Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bitte um Hilfe. "TR/Spy.gen"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.11.2010, 22:43   #1
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



Hallo liebe User,

ich habe eine Frage und bitte euch um Hilfe.
Gestern Abend fing mein AntiVir Programm an Alarm zuschlagen und meldete mir einen "TR/Spy.Gen" ich habe diesen durch Änderung der Ordneroptionen ausfündig gemacht im Ordner "Temp". Diese Datei habe ich öfters gelöscht und sie kam imemr wieder. Heute nach dem zweiten mal löschen, war sie nun irgendwie weg. Jetzt habe ich den Ordner "Temp" mal zur sicherheit nachgescannt und jetzt zeigt er mir einen TR/Drop.VB.apyu an. Habe diesen jetzt mal in quarantäne verschoben und habe HijackThis durchlaufen lassen.

Jetzt wollte ich euch fragen ob ihr noch irgendwelche infizierungen erkennen könnt. Vielen dank schon einmal

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:56, on 02.11.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\MarkAny\ContentSafer\MaAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\Salva\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
c:\Users\Salva\Downloads\HiJackThis204.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avnotify.exe
C:\Windows\system32\DllHost.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Messenger Plus Live Germany Toolbar - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [otutnmoqn] rundll32.exe "C:\Users\Salva\AppData\Roaming\zwckxl.dll",ebrcnn
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Audio Driver] "C:\Windows\system32\audiohd.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Salva\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Audio Driver] "C:\Users\Salva\AppData\Roaming\audiohd.exe"
O4 - HKCU\..\Run: [{7D7186F2-879A-1298-3CE7-F26AB0C09832}] C:\Users\Salva\AppData\Roaming\Vyywah\xaok.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Salva\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: hxxp://www.esl.eu
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1224266755
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47C19AB3-FCED-408B-A2F3-A5E4AB99EA4C}: NameServer = 192.168.2.1,194.25.2.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
 
--
End of file - 13773 bytes
         
--- --- ---

Alt 03.11.2010, 06:18   #2
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



Niemand Lust, mir vielleicht zuhelfen? :-(
__________________


Alt 03.11.2010, 09:43   #3
markusg
/// Malware-holic
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



hi, bitte geduld, wir machen das hier in unserer freizeit.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
machst du online banking oder online einkäufe?
__________________
__________________

Alt 03.11.2010, 10:11   #4
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



Hi Markus,

danke für deine schnelle antwort und die Anleitung.
Zu deiner Frage: Nein betreibe kein Onlinebanking.
Onlineeinkaeufe nur kleinere und eher selten, für ein Onlinespiel,die laufen über PaysafeCard.
Bin grad auf der Arbeit, werde wenn ich daheim bin sofort damit loslegen, was in deiner Anleitung steht.
Also bis um 16Uhr dann.

Gruß und Danke nochmal, nasuper123

Alt 03.11.2010, 10:25   #5
markusg
/// Malware-holic
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



ok wir sehen uns :-)
endere doch bitte alle zugänge von nem sauberen pc aus, damit nicht jemand mit dieser card unfug anstellt, falls das möglich ist.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2010, 16:07   #6
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



So :-)
Also, ich habe jetzt erstmal von einem Laptop aus, sämtliche Daten von Email, Messengern oder ähnlichem geändert.
Im moment lasse ich gerade diesen OTL Scan durchlaufen.

Genau wie du es geschrieben hast:
_Scanne alle Benutzer
_Minimal Ausgabe
_LOP & Purity Prüfung
_Benutze SafeList
Und noch eingestellt war Datei Alter 90 Tage.

Sobald es fertig gescannt ist. werde ich es posten. :-)

Alt 03.11.2010, 16:08   #7
markusg
/// Malware-holic
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



sehr schön :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2010, 16:56   #8
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



So, nun ist es endlich soweit:

Alt 03.11.2010, 16:58   #9
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



Und die OTL.txt Datei war zu groß.

Deswegen schreib ich sie so rein:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.11.2010 16:00:02 - Run 1
OTL by OldTimer - Version 3.2.17.2     Folder = C:\Users\Salva\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 69,63 Gb Free Space | 25,04% Space Free | Partition Type: NTFS
Drive D: | 20,01 Gb Total Space | 6,70 Gb Free Space | 33,50% Space Free | Partition Type: FAT32
 
Computer Name: SALVA-PC | User Name: Salva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Salva\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Users\Salva\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - C:\Programme\Ares\Ares.exe (Ares Development Group)
PRC - C:\Programme\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Windows\System32\lxctcoms.exe ( )
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Salva\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AresChatServer) -- C:\Programme\Ares\chatServer.exe (Ares Development Group)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (lxct_device) -- C:\Windows\System32\lxctcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (dsreader) MaxDrive Driver (dsreader.sys) -- C:\Windows\System32\drivers\dsreader.sys (Thesycon GmbH, Germany)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 0F A2 16 CB 12 CB 01  [binary data]
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "msn.de"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.7.0088
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.04 10:38:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 19:29:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 19:29:20 | 000,000,000 | ---D | M]
 
[2009.01.10 13:12:40 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Extensions
[2010.11.02 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions
[2010.08.24 16:37:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(184)
[2010.08.24 16:37:20 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}(185)
[2010.05.30 19:08:20 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280}
[2010.09.05 18:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2010.08.24 16:36:44 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}(186)
[2010.06.16 10:36:16 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2009.12.31 16:47:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.28 14:20:03 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010.08.01 16:16:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.24 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\extension@virtusdesigns.com
[2010.08.24 16:36:46 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\Foxdie@tanjihay(179).com
[2010.09.05 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\Foxdie@tanjihay.com
[2010.08.24 16:36:51 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\foxdie_ext_ocelot@foxdie(180).us
[2010.08.24 16:36:47 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\FoxdieGraphite@tanjihay(181).com
[2010.09.05 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\FoxdieGraphite@tanjihay.com
[2010.08.24 16:36:48 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\nasanightlaunch@example(182).com
[2010.09.05 18:37:30 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\nasanightlaunch@example.com
[2010.08.24 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\personas@christopher(183).beard
[2010.08.24 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\extension@virtusdesigns.com\__MACOSX
[2010.08.24 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\extension@virtusdesigns.com\chrome
[2010.08.24 16:37:13 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\extension@virtusdesigns.com\defaults
[2010.08.24 16:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}(186)\chrome\mac\mozapps\extensions
[2010.08.24 16:36:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Salva\AppData\Roaming\mozilla\Firefox\Profiles\9yiviz7j.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}(186)\chrome\win\mozapps\extensions
[2009.06.14 10:54:19 | 000,001,681 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\ask.uk.xml
[2008.10.22 21:47:48 | 000,000,681 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\ask.xml
[2010.06.11 01:08:24 | 000,000,917 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\conduit.xml
[2010.10.31 11:08:37 | 000,000,950 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\icqplugin-1.xml
[2009.10.17 22:27:14 | 000,000,950 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\icqplugin-2.xml
[2009.11.30 18:32:47 | 000,000,950 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\icqplugin-3.xml
[2009.11.30 22:46:20 | 000,000,950 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\icqplugin-4.xml
[2010.01.09 21:54:14 | 000,000,961 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\icqplugin-5.xml
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Salva\AppData\Roaming\Mozilla\FireFox\Profiles\9yiviz7j.default\searchplugins\icqplugin.xml
[2010.11.02 21:15:00 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 18:56:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.24 19:56:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.12 20:02:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.25 18:29:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.25 18:29:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.25 18:29:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.25 18:29:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.25 18:29:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar1.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
O4 - HKLM..\Run: [MAAgent] C:\Programme\MarkAny\ContentSafer\MaAgent.exe ((주)마크애니)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [otutnmoqn] C:\Users\Salva\AppData\Roaming\zwckxl.DLL File not found
O4 - HKLM..\Run: [SMSTray] C:\Programme\Samsung\Samsung Media Studio 5\SMSTray.exe (SAMSUNG ELECTRONICS)
O4 - HKLM..\Run: [Windows Audio Driver] C:\Windows\System32\audiohd.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [{7D7186F2-879A-1298-3CE7-F26AB0C09832}] C:\Users\Salva\AppData\Roaming\Vyywah\xaok.exe File not found
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [BitTorrent DNA] C:\Users\Salva\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [Windows Audio Driver] C:\Users\Salva\AppData\Roaming\audiohd.exe File not found
O4 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Salva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O4 - Startup: C:\Users\Salva1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Salva\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1663235162-73008841-3581746775-1000\..Trusted Domains: esl.eu ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1224266755 (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Salva\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Salva\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {88485281-8b4b-4f8d-9ede-82e29a064277} - C:\Programme\MarkAny\ContentSafer\MACSMANAGER.dll (MarkAny Cooperation.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{164626b6-0497-11dd-a795-001c4af3f9a8}\Shell - "" = AutoRun
O33 - MountPoints2\{164626b6-0497-11dd-a795-001c4af3f9a8}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{2b818cb6-797d-11df-bd3a-001c4af4dd4d}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O33 - MountPoints2\{a12bf38c-206f-11df-bae6-001c4af4dd4d}\Shell\AutoRun\command - "" = K:\Menu.exe -- File not found
O33 - MountPoints2\{ac35f78c-31c7-11df-bb59-001c4af4dd4d}\Shell - "" = AutoRun
O33 - MountPoints2\{ac35f78c-31c7-11df-bb59-001c4af4dd4d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b1d5d4e8-d69c-11dc-bd11-0019db51d684}\Shell - "" = AutoRun
O33 - MountPoints2\{b1d5d4e8-d69c-11dc-bd11-0019db51d684}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{ea50f779-d7af-11dd-ac57-001c4af4dd4d}\Shell - "" = AutoRun
O33 - MountPoints2\{ea50f779-d7af-11dd-ac57-001c4af4dd4d}\Shell\AutoRun\command - "" = L:\FalloutLauncher.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6\ICQ.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Lexmark 5400 Series Fax Server - hkey= - key= - C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.25 18:47:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.10.25 18:46:38 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2010.10.24 14:14:58 | 000,000,000 | ---D | C] -- C:\Users\Salva\Desktop\3DAvatars
[2010.10.17 19:12:30 | 000,000,000 | ---D | C] -- C:\Users\Salva\Desktop\MADI=)
[2010.10.14 13:23:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 20:09:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 20:09:29 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 20:09:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.13 20:09:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.10.13 20:09:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.13 20:09:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.13 20:09:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.13 20:09:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 20:09:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.10.13 20:09:27 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.13 20:09:27 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.10.13 20:09:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.10.13 20:09:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.10.13 20:09:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.10.13 20:09:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.13 20:09:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.13 20:09:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.09.12 20:04:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.09.12 20:02:43 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.12 20:02:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.12 20:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.12 20:02:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.07 19:27:59 | 013,317,624 | ---- | C] (Opera Software ASA) -- C:\Users\Salva\Desktop\Opera_1061_int_Setup.exe
[2010.09.05 18:43:03 | 000,000,000 | ---D | C] -- C:\Users\Salva\AppData\Local\Pando_Temp
[2010.09.02 20:40:54 | 000,000,000 | ---D | C] -- C:\Users\Salva\AppData\Roaming\Opera
[2010.09.02 20:40:54 | 000,000,000 | ---D | C] -- C:\Users\Salva\AppData\Local\Opera
[2010.09.02 20:40:08 | 000,000,000 | ---D | C] -- C:\Programme\Opera
[2010.08.20 02:09:56 | 000,000,000 | ---D | C] -- C:\Programme\IObit
[2010.08.17 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Salva\AppData\Roaming\TuneUp Software
[2010.08.17 15:17:29 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.08.17 15:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.08.17 15:14:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.08.13 19:55:24 | 000,000,000 | ---D | C] -- C:\Users\Salva\AppData\Roaming\Locktime
[2010.08.13 16:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Locktime
[2010.08.13 02:03:20 | 000,000,000 | ---D | C] -- C:\Users\Salva\Desktop\Originals
[2010.08.13 01:53:15 | 000,000,000 | ---D | C] -- C:\Users\Salva\Desktop\Icons
[2010.08.13 01:43:33 | 000,000,000 | ---D | C] -- C:\Users\Salva\Desktop\keens_iconpack_0.33
[2010.08.12 23:45:51 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.08.05 21:29:52 | 000,000,000 | ---D | C] -- C:\Users\Salva\Desktop\img
[2006.07.13 18:38:18 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2006.07.13 18:37:04 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2006.07.13 18:32:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2006.07.13 18:30:18 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2006.07.13 18:28:08 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2006.07.13 18:27:24 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2006.07.13 18:26:42 | 000,667,648 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2006.07.13 18:26:12 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2006.07.13 18:19:32 | 000,983,040 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2006.07.13 18:16:42 | 000,528,384 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2006.07.13 18:15:54 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.11.03 15:43:39 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.03 15:43:39 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.03 15:43:39 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.03 15:43:39 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.03 15:38:05 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.03 15:38:05 | 000,036,917 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.03 15:37:09 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.03 15:37:09 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.03 15:37:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.03 15:36:59 | 2143,838,208 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.02 20:50:26 | 000,002,032 | ---- | M] () -- C:\Users\Salva\AppData\Local\d3d9caps.dat
[2010.11.02 17:57:04 | 005,885,781 | ---- | M] () -- C:\Users\Salva\Desktop\Huey- Nobody Loves The Hood.mp3
[2010.11.02 17:56:42 | 006,089,893 | ---- | M] () -- C:\Users\Salva\Desktop\Huey - Notebook Paper - 06 - 2 nite.mp3
[2010.11.02 17:56:19 | 006,684,807 | ---- | M] () -- C:\Users\Salva\Desktop\09 bushido - hast du was bist du was.mp3
[2010.11.02 17:50:32 | 000,011,470 | -HS- | M] () -- C:\Users\Salva\Desktop\Folder.jpg
[2010.11.02 17:50:32 | 000,011,470 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{64BB48A0-591E-4E6B-90EC-C30928861065}_Large.jpg
[2010.11.02 17:50:09 | 000,002,797 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArtSmall.jpg
[2010.11.02 17:50:09 | 000,002,797 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{64BB48A0-591E-4E6B-90EC-C30928861065}_Small.jpg
[2010.11.02 17:48:18 | 000,010,595 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{DB420B2B-5D73-4D32-99A0-79B4E5FD039E}_Large.jpg
[2010.11.02 17:47:53 | 000,002,802 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{DB420B2B-5D73-4D32-99A0-79B4E5FD039E}_Small.jpg
[2010.11.02 17:44:04 | 008,885,983 | ---- | M] () -- C:\Users\Salva\Desktop\12 Titel 12.mp3
[2010.11.02 17:43:42 | 007,065,707 | ---- | M] () -- C:\Users\Salva\Desktop\03 razorlight - wire to wire.mp3
[2010.11.02 17:39:56 | 005,249,821 | ---- | M] () -- C:\Users\Salva\Desktop\copia de que tengo que hacer.mp3
[2010.11.02 17:39:02 | 000,011,969 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{693263B9-5BC1-4666-A8D7-BF23818A35D6}_Large.jpg
[2010.11.02 17:38:30 | 000,003,079 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{693263B9-5BC1-4666-A8D7-BF23818A35D6}_Small.jpg
[2010.11.02 17:36:42 | 000,017,384 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{F1D2E6E9-2209-404F-97B2-92857855D75B}_Large.jpg
[2010.11.02 17:36:13 | 000,003,593 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{F1D2E6E9-2209-404F-97B2-92857855D75B}_Small.jpg
[2010.11.02 17:34:02 | 000,017,665 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{969E190D-C45F-4201-AABE-82B4CD1DECCE}_Large.jpg
[2010.11.02 17:33:33 | 000,003,973 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{969E190D-C45F-4201-AABE-82B4CD1DECCE}_Small.jpg
[2010.11.02 16:59:02 | 004,545,758 | ---- | M] () -- C:\Users\Salva\Desktop\Headhunterz vs. Abject - Scantraxx Rootz.mp3
[2010.11.02 16:58:33 | 007,383,168 | ---- | M] () -- C:\Users\Salva\Desktop\Bushido_-_Alles_Gute_kommt_von_unten_feat._Chakuza__Kay_One.mp3
[2010.11.02 16:58:06 | 004,246,882 | ---- | M] () -- C:\Users\Salva\Desktop\Bushido - 7 - 13 - Reich mir nicht deine Hand.mp3
[2010.11.02 16:57:40 | 011,038,283 | ---- | M] () -- C:\Users\Salva\Desktop\109-justin_timberlake-summer_love-set_the_mood_prelude-ucs.mp3
[2010.11.02 16:54:36 | 000,009,905 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{6AAED1DD-804F-4468-9B53-518E8C817E21}_Large.jpg
[2010.11.02 16:54:34 | 000,014,860 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{C90871F0-A4E6-47F3-90CE-04A844F89A64}_Large.jpg
[2010.11.02 16:54:33 | 000,003,056 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{6AAED1DD-804F-4468-9B53-518E8C817E21}_Small.jpg
[2010.11.02 16:54:31 | 000,003,202 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{C90871F0-A4E6-47F3-90CE-04A844F89A64}_Small.jpg
[2010.11.02 16:54:29 | 000,007,313 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{D6D6FADC-B55A-4C8B-A639-5F5D428D9770}_Large.jpg
[2010.11.02 16:54:28 | 000,002,197 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{D6D6FADC-B55A-4C8B-A639-5F5D428D9770}_Small.jpg
[2010.11.02 15:49:08 | 000,312,345 | ---- | M] () -- C:\Users\Salva\Desktop\30745_as1r_123_1114lo.jpg
[2010.10.31 21:18:21 | 000,000,104 | ---- | M] () -- C:\Users\Salva\Desktop\Papierkorb - Verknüpfung.lnk
[2010.10.30 12:09:34 | 004,167,808 | ---- | M] () -- C:\Users\Salva\Desktop\No Soul.mp3
[2010.10.24 14:12:21 | 005,859,702 | ---- | M] () -- C:\Users\Salva\Desktop\3DAvatars.rar
[2010.10.23 13:33:52 | 000,024,439 | ---- | M] () -- C:\Users\Salva\Desktop\s.jpg
[2010.10.22 22:55:20 | 000,055,296 | ---- | M] () -- C:\Users\Salva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.21 20:04:01 | 000,040,813 | ---- | M] () -- C:\Users\Salva\Desktop\Snapshot_20101021_13.JPG
[2010.10.21 15:10:10 | 000,068,175 | ---- | M] () -- C:\Users\Salva\Desktop\333333.jpg
[2010.10.20 21:27:41 | 000,041,886 | ---- | M] () -- C:\Users\Salva\Desktop\22222.jpg
[2010.10.20 21:12:33 | 000,013,148 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{BF7EC0C9-BF4D-4F86-81EA-A96F717D1909}_Large.jpg
[2010.10.20 21:12:33 | 000,002,844 | -HS- | M] () -- C:\Users\Salva\Desktop\AlbumArt_{BF7EC0C9-BF4D-4F86-81EA-A96F717D1909}_Small.jpg
[2010.10.20 21:10:25 | 000,174,384 | ---- | M] () -- C:\Users\Salva\Desktop\project.cedprj
[2010.10.20 20:24:36 | 006,072,448 | ---- | M] () -- C:\Users\Salva\Desktop\MADI=)    - Dschungelbuch King Louie - Ich wär so gern wie du.mp3
[2010.10.20 20:21:20 | 003,768,448 | ---- | M] () -- C:\Users\Salva\Desktop\MADI=) Mulan  - Sei ein Mann.mp3
[2010.10.20 20:15:02 | 006,963,328 | ---- | M] () -- C:\Users\Salva\Desktop\MADI=) B.O.B FEAT. BRUNO MARS - NOTHING ON YOU.mp3
[2010.10.20 19:10:20 | 000,169,247 | ---- | M] () -- C:\Users\Salva\Desktop\01102010356-tile1.jpg
[2010.10.20 19:07:11 | 000,209,920 | -H-- | M] () -- C:\Users\Salva\Desktop\photothumb.db
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.17 21:33:50 | 000,173,125 | ---- | M] () -- C:\Users\Salva\Desktop\01102010356-tile.jpg
[2010.10.17 21:21:54 | 000,050,176 | -H-- | M] () -- C:\Users\Salva\photothumb.db
[2010.10.17 21:20:13 | 000,012,288 | -H-- | M] () -- C:\Users\Salva\Documents\photothumb.db
[2010.10.17 21:12:48 | 000,162,385 | ---- | M] () -- C:\Users\Salva\Desktop\Hochzeit Daniele.jpg
[2010.10.17 20:53:18 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.10.17 19:07:37 | 001,517,893 | ---- | M] () -- C:\Users\Salva\Desktop\tor-0.2.1.26-win32.exe
[2010.10.17 11:22:42 | 005,657,416 | ---- | M] () -- C:\Users\Salva\Desktop\copia de rihanna-only girl (in the world)-mastered-adwiin.mp3
[2010.10.14 16:02:00 | 000,014,139 | ---- | M] () -- C:\Users\Salva\Desktop\sssss.odt
[2010.09.25 09:48:33 | 004,245,632 | ---- | M] () -- C:\Users\Salva\Desktop\Sexion D'assaut - Désolé.mp3
[2010.09.20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.09.19 10:14:41 | 005,388,416 | ---- | M] () -- C:\Users\Salva\Desktop\Lady Gaga - Alejandro [Dave Aude Radio Mix] [Future Trance Vol. 53].mp3
[2010.09.19 10:11:30 | 005,220,480 | ---- | M] () -- C:\Users\Salva\Desktop\Stereo Rocker (Future Trance Vol.53) - LOL (Radio Mix FT Fast).mp3
[2010.09.19 09:51:06 | 005,869,696 | ---- | M] () -- C:\Users\Salva\Desktop\Inna - Deja vu.mp3
[2010.09.19 09:50:31 | 005,382,272 | ---- | M] () -- C:\Users\Salva\Desktop\Inna - Sun Is Up.mp3
[2010.09.19 09:45:35 | 004,923,520 | ---- | M] () -- C:\Users\Salva\Desktop\Medina - You and I.mp3
[2010.09.19 09:41:32 | 005,937,280 | ---- | M] () -- C:\Users\Salva\Desktop\Swedish House Mafia - One (Your Name) feat Pharrell.mp3
[2010.09.19 09:21:55 | 004,184,192 | ---- | M] () -- C:\Users\Salva\Desktop\PH Electro - Englishman In New York.mp3
[2010.09.17 22:43:54 | 000,012,849 | ---- | M] () -- C:\Users\Salva\Desktop\DSC09599 (2).jpg
[2010.09.13 11:50:15 | 009,025,948 | ---- | M] () -- C:\Users\Salva\Desktop\06. Elektra - Dishi (Fast Foot Rmx)  [WWW.FINESTBLACKBEATZ.US].mp3
[2010.09.12 15:21:58 | 000,006,443 | ---- | M] () -- C:\Users\Salva\Desktop\049.png
[2010.09.08 06:58:17 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.09.08 06:57:48 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.09.08 06:57:48 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.09.08 06:57:18 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.09.08 06:57:10 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.09.08 06:57:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.09.08 06:56:53 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.09.08 06:56:53 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.09.08 06:56:53 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.09.08 06:56:52 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.09.08 06:56:52 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.09.08 06:56:47 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.09.08 06:04:36 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.09.08 05:26:46 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.09.08 05:26:25 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.09.08 05:25:50 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.09.08 05:25:15 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.09.07 19:28:00 | 013,317,624 | ---- | M] (Opera Software ASA) -- C:\Users\Salva\Desktop\Opera_1061_int_Setup.exe
[2010.09.05 19:21:44 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.09.05 19:02:03 | 674,588,448 | ---- | M] () -- C:\Users\Salva\War_Rock_20100806.exe
[2010.09.05 18:42:42 | 000,000,953 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2010.09.05 18:42:42 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\GamersFirst LIVE!.lnk
[2010.08.25 07:30:41 | 007,170,176 | ---- | M] () -- C:\Users\Salva\Desktop\Llamado De Emergencia.mp3
[2010.08.25 07:30:28 | 006,697,088 | ---- | M] () -- C:\Users\Salva\Desktop\Lo que paso paso.mp3
[2010.08.25 07:30:24 | 003,846,272 | ---- | M] () -- C:\Users\Salva\Desktop\No Me Dejes Solo.mp3
[2010.08.24 21:39:01 | 006,047,872 | ---- | M] () -- C:\Users\Salva\Desktop\Dile.mp3
[2010.08.23 11:41:17 | 000,206,793 | ---- | M] () -- C:\Users\Salva\Documents\ts3_clientui-win32-11937-2010-08-23 12_41_16.566220.dmp
[2010.08.22 01:28:10 | 010,057,734 | ---- | M] () -- C:\Users\Salva\Desktop\06 Nothin On You.m4a
[2010.08.22 01:07:07 | 008,106,045 | ---- | M] () -- C:\Users\Salva\Desktop\08 Beautiful Monster.m4a
[2010.08.22 01:06:16 | 006,755,144 | ---- | M] () -- C:\Users\Salva\Desktop\06 Amazing.m4a
[2010.08.22 01:05:15 | 007,871,334 | ---- | M] () -- C:\Users\Salva\Desktop\03 California Girl.m4a
[2010.08.21 21:03:24 | 000,199,117 | ---- | M] () -- C:\Users\Salva\Documents\ts3_clientui-win32-11937-2010-08-21 22_03_22.879308.dmp
[2010.08.19 13:21:04 | 004,042,880 | ---- | M] () -- C:\Users\Salva\Desktop\Dan Balan- Chica Bomb (Official Music Video ).mp3
[2010.08.19 01:01:05 | 000,012,471 | ---- | M] () -- C:\Users\Salva\Desktop\acc.odt
[2010.08.14 14:25:01 | 006,015,104 | ---- | M] () -- C:\Users\Salva\Desktop\Laserkraft 3D - Nein Mann.mp3
[2010.08.12 23:46:33 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2010.08.12 23:46:33 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.08.12 16:31:02 | 006,619,264 | ---- | M] () -- C:\Users\Salva\Desktop\Opium Project - Hello Moskva (Dj Revyakin Next Touch Flo Remix).mp3
[2010.08.12 14:00:43 | 000,000,211 | ---- | M] () -- C:\Users\Salva\Desktop\Spielezentrum.url
[2010.08.12 12:45:32 | 006,146,176 | ---- | M] () -- C:\Users\Salva\Desktop\tokyo drift - teriyaki boys.mp3
 
========== Files Created - No Company Name ==========
 
[2010.11.02 17:51:00 | 000,011,470 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{64BB48A0-591E-4E6B-90EC-C30928861065}_Large.jpg
[2010.11.02 17:51:00 | 000,002,797 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{64BB48A0-591E-4E6B-90EC-C30928861065}_Small.jpg
[2010.11.02 17:48:43 | 000,010,595 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{DB420B2B-5D73-4D32-99A0-79B4E5FD039E}_Large.jpg
[2010.11.02 17:48:43 | 000,002,802 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{DB420B2B-5D73-4D32-99A0-79B4E5FD039E}_Small.jpg
[2010.11.02 17:39:34 | 000,011,969 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{693263B9-5BC1-4666-A8D7-BF23818A35D6}_Large.jpg
[2010.11.02 17:39:34 | 000,003,079 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{693263B9-5BC1-4666-A8D7-BF23818A35D6}_Small.jpg
[2010.11.02 17:37:20 | 000,017,384 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{F1D2E6E9-2209-404F-97B2-92857855D75B}_Large.jpg
[2010.11.02 17:37:20 | 000,003,593 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{F1D2E6E9-2209-404F-97B2-92857855D75B}_Small.jpg
[2010.11.02 17:34:39 | 000,017,665 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{969E190D-C45F-4201-AABE-82B4CD1DECCE}_Large.jpg
[2010.11.02 17:34:39 | 000,003,973 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{969E190D-C45F-4201-AABE-82B4CD1DECCE}_Small.jpg
[2010.11.02 16:54:42 | 000,009,905 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{6AAED1DD-804F-4468-9B53-518E8C817E21}_Large.jpg
[2010.11.02 16:54:42 | 000,003,056 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{6AAED1DD-804F-4468-9B53-518E8C817E21}_Small.jpg
[2010.11.02 16:54:38 | 000,014,860 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{C90871F0-A4E6-47F3-90CE-04A844F89A64}_Large.jpg
[2010.11.02 16:54:38 | 000,003,202 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{C90871F0-A4E6-47F3-90CE-04A844F89A64}_Small.jpg
[2010.11.02 16:54:31 | 000,007,313 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{D6D6FADC-B55A-4C8B-A639-5F5D428D9770}_Large.jpg
[2010.11.02 16:54:31 | 000,002,197 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{D6D6FADC-B55A-4C8B-A639-5F5D428D9770}_Small.jpg
[2010.11.02 15:49:06 | 000,312,345 | ---- | C] () -- C:\Users\Salva\Desktop\30745_as1r_123_1114lo.jpg
[2010.10.31 21:18:21 | 000,000,104 | ---- | C] () -- C:\Users\Salva\Desktop\Papierkorb - Verknüpfung.lnk
[2010.10.30 12:04:28 | 004,167,808 | ---- | C] () -- C:\Users\Salva\Desktop\No Soul.mp3
[2010.10.24 14:12:20 | 005,859,702 | ---- | C] () -- C:\Users\Salva\Desktop\3DAvatars.rar
[2010.10.23 13:32:35 | 000,024,439 | ---- | C] () -- C:\Users\Salva\Desktop\s.jpg
[2010.10.21 20:01:37 | 000,040,813 | ---- | C] () -- C:\Users\Salva\Desktop\Snapshot_20101021_13.JPG
[2010.10.21 15:09:16 | 000,068,175 | ---- | C] () -- C:\Users\Salva\Desktop\333333.jpg
[2010.10.20 21:27:40 | 000,041,886 | ---- | C] () -- C:\Users\Salva\Desktop\22222.jpg
[2010.10.20 21:12:33 | 000,013,148 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{BF7EC0C9-BF4D-4F86-81EA-A96F717D1909}_Large.jpg
[2010.10.20 21:12:33 | 000,002,844 | -HS- | C] () -- C:\Users\Salva\Desktop\AlbumArt_{BF7EC0C9-BF4D-4F86-81EA-A96F717D1909}_Small.jpg
[2010.10.20 20:58:23 | 000,174,384 | ---- | C] () -- C:\Users\Salva\Desktop\project.cedprj
[2010.10.20 20:24:04 | 006,072,448 | ---- | C] () -- C:\Users\Salva\Desktop\MADI=)    - Dschungelbuch King Louie - Ich wär so gern wie du.mp3
[2010.10.20 20:20:47 | 003,768,448 | ---- | C] () -- C:\Users\Salva\Desktop\MADI=) Mulan  - Sei ein Mann.mp3
[2010.10.20 20:14:17 | 006,963,328 | ---- | C] () -- C:\Users\Salva\Desktop\MADI=) B.O.B FEAT. BRUNO MARS - NOTHING ON YOU.mp3
[2010.10.20 19:10:20 | 000,169,247 | ---- | C] () -- C:\Users\Salva\Desktop\01102010356-tile1.jpg
[2010.10.17 21:33:48 | 000,173,125 | ---- | C] () -- C:\Users\Salva\Desktop\01102010356-tile.jpg
[2010.10.17 21:12:47 | 000,162,385 | ---- | C] () -- C:\Users\Salva\Desktop\Hochzeit Daniele.jpg
[2010.10.17 19:07:37 | 001,517,893 | ---- | C] () -- C:\Users\Salva\Desktop\tor-0.2.1.26-win32.exe
[2010.10.17 11:23:24 | 005,657,416 | ---- | C] () -- C:\Users\Salva\Desktop\copia de rihanna-only girl (in the world)-mastered-adwiin.mp3
[2010.10.17 11:16:44 | 011,038,283 | ---- | C] () -- C:\Users\Salva\Desktop\109-justin_timberlake-summer_love-set_the_mood_prelude-ucs.mp3
[2010.10.17 11:16:32 | 005,617,951 | ---- | C] () -- C:\Users\Salva\Desktop\Sie ist ein Blickfang.mp3
[2010.10.17 11:16:01 | 006,755,144 | ---- | C] () -- C:\Users\Salva\Desktop\06 Amazing.m4a
[2010.10.17 11:15:35 | 005,885,781 | ---- | C] () -- C:\Users\Salva\Desktop\Huey- Nobody Loves The Hood.mp3
[2010.10.17 11:15:13 | 006,089,893 | ---- | C] () -- C:\Users\Salva\Desktop\Huey - Notebook Paper - 06 - 2 nite.mp3
[2010.10.17 11:14:50 | 004,545,758 | ---- | C] () -- C:\Users\Salva\Desktop\Headhunterz vs. Abject - Scantraxx Rootz.mp3
[2010.10.17 11:13:47 | 006,025,216 | ---- | C] () -- C:\Users\Salva\Desktop\azad - fly away (feat kool savas & francisco).mp3
[2010.10.17 11:13:18 | 005,838,976 | ---- | C] () -- C:\Users\Salva\Desktop\Bushido feat Baba Saad - Ich War Nie Ein Rapper.mp3
[2010.10.17 11:13:13 | 004,246,882 | ---- | C] () -- C:\Users\Salva\Desktop\Bushido - 7 - 13 - Reich mir nicht deine Hand.mp3
[2010.10.17 11:12:58 | 006,684,807 | ---- | C] () -- C:\Users\Salva\Desktop\09 bushido - hast du was bist du was.mp3
[2010.10.17 11:12:54 | 003,756,702 | ---- | C] () -- C:\Users\Salva\Desktop\07-Ab 18 feat. Saad.mp3
[2010.10.17 11:12:37 | 007,383,168 | ---- | C] () -- C:\Users\Salva\Desktop\Bushido_-_Alles_Gute_kommt_von_unten_feat._Chakuza__Kay_One.mp3
[2010.10.17 11:12:30 | 005,414,516 | ---- | C] () -- C:\Users\Salva\Desktop\304-bushido_-_autoritaet_feat._summer_cem-ysp.mp3
[2010.10.17 11:11:55 | 007,936,570 | ---- | C] () -- C:\Users\Salva\Desktop\103-the_black_eyed_peas_-_meet_me_halfway_(richard_vision_solmatic_remix).mp3
[2010.10.17 11:09:45 | 005,498,277 | ---- | C] () -- C:\Users\Salva\Desktop\208-alex_m._vs._marc_van_damme_-_fly_away_(thomas_petersen_vs._gainworx_edit).mp3
[2010.10.14 16:01:59 | 000,014,139 | ---- | C] () -- C:\Users\Salva\Desktop\sssss.odt
[2010.09.29 20:17:55 | 2143,838,208 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.25 09:45:34 | 004,245,632 | ---- | C] () -- C:\Users\Salva\Desktop\Sexion D'assaut - Désolé.mp3
[2010.09.23 20:31:24 | 004,287,972 | ---- | C] () -- C:\Users\Salva\Desktop\youtube - dj cargo vs. supersonik - summer night (tecktonik).mp3
[2010.09.23 20:11:29 | 007,184,381 | ---- | C] () -- C:\Users\Salva\Desktop\07 Alles wird gut.m4a
[2010.09.23 20:06:31 | 007,065,707 | ---- | C] () -- C:\Users\Salva\Desktop\03 razorlight - wire to wire.mp3
[2010.09.23 20:01:46 | 010,057,734 | ---- | C] () -- C:\Users\Salva\Desktop\06 Nothin On You.m4a
[2010.09.23 19:59:07 | 005,367,936 | ---- | C] () -- C:\Users\Salva\Desktop\Jason Derulo - In My Head (Official Lyrics Video).mp3
[2010.09.23 19:56:01 | 005,952,323 | ---- | C] () -- C:\Users\Salva\Desktop\118-pachanga-loco-b2r(2).mp3
[2010.09.23 19:55:36 | 009,836,879 | ---- | C] () -- C:\Users\Salva\Desktop\copia de pitbull - calle ocho (75, brazil street) im1307.mp3
[2010.09.23 19:54:28 | 005,491,648 | ---- | C] () -- C:\Users\Salva\Desktop\The Fast And The Furious (Tokyo Drift) Soundtrack - 10. Don Omar - Los Bandaleros.mp3
[2010.09.23 19:52:11 | 003,846,272 | ---- | C] () -- C:\Users\Salva\Desktop\No Me Dejes Solo.mp3
[2010.09.23 19:51:29 | 006,697,088 | ---- | C] () -- C:\Users\Salva\Desktop\Lo que paso paso.mp3
[2010.09.23 19:50:16 | 007,170,176 | ---- | C] () -- C:\Users\Salva\Desktop\Llamado De Emergencia.mp3
[2010.09.23 19:49:58 | 005,249,821 | ---- | C] () -- C:\Users\Salva\Desktop\copia de que tengo que hacer.mp3
[2010.09.19 10:14:10 | 005,388,416 | ---- | C] () -- C:\Users\Salva\Desktop\Lady Gaga - Alejandro [Dave Aude Radio Mix] [Future Trance Vol. 53].mp3
[2010.09.19 10:11:09 | 005,220,480 | ---- | C] () -- C:\Users\Salva\Desktop\Stereo Rocker (Future Trance Vol.53) - LOL (Radio Mix FT Fast).mp3
[2010.09.19 10:05:57 | 001,994,880 | ---- | C] () -- C:\Users\Salva\Desktop\Yolanda Be Cool & Dcup - We No Speak Americano (Official Video) - OUT NOW!!!.mp3
[2010.09.19 10:05:10 | 006,015,104 | ---- | C] () -- C:\Users\Salva\Desktop\Laserkraft 3D - Nein Mann.mp3
[2010.09.19 09:50:38 | 005,869,696 | ---- | C] () -- C:\Users\Salva\Desktop\Inna - Deja vu.mp3
[2010.09.19 09:50:01 | 005,382,272 | ---- | C] () -- C:\Users\Salva\Desktop\Inna - Sun Is Up.mp3
[2010.09.19 09:45:11 | 004,923,520 | ---- | C] () -- C:\Users\Salva\Desktop\Medina - You and I.mp3
[2010.09.19 09:41:08 | 005,937,280 | ---- | C] () -- C:\Users\Salva\Desktop\Swedish House Mafia - One (Your Name) feat Pharrell.mp3
[2010.09.19 09:21:32 | 004,184,192 | ---- | C] () -- C:\Users\Salva\Desktop\PH Electro - Englishman In New York.mp3
[2010.09.17 22:43:53 | 000,012,849 | ---- | C] () -- C:\Users\Salva\Desktop\DSC09599 (2).jpg
[2010.09.13 07:33:45 | 009,025,948 | ---- | C] () -- C:\Users\Salva\Desktop\06. Elektra - Dishi (Fast Foot Rmx)  [WWW.FINESTBLACKBEATZ.US].mp3
[2010.09.12 15:21:58 | 000,006,443 | ---- | C] () -- C:\Users\Salva\Desktop\049.png
[2010.09.11 09:00:35 | 010,252,673 | ---- | C] () -- C:\Users\Salva\Desktop\04 imma be(2).mp3
[2010.09.11 09:00:11 | 008,885,983 | ---- | C] () -- C:\Users\Salva\Desktop\12 Titel 12.mp3
[2010.09.11 08:59:49 | 004,202,495 | ---- | C] () -- C:\Users\Salva\Desktop\deso_dogg-gangxta_feat._kaisa-noir.mp3
[2010.09.11 08:59:41 | 004,629,335 | ---- | C] () -- C:\Users\Salva\Desktop\03-swiss_-_es_kann_nur_einer_befehlen-ysp.mp3
[2010.09.11 08:57:12 | 005,942,643 | ---- | C] () -- C:\Users\Salva\Desktop\17 klaas - our own way.mp3
[2010.09.11 08:55:45 | 003,175,413 | ---- | C] () -- C:\Users\Salva\Desktop\(25) [Andy Judge] Castles In The Sky.mp3
[2010.09.11 08:53:57 | 005,515,463 | ---- | C] () -- C:\Users\Salva\Desktop\101-darius_and_finlay_and_shaun_baker_-_show_me_10_(dj_gollum_edit) ( www.BreakZ.us ).mp3
[2010.09.11 08:53:50 | 002,958,757 | ---- | C] () -- C:\Users\Salva\Desktop\(06) [Jan Wayne, RainDropz] Numb.mp3
[2010.09.11 08:53:29 | 005,301,696 | ---- | C] () -- C:\Users\Salva\Desktop\(07) [Dj Gollum, Scarlet] All The Things She Said.mp3
[2010.09.11 08:53:14 | 003,449,817 | ---- | C] () -- C:\Users\Salva\Desktop\(13) [Francesco Zeta] Fairyland.mp3
[2010.09.11 08:53:11 | 003,394,346 | ---- | C] () -- C:\Users\Salva\Desktop\(24) [Tunnel Allstars DJ Team] Liebesrausch.mp3
[2010.09.11 08:52:43 | 004,845,696 | ---- | C] () -- C:\Users\Salva\Desktop\Triple bounce - Talk 2 me (The Hitmen remix edit) [HQ]_1.mp3
[2010.09.11 08:52:29 | 006,049,732 | ---- | C] () -- C:\Users\Salva\Desktop\dj smash feat fast food - volna (dj antoine vs yoko remix edit).mp3
[2010.09.11 08:52:20 | 009,371,759 | ---- | C] () -- C:\Users\Salva\Desktop\opium project - guby shepcut club mix www rmx lt(2).mp3
[2010.09.11 08:52:02 | 005,584,168 | ---- | C] () -- C:\Users\Salva\Desktop\122-the_vamprockerz_-_vamos_a_la_playa_(dj_gollum_rmx_edit).mp3
[2010.09.07 19:29:54 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.09.05 19:21:44 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.09.05 18:43:33 | 674,588,448 | ---- | C] () -- C:\Users\Salva\War_Rock_20100806.exe
[2010.08.28 11:16:43 | 006,047,872 | ---- | C] () -- C:\Users\Salva\Desktop\Dile.mp3
[2010.08.25 07:25:22 | 007,871,334 | ---- | C] () -- C:\Users\Salva\Desktop\03 California Girl.m4a
[2010.08.25 07:25:03 | 008,106,045 | ---- | C] () -- C:\Users\Salva\Desktop\08 Beautiful Monster.m4a
[2010.08.25 07:24:57 | 004,042,880 | ---- | C] () -- C:\Users\Salva\Desktop\Dan Balan- Chica Bomb (Official Music Video ).mp3
[2010.08.25 07:24:50 | 006,619,264 | ---- | C] () -- C:\Users\Salva\Desktop\Opium Project - Hello Moskva (Dj Revyakin Next Touch Flo Remix).mp3
[2010.08.23 11:41:16 | 000,206,793 | ---- | C] () -- C:\Users\Salva\Documents\ts3_clientui-win32-11937-2010-08-23 12_41_16.566220.dmp
[2010.08.21 21:03:22 | 000,199,117 | ---- | C] () -- C:\Users\Salva\Documents\ts3_clientui-win32-11937-2010-08-21 22_03_22.879308.dmp
[2010.08.12 23:46:33 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Watch.lnk
[2010.08.12 23:46:33 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.08.12 14:00:43 | 000,000,211 | ---- | C] () -- C:\Users\Salva\Desktop\Spielezentrum.url
[2010.08.12 12:44:55 | 006,146,176 | ---- | C] () -- C:\Users\Salva\Desktop\tokyo drift - teriyaki boys.mp3
[2010.06.17 10:37:02 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.17 10:36:48 | 000,036,917 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.28 01:04:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.31 21:50:42 | 606,124,944 | ---- | C] () -- C:\Programme\War_Rock_20100331.exe
[2010.03.21 11:30:25 | 000,000,552 | ---- | C] () -- C:\Users\Salva\AppData\Local\d3d8caps.dat
[2010.03.12 12:52:23 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.02.23 13:21:32 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.11.20 07:08:54 | 000,090,112 | ---- | C] () -- C:\Windows\System32\nccad432.dll
[2009.05.23 23:45:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.01.01 03:55:59 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.11.07 19:00:06 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2008.11.07 19:00:06 | 000,045,056 | ---- | C] () -- C:\Windows\System32\Ogg.dll
[2008.11.07 18:59:47 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2008.11.07 18:59:47 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2008.07.12 22:15:16 | 000,000,338 | ---- | C] () -- C:\Windows\doom3.ini
[2008.02.21 15:49:54 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2008.02.21 15:49:54 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2008.02.21 15:49:34 | 000,012,288 | ---- | C] () -- C:\Windows\System32\lxctpmrc.dll
[2008.02.21 15:47:04 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2008.02.21 15:44:27 | 000,335,872 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2008.02.16 19:11:48 | 000,001,444 | ---- | C] () -- C:\Program Files\Pacific Poker.lnk
[2008.02.09 13:53:37 | 000,000,093 | ---- | C] () -- C:\Users\Salva\AppData\Local\fusioncache.dat
[2008.02.09 01:15:53 | 000,026,340 | ---- | C] () -- C:\Users\Salva\AppData\Roaming\UserTile.png
[2008.02.08 01:06:14 | 000,055,296 | ---- | C] () -- C:\Users\Salva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.05 00:59:40 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.04 22:13:44 | 000,002,032 | ---- | C] () -- C:\Users\Salva\AppData\Local\d3d9caps.dat
[2007.04.10 14:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.07.24 00:06:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2006.06.20 14:40:14 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006.05.18 12:01:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006.05.03 15:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2005.06.24 03:37:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL
[1997.11.17 16:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
 
========== LOP Check ==========
 
[2008.06.08 18:12:36 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\5400 Series
[2009.05.03 14:37:50 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\AD ON Multimedia
[2009.10.31 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Ashampoo
[2008.07.30 03:14:29 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Canneverbe_Limited
[2009.01.01 04:02:22 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DAEMON Tools
[2009.01.01 04:03:05 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DAEMON Tools Lite
[2009.01.01 04:02:22 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DAEMON Tools Pro
[2008.11.07 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DataCast
[2009.12.30 22:33:40 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DeepBurner
[2010.11.03 15:57:41 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DNA
[2010.08.01 16:16:53 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.28 22:38:39 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\gtk-2.0
[2010.11.02 16:17:49 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\ICQ
[2008.02.06 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\ICQ Toolbar
[2008.08.01 20:51:21 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\ICQLite
[2008.04.24 13:05:05 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\InterTrust
[2010.04.10 12:03:01 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\kosy
[2008.03.21 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\LimeWire
[2010.08.13 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Locktime
[2008.07.14 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2009.09.13 13:51:25 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.05.17 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Nokia
[2010.09.02 20:40:54 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Opera
[2008.09.03 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\PacificPoker
[2010.05.17 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\PC Suite
[2008.02.09 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\PeerNetworking
[2010.07.11 23:34:03 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Screaming Bee
[2008.02.09 13:58:33 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\T-Online
[2010.06.01 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\TeamViewer
[2010.11.02 16:17:06 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\TS3Client
[2010.08.17 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\TuneUp Software
[2010.09.24 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Ulyzg
[2010.04.11 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Uniblue
[2010.06.13 17:13:18 | 000,000,000 | ---D | M] -- C:\Users\Salva1\AppData\Roaming\ICQ
[2010.06.29 21:22:55 | 000,000,000 | ---D | M] -- C:\Users\Salva1\AppData\Roaming\PC Suite
[2010.06.13 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\Salva1\AppData\Roaming\TeamViewer
[2010.11.03 06:28:39 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.06.08 18:12:36 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\5400 Series
[2009.05.03 14:37:50 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\AD ON Multimedia
[2008.06.07 11:33:00 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Adobe
[2010.07.15 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Apple Computer
[2009.10.31 14:09:58 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Ashampoo
[2009.05.03 14:21:17 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\AVS4YOU
[2008.07.30 03:14:29 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Canneverbe_Limited
[2009.01.01 04:02:22 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DAEMON Tools
[2009.01.01 04:03:05 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DAEMON Tools Lite
[2009.01.01 04:02:22 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DAEMON Tools Pro
[2008.11.07 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DataCast
[2009.12.30 22:33:40 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DeepBurner
[2010.02.23 13:22:12 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DivX
[2010.11.03 15:57:41 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DNA
[2009.05.25 19:33:00 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\dvdcss
[2010.08.01 16:16:53 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.05.02 16:30:44 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Google
[2009.10.28 22:38:39 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\gtk-2.0
[2010.11.02 16:17:49 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\ICQ
[2008.02.06 21:14:12 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\ICQ Toolbar
[2008.08.01 20:51:21 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\ICQLite
[2008.02.04 22:13:48 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Identities
[2008.02.05 10:42:55 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\InstallShield
[2008.04.24 13:05:05 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\InterTrust
[2010.04.10 12:03:01 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\kosy
[2008.03.21 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\LimeWire
[2010.08.13 19:55:24 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Locktime
[2008.02.04 23:10:51 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Media Center Programs
[2008.07.14 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2009.09.13 13:51:25 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.11.06 12:28:16 | 000,000,000 | --SD | M] -- C:\Users\Salva\AppData\Roaming\Microsoft
[2009.04.22 21:31:56 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\mIRC
[2009.01.10 13:12:40 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Mozilla
[2010.05.17 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Nokia
[2010.11.03 15:39:26 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\OpenOffice.org2
[2010.09.02 20:40:54 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Opera
[2008.09.03 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\PacificPoker
[2010.05.17 20:23:40 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\PC Suite
[2008.02.09 01:15:53 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\PeerNetworking
[2010.07.11 23:34:03 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Screaming Bee
[2008.03.15 00:06:31 | 000,000,000 | RH-D | M] -- C:\Users\Salva\AppData\Roaming\SecuROM
[2010.10.09 19:04:53 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Skype
[2010.10.09 18:38:38 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\skypePM
[2008.02.09 13:58:33 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\T-Online
[2010.09.04 21:51:50 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\teamspeak2
[2010.06.01 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\TeamViewer
[2010.11.02 16:17:06 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\TS3Client
[2010.08.17 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\TuneUp Software
[2008.06.02 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\TVU Networks
[2010.09.24 18:03:53 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Ulyzg
[2010.04.11 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Uniblue
[2008.03.23 20:32:35 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\vlc
[2008.02.06 18:28:38 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\WinRAR
[2010.06.16 10:41:05 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Xfire
[2008.02.08 23:22:38 | 000,000,000 | ---D | M] -- C:\Users\Salva\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2007.11.20 12:50:04 | 000,088,576 | ---- | M] (AD ON Multimedia Advertising GmbH) -- C:\Users\Salva\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
[2008.02.17 00:06:05 | 004,506,256 | ---- | M] (Lime Wire LLC) -- C:\Users\Salva\AppData\Roaming\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
[2008.06.01 22:21:06 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Salva\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2008.06.01 22:21:06 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Salva\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2008.06.01 22:21:06 | 000,008,854 | R--- | M] () -- C:\Users\Salva\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.17 12:15:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.17 12:15:14 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.17 12:15:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.02.05 01:57:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.02.05 01:57:06 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.02.05 01:44:04 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.02.05 01:44:08 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.01.01 03:55:59 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 08:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.19 08:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Files - Unicode (All) ==========
[2010.09.19 09:57:05 | 005,754,880 | ---- | M] ()(C:\Users\Salva\Desktop\Dj Smash - ?????.mp3) -- C:\Users\Salva\Desktop\Dj Smash - Птица.mp3
[2010.09.19 09:56:29 | 005,754,880 | ---- | C] ()(C:\Users\Salva\Desktop\Dj Smash - ?????.mp3) -- C:\Users\Salva\Desktop\Dj Smash - Птица.mp3
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Salva\Documents\clip0001.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Salva\Desktop\cjz-zeiten_xvid.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Salva\Desktop\(24) [Tunnel Allstars DJ Team] Liebesrausch.mp3:TOC.WMV
@Alternate Data Stream - 41688 bytes -> C:\Users\Salva\Documents\clip0002.avi:TOC.WMV

< End of report >
         
--- --- ---

Alt 03.11.2010, 17:04   #10
markusg
/// Malware-holic
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



hi,
dein avira war veraltet, dein system nicht geupdatet, ist also kein wunder warum du infiziert wurdest.
du hast 2 verschiedene passwort stealer, da du ja auch übers internet bezahlst, solltest du überlegen, das system neu aufzusetzen und dann vernünftig abzusichern, wobei ich dir behilflich sein würde.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2010, 17:11   #11
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



Mist-.- Normal hatte ich immer darauf geachtet, dass mein Avira stehts auf dem neustem Stand ist. Aber in letzter Zeit habe ich es leider echt schleifen lassen.

Ich bezahle nicht direkt über das internet. das läuft so, man geht zur tankstelle und lässt sich dort für 10 euro einen zettel(paysafecard) mit einem bestimmten pin geben, dieser pin ist dann 10 euro wert und sobald man zahlt ist der pin unbrauchbar. also von dem sinne her würde es keine probleme geben. Aber klar will ich trotzdem nicht, dass meine passwörter bzw andere sachen gesehn oder geklaut werden können.

Was ich auch noch fragen wollte ist, weißt du wovon sie gekommen sind(sitzt hab ich das infizierte programm vielleicht sogar noch auf dem rechner), seit wann sie eingenistet sind und wo sie sitzen.? Gibt es möglichkeiten diese zu entfernen oder bleibt nur deine vorgeschlagene variante übrig?

Alt 03.11.2010, 17:15   #12
markusg
/// Malware-holic
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



hi, du hast zb avira 8. aktuell ist aber avira 10
dann hast du nur vista sp1, aktuell ist sp2.
dann weis ich natürlich nicht, wie der sonstige update stand des vistas ist. und ich sehe in den logs allein schon ein paar sachen, die entfernt wurden, was aber nicht heißt das es nicht noch mehr gibt.
ne daten sicherung zu machen ist aber kein problem, dann musst du mir mal sagen, welchen antiviren schutz du nutzen willst, du hast viel zu viel instaliert, das ist eig nicht nötig.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2010, 17:21   #13
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



wenn ich meine daten sichere, werden dann die stealer nicht auch mitgesichert?^^
also eigentlich würde ich dann gern das beste von denen antivirus programmen behalten, die ich jetzt draufhabe. hm komisch eigentlich kenne ich mich schon etwas mit computern aus und hatte deswegen automatisch updaten eingestellt, bei antivir sowhl auch bei windwos vista

Alt 03.11.2010, 17:25   #14
markusg
/// Malware-holic
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



nein, der wird nicht mit kopiert. hast du von emsisoft die vollversion? also die bezahlte?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2010, 17:29   #15
nasuper123
 
Bitte um Hilfe. "TR/Spy.gen" - Standard

Bitte um Hilfe. "TR/Spy.gen"



Ok das ist dann natürlich gut wenn der stealer nicht mit drauf ist,aber was ist zb wenn der stealer bei einem programm drauf ist, das diesen dann wieder auf meine festplatte loslässt? deswegen hatte ich gefragt ob man vielleicht sehen kann seit wann die drauf sind, um vielleicht das urheber programm rauszufinden. ( keine ahnung ob sowas möglich ist wie ich es gerade geschrieben habe).

Nein, das Prog von emisoft war leider nur eine Testversion

Antwort

Themen zu Bitte um Hilfe. "TR/Spy.gen"
ad-aware, antivir, askbar, avira, bho, bonjour, cdburnerxp, converter, emsisoft, emsisoft anti-malware, firefox, frage, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, logfile, mozilla, mp3, object, plug-in, programm, rundll, security, security scan, skype.exe, software, stick, studio, system, vista, windows



Ähnliche Themen: Bitte um Hilfe. "TR/Spy.gen"


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. OTL.txt ""sie haben sich mit einem windows-verschlüsselungs trojaner infiziert", ich bitte um hilfe.
    Log-Analyse und Auswertung - 10.06.2012 (3)
  4. AVG-Meldungen: "Exploit Blackhole Exploit KIT" und "Infected Virus found JD/Redir" - Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 23.12.2011 (11)
  5. Trojaner "kazy.mekml.1" - brauche bitte Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (17)
  6. Bitte um Hilfe! Kann "unsichtbare" Prozesse nicht beenden.
    Log-Analyse und Auswertung - 13.04.2010 (9)
  7. "TR/Dropper.Gen" wütet im "Eigene Dateien"-Ordner, Hijackthis bitte auswerten!
    Log-Analyse und Auswertung - 10.09.2009 (9)
  8. Wurde Trojaner "erweiterung.exe" entfernt? Bitte um Hilfe!
    Log-Analyse und Auswertung - 23.10.2008 (1)
  9. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  10. TR/Dropper.Gen und diverse andere "Schädlinge" ? Bitte um Hilfe !
    Plagegeister aller Art und deren Bekämpfung - 10.08.2008 (1)
  11. BITTE HILFE! "Your system could become unstable" und weitere komische Nachrichten!!!
    Mülltonne - 26.01.2008 (1)
  12. Bitte um Hilfe - "System Alert Popup" - HJT-Log inkl.
    Log-Analyse und Auswertung - 04.02.2007 (1)
  13. Bitte um Hilfe! Log-File....es geht "fast" nichts mehr
    Log-Analyse und Auswertung - 27.10.2006 (2)
  14. HILFE "Auto:Blank" und "Best of" machen mich fertig, hier mein Escan!!
    Log-Analyse und Auswertung - 09.04.2005 (5)
  15. Brauche dringend Hilfe bitte "TR/Dldr.Dyfuca.DB"
    Plagegeister aller Art und deren Bekämpfung - 16.03.2005 (3)
  16. Hilfe bei "Cydoor" - ändert Startseite in "blank" ab. Bitte um Hilfe
    Log-Analyse und Auswertung - 04.02.2005 (6)
  17. "I-Worm NetSky" auf meinem Rechner, Bitte um Hilfe
    Plagegeister aller Art und deren Bekämpfung - 13.10.2004 (1)

Zum Thema Bitte um Hilfe. "TR/Spy.gen" - Hallo liebe User, ich habe eine Frage und bitte euch um Hilfe. Gestern Abend fing mein AntiVir Programm an Alarm zuschlagen und meldete mir einen "TR/Spy.Gen" ich habe diesen durch - Bitte um Hilfe. "TR/Spy.gen"...
Archiv
Du betrachtest: Bitte um Hilfe. "TR/Spy.gen" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.