.21 00:17:40 | 000,018,944 | ---- | M] () -- C:\Users\snow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.20 22:14:27 | 000,001,101 | ---- | M] () -- C:\Users\snow\Desktop\Revo Uninstaller.lnk
[2010.02.20 14:05:46 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\farm2.exe.lnk
[2010.02.20 09:48:24 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\GameJack 6.lnk
[2010.02.19 23:22:02 | 000,524,288 | -HS- | M] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.02.19 15:04:18 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.02.19 14:54:31 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.02.17 17:34:47 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.16 18:39:59 | 000,000,036 | ---- | M] () -- C:\Users\snow\AppData\Local\housecall.guid.cache
[2010.02.16 10:18:52 | 000,076,664 | ---- | M] () -- C:\Users\snow\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.15 23:51:44 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.02.15 23:51:39 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.15 23:31:21 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.02.15 23:30:43 | 000,322,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.02.15 23:28:33 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010.02.15 23:24:25 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010.02.15 23:01:16 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.02.15 22:52:00 | 000,001,800 | ---- | M] () -- C:\Users\snow\Desktop\Launch NNScript.lnk
[2010.02.15 22:49:25 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.02.15 22:44:30 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.02.15 22:40:01 | 000,000,820 | ---- | M] () -- C:\Users\snow\Desktop\PeerBlock.lnk
[2010.02.15 22:38:41 | 000,001,076 | ---- | M] () -- C:\Users\snow\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.15 22:37:37 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.02.15 22:37:37 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.15 22:34:28 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.02.15 22:29:32 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.02.15 21:43:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.02.15 20:16:35 | 000,000,025 | ---- | M] () -- C:\Users\snow\AppData\Roaming\bdfvconp.ini
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\wsbl.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\phar_unmip.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\phar_histprot.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_white.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_summ.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_spoof.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_fuzzy.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_black.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_sbl.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_bl.sig
[2010.02.15 16:40:22 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\asdict.dat
[2010.02.15 16:40:22 | 000,000,004 | ---- | M] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.02.15 16:39:42 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.15 16:36:58 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2010.lnk
[2010.02.15 15:26:00 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.02.15 15:25:57 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.15 14:42:44 | 000,001,024 | ---- | M] () -- C:\Users\snow\.rnd
[2010.02.15 14:24:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\PACKARDBELLBV_IMEDIAX5500GE_MCP73_103801880373.MRK
[2010.02.15 13:16:39 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2010.02.21 07:38:01 | 000,000,020 | -HS- | C] () -- C:\Users\snow\ntuser.ini
[2010.02.20 22:14:27 | 000,001,101 | ---- | C] () -- C:\Users\snow\Desktop\Revo Uninstaller.lnk
[2010.02.20 14:05:46 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\farm2.exe.lnk
[2010.02.20 09:48:24 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\GameJack 6.lnk
[2010.02.19 23:19:34 | 000,524,288 | -HS- | C] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.02.19 23:19:34 | 000,524,288 | -HS- | C] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.02.19 23:19:34 | 000,065,536 | -HS- | C] () -- C:\Users\snow\NTUSER.DAT{60bb46e6-1da4-11df-858e-806e6f6e6963}.TM.blf
[2010.02.19 15:04:18 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2010.02.19 14:54:31 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.02.18 19:14:53 | 000,018,944 | ---- | C] () -- C:\Users\snow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.17 17:34:47 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.16 19:06:59 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.16 19:06:48 | 000,034,800 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.02.16 18:39:59 | 000,000,036 | ---- | C] () -- C:\Users\snow\AppData\Local\housecall.guid.cache
[2010.02.16 18:36:41 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010.02.16 18:36:41 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010.02.15 23:51:44 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.02.15 23:28:33 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010.02.15 23:28:03 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.15 23:24:25 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010.02.15 23:01:16 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.02.15 22:52:00 | 000,001,800 | ---- | C] () -- C:\Users\snow\Desktop\Launch NNScript.lnk
[2010.02.15 22:49:25 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.02.15 22:44:30 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.02.15 22:40:01 | 000,000,820 | ---- | C] () -- C:\Users\snow\Desktop\PeerBlock.lnk
[2010.02.15 22:38:41 | 000,001,076 | ---- | C] () -- C:\Users\snow\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.15 22:37:37 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.02.15 22:37:37 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.15 22:34:28 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.02.15 22:34:28 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.02.15 22:34:28 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.02.15 22:29:32 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.02.15 21:43:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.02.15 20:16:35 | 000,000,025 | ---- | C] () -- C:\Users\snow\AppData\Roaming\bdfvconp.ini
[2010.02.15 20:12:21 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2010.02.15 20:12:21 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.02.15 20:12:14 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2010.02.15 20:12:02 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2010.02.15 20:12:01 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2010.02.15 20:11:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.02.15 20:11:59 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010.02.15 20:11:57 | 003,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2010.02.15 20:11:57 | 003,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2010.02.15 20:11:57 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2010.02.15 20:11:41 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2010.02.15 20:11:39 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010.02.15 20:11:39 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2010.02.15 20:11:36 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.02.15 20:11:18 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2010.02.15 20:11:18 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2010.02.15 20:11:00 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2010.02.15 20:11:00 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2010.02.15 19:32:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.02.15 19:32:38 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010.02.15 19:32:34 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010.02.15 19:32:34 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\wsbl.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\phar_unmip.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\phar_histprot.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_white.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_summ.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_spoof.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_fuzzy.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_black.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_sbl.sig
[2010.02.15 17:37:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_bl.sig
[2010.02.15 16:42:52 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.15 16:40:22 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\asdict.dat
[2010.02.15 16:40:22 | 000,000,004 | ---- | C] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.02.15 16:39:42 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.15 16:36:58 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2010.lnk
[2010.02.15 15:49:39 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010.02.15 15:26:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.15 15:25:57 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.15 14:42:54 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2010.02.15 14:42:43 | 000,001,024 | ---- | C] () -- C:\Users\snow\.rnd
[2010.02.15 14:24:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\PACKARDBELLBV_IMEDIAX5500GE_MCP73_103801880373.MRK
[2010.02.15 14:23:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.02.15 14:23:00 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\INT15_64.dll
[2010.02.15 14:20:12 | 4293,120,000 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.15 14:20:08 | 001,310,720 | ---- | C] () -- C:\Users\snow\NTUSER.DAT
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.10.21 13:08:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010.02.15 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\BitDefender
[2010.02.19 15:25:24 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\DAEMON Tools Lite
[2010.02.20 09:51:35 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\Engelmann Media
[2010.02.15 22:30:24 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\ICQ
[2010.02.15 19:02:26 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\Leadertech
[2010.02.19 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\NoNameScript
[2010.02.15 22:44:32 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\TeamViewer
[2010.02.15 23:54:35 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\TrueCrypt
[2010.02.15 22:37:25 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\TuneUp Software
[2010.02.20 21:36:10 | 000,000,000 | ---D | M] -- C:\Users\snow\AppData\Roaming\uTorrent
[2010.02.21 07:59:02 | 000,016,840 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

denke habe mir da was eingefangen,wäre nett wenn mir jemand helfen könnte die files auszulesen was mir soweit suspekt vorkommt sind die ganzen files mit windows/sysnative und dann die endungen wie hate oder ähnliches

bitte um schnelle hilfe,schon mal danke im vorraus

XP-User · 21.02.2010, 15:28

Hi und

mir gefällt da einiges in dem Logfile nicht.
v.a. aber hast du soweit ich sehe nur einen QuickScan gemacht.

Bitte mal diese Liste abarbeiten. Beim Scan mit Malwarebytes bitte alle externen Festplatte anschließen, so du welche hast. (auch USB-Sticks!)

Dann bitte die kompletten Logfiles hier posten oder hochladen (s. Liste)

mfG
Andi

snow82 · 21.02.2010, 16:25

hallo,habe den rechner neu aufgesetzt,da waren mir echt zu viele suspekte files vorhanden,wo ich echt nicht weis wo die herkommen!!

installiere jetzt die in der liste angegebenen programme nach dem aufsetzen,aber trotzdem danke!!

kannst du trotzdem mal die suspekten files trotzdem noch hier posten wäre nett

gruß

El Dorado · 21.02.2010, 21:59

Hallo,

ich habe da was gesehen, was mir nicht wirklich gefallen mag.

Bitte folgende Anleitung abarbeiten:

.) Malwarebytes AntiMalware

Das logfile bitte dann hier posten.

lg matze

snow82 · 23.02.2010, 16:52

OTL logfile created on: 23.02.2010 16:19:23 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\brotherhood\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 44,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 839,16 Gb Free Space | 91,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BROTHERHOOD-PC
Current User Name: brotherhood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.02.16 18:51:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\brotherhood\Desktop\OTL.exe
PRC - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.10.01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\a-squared Free\a2service.exe
PRC - [2009.06.17 12:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2002.11.14 17:23:10 | 000,590,336 | ---- | M] () -- C:\Program Files (x86)\Trojancheck 6\tcguard.exe

========== Modules (SafeList) ==========

MOD - [2010.02.16 18:51:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\brotherhood\Desktop\OTL.exe
MOD - [2010.01.22 17:26:16 | 000,176,128 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_extra.m32
MOD - [2010.01.22 17:26:04 | 000,266,240 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_nt.m32
MOD - [2010.01.22 17:25:44 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_net.m32
MOD - [2010.01.22 17:25:36 | 000,319,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_fragments.m32
MOD - [2010.01.22 17:25:20 | 000,126,976 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_registry.m32
MOD - [2010.01.22 17:25:12 | 000,151,552 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\plugin_base.m32
MOD - [2010.01.22 17:22:50 | 000,217,088 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas64-v2_000\midas32.dll
MOD - [2009.04.11 07:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.02.18 13:22:44 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.02.05 18:41:20 | 002,296,024 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2010.01.11 13:04:10 | 000,405,920 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2009.10.19 19:04:58 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009.09.25 02:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV - [2010.02.23 12:02:40 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.02.18 13:28:42 | 001,397,064 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.18 13:22:36 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.02.11 12:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.10.23 14:45:44 | 000,392,192 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009.10.01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\a-squared Free\a2service.exe -- (a2free)
SRV - [2009.03.30 05:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.21 13:00:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.16 14:00:00 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2006.11.02 14:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 07:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 07:35:15 | 000,055,846 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=0210&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.02.21 17:01:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.02.21 14:47:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.02.23 13:03:16 | 000,000,000 | ---D | M]

[2010.02.21 14:47:18 | 000,000,000 | ---D | M] -- C:\Users\brotherhood\AppData\Roaming\mozilla\Extensions
[2010.02.23 14:00:40 | 000,000,000 | ---D | M] -- C:\Users\brotherhood\AppData\Roaming\mozilla\Firefox\Profiles\sskevki6.default\extensions
[2010.02.23 12:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\brotherhood\AppData\Roaming\mozilla\Firefox\Profiles\sskevki6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.23 12:07:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\brotherhood\AppData\Roaming\mozilla\Firefox\Profiles\sskevki6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.23 12:37:36 | 000,000,168 | ---- | M] () -- C:\Users\brotherhood\AppData\Roaming\Mozilla\FireFox\Profiles\sskevki6.default\searchplugins\icqplugin.gif
[2010.02.23 12:37:36 | 000,000,618 | ---- | M] () -- C:\Users\brotherhood\AppData\Roaming\Mozilla\FireFox\Profiles\sskevki6.default\searchplugins\icqplugin.src
[2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\brotherhood\AppData\Roaming\Mozilla\FireFox\Profiles\sskevki6.default\searchplugins\icqplugin.xml
[2010.02.23 13:03:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.02.22 16:00:23 | 000,380,176 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13099 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\RunOnce: [RegistryDefrag Success Message] C:\Program Files (x86)\TuneUp Utilities 2010\TUMessages.exe (TuneUp Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 63 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\brotherhood\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\brotherhood\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck turegopt) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.02.23 13:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010.02.23 13:11:52 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\uTorrent
[2010.02.23 13:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2010.02.23 13:05:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010.02.23 13:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.02.23 13:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.02.23 13:02:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.02.23 13:01:53 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\Documents\a-squared Free
[2010.02.23 13:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a-squared Free
[2010.02.23 12:57:28 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\NoNameScript
[2010.02.23 12:57:18 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\mIRC
[2010.02.23 12:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010.02.23 12:55:35 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010.02.23 12:54:56 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\Documents\DVDVideoSoft
[2010.02.23 12:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.02.23 12:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.02.23 12:47:57 | 000,000,000 | ---D | C] -- C:\Programme\PeerBlock
[2010.02.23 12:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.02.23 12:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.02.23 12:37:17 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\TrueCrypt
[2010.02.23 12:36:52 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\ICQ
[2010.02.23 12:36:51 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\AOL
[2010.02.23 12:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0
[2010.02.23 12:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2010.02.23 12:33:42 | 000,222,160 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.23 12:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrueCrypt
[2010.02.23 12:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010.02.23 12:32:34 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\TeamViewer
[2010.02.23 12:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010.02.23 12:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.02.23 12:04:01 | 000,034,632 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.02.23 12:03:38 | 000,036,168 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.02.23 12:03:38 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.02.23 12:03:34 | 000,025,928 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.02.23 12:02:56 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.02.23 12:02:23 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\TuneUp Software
[2010.02.23 12:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2010
[2010.02.23 12:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.02.23 12:01:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.02.22 18:57:46 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Engelmann Media
[2010.02.22 18:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S.A.D
[2010.02.22 18:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes
[2010.02.22 18:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2010.02.22 18:19:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\brotherhood\Desktop\OTL.exe
[2010.02.22 18:13:32 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\Documents\AnyDVDHD
[2010.02.22 18:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010.02.22 18:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2010.02.22 15:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.02.22 15:26:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.02.22 15:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojancheck 6
[2010.02.22 14:41:30 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\VS Revo Group
[2010.02.22 14:08:38 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Malwarebytes
[2010.02.22 14:08:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.22 14:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.22 14:08:31 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.22 14:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.21 21:01:30 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.02.21 21:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices
[2010.02.21 21:01:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.02.21 20:37:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2010.02.21 20:37:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2010.02.21 20:37:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2010.02.21 20:37:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2010.02.21 20:37:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2010.02.21 20:37:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2010.02.21 20:23:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2010.02.21 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\WinRAR
[2010.02.21 19:48:16 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.02.21 17:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.02.21 17:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.02.21 17:01:10 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\BitDefender
[2010.02.21 17:01:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender
[2010.02.21 17:01:10 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender
[2010.02.21 17:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.02.21 16:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2010.02.21 15:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.02.21 14:47:14 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Mozilla
[2010.02.21 14:47:14 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\Mozilla
[2010.02.21 14:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.02.21 14:45:50 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Macromedia
[2010.02.21 14:45:29 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Adobe
[2010.02.21 14:45:09 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Google
[2010.02.21 14:45:09 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\Google
[2010.02.21 14:44:55 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Nero
[2010.02.21 14:42:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\logishrd
[2010.02.21 14:34:01 | 000,257,536 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\rt73.sys
[2010.02.21 14:18:29 | 000,324,920 | ---- | C] (Packard Bell) -- C:\Windows\SysWow64\chwallp.exe
[2010.02.21 14:13:47 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysNative\drivers\int15_64.sys
[2010.02.21 14:13:38 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15_64.sys
[2010.02.21 14:13:37 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15.sys
[2010.02.21 14:13:02 | 000,000,000 | ---D | C] -- C:\Programme\PACKARDBELL
[2010.02.21 14:12:38 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Symantec
[2010.02.21 14:12:20 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\Packard Bell
[2010.02.21 14:12:13 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Searches
[2010.02.21 14:12:06 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Identities
[2010.02.21 14:12:03 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Contacts
[2010.02.21 14:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.02.21 14:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.02.21 14:11:06 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\VirtualStore
[2010.02.21 14:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.02.21 14:11:04 | 000,000,000 | --SD | C] -- C:\Users\brotherhood\AppData\Roaming\Microsoft
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Videos
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Saved Games
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Pictures
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Music
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Links
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Favorites
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Downloads
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Documents
[2010.02.21 14:11:04 | 000,000,000 | R--D | C] -- C:\Users\brotherhood\Desktop
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Vorlagen
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\AppData\Local\Verlauf
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\AppData\Local\Temporary Internet Files
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Startmenü
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\SendTo
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Recent
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Netzwerkumgebung
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Lokale Einstellungen
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Documents\Eigene Videos
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Documents\Eigene Musik
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Eigene Dateien
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Documents\Eigene Bilder
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Druckumgebung
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\AppData\Local\Anwendungsdaten
[2010.02.21 14:11:04 | 000,000,000 | -HSD | C] -- C:\Users\brotherhood\Anwendungsdaten
[2010.02.21 14:11:04 | 000,000,000 | -H-D | C] -- C:\Users\brotherhood\AppData
[2010.02.21 14:11:04 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\Temp
[2010.02.21 14:11:04 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Local\Microsoft
[2010.02.21 14:11:04 | 000,000,000 | ---D | C] -- C:\Users\brotherhood\AppData\Roaming\Media Center Programs
[2010.02.21 14:08:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.02.21 14:08:15 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.02.21 14:08:15 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.02.21 14:08:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.02.21 14:08:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.02.21 14:08:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.02.21 14:08:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.02.21 14:08:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.02.21 14:08:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.02.21 14:08:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.02.21 14:08:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.02.21 13:01:16 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.02.21 12:58:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 14 Days ==========

[2010.02.23 16:21:47 | 004,980,736 | -HS- | M] () -- C:\Users\brotherhood\NTUSER.DAT
[2010.02.23 16:19:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.23 16:19:57 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.23 13:58:10 | 000,076,664 | ---- | M] () -- C:\Users\brotherhood\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.02.23 13:57:01 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.02.23 13:57:01 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.23 13:57:01 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.02.23 13:57:01 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.23 13:57:00 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.23 13:56:57 | 000,005,632 | ---- | M] () -- C:\Users\brotherhood\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.23 13:29:19 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.02.23 13:06:53 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.02.23 13:02:04 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2010.02.23 12:57:40 | 000,001,828 | ---- | M] () -- C:\Users\brotherhood\Desktop\Launch NNScript.lnk
[2010.02.23 12:57:18 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.02.23 12:56:06 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010.02.23 12:54:56 | 000,001,076 | ---- | M] () -- C:\Users\brotherhood\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.23 12:47:58 | 000,000,820 | ---- | M] () -- C:\Users\brotherhood\Desktop\PeerBlock.lnk
[2010.02.23 12:37:43 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.02.23 12:34:29 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.02.23 12:33:42 | 000,222,160 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysWow64\drivers\truecrypt.sys
[2010.02.23 12:32:50 | 000,001,101 | ---- | M] () -- C:\Users\brotherhood\Desktop\Revo Uninstaller.lnk
[2010.02.23 12:32:33 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.02.23 12:26:49 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.02.23 12:20:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.02.23 12:19:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.23 12:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.23 12:19:52 | 4293,120,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.23 12:14:38 | 000,524,288 | -HS- | M] () -- C:\Users\brotherhood\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.02.23 12:14:38 | 000,065,536 | -HS- | M] () -- C:\Users\brotherhood\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.02.23 12:14:18 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.23 12:13:40 | 001,991,611 | -H-- | M] () -- C:\Users\brotherhood\AppData\Local\IconCache.db
[2010.02.23 12:02:40 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.02.23 12:02:40 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.22 18:50:26 | 000,000,745 | ---- | M] () -- C:\Users\Public\Desktop\GameJack 6.lnk
[2010.02.22 18:20:21 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.02.22 18:19:54 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010.02.22 18:17:15 | 000,000,025 | ---- | M] () -- C:\Users\brotherhood\AppData\Roaming\bdfvconp.ini
[2010.02.22 18:13:18 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010.02.22 16:00:23 | 000,380,176 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.02.22 15:26:27 | 000,001,099 | ---- | M] () -- C:\Users\brotherhood\Desktop\Spybot - Search & Destroy.lnk
[2010.02.22 15:13:33 | 000,000,852 | ---- | M] () -- C:\Users\brotherhood\Desktop\Trojancheck.lnk
[2010.02.22 14:08:36 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.21 20:59:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.02.21 20:45:11 | 000,299,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.02.21 19:42:45 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\asdict.dat
[2010.02.21 19:42:45 | 000,000,004 | ---- | M] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\wsbl.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\phar_unmip.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\phar_histprot.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_white.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_summ.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_spoof.sig
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_sign.slf
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_fuzzy.sig
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ph_black.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_sbl.sig
[2010.02.21 17:22:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_bl.sig
[2010.02.21 17:08:07 | 000,001,726 | ---- | M] () -- C:\Users\brotherhood\Desktop\CCleaner.lnk
[2010.02.21 17:04:06 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.21 17:01:24 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2010.lnk
[2010.02.21 14:47:15 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.02.21 14:47:11 | 000,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.21 14:45:05 | 000,001,024 | ---- | M] () -- C:\Users\brotherhood\.rnd
[2010.02.21 14:16:44 | 000,524,288 | -HS- | M] () -- C:\Users\brotherhood\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010.02.21 14:15:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\PACKARDBELLBV_IMEDIAX5500GE_MCP73_103801880373.MRK
[2010.02.21 14:11:04 | 000,000,020 | -HS- | M] () -- C:\Users\brotherhood\ntuser.ini
[2010.02.21 13:07:13 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.02.18 13:29:38 | 000,034,632 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.02.18 13:22:56 | 000,025,928 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.02.18 13:22:50 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.02.18 13:22:44 | 000,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.02.18 13:22:36 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.02.16 18:51:52 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\brotherhood\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2010.02.23 13:29:19 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2010.02.23 13:06:53 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.02.23 13:03:37 | 000,424,738 | ---- | C] () -- C:\Users\brotherhood\AppData\Local\dd_vcredistMSI69FC.txt
[2010.02.23 13:03:37 | 000,012,750 | ---- | C] () -- C:\Users\brotherhood\AppData\Local\dd_vcredistUI69FC.txt
[2010.02.23 13:02:04 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Free.lnk
[2010.02.23 12:57:40 | 000,001,828 | ---- | C] () -- C:\Users\brotherhood\Desktop\Launch NNScript.lnk
[2010.02.23 12:57:18 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.02.23 12:56:06 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2010.02.23 12:54:56 | 000,001,076 | ---- | C] () -- C:\Users\brotherhood\Desktop\DVDVideoSoft Free Studio.lnk
[2010.02.23 12:47:58 | 000,000,820 | ---- | C] () -- C:\Users\brotherhood\Desktop\PeerBlock.lnk
[2010.02.23 12:37:43 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.lnk
[2010.02.23 12:34:28 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.02.23 12:32:50 | 000,001,101 | ---- | C] () -- C:\Users\brotherhood\Desktop\Revo Uninstaller.lnk
[2010.02.23 12:32:33 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.02.23 12:26:49 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.02.23 12:26:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.02.23 12:26:48 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.02.23 12:02:40 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.02.23 12:02:40 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.02.22 18:50:26 | 000,000,745 | ---- | C] () -- C:\Users\Public\Desktop\GameJack 6.lnk
[2010.02.22 18:38:54 | 000,005,632 | ---- | C] () -- C:\Users\brotherhood\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.22 18:19:54 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk
[2010.02.22 18:17:15 | 000,000,025 | ---- | C] () -- C:\Users\brotherhood\AppData\Roaming\bdfvconp.ini
[2010.02.22 18:13:21 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.22 18:13:18 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2010.02.22 15:26:27 | 000,001,099 | ---- | C] () -- C:\Users\brotherhood\Desktop\Spybot - Search & Destroy.lnk
[2010.02.22 15:13:33 | 000,000,852 | ---- | C] () -- C:\Users\brotherhood\Desktop\Trojancheck.lnk
[2010.02.22 14:08:36 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.21 20:59:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.02.21 20:22:09 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll
[2010.02.21 20:22:09 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.02.21 20:21:59 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2010.02.21 20:21:44 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf
[2010.02.21 20:21:43 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf
[2010.02.21 20:21:41 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.02.21 20:21:41 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin
[2010.02.21 20:21:39 | 003,662,128 | ---- | C] () -- C:\Windows\SysWow64\locale.nls
[2010.02.21 20:21:39 | 003,662,128 | ---- | C] () -- C:\Windows\SysNative\locale.nls
[2010.02.21 20:21:38 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf
[2010.02.21 20:21:21 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2010.02.21 20:21:19 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2010.02.21 20:21:18 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2010.02.21 20:21:16 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.02.21 20:20:56 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man
[2010.02.21 20:20:56 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man
[2010.02.21 20:20:39 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml
[2010.02.21 20:20:39 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml
[2010.02.21 19:42:45 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\asdict.dat
[2010.02.21 19:42:45 | 000,000,004 | ---- | C] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\wsbl.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\phar_unmip.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\phar_histprot.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_white.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_summ.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_spoof.sig
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_sign.slf
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_fuzzy.sig
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ph_black.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords2.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pcwords.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_webproxy.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_video.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_tabloids.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_socialnetworks.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_sign.slf
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_searchengines.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_regionaltlds.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_pornography.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlineshop.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinepay.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_onlinedating.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_news.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_im.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_illegal.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_hate.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_games.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_gambling.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\pc_drugs.dat
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_sbl.sig
[2010.02.21 17:22:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_bl.sig
[2010.02.21 17:09:26 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.02.21 17:08:07 | 000,001,726 | ---- | C] () -- C:\Users\brotherhood\Desktop\CCleaner.lnk
[2010.02.21 17:04:06 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2010.02.21 17:01:24 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2010.lnk
[2010.02.21 17:00:54 | 000,417,350 | ---- | C] () -- C:\Users\brotherhood\AppData\Local\dd_vcredistMSI0354.txt
[2010.02.21 17:00:54 | 000,011,442 | ---- | C] () -- C:\Users\brotherhood\AppData\Local\dd_vcredistUI0354.txt
[2010.02.21 17:00:48 | 000,418,878 | ---- | C] () -- C:\Users\brotherhood\AppData\Local\dd_vcredistMSI0341.txt
[2010.02.21 17:00:48 | 000,011,378 | ---- | C] () -- C:\Users\brotherhood\AppData\Local\dd_vcredistUI0341.txt
[2010.02.21 16:12:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.02.21 16:12:46 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin
[2010.02.21 16:12:44 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex
[2010.02.21 16:12:44 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex
[2010.02.21 15:20:30 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010.02.21 15:20:30 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010.02.21 14:57:18 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2010.02.21 14:47:15 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.02.21 14:47:11 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.02.21 14:45:15 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2010.02.21 14:45:04 | 000,001,024 | ---- | C] () -- C:\Users\brotherhood\.rnd
[2010.02.21 14:15:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\PACKARDBELLBV_IMEDIAX5500GE_MCP73_103801880373.MRK
[2010.02.21 14:13:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010.02.21 14:13:47 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\INT15_64.dll
[2010.02.21 14:11:08 | 4293,120,000 | -HS- | C] () -- C:\hiberfil.sys
[2010.02.21 14:11:04 | 004,980,736 | -HS- | C] () -- C:\Users\brotherhood\NTUSER.DAT
[2010.02.21 14:11:04 | 000,524,288 | -HS- | C] () -- C:\Users\brotherhood\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010.02.21 14:11:04 | 000,524,288 | -HS- | C] () -- C:\Users\brotherhood\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.02.21 14:11:04 | 000,065,536 | -HS- | C] () -- C:\Users\brotherhood\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.02.21 14:11:04 | 000,000,020 | -HS- | C] () -- C:\Users\brotherhood\ntuser.ini
[2008.10.21 13:08:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2010.02.23 12:14:18 | 000,011,288 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

auslesen von logfile

Log-Analyse und Auswertung: auslesen von logfile