Für Virus 50 Euro zahlen

Asurmen · 14.03.2012, 18:54

Hi,

habe auch das Problem mit einem Virus der von mir Geld sehen will.

raOTL logfile created on: 14.03.2012 18:33:19 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = L:\Diverses
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,10% Memory free
4,23 Gb Paging File | 3,76 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 36,36 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 120,45 Gb Free Space | 51,72% Space Free | Partition Type: NTFS
Drive L: | 45,22 Gb Total Space | 38,37 Gb Free Space | 84,84% Space Free | Partition Type: NTFS
Drive M: | 511,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - L:\Diverses\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\FileZilla Client\fzshellext.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (WireHelpSvc) -- C:\Programme\Common Files\WireHelpSvc.exe ()
SRV - (Giraffic) -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)

========== Driver Services (SafeList) ==========

DRV - (XDva289) -- C:\Windows\system32\XDva289.sys File not found
DRV - (XDva143) -- C:\Windows\system32\XDva143.sys File not found
DRV - (XDva039) -- C:\Windows\system32\XDva039.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (dbustrcm) -- C:\Users\Thoran\AppData\Local\Temp\dbustrcm.sys File not found
DRV - (cpuz132) -- C:\Users\Thoran\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (audyc7sp) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ESLWireAC) -- C:\Windows\System32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ESLvnic1) -- C:\Windows\System32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (wip0203) -- C:\Windows\System32\drivers\wip0203.sys (Wippien Software)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (xfilt) -- C:\Windows\System32\drivers\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\System32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (nvatabus) -- C:\Windows\System32\drivers\nvatabus.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
IE - HKCU\..\SearchScopes\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}: "URL" = hxxp://search.alcohol-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com"
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Thoran\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS1002170_SUA_000\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thoran\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 10:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.08 16:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.16 08:36:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Thoran\AppData\Roaming\01011 [2012.03.02 15:46:35 | 000,000,000 | ---D | M]

[2011.10.26 19:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thoran\AppData\Roaming\mozilla\Extensions
[2012.01.28 11:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions
[2011.10.26 19:55:34 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.01.28 11:11:41 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.05.09 09:14:45 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011.04.05 14:57:51 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\battlefieldplay4free@ea.com
[2011.05.09 09:14:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\engine@conduit.com
[2011.05.07 14:29:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\vshare@toolbar
[2011.10.26 19:55:29 | 000,002,516 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\Mozilla\Firefox\Profiles\2bk0lrba.default\searchplugins\SearchResults.xml
[2011.10.26 19:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.16 10:32:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.10.26 19:55:43 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2009.08.14 12:52:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.08 16:30:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.26 19:55:29 | 000,002,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: No name found = C:\Users\Thoran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2007.11.03 15:54:31 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thoran\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SkypeM] C:\Users\Thoran\AppData\Local\Skype\Skype.exe (Transaction Software, D 81737 Munich)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AED04E4-821F-4766-8279-8396001E3071}: NameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thoran\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thoran\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.10.13 12:09:30 | 000,000,043 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3a04a9bc-82e2-11dc-a037-0019db319ad8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a04a9bc-82e2-11dc-a037-0019db319ad8}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.14 17:11:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.14 16:00:44 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.08 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Template
[2012.03.02 15:46:31 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01011
[2012.03.02 05:23:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Zaruha
[2012.03.02 05:23:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Yxegvu
[2012.03.02 05:23:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Qyit
[2012.03.01 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01010
[2012.02.29 10:42:30 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Local\Chromium
[2012.02.28 14:14:23 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Emfii
[2012.02.27 23:25:58 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01009
[2012.02.24 23:44:00 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Ryree
[2012.02.24 23:44:00 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Qoopan
[2012.02.24 14:44:58 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01008
[2012.02.23 11:21:45 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\UAs
[2012.02.20 15:33:28 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01007
[2012.02.17 04:06:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.17 04:06:08 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.17 04:06:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.17 04:06:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.17 04:06:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.17 04:06:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.16 15:01:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01006
[2012.02.16 14:26:16 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.15 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Ycox
[2012.02.15 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Puabe
[2012.02.15 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Ontixu
[2012.02.15 10:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.02.14 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01005
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Thoran\AppData\Roaming\*.tmp files -> C:\Users\Thoran\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.14 18:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.14 18:28:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.14 18:27:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 18:27:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 21:05:18 | 000,000,202 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\wklnhst.dat
[2012.03.03 01:16:22 | 000,053,328 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\loaupdt.jpg
[2012.03.03 01:16:22 | 000,000,048 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\blckdom.res
[2012.03.02 15:46:47 | 000,005,528 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.01 10:57:09 | 000,129,384 | ---- | M] () -- C:\Users\Thoran\Documents\ts3_clientui-win32-1329301801-2012-03-01 10_56_58.662897.dmp
[2012.02.28 22:27:58 | 000,000,695 | ---- | M] () -- C:\Users\Thoran\Desktop\Heroes of Newerth.lnk
[2012.02.24 13:44:49 | 000,005,416 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.17 08:24:16 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.02.17 08:11:13 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.02.17 04:31:06 | 000,332,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.16 00:51:23 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.15 11:27:55 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Thoran\AppData\Roaming\*.tmp files -> C:\Users\Thoran\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.08 18:29:43 | 000,000,202 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\wklnhst.dat
[2012.03.02 18:37:40 | 000,053,328 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\loaupdt.jpg
[2012.03.02 15:46:47 | 000,005,528 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.01 10:56:58 | 000,129,384 | ---- | C] () -- C:\Users\Thoran\Documents\ts3_clientui-win32-1329301801-2012-03-01 10_56_58.662897.dmp
[2012.02.28 22:27:58 | 000,000,695 | ---- | C] () -- C:\Users\Thoran\Desktop\Heroes of Newerth.lnk
[2012.02.24 13:44:49 | 000,005,416 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.17 08:24:16 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.02.08 17:25:11 | 000,000,048 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\blckdom.res
[2011.12.15 05:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.07.13 07:16:27 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.10.04 22:08:41 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010.05.05 02:21:48 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.04.28 22:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.03.25 16:56:00 | 000,203,331 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== LOP Check ==========

[2012.02.08 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01003
[2012.02.10 22:09:04 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01004
[2012.02.14 10:17:16 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01005
[2012.02.16 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01006
[2012.02.20 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01007
[2012.02.24 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01008
[2012.02.27 23:26:02 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01009
[2012.03.01 11:07:38 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01010
[2012.03.02 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01011
[2010.06.09 11:07:58 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\bizarre creations
[2007.05.03 23:30:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.28 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Emfii
[2010.09.12 23:35:26 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ewloan
[2010.08.25 20:28:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\FileZilla
[2009.03.25 17:30:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\fltk.org
[2009.10.14 23:49:46 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\HiveRise
[2010.12.01 00:35:51 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\iShell
[2011.10.23 13:57:08 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Kalypso Media
[2012.02.08 17:24:11 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\kock
[2008.11.27 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Leadertech
[2011.05.19 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Lionhead Studios
[2010.10.06 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\LolClient
[2009.09.04 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012.02.09 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\MicroST
[2009.08.12 22:15:13 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Miranda
[2011.04.25 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Mumble
[2009.10.14 23:17:51 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\NeopleLauncherDFO
[2009.08.27 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\NetSpeedMonitor
[2008.04.25 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Notepad++
[2012.02.15 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ontixu
[2010.12.05 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\OpenCandy
[2007.08.21 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Opera
[2010.12.16 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Panda Security
[2007.11.03 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\PPMate
[2007.11.03 15:52:24 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\ppStream
[2012.03.03 08:28:23 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Puabe
[2011.03.20 20:32:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\PunkBuster
[2012.03.03 08:25:25 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Qoopan
[2012.03.02 05:23:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Qyit
[2009.02.17 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Red Alert 3
[2012.03.02 23:54:58 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ryree
[2009.01.02 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Secret of the Solstice
[2011.02.27 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Sierra Entertainment
[2009.05.02 14:03:21 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Stardock
[2009.01.05 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\TeamViewer
[2008.04.10 22:47:41 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Teeworlds
[2009.08.04 12:42:41 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\temp
[2012.03.08 18:29:48 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Template
[2011.02.26 09:51:43 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\The Creative Assembly
[2012.01.26 09:59:23 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\TS3Client
[2011.07.11 19:50:28 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Tunngle
[2012.02.25 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\UAs
[2010.05.03 07:34:43 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ubisoft
[2010.12.05 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Uniblue
[2012.01.14 23:09:36 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Unity
[2008.06.04 09:59:58 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Wippien
[2011.07.01 23:17:59 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\X-Chat 2
[2012.02.25 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\xmldm
[2010.06.19 11:21:08 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\XnView
[2012.02.25 11:40:46 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ycox
[2010.08.29 20:06:49 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Yrisi
[2012.03.02 05:23:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Yxegvu
[2012.03.14 15:41:24 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Zaruha
[2012.03.14 18:28:22 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP

2D4B33E

< End of report >

Hoffe habe alles richtig gemacht, falls nicht einfach sagen und ich werde es beim nächsten mal besser machen.

Mfg

Asurmen

Für Virus 50 Euro zahlen

Log-Analyse und Auswertung: Für Virus 50 Euro zahlen

Für Virus 50 Euro zahlen

Ähnliche Themen: Für Virus 50 Euro zahlen