rainboww | 06.07.2010 18:18 | hier ist einmal das malwarebytes logfile Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4260
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
06.07.2010 15:57:53
mbam-log-2010-07-06 (15-57-53).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 302258
Laufzeit: 55 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien:
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Windows\System32\System32 (Trojan.Agent) -> No action taken. und das OLT logfile Code:
OTL logfile created on: 06.07.2010 19:01:19 - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Users\John Braun\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,18 Gb Total Space | 215,93 Gb Free Space | 44,23% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 488,14 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JOHNBRAUN-PC
Current User Name: John Braun
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\John Braun\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
PRC - C:\Program Files (x86)\Microsoft Virtual PC\Virtual PC.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\John Braun\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Xfire\xfire_toucan_42784.dll (Xfire Inc.)
MOD - C:\Windows\SysWOW64\Msvcr71.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV:64bit: - (CaretakerProxy) -- C:\Program Files\SurfRight\Caretaker\CaretakerProxy.exe (SurfRight B.V.)
SRV:64bit: - (CaretakerAntispam) -- C:\Program Files\SurfRight\Caretaker\AntispamService.exe (SurfRight B.V.)
SRV:64bit: - (CaretakerUpdate) -- C:\Program Files\SurfRight\Caretaker\CaretakerUpdater.exe (SurfRight B.V.)
SRV:64bit: - (CaretakerSvc) -- C:\Program Files\SurfRight\Caretaker\CaretakerService.exe (SurfRight B.V.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (ctredr15.sys) -- C:\Windows\SysNative\drivers\ctredr15.sys (SurfRight B.V.)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation)
DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - HKLM\software\mozilla\Minefield 3.7a6pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2010.06.23 20:24:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a6pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.28 02:52:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.04 16:31:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.07.01 12:16:29 | 000,000,000 | ---D | M]
[2010.05.02 09:02:43 | 000,000,000 | ---D | M] -- C:\Users\John Braun\AppData\Roaming\mozilla\Extensions
[2010.07.06 14:43:50 | 000,000,000 | ---D | M] -- C:\Users\John Braun\AppData\Roaming\mozilla\Firefox\Profiles\u77nyryq.default\extensions
[2010.05.02 09:10:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\John Braun\AppData\Roaming\mozilla\Firefox\Profiles\u77nyryq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.25 13:44:46 | 000,000,000 | ---D | M] -- C:\Users\John Braun\AppData\Roaming\mozilla\Firefox\Profiles\u77nyryq.default\extensions\personas@christopher.beard
[2010.06.30 09:43:08 | 000,001,056 | ---- | M] () -- C:\Users\John Braun\AppData\Roaming\Mozilla\FireFox\Profiles\u77nyryq.default\searchplugins\icqplugin.xml
[2010.07.06 14:43:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.03 19:12:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.01 13:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.06.30 19:45:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010.06.03 19:11:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.07.06 15:34:35 | 000,001,275 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 scanner.virus.org
O1 - Hosts: 0.0.0.0 hackforums.net
O1 - Hosts: 0.0.0.0 www.scanner.virus.org
O1 - Hosts: 0.0.0.0 www.virusscan.jotti.org
O1 - Hosts: 0.0.0.0 www.hackforums.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 adobe.com
O1 - Hosts: 127.0.0.1 2o7.net
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [CaretakerNotifier] C:\Programme\SurfRight\Caretaker\Notifier.exe (SurfRight B.V.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC20.exe (Vitalwerks LLC)
O4 - Startup: C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\mfnspstd32.dll (MadeForNet.com)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~3\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~3\AVP11\sbhook.dll) - C:\ProgramData\AVP11\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{8617d6dc-578b-11df-9890-002618ac37ec}\Shell - "" = AutoRun
O33 - MountPoints2\{8617d6dc-578b-11df-9890-002618ac37ec}\Shell\AutoRun\command - "" = P:\setup.exe -- File not found
O33 - MountPoints2\{c03bdc32-55c9-11df-9aa4-002618ac37ec}\Shell - "" = AutoRun
O33 - MountPoints2\{c03bdc32-55c9-11df-9aa4-002618ac37ec}\Shell\AutoRun\command - "" = O:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.07.06 18:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.07.06 16:42:13 | 005,615,104 | ---- | C] (Cyber-Sec) -- C:\Users\John Braun\Desktop\Cyber-Sec Crypter.exe
[2010.07.06 15:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.06 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.07.05 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JSD
[2010.07.05 16:51:45 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\Fallout3
[2010.07.04 21:26:05 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Usenext_Creator_by_moepOmat
[2010.07.04 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\UseNeXT_Pack
[2010.07.04 20:51:14 | 000,906,240 | ---- | C] (Blizzard) -- C:\Users\John Braun\Desktop\WOW GameCard Generator.exe
[2010.07.04 20:31:13 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\ScanCrypt
[2010.07.04 20:28:37 | 000,000,000 | R--D | C] -- C:\Users\John Braun\Documents\Scanned Documents
[2010.07.04 20:28:36 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Fax
[2010.07.04 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\downloader+usg
[2010.07.04 19:40:14 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Tool Store Keylogger 0.5.1
[2010.07.04 18:07:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Trial Account Creator Lite 1.1
[2010.07.04 17:24:40 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Twinkle_Crypt_-_CRACKED
[2010.07.04 17:08:36 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\M_RU_Crypter_-_CRACKED
[2010.07.04 16:55:08 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\twinkle_public_v1.2
[2010.07.01 15:13:21 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\IMP2010
[2010.07.01 14:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Parallel Password Recovery
[2010.07.01 14:49:20 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\crark33
[2010.07.01 14:24:46 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\igrargpu_v05
[2010.07.01 12:15:56 | 000,560,216 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.06.30 20:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.06.30 16:21:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVP11
[2010.06.30 16:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.06.30 09:32:47 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010.06.30 09:24:30 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Malwarebytes
[2010.06.30 09:24:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.30 09:24:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.30 09:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.30 09:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.28 19:42:33 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\TechSmith
[2010.06.28 19:42:22 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Camtasia Studio
[2010.06.28 19:04:28 | 000,411,480 | ---- | C] (TechSmith Corporation) -- C:\Windows\SysWow64\tsccvid.dll
[2010.06.28 19:04:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2010.06.28 19:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2010.06.28 19:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.06.28 19:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010.06.28 19:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010.06.28 03:04:31 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010.06.28 03:04:31 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010.06.28 03:04:31 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010.06.28 03:04:31 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010.06.28 03:04:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010.06.28 03:04:20 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2010.06.28 03:04:19 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.06.28 03:04:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010.06.28 03:04:19 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010.06.28 03:04:19 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010.06.28 03:04:19 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010.06.28 03:04:19 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010.06.28 03:04:19 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010.06.28 03:04:19 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010.06.28 03:04:19 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010.06.28 03:04:19 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2010.06.28 03:04:19 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010.06.28 03:04:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010.06.28 03:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2010.06.27 20:30:37 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Desktop\Schwarze_Sonne_RAT_1.0
[2010.06.25 21:19:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.06.25 17:53:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2010.06.25 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\UseNeXT
[2010.06.25 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\UseNeXT
[2010.06.25 17:47:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT
[2010.06.25 17:42:54 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\REM
[2010.06.25 17:23:46 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\LogMeIn Hamachi
[2010.06.25 17:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2010.06.25 14:24:54 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\BioWare
[2010.06.25 14:11:29 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\Logitech
[2010.06.25 14:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.06.25 14:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010.06.25 14:10:50 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.06.25 14:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.06.25 14:07:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010.06.25 13:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mass Effect
[2010.06.24 22:42:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Web Page Maker
[2010.06.24 22:42:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Web Page Maker
[2010.06.24 22:42:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Web Page Maker
[2010.06.24 11:48:49 | 000,000,000 | ---D | C] -- C:\Users\John Braun\Documents\Eigene virtuelle Computer
[2010.06.23 20:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minefield
[2010.06.23 18:52:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Treiber
[2010.06.23 18:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC
[2010.06.23 18:35:02 | 000,000,000 | ---D | C] -- C:\Users\John Braun\.VirtualBox
[2010.06.23 18:25:13 | 000,000,000 | ---D | C] -- C:\Programme\Oracle
[2010.06.23 18:24:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.06.23 17:47:12 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\FileZilla
[2010.06.23 17:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010.06.23 17:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010.06.23 17:20:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cain
[2010.06.22 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebClicker
[2010.06.22 16:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExeIco
[2010.06.22 16:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\123IconHunter
[2010.06.22 13:43:31 | 000,000,000 | ---D | C] -- C:\Programme\SurfRight
[2010.06.22 13:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfRight
[2010.06.21 20:28:08 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Chilirec
[2010.06.21 20:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chilirec
[2010.06.21 15:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GiliSoft
[2010.06.20 18:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2
[2010.06.18 12:12:19 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\install
[2010.06.17 19:29:08 | 000,000,000 | ---D | C] -- C:\test
[2010.06.17 18:51:34 | 000,000,000 | ---D | C] -- C:\directory
[2010.06.17 17:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio
[2010.06.16 18:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2010.06.14 20:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.06.14 20:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.06.13 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visual Basic 6.0 Runtime&Steuerelemente
[2010.06.13 20:28:27 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.06.13 20:28:26 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.06.13 20:20:59 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pskill.exe
[2010.06.13 20:20:54 | 000,271,872 | ---- | C] (The UPX Team hxxp://upx.sf.net) -- C:\Windows\SysWow64\upx.exe
[2010.06.13 20:19:11 | 000,000,000 | ---D | C] -- C:\Windows\vbSkinner
[2010.06.13 20:18:38 | 001,077,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010.06.13 20:18:38 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2010.06.13 20:18:38 | 000,198,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MCI32.OCX
[2010.06.13 20:18:38 | 000,140,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ComDlg32.OCX
[2010.06.13 20:18:38 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2010.06.13 20:18:37 | 000,412,672 | ---- | C] (JB) -- C:\Windows\SysWow64\vbskpro.ocx
[2010.06.13 20:18:37 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2010.06.13 17:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NoVirusThanks
[2010.06.13 17:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ACProtect
[2010.06.13 17:04:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\svchost
[2010.06.12 02:49:10 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.06.12 02:49:10 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.06.12 02:49:10 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.06.12 02:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010.06.12 02:49:07 | 000,000,000 | ---D | C] -- C:\Programme\Hitman Pro 3.5
[2010.06.12 02:48:37 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010.06.12 02:48:37 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010.06.12 02:48:34 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010.06.12 02:48:30 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\PC Tools
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.06.12 02:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.06.12 00:10:32 | 000,313,344 | ---- | C] (Emblem) -- C:\Users\John Braun\AppData\Roaming\Emblem_Crypter.exe
[2010.06.11 22:13:58 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.11 22:13:58 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.11 22:13:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.11 22:13:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.09 16:12:56 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\Cerberus
[2010.06.08 16:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Crypter 2010
[2010.06.08 13:24:58 | 000,144,656 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010.06.08 13:24:54 | 000,318,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010.06.07 19:16:52 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\bizarre creations
[2010.06.07 17:28:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.06.07 17:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.06.07 17:11:22 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Roaming\ICQ
[2010.06.07 17:11:20 | 000,000,000 | ---D | C] -- C:\Users\John Braun\AppData\Local\AOL
[2010.06.07 17:11:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.06 20:24:29 | 000,000,000 | RHSD | C] -- C:\Windows\Cerberus
[2010.06.06 20:00:10 | 016,800,040 | ---- | C] (Smart PC Solutions ) -- C:\Windows\SysWow64\startupbooster24.exe
[2010.06.06 19:20:11 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.06.06 19:20:11 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.06.06 19:20:11 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.06.06 19:20:11 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.06.06 19:20:11 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.06.06 19:20:11 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.06.06 19:20:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.06.06 19:20:11 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.06.06 19:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.06 19:03:08 | 002,359,296 | ---- | M] () -- C:\Users\John Braun\ntuser.dat
[2010.07.06 16:44:31 | 000,018,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.06 16:44:31 | 000,018,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.06 16:42:27 | 005,615,104 | ---- | M] (Cyber-Sec) -- C:\Users\John Braun\Desktop\Cyber-Sec Crypter.exe
[2010.07.06 16:39:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.06 16:39:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.06 16:39:06 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.06 16:32:21 | 001,940,857 | ---- | M] () -- C:\Users\John Braun\Desktop\twinkle_public_v1.2.rar
[2010.07.06 16:17:31 | 000,000,022 | ---- | M] () -- C:\Users\John Braun\Desktop\CyberGate v1.04.8.zip
[2010.07.06 16:06:48 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.06 16:06:48 | 000,645,304 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.07.06 16:06:48 | 000,607,666 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.06 16:06:48 | 000,126,904 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.07.06 16:06:48 | 000,104,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.07.06 15:59:22 | 002,540,538 | -H-- | M] () -- C:\Users\John Braun\AppData\Local\IconCache.db
[2010.07.06 15:34:35 | 000,001,344 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100706-153435.backup
[2010.07.06 15:34:35 | 000,001,275 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.07.06 15:05:50 | 000,001,278 | ---- | M] () -- C:\Users\John Braun\Desktop\Spybot - Search & Destroy.lnk
[2010.07.05 22:10:26 | 000,001,139 | ---- | M] () -- C:\Users\John Braun\Desktop\Microsoft Visual Basic 2010 Express installieren.lnk
[2010.07.05 20:43:41 | 000,002,041 | ---- | M] () -- C:\Users\John Braun\Desktop\Adobe Photoshop CS4 (64 Bit).lnk
[2010.07.05 20:31:26 | 000,019,016 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.07.05 16:15:19 | 000,121,727 | ---- | M] () -- C:\Users\John Braun\Desktop\gh.jpg
[2010.07.05 14:59:01 | 000,045,229 | ---- | M] () -- C:\Users\John Braun\Desktop\EMO Girls 131_07.jpg
[2010.07.05 14:57:43 | 000,055,353 | ---- | M] () -- C:\Users\John Braun\Desktop\EMO Girls 136_09.jpg
[2010.07.04 21:25:48 | 000,548,309 | ---- | M] () -- C:\Users\John Braun\Desktop\Usenext_Creator_by_moepOmat.rar
[2010.07.04 20:51:59 | 007,253,380 | ---- | M] () -- C:\Users\John Braun\Desktop\UseNeXT_Pack.rar
[2010.07.04 20:51:18 | 000,906,240 | ---- | M] (Blizzard) -- C:\Users\John Braun\Desktop\WOW GameCard Generator.exe
[2010.07.04 20:29:51 | 002,293,456 | ---- | M] () -- C:\Users\John Braun\Desktop\ScanCrypt.rar
[2010.07.04 19:42:34 | 000,456,172 | ---- | M] () -- C:\Users\John Braun\Desktop\downloader+usg.rar
[2010.07.04 18:32:14 | 001,373,237 | ---- | M] () -- C:\Users\John Braun\Desktop\Tool Store Keylogger 0.5.1.rar
[2010.07.04 18:07:00 | 002,363,812 | ---- | M] () -- C:\Users\John Braun\Desktop\Trial Account Creator Lite 1.1.zip
[2010.07.04 17:16:12 | 003,536,354 | ---- | M] () -- C:\Users\John Braun\Desktop\Twinkle_Crypt_-_CRACKED.rar
[2010.07.04 17:07:39 | 003,392,147 | ---- | M] () -- C:\Users\John Braun\Desktop\M_RU_Crypter_-_CRACKED.rar
[2010.07.04 16:31:14 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.01 15:12:53 | 085,584,584 | ---- | M] () -- C:\Users\John Braun\Desktop\IMP2010.rar
[2010.07.01 14:50:21 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Parallel Password Recovery Manager.lnk
[2010.07.01 14:50:21 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Password Definition Master.lnk
[2010.07.01 14:24:31 | 000,323,000 | ---- | M] () -- C:\Users\John Braun\Desktop\igrargpu_v05.zip
[2010.07.01 12:17:30 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.07.01 12:17:30 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.07.01 12:15:56 | 000,560,216 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.07.01 12:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 12:10:58 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 12:10:58 | 000,065,536 | -HS- | M] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TM.blf
[2010.06.30 19:58:29 | 003,708,512 | ---- | M] () -- C:\Users\John Braun\Desktop\crack.zip
[2010.06.30 09:32:47 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2010.06.30 09:24:28 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.29 20:52:10 | 000,005,632 | ---- | M] () -- C:\Users\John Braun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 19:48:01 | 099,616,814 | ---- | M] () -- C:\Users\John Braun\Documents\Aufnahme-1.avi
[2010.06.28 02:46:30 | 121,180,364 | ---- | M] () -- C:\Users\John Braun\Documents\clip0004.avi
[2010.06.28 02:43:43 | 067,529,446 | ---- | M] () -- C:\Users\John Braun\Documents\clip0003.avi
[2010.06.28 02:21:59 | 000,009,662 | ---- | M] () -- C:\Windows\SysWow64\WoW_Cata_Beta_keygen.exe#32512.ico
[2010.06.25 21:22:29 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.06.25 21:18:59 | 278,203,761 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.25 16:46:37 | 000,644,517 | ---- | M] () -- C:\Users\John Braun\Desktop\mixed girl wallpaper.jpg
[2010.06.25 14:11:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010.06.25 14:11:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010.06.23 13:51:41 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.06.23 13:51:41 | 000,524,288 | -HS- | M] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.06.23 13:51:41 | 000,065,536 | -HS- | M] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TM.blf
[2010.06.22 16:28:35 | 000,000,022 | ---- | M] () -- C:\Windows\SysWow64\mseixml.sei
[2010.06.22 16:28:35 | 000,000,022 | ---- | M] () -- C:\Windows\mseixml.sei
[2010.06.22 16:28:35 | 000,000,002 | ---- | M] () -- C:\Users\John Braun\Documents\eisavedicon.bmp
[2010.06.22 13:33:10 | 004,861,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.21 12:44:08 | 025,237,620 | ---- | M] () -- C:\Users\John Braun\Documents\clip0002.avi
[2010.06.20 21:46:12 | 000,313,344 | ---- | M] (Emblem) -- C:\Users\John Braun\AppData\Roaming\Emblem_Crypter.exe
[2010.06.20 18:54:22 | 018,481,424 | ---- | M] () -- C:\Users\John Braun\Documents\clip0001.avi
[2010.06.20 16:26:03 | 000,000,965 | ---- | M] () -- C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
[2010.06.20 16:24:43 | 000,062,952 | ---- | M] () -- C:\Users\John Braun\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.15 13:47:36 | 000,125,952 | ---- | M] () -- C:\Users\John Braun\Desktop\WoW_Cata_Beta_keygen.exe
[2010.06.14 20:11:01 | 000,000,020 | ---- | M] () -- C:\Windows\hô¨
[2010.06.13 21:04:50 | 000,000,099 | ---- | M] () -- C:\Windows\SysWow64\lncom.exe.bat
[2010.06.13 20:34:33 | 000,087,600 | ---- | M] () -- C:\Windows\comp.wav
[2010.06.13 20:34:33 | 000,032,304 | ---- | M] () -- C:\Windows\broke.wav
[2010.06.13 20:34:32 | 000,235,056 | ---- | M] () -- C:\Windows\Discon.wav
[2010.06.13 20:34:32 | 000,068,016 | ---- | M] () -- C:\Windows\Growl.wav
[2010.06.13 20:34:31 | 002,014,348 | ---- | M] () -- C:\Windows\op.wav
[2010.06.13 20:31:51 | 000,000,124 | ---- | M] () -- C:\Windows\remove.bat
[2010.06.13 20:28:27 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.06.13 20:28:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.06.13 20:25:29 | 000,586,232 | ---- | M] () -- C:\Users\John Braun\Documents\Config.Cerberus
[2010.06.13 20:22:13 | 000,412,672 | ---- | M] (JB) -- C:\Windows\SysWow64\vbskpro.ocx
[2010.06.13 20:20:59 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pskill.exe
[2010.06.13 20:20:54 | 000,271,872 | ---- | M] (The UPX Team hxxp://upx.sf.net) -- C:\Windows\SysWow64\upx.exe
[2010.06.13 20:18:38 | 001,077,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010.06.13 20:18:38 | 000,209,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX
[2010.06.13 20:18:38 | 000,198,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MCI32.OCX
[2010.06.13 20:18:38 | 000,140,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ComDlg32.OCX
[2010.06.13 20:18:38 | 000,115,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2010.06.13 20:18:37 | 000,108,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2010.06.13 15:15:09 | 000,035,592 | ---- | M] () -- C:\Users\John Braun\AppData\Roaming\SQLite3.dll
[2010.06.08 13:24:58 | 000,144,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys
[2010.06.08 13:24:54 | 000,318,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNotify.dll
[2010.06.06 20:00:10 | 016,800,040 | ---- | M] (Smart PC Solutions ) -- C:\Windows\SysWow64\startupbooster24.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.06 15:32:30 | 000,000,022 | ---- | C] () -- C:\Users\John Braun\Desktop\CyberGate v1.04.8.zip
[2010.07.06 15:05:50 | 000,001,278 | ---- | C] () -- C:\Users\John Braun\Desktop\Spybot - Search & Destroy.lnk
[2010.07.05 21:48:40 | 000,001,139 | ---- | C] () -- C:\Users\John Braun\Desktop\Microsoft Visual Basic 2010 Express installieren.lnk
[2010.07.05 16:15:17 | 000,121,727 | ---- | C] () -- C:\Users\John Braun\Desktop\gh.jpg
[2010.07.05 14:59:00 | 000,045,229 | ---- | C] () -- C:\Users\John Braun\Desktop\EMO Girls 131_07.jpg
[2010.07.05 14:57:42 | 000,055,353 | ---- | C] () -- C:\Users\John Braun\Desktop\EMO Girls 136_09.jpg
[2010.07.04 21:25:48 | 000,548,309 | ---- | C] () -- C:\Users\John Braun\Desktop\Usenext_Creator_by_moepOmat.rar
[2010.07.04 20:51:04 | 007,253,380 | ---- | C] () -- C:\Users\John Braun\Desktop\UseNeXT_Pack.rar
[2010.07.04 20:29:35 | 002,293,456 | ---- | C] () -- C:\Users\John Braun\Desktop\ScanCrypt.rar
[2010.07.04 19:42:33 | 000,456,172 | ---- | C] () -- C:\Users\John Braun\Desktop\downloader+usg.rar
[2010.07.04 19:40:09 | 001,373,237 | ---- | C] () -- C:\Users\John Braun\Desktop\Tool Store Keylogger 0.5.1.rar
[2010.07.04 18:06:55 | 002,363,812 | ---- | C] () -- C:\Users\John Braun\Desktop\Trial Account Creator Lite 1.1.zip
[2010.07.04 17:16:05 | 003,536,354 | ---- | C] () -- C:\Users\John Braun\Desktop\Twinkle_Crypt_-_CRACKED.rar
[2010.07.04 17:07:29 | 003,392,147 | ---- | C] () -- C:\Users\John Braun\Desktop\M_RU_Crypter_-_CRACKED.rar
[2010.07.04 16:54:46 | 001,940,857 | ---- | C] () -- C:\Users\John Braun\Desktop\twinkle_public_v1.2.rar
[2010.07.04 16:31:14 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.01 15:01:48 | 085,584,584 | ---- | C] () -- C:\Users\John Braun\Desktop\IMP2010.rar
[2010.07.01 14:50:21 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Parallel Password Recovery Manager.lnk
[2010.07.01 14:50:21 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Password Definition Master.lnk
[2010.07.01 14:24:15 | 000,323,000 | ---- | C] () -- C:\Users\John Braun\Desktop\igrargpu_v05.zip
[2010.07.01 12:17:30 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.07.01 12:17:30 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.07.01 12:10:58 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.07.01 12:10:58 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.07.01 12:10:58 | 000,065,536 | -HS- | C] () -- C:\Users\John Braun\ntuser.dat{e6ff50d1-84f8-11df-b16f-002618ac37ec}.TM.blf
[2010.06.30 09:24:28 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.28 19:48:49 | 099,616,814 | ---- | C] () -- C:\Users\John Braun\Documents\Aufnahme-1.avi
[2010.06.28 19:48:03 | 000,005,632 | ---- | C] () -- C:\Users\John Braun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.28 03:04:31 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.06.28 03:04:19 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010.06.28 03:04:19 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010.06.28 03:04:19 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2010.06.28 03:04:19 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2010.06.28 03:04:19 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2010.06.28 03:04:19 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010.06.28 03:04:19 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010.06.28 03:04:19 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010.06.28 02:46:01 | 121,180,364 | ---- | C] () -- C:\Users\John Braun\Documents\clip0004.avi
[2010.06.28 02:43:24 | 067,529,446 | ---- | C] () -- C:\Users\John Braun\Documents\clip0003.avi
[2010.06.28 02:40:47 | 000,125,952 | ---- | C] () -- C:\Users\John Braun\Desktop\WoW_Cata_Beta_keygen.exe
[2010.06.28 02:21:59 | 000,009,662 | ---- | C] () -- C:\Windows\SysWow64\WoW_Cata_Beta_keygen.exe#32512.ico
[2010.06.25 21:22:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.25 21:18:59 | 278,203,761 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.06.25 18:04:40 | 003,708,512 | ---- | C] () -- C:\Users\John Braun\Desktop\crack.zip
[2010.06.25 14:11:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2010.06.25 14:11:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2010.06.25 08:31:53 | 000,644,517 | ---- | C] () -- C:\Users\John Braun\Desktop\mixed girl wallpaper.jpg
[2010.06.23 13:51:41 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000002.regtrans-ms
[2010.06.23 13:51:41 | 000,524,288 | -HS- | C] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TMContainer00000000000000000001.regtrans-ms
[2010.06.23 13:51:41 | 000,065,536 | -HS- | C] () -- C:\Users\John Braun\NTUSER.DAT{ca263a64-7df1-11df-9ac0-002618ac37ec}.TM.blf
[2010.06.22 16:28:35 | 000,000,022 | ---- | C] () -- C:\Windows\SysWow64\mseixml.sei
[2010.06.22 16:28:35 | 000,000,022 | ---- | C] () -- C:\Windows\mseixml.sei
[2010.06.22 16:28:35 | 000,000,002 | ---- | C] () -- C:\Users\John Braun\Documents\eisavedicon.bmp
[2010.06.21 12:43:09 | 025,237,620 | ---- | C] () -- C:\Users\John Braun\Documents\clip0002.avi
[2010.06.20 18:51:37 | 018,481,424 | ---- | C] () -- C:\Users\John Braun\Documents\clip0001.avi
[2010.06.17 18:50:17 | 000,000,965 | ---- | C] () -- C:\Users\John Braun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
[2010.06.14 20:11:01 | 000,000,020 | ---- | C] () -- C:\Windows\hô¨
[2010.06.13 21:04:50 | 000,000,099 | ---- | C] () -- C:\Windows\SysWow64\lncom.exe.bat
[2010.06.13 20:31:45 | 000,000,124 | ---- | C] () -- C:\Windows\remove.bat
[2010.06.13 20:18:38 | 000,235,056 | ---- | C] () -- C:\Windows\Discon.wav
[2010.06.13 20:18:38 | 000,087,600 | ---- | C] () -- C:\Windows\comp.wav
[2010.06.13 20:18:38 | 000,068,016 | ---- | C] () -- C:\Windows\Growl.wav
[2010.06.13 20:18:38 | 000,032,304 | ---- | C] () -- C:\Windows\broke.wav
[2010.06.13 20:18:37 | 002,014,348 | ---- | C] () -- C:\Windows\op.wav
[2010.06.13 15:15:09 | 000,035,592 | ---- | C] () -- C:\Users\John Braun\AppData\Roaming\SQLite3.dll
[2010.06.12 03:03:40 | 000,019,016 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2010.06.12 02:49:10 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.06.12 02:49:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.06.12 02:49:10 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.06.12 02:49:10 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.06.12 02:49:10 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.06.12 02:48:37 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010.06.12 02:48:34 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010.06.12 02:48:30 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010.06.12 00:16:10 | 000,586,232 | ---- | C] () -- C:\Users\John Braun\Documents\Config.Cerberus
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.21 14:27:55 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2010.05.12 18:55:01 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2010.05.06 15:08:13 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2010.05.06 15:08:12 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\harmony.dll
[2010.05.02 12:55:53 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\xlive_d.dll
[2010.05.02 08:44:58 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.05.02 08:44:58 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.05.02 08:44:54 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.05.02 08:44:54 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.05.02 08:42:02 | 000,026,787 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.05.02 08:41:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.05.02 08:41:40 | 000,020,736 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.29 15:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 15:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.04.02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2002.07.31 22:32:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2002.07.31 22:32:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\iacenc.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CC2DDA0D
< End of report > |