BDS/Rustock.AN.45' [backdoor]

[virusfound]

Hallo,
bei mir wurde der Virus BDS/Rustock.AN.45' [backdoor] gefunden von ANTIVIR. Ich hab hierauf HIJACKTHIS ausgefuehrt und wuerde mich ueber eine Analyse freuen:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:05, on 28/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Archivos de programa\Citrix\ICA Client\ssonsvr.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Archivos de programa\D-Link\AirPlus G\AirGCFG.exe
H:\Archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe
H:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.EXE
H:\Archivos de programa\Java\jre6\bin\jusched.exe
H:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe
H:\Archivos de programa\iTunes\iTunesHelper.exe
H:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
H:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe
H:\Archivos de programa\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
H:\ARCHIV~1\MICROS~4\rapimgr.exe
H:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe
H:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
H:\Archivos de programa\Archivos comunes\Apple\Mobile Device 

Support\bin\AppleMobileDeviceService.exe
H:\Archivos de programa\Bonjour\mDNSResponder.exe
H:\Archivos de programa\Java\jre6\bin\jqs.exe
H:\WINDOWS\System32\svchost.exe
H:\Archivos de programa\iPod\bin\iPodService.exe
H:\WINDOWS\System32\wbem\wmiapsrv.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
H:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
H:\Archivos de programa\Java\jre6\bin\jucheck.exe
H:\Documents and Settings\andi\Escritorio\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 

file:///H:/Documents%20and%20Settings/andi/Escritorio/bolsa24.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 

*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Archivos de 

programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Archivos de 

programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Archivos 

de programa\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - 

H:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - 

H:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Archivos de 

programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - H:\Archivos de 

programa\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Archivos de 

programa\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "H:\Archivos de programa\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] H:\Archivos de programa\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] H:\Archivos de programa\ANI\ANIWZCS2 

Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Archivos de programa\Archivos 

comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Archivos de programa\Adobe\Reader 

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CanonSolutionMenu] H:\Archivos de 

programa\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] H:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe 

/logon
O4 - HKLM\..\Run: [QuickTime Task] "H:\Archivos de programa\QuickTime\qttask.exe" 

-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "H:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Archivos de 

programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Archivos de 

programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Archivos de programa\Microsoft 

ActiveSync\wcescomm.exe"
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = H:\Archivos de programa\Microsoft 

Office\Office\OSA9.EXE
O4 - Global Startup: ZDWLan Utility.lnk = H:\Archivos de programa\ZyDAS Technology 

Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - 

H:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - 

H:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - 

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Archivos de 

programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - 

H:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - 

http://as.photoprintit.de/ips-opdata...SUploader4.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - 

https://flashcasino.ladbrokes.com/in...es/FlashAX.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - H:\Archivos de 

programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Archivos 

de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Archivos de 

programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Archivos de programa\Archivos 

comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servicio de transferencia inteligente en segundo plano (BITS) - Unknown owner 

- H:\WINDOWS\
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - H:\Archivos de 

programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio Google Update (gupdate1ca2256fe37fa76) (gupdate1ca2256fe37fa76) - 

Google Inc. - H:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Archivos de 

programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - H:\Archivos de 

programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - 

H:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Archivos de programa\Nero\Nero 7\Nero 

BackItUp\NBService.exe
O23 - Service: Actualizaciones automáticas (wuauserv) - Unknown owner - H:\WINDOWS\

--
End of file - 8448 bytes

Vielen Dank,
Andreas

[kira]

Herzlich Willkommen hier bei uns am HijackThis Supportboard!

**BITTE VOR DEM ERSTEN POST SORGFÄLTIG DURCHLESEN!:
Deine persönlichen Angaben/Daten (die persönliche Merkmale enthalten, wie Name etc) kannst Du aus dem geposteten Logs heraus löschen→ Wir helfen dir gerne, aber WIR verwenden dafür unsere Freizeit, also wir bitten Dich um ein wenig Geduld! (kann es sein, dass Du auf eine Antwort 1-2 Tage warten musst, aber WIR werden uns bemühen, sie so rasch als möglich zu beantworten...*die Geduld lohnt sich* → WENN DIR GEHOLFEN WERDEN SOLL, tue bitte NUR das, was man dir vorschlägt! So lange die Reinigungsarbeiten noch nicht abgeschlossen ist, alle Eigenaktion (= Ausführung/Installation von Scans/Removals außer zur Nutzung die von uns empfohlenen Programme/Tools etc) untersagt.→ Bei Probleme nochmal nachfragen!→ Schalte innerhalb der Reinigungszeit alle Anwendungen/Programme ab, die die reinigung negativ beeinflussen können (deaktivieren!) Antivirenprogramm und Firewall nicht abschalten!!:
**Ad- und Spyware Programme, Tuning und Optimizer software (wie etwa laufende Defragmentierung oder/und Registry-Reinigungs-Tools etc., DAEMON Tools, Alcohol 120% usw)→ Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst→ KEIN CROSSPOSTING! - `Crossposting` bedeutet, dass die selbe Frage/Angelegenheit in mehreren Foren gestellt wird. (also wenn Du dir woanders hilfe holst, Freund, Nachbar oder andere Forum etc), da in dem Fall kann die Hilfe nicht weiter geleistet werden!→ Kein Support per Email oder sonstiges, Fragen bitte im Forum stellen!→Forenregeln - bitte lesen!→ Anweisungen und deren Befolgung, erfolgt auf Deine eigene Verantwortung!→ Wichtig: Du kannst deine Beiträge jederzeit (auf klicken) ändern, Du musst eingeloggt sein!→ Also kann losgeh`n, ich/wir wünsche/n eine gute Zusammenarbeit mit Dir und erfolgreiche gute Einsätze

► Der Name der betroffenen Datei mit Pfadangabe wird protokolliert, suche bitte den Bericht und poste ihn! Was gefunden wurde und vor allem wo

Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...

1.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

• Also lade dir Gmer von *dieser Seite* oder von hier majorgeeks.com/gmer.zip - runter
  Achtung!::
  gleich beim Download v. Gmer, musst Du die Installdatei also gmer.exe umbenennen! Wähle eine beliebige Dateiname, die Endung soll *.com sein!
  entpacke es auf deinen Desktop.
• "Show all" soll nicht angehakt sein!
• Starte gmer.exe<-hier "umbenannt.com".
• Alle anderen Programme sollen geschlossen sein.
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in deine Antwort hier ein.

Wichtig: während des Scan-Vorgangs sollen:

• alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein - Antivirus-/Antimalware-Programme temporär deaktivieren
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
• nichts am Rechner getan werden

Scanner wieder einschalten, bevor Du ins Netz gehst!

2.
Überprüfe deine Einstellungen. - Anleitung- Bebilderte Anleitung: Versteckte- und Systemdateien finden/freenet
Im Windows-Explorer:
>Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren.
**für Vista User: Wie zu zeigen, versteckte Dateien in Windows Vista

3.
Lade dir HJTscanlist.zip. -(Punkt 5) herunter ( den angegebenen Link anklicken ► Punkt 5. aussuchen ► Anweisungen folgen) anschließend das erhaltene Logfile hier posten.

4.[list][*]Download den CCleaner[*] installieren,("Füge CCleaner Yahoo! Toolbar hinzu" - kannst Du abwählen!)--> starten --> unter Options settings --> "german" einstellen.[*]starten--> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)--> dann auf `Als Textdatei speichern...`[*]poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)[*]Anleitung[/list

5.
Du sollst bei dem Editor den Zeilenumbruch rausnehmen, mit welchem sich das HJT/Trend Micro-Logfile öffnet.
also ein neues Logfile erstellen und posten - Keine offenen Fenster, solang bis HijackThis läuft!!

Bitte alle Ergebnisse im Code-Tags posten!

vor dein log schreibst du:[code]
hier kommt dein logfile rein
dahinter:[/code]

-----------------------
Bitte den Rechner vom Netz trennen, wenn er unbeaufsichtigt ist.
Bis zu einer eventuellen Reinigung oder dem Formatieren deines Systems
kein Online-Banking, File-sharing, Mailing, Messaging betreiben.
Keine Up und Downloads, ausser auf Security Seiten.
****Ehemöglichst nicht ins internet gehen nicht ins internet gehen
Mehr Information hierzu unter System-Sicherheit

-----------------------

gruß
argos

[virusfound]

Hallo Argos,

vielen Dank für Deine Antwort. Ich muss noch kurz hinzufügen, dass ANTIVIR inzwischen keine Viren mehr findet

Hier die Files:
gmer

Code:

GMER 1.0.15.15077 [ulggrgzu[1].exe] - http://www.gmer.net
Rootkit scan 2009-08-30 19:15:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT  F7C931D6                                                                                          ZwCreateKey
SSDT  F7C931CC                                                                                          ZwCreateThread
SSDT  F7C931DB                                                                                          ZwDeleteKey
SSDT  F7C931E5                                                                                          ZwDeleteValueKey
SSDT  F7C931EA                                                                                          ZwLoadKey
SSDT  F7C931B8                                                                                          ZwOpenProcess
SSDT  F7C931BD                                                                                          ZwOpenThread
SSDT  F7C931F4                                                                                          ZwReplaceKey
SSDT  F7C931EF                                                                                          ZwRestoreKey
SSDT  F7C931E0                                                                                          ZwSetValueKey
SSDT  F7C931C7                                                                                          ZwTerminateProcess

---- Registry - GMER 1.0.15 ----

Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-04a6-b3ba-9016fa7f040f}\InprocServer32                 
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-04a6-b3ba-9016fa7f040f}\InprocServer32@Class           0x00 0x00 0x00 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-04a6-b3ba-9016fa7f040f}\InprocServer32@ThreadingModel  Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-04a6-b3ba-9016fa7f040f}\InprocServer32@                H:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0a4e-d791-b1a9fa7f040f}\InprocServer32                 
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0a4e-d791-b1a9fa7f040f}\InprocServer32@Class           0x00 0x00 0x00 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0a4e-d791-b1a9fa7f040f}\InprocServer32@ThreadingModel  Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0a4e-d791-b1a9fa7f040f}\InprocServer32@                H:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3564-3b8f-9a16fa7f040f}\InprocServer32                 
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3564-3b8f-9a16fa7f040f}\InprocServer32@Class           0x00 0x00 0x00 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3564-3b8f-9a16fa7f040f}\InprocServer32@ThreadingModel  Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3564-3b8f-9a16fa7f040f}\InprocServer32@                H:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8147-435c-0e0ffa7f040f}\InprocServer32                 
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8147-435c-0e0ffa7f040f}\InprocServer32@Class           0x00 0x00 0x00 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8147-435c-0e0ffa7f040f}\InprocServer32@ThreadingModel  Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8147-435c-0e0ffa7f040f}\InprocServer32@                H:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83b2-0122-f146fa7f040f}\InprocServer32                 
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83b2-0122-f146fa7f040f}\InprocServer32@Class           0x00 0x00 0x00 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83b2-0122-f146fa7f040f}\InprocServer32@ThreadingModel  Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83b2-0122-f146fa7f040f}\InprocServer32@                H:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ac67-67f3-ae60fa7f040f}\InprocServer32                 
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ac67-67f3-ae60fa7f040f}\InprocServer32@Class           0x00 0x00 0x00 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ac67-67f3-ae60fa7f040f}\InprocServer32@ThreadingModel  Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-ac67-67f3-ae60fa7f040f}\InprocServer32@                H:\WINDOWS\system32\OLE32.DLL
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-efce-8760-baf3fa7f040f}\InprocServer32                 
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-efce-8760-baf3fa7f040f}\InprocServer32@Class           0x00 0x00 0x00 0x00 ...
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-efce-8760-baf3fa7f040f}\InprocServer32@ThreadingModel  Apartment
Reg   HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-efce-8760-baf3fa7f040f}\InprocServer32@                H:\WINDOWS\system32\OLE32.DLL

---- EOF - GMER 1.0.15 ----

Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows XP [Versi¢n 5.1.2600]
 
 
H:

        H:\pagefile.sys ---------  
  25/08/2009 23:35      H:\Archivos de programa --------- 0 
  25/08/2009 23:20      H:\System Volume Information --------- 0 
  25/08/2009 22:58      H:\KillBox --------- 0 
  25/08/2009 20:57      H:\WINDOWS --------- 0 
  25/07/2009 21:41      H:\Python25 --------- 0 
  27/06/2009 11:15      H:\Cataro Kids --------- 0 
  04/02/2009 19:15      H:\BMW M3 Challenge --------- 0 
  27/09/2008 10:47      H:\Miss Spider --------- 0 
  19/06/2008 23:59      H:\AEAT --------- 0 
  01/11/2007 21:39      H:\PIPOMATE --------- 0 
  01/11/2007 21:19      H:\PIPOGEO --------- 0 
  12/10/2007 13:04      H:\MLunnisLetras --------- 0 
  10/10/2007 10:54      H:\BJPrinter --------- 0 
  10/10/2007 10:51      H:\Temp --------- 0 
  08/09/2007 17:58      H:\RECYCLER --------- 0 
  08/09/2007 12:46      H:\boot.ini --------- 210 
  08/09/2007 12:43      H:\NTDETECT.COM --------- 47564 
  08/09/2007 12:43      H:\ntldr --------- 250640 
  08/09/2007 12:35      H:\Documents and Settings --------- 0 
  28/09/2001 14:00      H:\Bootfont.bin --------- 4952 
----------------------------------------

 
H:\WINDOWS

  30/08/2009 11:59     H:\WINDOWS\0.log --------- 0 
  30/08/2009 11:59     H:\WINDOWS\wiaservc.log --------- 50 
  30/08/2009 11:59     H:\WINDOWS\wiadebug.log --------- 159 
  30/08/2009 11:59     H:\WINDOWS\bootstat.dat --------- 2048 
  28/08/2009 17:12     H:\WINDOWS\SchedLgU.Txt --------- 32602 
  28/08/2009 17:12     H:\WINDOWS\WindowsUpdate.log --------- 1202435 
  21/08/2009 21:51     H:\WINDOWS\NeroDigital.ini --------- 116 
  10/08/2009 14:43     H:\WINDOWS\setupapi.log --------- 868777 
  26/07/2009 01:02     H:\WINDOWS\wmsetup.log --------- 56165 
  03/05/2009 15:21     H:\WINDOWS\MTB40.INI --------- 134 
  15/12/2008 15:33     H:\WINDOWS\discwriter.log --------- 1857 
  15/12/2008 15:33     H:\WINDOWS\OrangeBurn.log --------- 0 
  01/12/2008 22:16     H:\WINDOWS\DPINST.LOG --------- 5994 
  20/06/2008 00:10     H:\WINDOWS\RENT2007.INI --------- 451 
  01/04/2008 18:40     H:\WINDOWS\DirectX.log --------- 31898 
  22/02/2008 01:49     H:\WINDOWS\ntdtcsetup.log --------- 137266 
  22/02/2008 01:49     H:\WINDOWS\comsetup.log --------- 228999 
  22/02/2008 01:49     H:\WINDOWS\iis6.log --------- 758817 
  22/02/2008 01:49     H:\WINDOWS\ocmsn.log --------- 36492 
  22/02/2008 01:49     H:\WINDOWS\tsoc.log --------- 303271 
  22/02/2008 01:49     H:\WINDOWS\imsins.log --------- 1374 
  22/02/2008 01:49     H:\WINDOWS\tabletoc.log --------- 32161 
  22/02/2008 01:49     H:\WINDOWS\KB946627.log --------- 10397 
  22/02/2008 01:49     H:\WINDOWS\msgsocm.log --------- 32906 
  22/02/2008 01:49     H:\WINDOWS\medctroc.Log --------- 46243 
  22/02/2008 01:49     H:\WINDOWS\ocgen.log --------- 321763 
  22/02/2008 01:49     H:\WINDOWS\netfxocm.log --------- 111857 
  22/02/2008 01:49     H:\WINDOWS\FaxSetup.log --------- 647029 
  22/02/2008 01:49     H:\WINDOWS\msmqinst.log --------- 214252 
  22/02/2008 01:46     H:\WINDOWS\imsins.BAK --------- 1374 
  22/02/2008 01:46     H:\WINDOWS\KB941644.log --------- 15310 
  22/02/2008 01:46     H:\WINDOWS\KB946026.log --------- 15311 
  22/02/2008 01:46     H:\WINDOWS\KB944533.log --------- 19285 
  22/02/2008 01:46     H:\WINDOWS\updspapi.log --------- 34268 
  22/02/2008 01:45     H:\WINDOWS\KB943485.log --------- 12031 
  22/02/2008 01:45     H:\WINDOWS\KB943055.log --------- 12069 
  18/01/2008 22:49     H:\WINDOWS\KB909394.log --------- 5654 
  12/12/2007 19:37     H:\WINDOWS\ie7_main.log --------- 1199 
  11/12/2007 23:40     H:\WINDOWS\KB937894.log --------- 16935 
  11/12/2007 23:40     H:\WINDOWS\KB942840.log --------- 16510 
  11/12/2007 23:39     H:\WINDOWS\KB942763.log --------- 27716 
  11/12/2007 23:39     H:\WINDOWS\KB941569.log --------- 12502 
  11/12/2007 23:39     H:\WINDOWS\KB941568.log --------- 15372 
  11/12/2007 23:39     H:\WINDOWS\KB942615.log --------- 19620 
  11/12/2007 23:39     H:\WINDOWS\KB944653.log --------- 13516 
  15/11/2007 11:22     H:\WINDOWS\KB943460.log --------- 8637 
  01/11/2007 21:39     H:\WINDOWS\ASYM.INI --------- 61 
  27/10/2007 19:02     H:\WINDOWS\MMFG.INI --------- 45 
  10/10/2007 16:38     H:\WINDOWS\KB933729.log --------- 14721 
  10/10/2007 16:38     H:\WINDOWS\KB939653.log --------- 23934 
  10/10/2007 16:37     H:\WINDOWS\KB941202.log --------- 14275 
  10/10/2007 10:51     H:\WINDOWS\i350_2KXP_v170 Setup Log.txt --------- 6119 
  30/09/2007 16:18     H:\WINDOWS\msxml4-KB936181-enu.LOG --------- 289294 
  29/09/2007 14:29     H:\WINDOWS\WMSysPr9.prx --------- 316640 
  21/09/2007 19:47     H:\WINDOWS\system32CmdLineExt.dll --------- 98304 
  17/09/2007 16:04     H:\WINDOWS\webica.ini --------- 0 
  14/09/2007 11:23     H:\WINDOWS\KB900725.log --------- 31997 
  14/09/2007 11:19     H:\WINDOWS\spupdsvc.log --------- 29913 
  14/09/2007 00:27     H:\WINDOWS\KB899587.log --------- 50774 
  14/09/2007 00:27     H:\WINDOWS\KB927779.log --------- 50641 
  14/09/2007 00:27     H:\WINDOWS\KB927802.log --------- 40185 
  14/09/2007 00:27     H:\WINDOWS\KB922819.log --------- 47413 
  14/09/2007 00:27     H:\WINDOWS\KB885835.log --------- 46389 
  14/09/2007 00:27     H:\WINDOWS\KB885836.log --------- 45639 
  14/09/2007 00:27     H:\WINDOWS\KB923414.log --------- 46580 
  14/09/2007 00:27     H:\WINDOWS\KB928255.log --------- 47358 
  14/09/2007 00:27     H:\WINDOWS\KB931784.log --------- 48187 
  14/09/2007 00:27     H:\WINDOWS\KB935448.log --------- 36314 
  14/09/2007 00:27     H:\WINDOWS\KB911927.log --------- 40026 
  14/09/2007 00:27     H:\WINDOWS\KB901017.log --------- 45572 
  14/09/2007 00:26     H:\WINDOWS\KB899591.log --------- 45783 
  14/09/2007 00:26     H:\WINDOWS\KB920685.log --------- 45932 
  14/09/2007 00:26     H:\WINDOWS\KB893756.log --------- 45499 
  14/09/2007 00:26     H:\WINDOWS\KB923980.log --------- 45217 
  14/09/2007 00:26     H:\WINDOWS\KB911280.log --------- 44599 
  14/09/2007 00:26     H:\WINDOWS\KB936021.log --------- 44482 
  14/09/2007 00:25     H:\WINDOWS\KB911562.log --------- 43488 
  14/09/2007 00:25     H:\WINDOWS\KB938828.log --------- 42825 
  14/09/2007 00:25     H:\WINDOWS\KB924667.log --------- 40113 
  14/09/2007 00:25     H:\WINDOWS\KB896423.log --------- 37432 
  14/09/2007 00:25     H:\WINDOWS\KB900485.log --------- 42793 
  14/09/2007 00:25     H:\WINDOWS\KB924270.log --------- 42210 
  14/09/2007 00:25     H:\WINDOWS\KB931261.log --------- 40389 
  14/09/2007 00:25     H:\WINDOWS\KB936782.log --------- 27101 
  14/09/2007 00:24     H:\WINDOWS\KB873339.log --------- 39747 
  14/09/2007 00:24     H:\WINDOWS\KB924496.log --------- 40390 
  14/09/2007 00:24     H:\WINDOWS\KB927891.log --------- 32244 
  14/09/2007 00:24     H:\WINDOWS\KB921503.log --------- 40103 
  14/09/2007 00:24     H:\WINDOWS\KB887472.log --------- 39295 
  14/09/2007 00:24     H:\WINDOWS\KB938829.log --------- 40415 
  14/09/2007 00:23     H:\WINDOWS\KB896358.log --------- 35793 
  14/09/2007 00:23     H:\WINDOWS\KB925398.log --------- 27185 
  14/09/2007 00:23     H:\WINDOWS\KB910437.log --------- 31432 
  14/09/2007 00:23     H:\WINDOWS\KB911564.log --------- 25419 
  14/09/2007 00:22     H:\WINDOWS\KB925902.log --------- 41026 
  14/09/2007 00:22     H:\WINDOWS\KB929123.log --------- 39966 
  14/09/2007 00:22     H:\WINDOWS\KB920670.log --------- 38597 
  14/09/2007 00:22     H:\WINDOWS\KB891781.log --------- 38005 
  14/09/2007 00:22     H:\WINDOWS\KB918439.log --------- 34845 
  14/09/2007 00:22     H:\WINDOWS\KB902400.log --------- 43679 
  14/09/2007 00:21     H:\WINDOWS\KB890046.log --------- 35469 
  14/09/2007 00:21     H:\WINDOWS\KB926436.log --------- 35771 
  14/09/2007 00:21     H:\WINDOWS\KB920872.log --------- 36925 
  14/09/2007 00:21     H:\WINDOWS\KB930178.log --------- 35841 
  14/09/2007 00:21     H:\WINDOWS\KB919007.log --------- 35279 
  14/09/2007 00:21     H:\WINDOWS\KB914388.log --------- 32181 
  14/09/2007 00:21     H:\WINDOWS\KB917344.log --------- 34761 
  14/09/2007 00:21     H:\WINDOWS\KB905414.log --------- 34722 
  14/09/2007 00:21     H:\WINDOWS\KB917953.log --------- 33988 
  14/09/2007 00:18     H:\WINDOWS\KB932168.log --------- 33140 
  14/09/2007 00:17     H:\WINDOWS\KB901214.log --------- 32246 
  14/09/2007 00:17     H:\WINDOWS\KB923191.log --------- 30109 
  14/09/2007 00:17     H:\WINDOWS\KB922582.log --------- 25246 
  14/09/2007 00:17     H:\WINDOWS\KB918118.log --------- 31383 
  14/09/2007 00:17     H:\WINDOWS\KB926255.log --------- 30651 
  14/09/2007 00:17     H:\WINDOWS\KB888302.log --------- 26480 
  14/09/2007 00:17     H:\WINDOWS\KB938127.log --------- 30108 
  14/09/2007 00:17     H:\WINDOWS\KB933360.log --------- 40607 
  14/09/2007 00:17     H:\WINDOWS\KB935840.log --------- 29520 
  14/09/2007 00:17     H:\WINDOWS\KB886185.log --------- 22484 
  14/09/2007 00:17     H:\WINDOWS\KB916595.log --------- 29303 
  14/09/2007 00:17     H:\WINDOWS\KB904706.log --------- 28950 
  14/09/2007 00:17     H:\WINDOWS\KB908531.log --------- 29489 
  14/09/2007 00:16     H:\WINDOWS\KB905749.log --------- 29055 
  14/09/2007 00:16     H:\WINDOWS\KB923689.log --------- 16334 
  14/09/2007 00:16     H:\WINDOWS\KB913580.log --------- 28892 
  14/09/2007 00:16     H:\WINDOWS\KB937143.log --------- 31834 
  14/09/2007 00:16     H:\WINDOWS\KB896428.log --------- 24221 
  14/09/2007 00:15     H:\WINDOWS\KB935839.log --------- 24506 
  14/09/2007 00:15     H:\WINDOWS\KB894391.log --------- 24495 
  14/09/2007 00:15     H:\WINDOWS\KB908519.log --------- 22261 
  14/09/2007 00:15     H:\WINDOWS\KB920683.log --------- 22597 
  14/09/2007 00:15     H:\WINDOWS\KB914389.log --------- 22105 
  14/09/2007 00:15     H:\WINDOWS\KB890859.log --------- 23271 
  14/09/2007 00:14     H:\WINDOWS\KB928843.log --------- 19872 
  13/09/2007 23:35     H:\WINDOWS\KB920213.log --------- 5793 
  13/09/2007 23:08     H:\WINDOWS\KB930916.log --------- 6666 
  09/09/2007 16:22     H:\WINDOWS\KB898461.log --------- 6962 
  09/09/2007 15:08     H:\WINDOWS\SpywareDoctor505Installation.log --------- 129 
  09/09/2007 14:45     H:\WINDOWS\ntbtlog.txt --------- 128546 
  08/09/2007 18:05     H:\WINDOWS\ODBC.INI --------- 379 
  08/09/2007 18:02     H:\WINDOWS\vbaddin.ini --------- 59 
  08/09/2007 18:01     H:\WINDOWS\WIN._IN --------- 615 
  08/09/2007 18:01     H:\WINDOWS\win.ini --------- 615 
  08/09/2007 14:08     H:\WINDOWS\KB893803v2.log --------- 5139 
  08/09/2007 13:25     H:\WINDOWS\KB888111.log --------- 5644 
  08/09/2007 12:53     H:\WINDOWS\DtcInstall.log --------- 360 
  08/09/2007 12:53     H:\WINDOWS\OEWABLog.txt --------- 1176 
  08/09/2007 12:52     H:\WINDOWS\setuplog.txt --------- 794204 
  08/09/2007 12:50     H:\WINDOWS\svcpack.log --------- 443008 
  08/09/2007 12:46     H:\WINDOWS\cmsetacl.log --------- 200 
  08/09/2007 12:46     H:\WINDOWS\sessmgr.setup.log --------- 1334 
  08/09/2007 11:57     H:\WINDOWS\Sti_Trace.log --------- 0 
  08/09/2007 11:56     H:\WINDOWS\regopt.log --------- 1486 
  08/09/2007 11:56     H:\WINDOWS\system.ini --------- 231 
  08/09/2007 11:50     H:\WINDOWS\setuperr.log --------- 0 
  08/09/2007 11:05     H:\WINDOWS\REGLOCS.OLD --------- 8192 
  08/09/2007 11:04     H:\WINDOWS\setupact.log --------- 173817 
  08/09/2007 11:02     H:\WINDOWS\control.ini --------- 0 
  08/09/2007 11:02     H:\WINDOWS\WMSysPrx.prx --------- 299552 
  08/09/2007 11:02     H:\WINDOWS\ODBCINST.INI --------- 4207 
  08/09/2007 11:02     H:\WINDOWS\Windows Update.log --------- 240 
  08/09/2007 11:02     H:\WINDOWS\WindowsShell.Manifest --------- 749 
  08/09/2007 11:00     H:\WINDOWS\vb.ini --------- 36 
  13/06/2007 15:22     H:\WINDOWS\explorer.exe --------- 1035776 
  14/07/2006 17:29     H:\WINDOWS\UNRecode.exe --------- 966656 
  14/07/2006 17:29     H:\WINDOWS\UNNeroVision.exe --------- 966656 
  14/07/2006 17:29     H:\WINDOWS\UNNeroBackItUp.exe --------- 966656 
  14/07/2006 17:29     H:\WINDOWS\UNNeroMediaHome.exe --------- 966656 
  14/07/2006 17:29     H:\WINDOWS\UNNeroShowTime.exe --------- 966656 
  27/05/2006 04:47     H:\WINDOWS\RTHDCPL.exe --------- 16208384 
  16/05/2006 12:04     H:\WINDOWS\SkyTel.exe --------- 2879488 
  04/05/2006 10:35     H:\WINDOWS\RTLCPL.exe --------- 9709568 
  04/05/2006 10:26     H:\WINDOWS\alcwzrd.exe --------- 2808832 
  04/05/2006 10:22     H:\WINDOWS\SoundMan.exe --------- 86016 
  10/03/2006 13:32     H:\WINDOWS\MicCal.exe --------- 2158592 
  09/03/2006 11:45     H:\WINDOWS\RtlUpd.exe --------- 364544 
  15/09/2005 14:35     H:\WINDOWS\UNNeroMediaHome.cfg --------- 50 
  30/08/2005 21:37     H:\WINDOWS\UNNeroVision.cfg --------- 50 
  30/08/2005 21:37     H:\WINDOWS\UNNeroShowTime.cfg --------- 50 
  30/08/2005 21:36     H:\WINDOWS\UNRecode.cfg --------- 50 
  30/08/2005 21:33     H:\WINDOWS\UNNeroBackItUp.cfg --------- 50 
  27/05/2005 01:22     H:\WINDOWS\hh.exe --------- 10752 
  03/05/2005 12:43     H:\WINDOWS\Alcmtr.exe --------- 69632 
  16/04/2005 16:20     H:\WINDOWS\RtlExUpd.dll --------- 487424 
  19/08/2004 15:43     H:\WINDOWS\winhlp32.exe --------- 286720 
  19/08/2004 15:43     H:\WINDOWS\slrundll.exe --------- 32866 
  19/08/2004 15:43     H:\WINDOWS\regedit.exe --------- 152064 
  19/08/2004 15:43     H:\WINDOWS\notepad.exe --------- 70144 
  19/08/2004 15:42     H:\WINDOWS\twain_32.dll --------- 50688 
  17/07/2004 11:40     H:\WINDOWS\002234_.tmp --------- 19528 
  28/09/2001 14:00     H:\WINDOWS\twunk_32.exe --------- 25600 
  28/09/2001 14:00     H:\WINDOWS\twunk_16.exe --------- 49680 
  28/09/2001 14:00     H:\WINDOWS\twain.dll --------- 94864 
  28/09/2001 14:00     H:\WINDOWS\TASKMAN.EXE --------- 15872 
  28/09/2001 14:00     H:\WINDOWS\desktop.ini --------- 2 
  28/09/2001 14:00     H:\WINDOWS\SET7.tmp --------- 13923 
  28/09/2001 14:00     H:\WINDOWS\clock.avi --------- 82944 
  28/09/2001 14:00     H:\WINDOWS\SET3.tmp --------- 1085938 
  28/09/2001 14:00     H:\WINDOWS\explorer.scf --------- 80 
  28/09/2001 14:00     H:\WINDOWS\Viento.bmp --------- 65954 
  28/09/2001 14:00     H:\WINDOWS\vmmreg32.dll --------- 18944 
  28/09/2001 14:00     H:\WINDOWS\Azteca.bmp --------- 9522 
  28/09/2001 14:00     H:\WINDOWS\Santa Fe.bmp --------- 65832 
  28/09/2001 14:00     H:\WINDOWS\Rododendro.bmp --------- 17362 
  28/09/2001 14:00     H:\WINDOWS\Roca verde.bmp --------- 26582 
  28/09/2001 14:00     H:\WINDOWS\Grano de caf‚.bmp --------- 17062 
  28/09/2001 14:00     H:\WINDOWS\Pompas.bmp --------- 65978 
  28/09/2001 14:00     H:\WINDOWS\msdfmap.ini --------- 1405 
  28/09/2001 14:00     H:\WINDOWS\Abanicos.bmp --------- 26680 
  28/09/2001 14:00     H:\WINDOWS\winhelp.exe --------- 259184 
  28/09/2001 14:00     H:\WINDOWS\Lazo azul 16.bmp --------- 1272 
  28/09/2001 14:00     H:\WINDOWS\winnt.bmp --------- 48680 
  28/09/2001 14:00     H:\WINDOWS\winnt256.bmp --------- 48680 
  28/09/2001 14:00     H:\WINDOWS\wmprfESP.prx --------- 36814 
  28/09/2001 14:00     H:\WINDOWS\A pescar.bmp --------- 17336 
  28/09/2001 14:00     H:\WINDOWS\Plumas.bmp --------- 16730 
  28/09/2001 14:00     H:\WINDOWS\_default.pif --------- 707 
  06/10/1998 19:34     H:\WINDOWS\IsUn040a.exe --------- 327168 
----------------------------------------

 
H:\WINDOWS\System

 19/08/2004 15:43    H:\WINDOWS\System\winspool.drv --------- 146944 
 19/08/2004 15:19    H:\WINDOWS\System\mmsystem.dll --------- 70544 
 28/09/2001 14:00    H:\WINDOWS\System\KEYBOARD.DRV --------- 2000 
 28/09/2001 14:00    H:\WINDOWS\System\LZEXPAND.DLL --------- 9936 
 28/09/2001 14:00    H:\WINDOWS\System\MCIAVI.DRV --------- 73696 
 28/09/2001 14:00    H:\WINDOWS\System\MCISEQ.DRV --------- 25344 
 28/09/2001 14:00    H:\WINDOWS\System\MCIWAVE.DRV --------- 28160 
 28/09/2001 14:00    H:\WINDOWS\System\COMMDLG.DLL --------- 33856 
 28/09/2001 14:00    H:\WINDOWS\System\AVIFILE.DLL --------- 109568 
 28/09/2001 14:00    H:\WINDOWS\System\MMTASK.TSK --------- 1152 
 28/09/2001 14:00    H:\WINDOWS\System\MOUSE.DRV --------- 2032 
 28/09/2001 14:00    H:\WINDOWS\System\AVICAP.DLL --------- 70224 
 28/09/2001 14:00    H:\WINDOWS\System\OLECLI.DLL --------- 83456 
 28/09/2001 14:00    H:\WINDOWS\System\OLESVR.DLL --------- 24064 
 28/09/2001 14:00    H:\WINDOWS\System\setup.inf --------- 59167 
 28/09/2001 14:00    H:\WINDOWS\System\SHELL.DLL --------- 5120 
 28/09/2001 14:00    H:\WINDOWS\System\SOUND.DRV --------- 1744 
 28/09/2001 14:00    H:\WINDOWS\System\stdole.tlb --------- 5532 
 28/09/2001 14:00    H:\WINDOWS\System\SYSTEM.DRV --------- 3360 
 28/09/2001 14:00    H:\WINDOWS\System\TAPI.DLL --------- 19200 
 28/09/2001 14:00    H:\WINDOWS\System\TIMER.DRV --------- 4128 
 28/09/2001 14:00    H:\WINDOWS\System\VER.DLL --------- 9056 
 28/09/2001 14:00    H:\WINDOWS\System\VGA.DRV --------- 2176 
 28/09/2001 14:00    H:\WINDOWS\System\WFWNET.DRV --------- 13600 
 28/09/2001 14:00    H:\WINDOWS\System\MSVIDEO.DLL --------- 127104 
----------------------------------------

 
H:\WINDOWS\System32

 30/08/2009 11:59     H:\WINDOWS\system32\CatRoot2 --------- 0 
 29/08/2009 12:52     H:\WINDOWS\system32\drivers --------- 0 
 27/08/2009 16:05     H:\WINDOWS\system32\wpa.dbl --------- 2206 
 25/08/2009 23:20     H:\WINDOWS\system32\Restore --------- 0 
 24/08/2009 22:22     H:\WINDOWS\system32\dllcache --------- 0 
 25/07/2009 21:50     H:\WINDOWS\system32\DRVSTORE --------- 0 
 27/06/2009 15:50     H:\WINDOWS\system32\javaw.exe --------- 144792 
 27/06/2009 15:50     H:\WINDOWS\system32\javaws.exe --------- 148888 
 27/06/2009 15:50     H:\WINDOWS\system32\javacpl.cpl --------- 73728 
 27/06/2009 15:50     H:\WINDOWS\system32\java.exe --------- 144792 
 27/06/2009 15:50     H:\WINDOWS\system32\deploytk.dll --------- 410984 
 26/05/2009 17:18     H:\WINDOWS\system32\QuickTime.qts --------- 57344 
 26/05/2009 17:18     H:\WINDOWS\system32\QuickTimeVR.qtx --------- 90112 
 21/05/2009 19:16     H:\WINDOWS\system32\perfh00A.dat --------- 459710 
 21/05/2009 19:16     H:\WINDOWS\system32\perfh009.dat --------- 397696 
 21/05/2009 19:16     H:\WINDOWS\system32\perfc00A.dat --------- 78106 
 21/05/2009 19:16     H:\WINDOWS\system32\perfc009.dat --------- 59916 
 21/05/2009 19:16     H:\WINDOWS\system32\PerfStringBackup.INI --------- 1006324 
 19/05/2009 11:08     H:\WINDOWS\system32\jupdate-1.4.2_13-b06.log --------- 8865 
 12/12/2008 11:18     H:\WINDOWS\system32\dns-sd.exe --------- 87336 
 12/12/2008 11:11     H:\WINDOWS\system32\dnssd.dll --------- 61440 
 22/09/2008 15:14     H:\WINDOWS\system32\CanonIJ Uninstaller Information --------- 0 
 07/05/2008 19:02     H:\WINDOWS\system32\jupdate-1.6.0_05-b13.log --------- 6298 
 17/04/2008 12:12     H:\WINDOWS\system32\GEARAspi.dll --------- 107368 
 01/04/2008 18:40     H:\WINDOWS\system32\DirectX --------- 0 
 01/04/2008 13:03     H:\WINDOWS\system32\UIWEBMON.DLL --------- 90112 
 05/03/2008 18:30     H:\WINDOWS\system32\MRT.exe --------- 19148408 
 02/03/2008 00:47     H:\WINDOWS\system32\FlashAX --------- 0 
 24/02/2008 17:27     H:\WINDOWS\system32\appmgmt --------- 0 
 22/02/2008 01:47     H:\WINDOWS\system32\mui --------- 0 
 11/12/2007 23:39     H:\WINDOWS\system32\TZLog.log --------- 266874 
 07/12/2007 16:36     H:\WINDOWS\system32\mshtml.dll --------- 3080192 
 07/12/2007 03:06     H:\WINDOWS\system32\urlmon.dll --------- 616448 
 07/12/2007 03:06     H:\WINDOWS\system32\wininet.dll --------- 662016 
 07/12/2007 03:06     H:\WINDOWS\system32\shdocvw.dll --------- 1495040 
 07/12/2007 03:06     H:\WINDOWS\system32\shlwapi.dll --------- 474624 
 07/12/2007 03:06     H:\WINDOWS\system32\mstime.dll --------- 532480 
 07/12/2007 03:06     H:\WINDOWS\system32\msrating.dll --------- 146432 
 07/12/2007 03:06     H:\WINDOWS\system32\pngfilt.dll --------- 39424 
 07/12/2007 03:06     H:\WINDOWS\system32\mshtmled.dll --------- 449024 
 07/12/2007 03:06     H:\WINDOWS\system32\inseng.dll --------- 96768 
 07/12/2007 03:06     H:\WINDOWS\system32\iepeers.dll --------- 251392 
 07/12/2007 03:06     H:\WINDOWS\system32\browseui.dll --------- 1023488 
 07/12/2007 03:06     H:\WINDOWS\system32\cdfview.dll --------- 151552 
 07/12/2007 03:06     H:\WINDOWS\system32\jsproxy.dll --------- 16384 
 07/12/2007 03:06     H:\WINDOWS\system32\extmgr.dll --------- 55808 
 07/12/2007 03:06     H:\WINDOWS\system32\dxtrans.dll --------- 205312 
 07/12/2007 03:06     H:\WINDOWS\system32\dxtmsft.dll --------- 357888 
 07/12/2007 03:06     H:\WINDOWS\system32\danim.dll --------- 1056256 
 07/12/2007 01:40     H:\WINDOWS\system32\xpsp3res.dll --------- 368640 
 04/12/2007 20:41     H:\WINDOWS\system32\oleaut32.dll --------- 550912 
 15/11/2007 22:30     H:\WINDOWS\system32\wpcap.dll --------- 240248 
 15/11/2007 22:30     H:\WINDOWS\system32\Packet.dll --------- 88696 
 15/11/2007 22:30     H:\WINDOWS\system32\WanPacket.dll --------- 68224 
 14/11/2007 09:28     H:\WINDOWS\system32\jscript.dll --------- 450560 
 13/11/2007 13:31     H:\WINDOWS\system32\tzchange.exe --------- 60416 
 07/11/2007 11:28     H:\WINDOWS\system32\lsasrv.dll --------- 726528 
 06/11/2007 13:43     H:\WINDOWS\system32\versprog.dll --------- 249856 
 30/10/2007 09:52     H:\WINDOWS\system32\REN3C.tmp --------- 0 
 30/10/2007 09:52     H:\WINDOWS\system32\jupdate-1.6.0_03-b05.log --------- 5385 
 30/10/2007 00:43     H:\WINDOWS\system32\quartz.dll --------- 1293824 
 25/10/2007 18:56     H:\WINDOWS\system32\shell32.dll --------- 8496640 
 24/10/2007 02:47     H:\WINDOWS\system32\mscoree.dll --------- 282112 
 24/10/2007 02:47     H:\WINDOWS\system32\mscories.dll --------- 84480 
 24/10/2007 02:47     H:\WINDOWS\system32\mscorier.dll --------- 158720 
 24/10/2007 02:47     H:\WINDOWS\system32\dfshim.dll --------- 96760 
 20/10/2007 07:01     H:\WINDOWS\system32\wmasf.dll --------- 227328 
 29/09/2007 14:28     H:\WINDOWS\system32\Samsung_USB_Drivers --------- 0 
 22/09/2007 23:34     H:\WINDOWS\system32\config --------- 0 
 17/09/2007 22:14     H:\WINDOWS\system32\Macromed --------- 0 
 16/09/2007 23:49     H:\WINDOWS\system32\REN31.tmp --------- 0 
 16/09/2007 23:49     H:\WINDOWS\system32\jupdate-1.6.0_02-b06.log --------- 4935 
 14/09/2007 11:19     H:\WINDOWS\system32\FNTCACHE.DAT --------- 112584 
 14/09/2007 00:22     H:\WINDOWS\system32\Com --------- 0 
 14/09/2007 00:16     H:\WINDOWS\system32\NtmsData --------- 0 
 09/09/2007 16:22     H:\WINDOWS\system32\PreInstall --------- 0 
 09/09/2007 14:57     H:\WINDOWS\system32\SoftwareDistribution --------- 0 
 08/09/2007 13:29     H:\WINDOWS\system32\BuzzingBee.wav --------- 146650 
 08/09/2007 13:29     H:\WINDOWS\system32\LoopyMusic.wav --------- 940794 
 08/09/2007 13:29     H:\WINDOWS\system32\Lang --------- 0 
 08/09/2007 13:27     H:\WINDOWS\system32\RTCOM --------- 0 
 08/09/2007 13:24     H:\WINDOWS\system32\ReinstallBackups --------- 0 
 08/09/2007 12:52     H:\WINDOWS\system32\inetsrv --------- 0 
 08/09/2007 12:52     H:\WINDOWS\system32\wbem --------- 0 
 08/09/2007 12:52     H:\WINDOWS\system32\spupdwxp.log --------- 241 
 08/09/2007 12:52     H:\WINDOWS\system32\Microsoft --------- 0 
 08/09/2007 12:48     H:\WINDOWS\system32\3082 --------- 0 
 08/09/2007 12:48     H:\WINDOWS\system32\CatRoot --------- 0 
 08/09/2007 12:48     H:\WINDOWS\system32\ras --------- 0 
 08/09/2007 12:48     H:\WINDOWS\system32\icsxml --------- 0 
 08/09/2007 12:47     H:\WINDOWS\system32\1033 --------- 0 
 08/09/2007 12:46     H:\WINDOWS\system32\Setup --------- 0 
 08/09/2007 12:46     H:\WINDOWS\system32\oobe --------- 0 
 08/09/2007 12:45     H:\WINDOWS\system32\1025 --------- 0 
 08/09/2007 12:45     H:\WINDOWS\system32\3076 --------- 0 
 08/09/2007 12:45     H:\WINDOWS\system32\1037 --------- 0 
 08/09/2007 12:45     H:\WINDOWS\system32\1041 --------- 0 
 08/09/2007 12:45     H:\WINDOWS\system32\1031 --------- 0 
 08/09/2007 12:45     H:\WINDOWS\system32\IME --------- 0 
 08/09/2007 12:45     H:\WINDOWS\system32\1042 --------- 0 
----------------------------------------

 
H:\WINDOWS\Prefetch

 30/08/2009 22:27     H:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 11922 
 30/08/2009 22:27     H:\WINDOWS\Prefetch\WINZIP32.EXE-36B80B4F.pf --------- 107196 
 30/08/2009 22:20     H:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 101712 
 30/08/2009 22:20     H:\WINDOWS\Prefetch\AVWSC.EXE-1548D8AB.pf --------- 33408 
 30/08/2009 22:19     H:\WINDOWS\Prefetch\IEXPLORE.EXE-07A56490.pf --------- 115154 
 30/08/2009 22:19     H:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-39B697F4.pf --------- 67428 
 30/08/2009 21:19     H:\WINDOWS\Prefetch\Layout.ini --------- 533946 
 30/08/2009 21:16     H:\WINDOWS\Prefetch\GOOGLEUPDATER.EXE-0F25B20C.pf --------- 48098 
 30/08/2009 21:16     H:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-2DD7B0C5.pf --------- 49002 
 30/08/2009 19:27     H:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 117022 
 30/08/2009 19:17     H:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 18874 
 30/08/2009 19:16     H:\WINDOWS\Prefetch\WINWORD.EXE-1D089B9D.pf --------- 67436 
 30/08/2009 19:16     H:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 77724 
 30/08/2009 17:52     H:\WINDOWS\Prefetch\AVCENTER.EXE-02AF908C.pf --------- 53948 
 30/08/2009 17:52     H:\WINDOWS\Prefetch\ULGGRGZU[1].EXE-1F7A2B3C.pf --------- 12136 
 30/08/2009 17:47     H:\WINDOWS\Prefetch\HALLO123.EXE-0651F001.pf --------- 15470 
 30/08/2009 17:42     H:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf --------- 42418 
 30/08/2009 17:21     H:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf --------- 101944 
 30/08/2009 17:19     H:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 84438 
 30/08/2009 17:19     H:\WINDOWS\Prefetch\BMW.EXE-0E70B70A.pf --------- 49652 
 30/08/2009 16:54     H:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf --------- 249700 
 30/08/2009 16:16     H:\WINDOWS\Prefetch\AVSCAN.EXE-088AE46F.pf --------- 64778 
 30/08/2009 16:16     H:\WINDOWS\Prefetch\UPDATE.EXE-16B195D7.pf --------- 58114 
 30/08/2009 16:07     H:\WINDOWS\Prefetch\AVNOTIFY.EXE-35D66197.pf --------- 57082 
 30/08/2009 15:46     H:\WINDOWS\Prefetch\CAILLO~1.EXE-11CC3F96.pf --------- 38474 
 30/08/2009 15:29     H:\WINDOWS\Prefetch\DOGZ.EXE-3A795F30.pf --------- 35466 
 30/08/2009 15:29     H:\WINDOWS\Prefetch\PETZ 5.EXE-1ABF9F51.pf --------- 17610 
 30/08/2009 15:29     H:\WINDOWS\Prefetch\~E5D141.TMP-0EDF9D16.pf --------- 15744 
 30/08/2009 14:19     H:\WINDOWS\Prefetch\GOOGLECRASHHANDLER.EXE-296D8DE4.pf --------- 13056 
 30/08/2009 12:10     H:\WINDOWS\Prefetch\WFICA32.EXE-345936DA.pf --------- 79630 
 30/08/2009 12:04     H:\WINDOWS\Prefetch\JUCHECK.EXE-206544E7.pf --------- 42554 
 30/08/2009 12:04     H:\WINDOWS\Prefetch\JAVA.EXE-05BAE50D.pf --------- 7250 
 30/08/2009 12:00     H:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1185768 
 29/08/2009 16:10     H:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf --------- 70674 
 29/08/2009 16:10     H:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf --------- 56498 
 29/08/2009 16:09     H:\WINDOWS\Prefetch\OSA9.EXE-285C1B8B.pf --------- 8242 
 29/08/2009 11:13     H:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0C64F9F3.pf --------- 69052 
 29/08/2009 11:06     H:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf --------- 78758 
 29/08/2009 11:06     H:\WINDOWS\Prefetch\RUNDLL32.EXE-3731328F.pf --------- 33206 
 29/08/2009 11:06     H:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf --------- 66410 
 29/08/2009 11:06     H:\WINDOWS\Prefetch\CLI.EXE-21643E5E.pf --------- 75272 
 28/08/2009 17:12     H:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 20454 
 28/08/2009 17:12     H:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf --------- 96222 
 28/08/2009 17:05     H:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf --------- 15238 
 28/08/2009 15:19     H:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 63292 
 28/08/2009 15:19     H:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 15126 
 27/08/2009 17:30     H:\WINDOWS\Prefetch\UNRAR.EXE-206201FD.pf --------- 126684 
 27/08/2009 16:46     H:\WINDOWS\Prefetch\JAVAW.EXE-0728914C.pf --------- 107718 
 27/08/2009 16:46     H:\WINDOWS\Prefetch\JDOWNLOADER.EXE-22F717B1.pf --------- 10074 
 27/08/2009 16:42     H:\WINDOWS\Prefetch\OUTLOOK.EXE-046D5AF6.pf --------- 61522 
 27/08/2009 16:20     H:\WINDOWS\Prefetch\RUNDLL32.EXE-1FE6AFBB.pf --------- 120298 
 27/08/2009 16:19     H:\WINDOWS\Prefetch\CNMSE94.EXE-1349EE19.pf --------- 7894 
 27/08/2009 16:16     H:\WINDOWS\Prefetch\RUNDLL32.EXE-423FAB96.pf --------- 38504 
 27/08/2009 16:15     H:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --------- 14282 
 27/08/2009 16:14     H:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf --------- 11522 
 27/08/2009 16:10     H:\WINDOWS\Prefetch\JAVAWS.EXE-088A5CA3.pf --------- 11540 
 26/08/2009 00:24     H:\WINDOWS\Prefetch\JAVACPL.EXE-303C6AD5.pf --------- 6842 
 25/08/2009 23:48     H:\WINDOWS\Prefetch\KILLBOX.EXE-15321805.pf --------- 23546 
 25/08/2009 23:45     H:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf --------- 15348 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\_IU14D2P.TMP-0A59BEDF.pf --------- 28494 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf --------- 13868 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\UNINS000.EXE-0412534C.pf --------- 17262 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\_IU14D2O.TMP-2F71CF61.pf --------- 16270 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\UNINS000.EXE-1125D813.pf --------- 17980 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\PCTCFFIX.EXE-1277BD41.pf --------- 8312 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\PCTSSVC.EXE-0ADABDDD.pf --------- 52652 
 25/08/2009 23:30     H:\WINDOWS\Prefetch\PCTSAUXS.EXE-1D1FE3A2.pf --------- 12418 
 25/08/2009 23:29     H:\WINDOWS\Prefetch\_IU14D2N.TMP-1F8D0E51.pf --------- 30374 
 25/08/2009 23:29     H:\WINDOWS\Prefetch\UNINS000.EXE-0892F5A7.pf --------- 25974 
 25/08/2009 23:29     H:\WINDOWS\Prefetch\PCTSTRAY.EXE-3ABB57E9.pf --------- 44968 
 25/08/2009 23:29     H:\WINDOWS\Prefetch\PCTSGUI.EXE-1BB089FC.pf --------- 49806 
 25/08/2009 23:21     H:\WINDOWS\Prefetch\SDLOADER.EXE-19B27EAD.pf --------- 39220 
 25/08/2009 23:21     H:\WINDOWS\Prefetch\DRVCTL.EXE-1BBE7F4E.pf --------- 3540 
 25/08/2009 23:20     H:\WINDOWS\Prefetch\RUNDLL32.EXE-3FE00D02.pf --------- 28658 
 25/08/2009 23:10     H:\WINDOWS\Prefetch\ACRORD32.EXE-32BBA50F.pf --------- 63418 
 25/08/2009 23:10     H:\WINDOWS\Prefetch\QTTASK.EXE-0B6BEE64.pf --------- 8602 
 25/08/2009 23:01     H:\WINDOWS\Prefetch\RUNDLL32.EXE-3FD02828.pf --------- 16210 
 25/08/2009 22:38     H:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf --------- 23116 
 25/08/2009 22:08     H:\WINDOWS\Prefetch\NSB.TMP-38641380.pf --------- 13572 
 25/08/2009 22:08     H:\WINDOWS\Prefetch\NET.EXE-01A53C2F.pf --------- 11664 
 25/08/2009 22:08     H:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf --------- 13288 
 25/08/2009 22:08     H:\WINDOWS\Prefetch\NSA.TMP-169ACA32.pf --------- 5632 
 25/08/2009 22:08     H:\WINDOWS\Prefetch\TMP6.TMP-06C83EAA.pf --------- 55640 
 25/08/2009 07:55     H:\WINDOWS\Prefetch\RUNDLL32.EXE-1BF0B56B.pf --------- 25136 
 25/08/2009 07:52     H:\WINDOWS\Prefetch\MPNEX10.EXE-359D3039.pf --------- 74356 
 25/08/2009 07:52     H:\WINDOWS\Prefetch\MPNSCAN.EXE-122D39D1.pf --------- 40248 
 25/08/2009 07:52     H:\WINDOWS\Prefetch\WIAACMGR.EXE-212ED878.pf --------- 18662 
 25/08/2009 07:48     H:\WINDOWS\Prefetch\RUNDLL32.EXE-287C374A.pf --------- 43256 
 25/08/2009 07:48     H:\WINDOWS\Prefetch\MPNCOPY.EXE-20C9ADBD.pf --------- 44658 
 24/08/2009 22:33     H:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf --------- 29966 
 24/08/2009 22:33     H:\WINDOWS\Prefetch\RUNDLL32.EXE-22587A4E.pf --------- 37422 
 24/08/2009 22:31     H:\WINDOWS\Prefetch\GUARDGUI.EXE-2EFC2976.pf --------- 59280 
 24/08/2009 22:22     H:\WINDOWS\Prefetch\10447504.EXE-2B119F41.pf --------- 29938 
 24/08/2009 22:22     H:\WINDOWS\Prefetch\IPODSERVICE.EXE-14AD121B.pf --------- 78384 
 24/08/2009 22:22     H:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 16672 
 24/08/2009 22:01     H:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf --------- 55270 
 24/08/2009 22:01     H:\WINDOWS\Prefetch\PDFUPD.EXE-275F63AE.pf --------- 25252 
 24/08/2009 21:38     H:\WINDOWS\Prefetch\OFFPROV.EXE-3A057517.pf --------- 14546 
 24/08/2009 21:22     H:\WINDOWS\Prefetch\ADOBEUPDATER.EXE-03C14646.pf --------- 36212 
 24/08/2009 11:57     H:\WINDOWS\Prefetch\RUNDLL32.EXE-250CAEC1.pf --------- 24390 
 24/08/2009 11:57     H:\WINDOWS\Prefetch\RUNDLL32.EXE-2E086A4D.pf --------- 25092 
 24/08/2009 11:56     H:\WINDOWS\Prefetch\RUNDLL32.EXE-16BAEDEA.pf --------- 24268 
 24/08/2009 11:10     H:\WINDOWS\Prefetch\RUNDLL32.EXE-2B7D3326.pf --------- 25866 
 24/08/2009 11:09     H:\WINDOWS\Prefetch\RUNDLL32.EXE-37425C71.pf --------- 24998 
 24/08/2009 11:08     H:\WINDOWS\Prefetch\RUNDLL32.EXE-18128B2D.pf --------- 23614 
 24/08/2009 11:07     H:\WINDOWS\Prefetch\RUNDLL32.EXE-22179D3D.pf --------- 23554 
 23/08/2009 13:12     H:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 65188 
 09/08/2009 17:07     H:\WINDOWS\Prefetch\UPDATE.EXE-2A1CF551.pf --------- 59704 
 09/08/2009 17:07     H:\WINDOWS\Prefetch\PREUPD.EXE-0867D106.pf --------- 18028 
 09/08/2009 17:06     H:\WINDOWS\Prefetch\AVWSC.EXE-1CB11BDF.pf --------- 30826 
 08/08/2009 15:48     H:\WINDOWS\Prefetch\AVNOTIFY.EXE-1347223F.pf --------- 63786 
----------------------------------------

 
H:\WINDOWS\Tasks

 30/08/2009 22:19     H:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job --------- 1088 
 30/08/2009 21:16     H:\WINDOWS\Tasks\Google Software Updater.job --------- 1012 
 30/08/2009 14:19     H:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job --------- 1084 
 30/08/2009 11:59     H:\WINDOWS\Tasks\SA.DAT --------- 6 
 28/09/2001 14:00     H:\WINDOWS\Tasks\desktop.ini --------- 65 
----------------------------------------

 
H:\WINDOWS\Temp

 30/08/2009 15:52     H:\WINDOWS\Temp\AAX2F.tmp --------- 60612 
 30/08/2009 15:51     H:\WINDOWS\Temp\AAX2E.tmp --------- 60612 
 30/08/2009 15:50     H:\WINDOWS\Temp\AAX2D.tmp --------- 60612 
 30/08/2009 15:50     H:\WINDOWS\Temp\AAX2C.tmp --------- 60612 
 30/08/2009 15:47     H:\WINDOWS\Temp\AAX2B.tmp --------- 60612 
 30/08/2009 15:47     H:\WINDOWS\Temp\AAX2A.tmp --------- 60612 
 30/08/2009 11:59     H:\WINDOWS\Temp\Perflib_Perfdata_75c.dat --------- 16384 
 29/08/2009 20:15     H:\WINDOWS\Temp\Perflib_Perfdata_824.dat --------- 16384 
 28/08/2009 17:03     H:\WINDOWS\Temp\GUR1.tmp --------- 0 
 28/08/2009 15:04     H:\WINDOWS\Temp\Perflib_Perfdata_874.dat --------- 16384 
 27/08/2009 16:40     H:\WINDOWS\Temp\Perflib_Perfdata_38c.dat --------- 16384 
 25/08/2009 22:49     H:\WINDOWS\Temp\Cookies --------- 0 
 23/08/2009 17:51     H:\WINDOWS\Temp\AAX21.tmp --------- 60612 
 23/08/2009 17:34     H:\WINDOWS\Temp\Perflib_Perfdata_83c.dat --------- 16384 
 23/08/2009 13:03     H:\WINDOWS\Temp\Perflib_Perfdata_8bc.dat --------- 16384 
 23/08/2009 11:01     H:\WINDOWS\Temp\AAX28.tmp --------- 60612 
 23/08/2009 10:59     H:\WINDOWS\Temp\AAX27.tmp --------- 60612 
 22/08/2009 12:29     H:\WINDOWS\Temp\AAX26.tmp --------- 60612 
 22/08/2009 12:28     H:\WINDOWS\Temp\Perflib_Perfdata_828.dat --------- 16384 
 20/08/2009 23:39     H:\WINDOWS\Temp\Perflib_Perfdata_58c.dat --------- 16384 
 18/08/2009 17:26     H:\WINDOWS\Temp\Perflib_Perfdata_1c0.dat --------- 16384 
 17/08/2009 18:05     H:\WINDOWS\Temp\Perflib_Perfdata_654.dat --------- 16384 
 17/08/2009 16:43     H:\WINDOWS\Temp\AAX25.tmp --------- 60612 
 17/08/2009 16:43     H:\WINDOWS\Temp\AAX24.tmp --------- 60612 
 17/08/2009 16:43     H:\WINDOWS\Temp\AAX23.tmp --------- 60612 
 17/08/2009 16:39     H:\WINDOWS\Temp\AAX22.tmp --------- 60612 
 16/08/2009 11:47     H:\WINDOWS\Temp\Perflib_Perfdata_4fc.dat --------- 16384 
 15/08/2009 17:15     H:\WINDOWS\Temp\Perflib_Perfdata_74c.dat --------- 16384 
 13/08/2009 13:18     H:\WINDOWS\Temp\Perflib_Perfdata_650.dat --------- 16384 
 11/08/2009 22:33     H:\WINDOWS\Temp\Perflib_Perfdata_214.dat --------- 16384 
 09/08/2009 17:10     H:\WINDOWS\Temp\Perflib_Perfdata_600.dat --------- 16384 
 14/07/2009 21:58     H:\WINDOWS\Temp\AAX20.tmp --------- 60612 
 14/07/2009 21:57     H:\WINDOWS\Temp\AAX1D.tmp --------- 60612 
 14/07/2009 13:49     H:\WINDOWS\Temp\AAX1F.tmp --------- 60612 
 13/07/2009 18:11     H:\WINDOWS\Temp\tmpF7B34.FOT --------- 1409 
 13/07/2009 18:11     H:\WINDOWS\Temp\AAX1E.tmp --------- 60612 
 13/07/2009 09:44     H:\WINDOWS\Temp\AAX1A.tmp --------- 60612 
 12/07/2009 14:03     H:\WINDOWS\Temp\AAX1C.tmp --------- 60612 
 12/07/2009 13:59     H:\WINDOWS\Temp\is-NSU5R.tmp --------- 0 
 12/07/2009 13:59     H:\WINDOWS\Temp\Setup Log 2009-07-12 #001.txt --------- 113961 
 12/07/2009 13:59     H:\WINDOWS\Temp\Setup Log 2009-07-12 #003.txt --------- 3066 
 12/07/2009 13:59     H:\WINDOWS\Temp\is-ICLOA.tmp --------- 0 
 12/07/2009 13:59     H:\WINDOWS\Temp\Setup Log 2009-07-12 #002.txt --------- 4797 
 09/07/2009 17:56     H:\WINDOWS\Temp\AAX1B.tmp --------- 60612 
 08/07/2009 18:43     H:\WINDOWS\Temp\AAX15.tmp --------- 60612 
 06/07/2009 17:56     H:\WINDOWS\Temp\AAX13.tmp --------- 60612 
 05/07/2009 23:10     H:\WINDOWS\Temp\Perflib_Perfdata_580.dat --------- 16384 
 04/07/2009 21:05     H:\WINDOWS\Temp\AAX19.tmp --------- 60612 
 04/07/2009 21:03     H:\WINDOWS\Temp\AAX18.tmp --------- 60612 
 04/07/2009 21:01     H:\WINDOWS\Temp\AAX17.tmp --------- 60612 
 04/07/2009 21:00     H:\WINDOWS\Temp\AAX16.tmp --------- 60612 
 04/07/2009 20:48     H:\WINDOWS\Temp\AAX14.tmp --------- 60612 
 04/07/2009 17:34     H:\WINDOWS\Temp\Perflib_Perfdata_7d8.dat --------- 16384 
 03/07/2009 21:30     H:\WINDOWS\Temp\Perflib_Perfdata_730.dat --------- 16384 
 03/07/2009 08:08     H:\WINDOWS\Temp\AAXE.tmp --------- 60612 
 30/06/2009 12:07     H:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat --------- 16384 
 28/06/2009 17:27     H:\WINDOWS\Temp\AAX11.tmp --------- 60612 
 28/06/2009 17:24     H:\WINDOWS\Temp\AAX10.tmp --------- 60612 
 28/06/2009 17:20     H:\WINDOWS\Temp\AAX12.tmp --------- 60612 
 28/06/2009 17:17     H:\WINDOWS\Temp\AAXF.tmp --------- 60612 
 28/06/2009 14:39     H:\WINDOWS\Temp\Perflib_Perfdata_4d8.dat --------- 16384 
 28/06/2009 13:29     H:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat --------- 16384 
 28/06/2009 13:05     H:\WINDOWS\Temp\AAX6.tmp --------- 60612 
 28/06/2009 12:09     H:\WINDOWS\Temp\tmp64518.FOT --------- 1409 
 28/06/2009 12:09     H:\WINDOWS\Temp\AAXD.tmp --------- 60612 
 28/06/2009 09:59     H:\WINDOWS\Temp\AAXA.tmp --------- 60612 
 28/06/2009 09:58     H:\WINDOWS\Temp\AAX9.tmp --------- 60612 
 28/06/2009 09:55     H:\WINDOWS\Temp\AAX8.tmp --------- 60612 
 28/06/2009 09:52     H:\WINDOWS\Temp\AAX7.tmp --------- 60612 
 27/06/2009 11:17     H:\WINDOWS\Temp\AAXC.tmp --------- 60612 
 27/06/2009 11:16     H:\WINDOWS\Temp\AAXB.tmp --------- 60612 
 27/06/2009 11:15     H:\WINDOWS\Temp\SPEEnc.Dup --------- 0 
 17/06/2009 00:20     H:\WINDOWS\Temp\Google Toolbar --------- 0 
 17/06/2009 00:20     H:\WINDOWS\Temp\GoogleToolbarInstaller2.log --------- 10459 
 17/06/2009 00:20     H:\WINDOWS\Temp\GoogleToolbarInstaller1.log --------- 10973 
 03/05/2009 14:53     H:\WINDOWS\Temp\~OBJ2326.TMP --------- 1110980 
 03/05/2009 14:30     H:\WINDOWS\Temp\~OBJ201E.TMP --------- 88 
 03/05/2009 14:30     H:\WINDOWS\Temp\~OBJ2327.TMP --------- 88 
 23/03/2009 12:43     H:\WINDOWS\Temp\gisa1d2c --------- 0 
 12/03/2009 10:51     H:\WINDOWS\Temp\Norton Setup 2,0,0 3-12-2009 9h51m36s.log --------- 3678 
 03/02/2009 19:09     H:\WINDOWS\Temp\_ISTMP0.DIR --------- 0 
 16/01/2009 01:28     H:\WINDOWS\Temp\MSI18320.LOG --------- 454 
 12/12/2008 11:30     H:\WINDOWS\Temp\GUM3.tmp --------- 0 
 25/10/2008 17:41     H:\WINDOWS\Temp\giscc624 --------- 0 
 25/10/2008 17:08     H:\WINDOWS\Temp\Setup Log 2008-10-25 #001.txt --------- 86267 
 06/10/2008 21:09     H:\WINDOWS\Temp\~OBJ2718.TMP --------- 667674 
 06/10/2008 20:51     H:\WINDOWS\Temp\~OBJ277F.TMP --------- 88 
 06/10/2008 20:51     H:\WINDOWS\Temp\~OBJ2719.TMP --------- 88 
 01/09/2008 09:09     H:\WINDOWS\Temp\is22.tmp --------- 0 
 13/07/2008 21:18     H:\WINDOWS\Temp\Historial --------- 0 
 13/07/2008 21:18     H:\WINDOWS\Temp\Archivos temporales de Internet --------- 0 
 08/04/2008 19:45     H:\WINDOWS\Temp\{AC76BA86-7AD7-1031-7B44-A81200000003}.ini --------- 625 
 08/04/2008 19:44     H:\WINDOWS\Temp\{AC76BA86-7AD7-1031-7B44-A81000000003}.ini --------- 874 
 04/04/2008 22:16     H:\WINDOWS\Temp\gis57fd06 --------- 0 
 23/03/2008 02:16     H:\WINDOWS\Temp\Setup Log 2008-03-23 #001.txt --------- 79264 
 22/02/2008 01:48     H:\WINDOWS\Temp\dd_dotnetfx20install.txt --------- 75352 
 22/02/2008 01:48     H:\WINDOWS\Temp\uxeventlog.txt --------- 11310 
 22/02/2008 01:48     H:\WINDOWS\Temp\dd_NET_Framework20_Setup4C72.txt --------- 10100064 
 22/02/2008 01:48     H:\WINDOWS\Temp\ASPNETSetup_00000.log --------- 5158 
 22/02/2008 01:46     H:\WINDOWS\Temp\dd_depcheck_NETFX20_EXP_35.txt --------- 21364 
 22/02/2008 01:46     H:\WINDOWS\Temp\dd_dotnetfx20error.txt --------- 2 
 18/02/2008 21:37     H:\WINDOWS\Temp\sxe6.7z --------- 13327830 
 18/02/2008 21:37     H:\WINDOWS\Temp\sxe6.tmp --------- 0 
 16/12/2007 00:02     H:\WINDOWS\Temp\WGAErrLog.txt --------- 255 
 15/12/2007 16:06     H:\WINDOWS\Temp\WGANotify.settings --------- 408 
 22/11/2007 20:33     H:\WINDOWS\Temp\Setup Log 2007-11-22 #001.txt --------- 55153 
 22/11/2007 20:33     H:\WINDOWS\Temp\is-5C8EU.tmp --------- 0 
 16/11/2007 05:52     H:\WINDOWS\Temp\DFC5A2B2.TMP --------- 113 
 01/11/2007 21:38     H:\WINDOWS\Temp\~INS0363.~MP --------- 10240 
----------------------------------------

 
H:\DOCUME~1\andi\CONFIG~1\Temp

 30/08/2009 22:27      H:\DOCUME~1\andi\CONFIG~1\Temp\wz471e --------- 0 
 30/08/2009 16:15      H:\DOCUME~1\andi\CONFIG~1\Temp\jusched.log --------- 253368 
 30/08/2009 15:29      H:\DOCUME~1\andi\CONFIG~1\Temp\~e5d141.tmp --------- 36352 
 30/08/2009 12:04      H:\DOCUME~1\andi\CONFIG~1\Temp\jre-6u15-windows-i586-iftw.exe --------- 714528 
 30/08/2009 12:04      H:\DOCUME~1\andi\CONFIG~1\Temp\au-descriptor-1.6.0_15-b71.xml --------- 8989 
 30/08/2009 11:59      H:\DOCUME~1\andi\CONFIG~1\Temp\WCESCOMM.LOG --------- 375 
 30/08/2009 11:59      H:\DOCUME~1\andi\CONFIG~1\Temp\WCESLog.log --------- 798945 
 28/08/2009 16:56      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF58AF.tmp --------- 114688 
 27/08/2009 16:46      H:\DOCUME~1\andi\CONFIG~1\Temp\hsperfdata_andi --------- 0 
 27/08/2009 16:10      H:\DOCUME~1\andi\CONFIG~1\Temp\java_install_reg.log --------- 162416 
 26/08/2009 00:38      H:\DOCUME~1\andi\CONFIG~1\Temp\msoclip1 --------- 0 
 25/08/2009 23:48      H:\DOCUME~1\andi\CONFIG~1\Temp\~DFE6E5.tmp --------- 16384 
 25/08/2009 23:32      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF7359.tmp --------- 16384 
 25/08/2009 23:30      H:\DOCUME~1\andi\CONFIG~1\Temp\KDSInterface.txt --------- 2 
 25/08/2009 23:30      H:\DOCUME~1\andi\CONFIG~1\Temp\Uninstall Log 2009-08-25 #002.txt --------- 4748 
 25/08/2009 23:30      H:\DOCUME~1\andi\CONFIG~1\Temp\Uninstall Log 2009-08-25 #001.txt --------- 4005 
 25/08/2009 23:01      H:\DOCUME~1\andi\CONFIG~1\Temp\~DFB3B0.tmp --------- 16384 
 25/08/2009 22:58      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF4063.tmp --------- 16384 
 25/08/2009 22:08      H:\DOCUME~1\andi\CONFIG~1\Temp\TMP6.tmp --------- 230994 
 25/08/2009 07:52      H:\DOCUME~1\andi\CONFIG~1\Temp\Twain001.Mtx --------- 4 
 25/08/2009 07:52      H:\DOCUME~1\andi\CONFIG~1\Temp\TWAIN.LOG --------- 1069 
 25/08/2009 07:52      H:\DOCUME~1\andi\CONFIG~1\Temp\Twunk001.MTX --------- 156 
 24/08/2009 22:01      H:\DOCUME~1\andi\CONFIG~1\Temp\~TM9.tmp --------- 23040 
 23/08/2009 13:12      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI78955.LOG --------- 350 
 23/08/2009 13:11      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI78954.LOG --------- 350 
 23/08/2009 13:11      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI78953.LOG --------- 350 
 23/08/2009 13:11      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI78952.LOG --------- 350 
 21/08/2009 15:25      H:\DOCUME~1\andi\CONFIG~1\Temp\chrome_installer.log --------- 208 
 21/08/2009 13:59      H:\DOCUME~1\andi\CONFIG~1\Temp\mod2F.tmp --------- 34 
 21/08/2009 13:59      H:\DOCUME~1\andi\CONFIG~1\Temp\DivXInstaller.exe --------- 4780600 
 21/08/2009 13:59      H:\DOCUME~1\andi\CONFIG~1\Temp\mod2E.tmp --------- 34 
 21/08/2009 13:59      H:\DOCUME~1\andi\CONFIG~1\Temp\ICD2.tmp --------- 0 
 16/08/2009 22:33      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI86baf.LOG --------- 350 
 16/08/2009 22:30      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI86bae.LOG --------- 350 
 16/08/2009 17:31      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI64c25.LOG --------- 350 
 16/08/2009 17:30      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI64c24.LOG --------- 350 
 16/08/2009 17:28      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI433c4.LOG --------- 350 
 16/08/2009 16:23      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE7.TMP --------- 0 
 16/08/2009 14:35      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI57a0b.LOG --------- 350 
 16/08/2009 14:35      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI57a0a.LOG --------- 350 
 16/08/2009 14:35      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI57a09.LOG --------- 350 
 11/08/2009 23:16      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF39F1.tmp --------- 512 
 11/08/2009 23:16      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF39B3.tmp --------- 512 
 11/08/2009 22:55      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF66EA.tmp --------- 512 
 11/08/2009 22:35      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF7E4E.tmp --------- 512 
 11/08/2009 15:57      H:\DOCUME~1\andi\CONFIG~1\Temp\Excel8.0 --------- 0 
 11/08/2009 14:19      H:\DOCUME~1\andi\CONFIG~1\Temp\WcesView.log --------- 7106 
 11/08/2009 14:19      H:\DOCUME~1\andi\CONFIG~1\Temp\WCESMgr.log --------- 13584 
 10/08/2009 14:44      H:\DOCUME~1\andi\CONFIG~1\Temp\RarSFX2 --------- 0 
 10/08/2009 14:44      H:\DOCUME~1\andi\CONFIG~1\Temp\AVSETUP_4a8015b9 --------- 0 
 10/08/2009 14:42      H:\DOCUME~1\andi\CONFIG~1\Temp\dd_vcredistUI6751.txt --------- 11374 
 10/08/2009 14:42      H:\DOCUME~1\andi\CONFIG~1\Temp\dd_vcredistMSI6751.txt --------- 523094 
 08/08/2009 17:04      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI7b2db.LOG --------- 350 
 28/07/2009 15:33      H:\DOCUME~1\andi\CONFIG~1\Temp\4D.tmp --------- 1007600 
 26/07/2009 01:01      H:\DOCUME~1\andi\CONFIG~1\Temp\control.xml --------- 12818 
 25/07/2009 21:50      H:\DOCUME~1\andi\CONFIG~1\Temp\SetupAdminCDC.log --------- 2909143 
 25/07/2009 21:49      H:\DOCUME~1\andi\CONFIG~1\Temp\QTInstallCode.log --------- 2025 
 25/07/2009 21:49      H:\DOCUME~1\andi\CONFIG~1\Temp\qtplugin.log --------- 3562 
 03/07/2009 16:27      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI12da1.LOG --------- 350 
 03/07/2009 16:09      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX24.tmp --------- 47792 
 02/07/2009 18:24      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI59095.LOG --------- 350 
 02/07/2009 17:35      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa03368.dir --------- 1148229 
 02/07/2009 17:29      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa02100.dir --------- 1148229 
 29/06/2009 19:09      H:\DOCUME~1\andi\CONFIG~1\Temp\tmp16.tmp --------- 4209365 
 27/06/2009 15:50      H:\DOCUME~1\andi\CONFIG~1\Temp\java_install.log --------- 49745 
 27/06/2009 15:49      H:\DOCUME~1\andi\CONFIG~1\Temp\java_install_sp.log --------- 2080 
 27/06/2009 15:49      H:\DOCUME~1\andi\CONFIG~1\Temp\123b6f5.mst --------- 1500672 
 27/06/2009 15:49      H:\DOCUME~1\andi\CONFIG~1\Temp\jinstall.cfg --------- 9635 
 25/06/2009 18:37      H:\DOCUME~1\andi\CONFIG~1\Temp\Cookies --------- 0 
 23/06/2009 14:19      H:\DOCUME~1\andi\CONFIG~1\Temp\FrontPageTempDir --------- 0 
 23/06/2009 14:19      H:\DOCUME~1\andi\CONFIG~1\Temp\wecerr.txt --------- 188 
 22/06/2009 15:57      H:\DOCUME~1\andi\CONFIG~1\Temp\dd1a_appcompat.txt --------- 37096 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\68R3S40O.emf --------- 129368 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\384OPOAH.emf --------- 8288 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\9AA5BX60.emf --------- 48368 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\GGIQJN3G.emf --------- 17648 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\WJXEC1Q4.emf --------- 16688 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\9BXU2NTG.emf --------- 42128 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\E14MYTSA.emf --------- 375116 
 17/06/2009 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\026ZC57E.emf --------- 81152 
 17/06/2009 08:04      H:\DOCUME~1\andi\CONFIG~1\Temp\Google Toolbar --------- 0 
 12/06/2009 01:01      H:\DOCUME~1\andi\CONFIG~1\Temp\31c0_appcompat.txt --------- 37096 
 11/06/2009 14:07      H:\DOCUME~1\andi\CONFIG~1\Temp\6ddc_appcompat.txt --------- 37096 
 11/06/2009 13:07      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE6.TMP --------- 0 
 06/06/2009 23:25      H:\DOCUME~1\andi\CONFIG~1\Temp\a715_appcompat.txt --------- 37096 
 06/06/2009 14:59      H:\DOCUME~1\andi\CONFIG~1\Temp\ee82_appcompat.txt --------- 37096 
 27/05/2009 21:30      H:\DOCUME~1\andi\CONFIG~1\Temp\bab2_appcompat.txt --------- 37096 
 24/05/2009 02:22      H:\DOCUME~1\andi\CONFIG~1\Temp\7454_appcompat.txt --------- 37096 
 21/05/2009 19:19      H:\DOCUME~1\andi\CONFIG~1\Temp\_PegEx~1 --------- 0 
 21/05/2009 18:15      H:\DOCUME~1\andi\CONFIG~1\Temp\mp29234.w3d --------- 56204 
 21/05/2009 18:15      H:\DOCUME~1\andi\CONFIG~1\Temp\mp16725.w3d --------- 73412 
 21/05/2009 18:14      H:\DOCUME~1\andi\CONFIG~1\Temp\mp10404.w3d --------- 71420 
 21/05/2009 18:14      H:\DOCUME~1\andi\CONFIG~1\Temp\mp26385.cct --------- 1011105 
 21/05/2009 18:14      H:\DOCUME~1\andi\CONFIG~1\Temp\mp12368.w3d --------- 31956 
 21/05/2009 18:14      H:\DOCUME~1\andi\CONFIG~1\Temp\mp2481.w3d --------- 25380 
 21/05/2009 18:14      H:\DOCUME~1\andi\CONFIG~1\Temp\mp3705.w3d --------- 300372 
 21/05/2009 18:14      H:\DOCUME~1\andi\CONFIG~1\Temp\mp23893.w3d --------- 465836 
 21/05/2009 18:14      H:\DOCUME~1\andi\CONFIG~1\Temp\mp22474.w3d --------- 1715160 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp15298.swf --------- 78286 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp14311.swf --------- 54529 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp18350.swf --------- 105671 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp19154.swf --------- 119651 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp15220.swf --------- 41459 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp13275.swf --------- 82312 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp24390.swf --------- 62417 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp15889.swf --------- 113359 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp22577.swf --------- 151204 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa01832.swf --------- 53502 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp16491.w3d --------- 36640 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp23697.w3d --------- 46208 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp3101.w3d --------- 97824 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp11204.w3d --------- 244400 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa01832.w3d --------- 1342684 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\tmp81B67.FOT --------- 1409 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX97.tmp --------- 33660 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp26084.cct --------- 945820 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp799.cct --------- 56547 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp15941.cct --------- 433 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa01832.cct --------- 15009 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mp20591.dcr --------- 206514 
 21/05/2009 18:13      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa01832.dcr --------- 17133 
 19/05/2009 11:21      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache45497.tmp --------- 318 
 19/05/2009 11:07      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache53736.tmp --------- 318 
 19/05/2009 11:07      H:\DOCUME~1\andi\CONFIG~1\Temp\183cd6.mst --------- 78848 
 08/05/2009 20:32      H:\DOCUME~1\andi\CONFIG~1\Temp\fla4B.tmp --------- 1999012 
 06/05/2009 20:30      H:\DOCUME~1\andi\CONFIG~1\Temp\IMT10.xml --------- 802810 
 06/05/2009 20:30      H:\DOCUME~1\andi\CONFIG~1\Temp\IMTF.xml --------- 426 
 06/05/2009 20:30      H:\DOCUME~1\andi\CONFIG~1\Temp\IMTE.xml --------- 2006 
 20/04/2009 23:50      H:\DOCUME~1\andi\CONFIG~1\Temp\ad96_appcompat.txt --------- 37096 
 19/04/2009 22:37      H:\DOCUME~1\andi\CONFIG~1\Temp\204e_appcompat.txt --------- 37096 
 07/04/2009 22:53      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE5.TMP --------- 0 
 04/04/2009 00:42      H:\DOCUME~1\andi\CONFIG~1\Temp\6730_appcompat.txt --------- 37096 
 25/03/2009 09:02      H:\DOCUME~1\andi\CONFIG~1\Temp\jre-6u13-windows-i586-p-iftw_13974002.exe --------- 607640 
 13/03/2009 15:05      H:\DOCUME~1\andi\CONFIG~1\Temp\33NVRDWW.emf --------- 225368 
 13/03/2009 15:05      H:\DOCUME~1\andi\CONFIG~1\Temp\9D6IFNGN.emf --------- 225368 
 13/03/2009 15:02      H:\DOCUME~1\andi\CONFIG~1\Temp\0PGVINL1.emf --------- 225368 
 21/02/2009 21:35      H:\DOCUME~1\andi\CONFIG~1\Temp\aac1_appcompat.txt --------- 37096 
 20/02/2009 01:12      H:\DOCUME~1\andi\CONFIG~1\Temp\e944_appcompat.txt --------- 37096 
 16/02/2009 23:59      H:\DOCUME~1\andi\CONFIG~1\Temp\wz9094 --------- 0 
 16/02/2009 01:26      H:\DOCUME~1\andi\CONFIG~1\Temp\82b8_appcompat.txt --------- 37096 
 10/02/2009 14:06      H:\DOCUME~1\andi\CONFIG~1\Temp\0FU9FZ5F.emf --------- 737368 
 06/02/2009 19:02      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI3bdd5.LOG --------- 97948 
 25/01/2009 13:00      H:\DOCUME~1\andi\CONFIG~1\Temp\MPC3.tmp --------- 314 
 25/01/2009 11:59      H:\DOCUME~1\andi\CONFIG~1\Temp\~WRC0000.tmp --------- 19456 
 19/01/2009 11:43      H:\DOCUME~1\andi\CONFIG~1\Temp\G006QTF8.emf --------- 112688 
 18/01/2009 16:25      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE4.TMP --------- 0 
 18/01/2009 01:02      H:\DOCUME~1\andi\CONFIG~1\Temp\a078_appcompat.txt --------- 37096 
 14/01/2009 01:25      H:\DOCUME~1\andi\CONFIG~1\Temp\39e5_appcompat.txt --------- 37096 
 13/01/2009 16:49      H:\DOCUME~1\andi\CONFIG~1\Temp\55df_appcompat.txt --------- 37096 
 13/01/2009 00:51      H:\DOCUME~1\andi\CONFIG~1\Temp\9e8_appcompat.txt --------- 37096 
 12/01/2009 22:58      H:\DOCUME~1\andi\CONFIG~1\Temp\101100110011000010111100110100 --------- 0 
 12/01/2009 22:58      H:\DOCUME~1\andi\CONFIG~1\Temp\1000100001010111000011111101110 --------- 0 
 12/01/2009 01:44      H:\DOCUME~1\andi\CONFIG~1\Temp\63a_appcompat.txt --------- 37096 
 11/01/2009 01:09      H:\DOCUME~1\andi\CONFIG~1\Temp\4784_appcompat.txt --------- 37096 
 10/01/2009 00:42      H:\DOCUME~1\andi\CONFIG~1\Temp\ef38_appcompat.txt --------- 37096 
 09/01/2009 12:12      H:\DOCUME~1\andi\CONFIG~1\Temp\1994_appcompat.txt --------- 37096 
 21/12/2008 00:41      H:\DOCUME~1\andi\CONFIG~1\Temp\TempCover7 --------- 0 
 16/12/2008 15:45      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI1299d.LOG --------- 456 
 15/12/2008 15:20      H:\DOCUME~1\andi\CONFIG~1\Temp\GLB3B.tmp --------- 71680 
 15/12/2008 15:20      H:\DOCUME~1\andi\CONFIG~1\Temp\nsw3A.tmp --------- 0 
 15/12/2008 15:19      H:\DOCUME~1\andi\CONFIG~1\Temp\nsa2C.tmp --------- 0 
 15/12/2008 15:17      H:\DOCUME~1\andi\CONFIG~1\Temp\nsm1E.tmp --------- 0 
 15/12/2008 15:15      H:\DOCUME~1\andi\CONFIG~1\Temp\GLB8.tmp --------- 71680 
 15/12/2008 15:15      H:\DOCUME~1\andi\CONFIG~1\Temp\nsb7.tmp --------- 0 
 15/12/2008 15:15      H:\DOCUME~1\andi\CONFIG~1\Temp\ShareazaInstaller --------- 0 
 15/12/2008 01:24      H:\DOCUME~1\andi\CONFIG~1\Temp\2291_appcompat.txt --------- 24540 
 13/12/2008 21:41      H:\DOCUME~1\andi\CONFIG~1\Temp\329c_appcompat.txt --------- 24540 
 12/12/2008 20:11      H:\DOCUME~1\andi\CONFIG~1\Temp\Norton Setup 2,0,0 12-12-2008 19h11m6s.log --------- 7672 
 12/12/2008 20:11      H:\DOCUME~1\andi\CONFIG~1\Temp\7ZipSfx.000 --------- 0 
 11/12/2008 23:43      H:\DOCUME~1\andi\CONFIG~1\Temp\~WRS0004.tmp --------- 24576 
 11/12/2008 23:17      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIdf2fe.LOG --------- 350 
 11/12/2008 23:17      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIdf2fd.LOG --------- 350 
 03/12/2008 19:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF51F3.tmp --------- 49152 
 01/12/2008 22:17      H:\DOCUME~1\andi\CONFIG~1\Temp\{8129497F-6E5F-4F7C-9B19-B67F3ECD6CEC} --------- 0 
 01/12/2008 22:16      H:\DOCUME~1\andi\CONFIG~1\Temp\{631FBBB6-EAB2-4439-8434-642E8DB82F83} --------- 0 
 01/12/2008 22:15      H:\DOCUME~1\andi\CONFIG~1\Temp\bye5.tmp --------- 0 
 01/12/2008 00:44      H:\DOCUME~1\andi\CONFIG~1\Temp\efda_appcompat.txt --------- 24540 
 30/11/2008 16:13      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE3.TMP --------- 0 
 26/11/2008 09:24      H:\DOCUME~1\andi\CONFIG~1\Temp\9df2_appcompat.txt --------- 24540 
 23/11/2008 19:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF1283.tmp --------- 49152 
 23/11/2008 17:26      H:\DOCUME~1\andi\CONFIG~1\Temp\a64c_appcompat.txt --------- 24540 
 22/11/2008 20:03      H:\DOCUME~1\andi\CONFIG~1\Temp\WPVNDEVS.emf --------- 284 
 22/11/2008 20:03      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI92c0b.LOG --------- 350 
 22/11/2008 20:01      H:\DOCUME~1\andi\CONFIG~1\Temp\LWEIY4TZ.emf --------- 112688 
 22/11/2008 19:59      H:\DOCUME~1\andi\CONFIG~1\Temp\JSULWHF9.emf --------- 112688 
 22/11/2008 11:10      H:\DOCUME~1\andi\CONFIG~1\Temp\OK05PC3G.emf --------- 112688 
 19/11/2008 19:11      H:\DOCUME~1\andi\CONFIG~1\Temp\nsa2C.tmp.exe --------- 9845216 
 19/11/2008 19:11      H:\DOCUME~1\andi\CONFIG~1\Temp\nsw3A.tmp.exe --------- 9845216 
 19/11/2008 19:11      H:\DOCUME~1\andi\CONFIG~1\Temp\nsb7.tmp.exe --------- 9845216 
 19/11/2008 19:11      H:\DOCUME~1\andi\CONFIG~1\Temp\nsm1E.tmp.exe --------- 9845216 
 17/11/2008 00:12      H:\DOCUME~1\andi\CONFIG~1\Temp\e3f3_appcompat.txt --------- 24540 
 16/11/2008 01:05      H:\DOCUME~1\andi\CONFIG~1\Temp\c637_appcompat.txt --------- 24540 
 14/11/2008 19:58      H:\DOCUME~1\andi\CONFIG~1\Temp\f036_appcompat.txt --------- 24540 
 06/11/2008 00:35      H:\DOCUME~1\andi\CONFIG~1\Temp\e61d_appcompat.txt --------- 24540 
 05/11/2008 19:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF1D21.tmp --------- 49152 
 04/11/2008 01:20      H:\DOCUME~1\andi\CONFIG~1\Temp\7f83_appcompat.txt --------- 24540 
 01/11/2008 18:38      H:\DOCUME~1\andi\CONFIG~1\Temp\d9ac_appcompat.txt --------- 24540 
 30/10/2008 23:29      H:\DOCUME~1\andi\CONFIG~1\Temp\31f0_appcompat.txt --------- 24540 
 18/10/2008 22:36      H:\DOCUME~1\andi\CONFIG~1\Temp\0SF91MOG.emf --------- 43552 
 18/10/2008 22:36      H:\DOCUME~1\andi\CONFIG~1\Temp\LOOIPDKT.emf --------- 43552 
 18/10/2008 22:36      H:\DOCUME~1\andi\CONFIG~1\Temp\8LR6EYQ1.emf --------- 163552 
 18/10/2008 22:36      H:\DOCUME~1\andi\CONFIG~1\Temp\K6ZXXGFI.emf --------- 43552 
 18/10/2008 22:36      H:\DOCUME~1\andi\CONFIG~1\Temp\LKZJRILP.emf --------- 24832 
 18/10/2008 22:36      H:\DOCUME~1\andi\CONFIG~1\Temp\9MQNXBKO.emf --------- 115192 
 07/10/2008 17:48      H:\DOCUME~1\andi\CONFIG~1\Temp\VTmp17182 --------- 0 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\4C8GOQWX.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\GLC6STTC.emf --------- 163552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\B2FZ1NB2.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\UG9JEUDE.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\Q91IZEFI.emf --------- 24832 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\7JCZX6SQ.emf --------- 115192 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\DL28NIR7.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\2F55ANB2.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\WA8R91L8.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\H2AUEBT9.emf --------- 163552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\8G90GPFI.emf --------- 24832 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\EDLFAXS6.emf --------- 115192 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\DOU1IAQY.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\32VQZQIP.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\0H5ACTFA.emf --------- 43552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\60UL6N8E.emf --------- 163552 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\RAH9FGB4.emf --------- 24832 
 04/10/2008 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\FYD2582B.emf --------- 115192 
 04/10/2008 17:59      H:\DOCUME~1\andi\CONFIG~1\Temp\B7H53YOG.emf --------- 43552 
 04/10/2008 17:59      H:\DOCUME~1\andi\CONFIG~1\Temp\7VMYHWIM.emf --------- 43552 
 04/10/2008 17:59      H:\DOCUME~1\andi\CONFIG~1\Temp\21XI0DHJ.emf --------- 163552 
 04/10/2008 17:59      H:\DOCUME~1\andi\CONFIG~1\Temp\IANBR3SZ.emf --------- 43552 
 04/10/2008 17:59      H:\DOCUME~1\andi\CONFIG~1\Temp\NZW44CMG.emf --------- 24832 
 04/10/2008 17:59      H:\DOCUME~1\andi\CONFIG~1\Temp\8O8WZTE3.emf --------- 115192 
 30/09/2008 17:31      H:\DOCUME~1\andi\CONFIG~1\Temp\GXBHUP97.emf --------- 43552 
 30/09/2008 17:31      H:\DOCUME~1\andi\CONFIG~1\Temp\N8NXYG8L.emf --------- 43552 
 30/09/2008 17:31      H:\DOCUME~1\andi\CONFIG~1\Temp\8S17R4SP.emf --------- 43552 
 30/09/2008 17:31      H:\DOCUME~1\andi\CONFIG~1\Temp\23X6I7C9.emf --------- 24832 
 30/09/2008 17:31      H:\DOCUME~1\andi\CONFIG~1\Temp\0GFY8ZCP.emf --------- 163552 
 30/09/2008 17:31      H:\DOCUME~1\andi\CONFIG~1\Temp\48Q7A83W.emf --------- 115192 
 29/09/2008 20:54      H:\DOCUME~1\andi\CONFIG~1\Temp\JB9F968H.emf --------- 112688 
 29/09/2008 20:53      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIdaace.LOG --------- 350 
 29/09/2008 20:53      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIdaacd.LOG --------- 350 
 29/09/2008 20:53      H:\DOCUME~1\andi\CONFIG~1\Temp\05SG4XS3.emf --------- 112688 
 29/09/2008 20:51      H:\DOCUME~1\andi\CONFIG~1\Temp\EMCOF5EN.emf --------- 112688 
 29/09/2008 20:51      H:\DOCUME~1\andi\CONFIG~1\Temp\HQQO10DC.emf --------- 336 
 29/09/2008 20:51      H:\DOCUME~1\andi\CONFIG~1\Temp\KAJYRZMI.emf --------- 336 
 29/09/2008 00:44      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIa06f1.LOG --------- 348 
 29/09/2008 00:44      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIa06f0.LOG --------- 348 
 29/09/2008 00:41      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIa06ef.LOG --------- 348 
 25/09/2008 15:20      H:\DOCUME~1\andi\CONFIG~1\Temp\GLF44.tmp --------- 10240 
 25/09/2008 15:20      H:\DOCUME~1\andi\CONFIG~1\Temp\GLF14.tmp --------- 10240 
 23/09/2008 07:25      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIc81dd.LOG --------- 348 
 23/09/2008 07:24      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIc81dc.LOG --------- 348 
 22/09/2008 22:27      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE2.TMP --------- 0 
 22/09/2008 15:31      H:\DOCUME~1\andi\CONFIG~1\Temp\Twunk002.MTX --------- 0 
 22/09/2008 15:28      H:\DOCUME~1\andi\CONFIG~1\Temp\MS4189.LOG --------- 2819 
 22/09/2008 15:18      H:\DOCUME~1\andi\CONFIG~1\Temp\DLL_{DEE88727-779B-47A9-ACEF-F87CA5F92A65}.ini --------- 336 
 22/09/2008 15:18      H:\DOCUME~1\andi\CONFIG~1\Temp\is131.tmp --------- 0 
 22/09/2008 15:17      H:\DOCUME~1\andi\CONFIG~1\Temp\MasterReboot --------- 0 
 13/09/2008 20:19      H:\DOCUME~1\andi\CONFIG~1\Temp\2bb5_appcompat.txt --------- 24540 
 12/09/2008 08:29      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIaf32b.LOG --------- 348 
 11/09/2008 22:08      H:\DOCUME~1\andi\CONFIG~1\Temp\aaaf_appcompat.txt --------- 24540 
 10/09/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DFCD8F.tmp --------- 49152 
 09/09/2008 17:20      H:\DOCUME~1\andi\CONFIG~1\Temp\5688_appcompat.txt --------- 24540 
 08/09/2008 22:58      H:\DOCUME~1\andi\CONFIG~1\Temp\1380_appcompat.txt --------- 24540 
 06/09/2008 15:41      H:\DOCUME~1\andi\CONFIG~1\Temp\casinonet.exe --------- 4883049 
 06/09/2008 15:41      H:\DOCUME~1\andi\CONFIG~1\Temp\installer.gif --------- 18192 
 06/09/2008 15:41      H:\DOCUME~1\andi\CONFIG~1\Temp\text.txt --------- 5004 
 04/09/2008 21:07      H:\DOCUME~1\andi\CONFIG~1\Temp\VTmp18730 --------- 0 
 02/09/2008 16:07      H:\DOCUME~1\andi\CONFIG~1\Temp\nsu49.tmp --------- 529856 
 01/09/2008 08:59      H:\DOCUME~1\andi\CONFIG~1\Temp\PatchByFile.tmp --------- 0 
 31/08/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DFD64C.tmp --------- 49152 
 17/07/2008 07:11      H:\DOCUME~1\andi\CONFIG~1\Temp\7fe5_appcompat.txt --------- 24540 
 16/07/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF43D4.tmp --------- 49152 
 15/07/2008 22:48      H:\DOCUME~1\andi\CONFIG~1\Temp\1add_appcompat.txt --------- 24540 
 13/07/2008 22:42      H:\DOCUME~1\andi\CONFIG~1\Temp\a5d4_appcompat.txt --------- 24540 
 12/07/2008 09:53      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE1.TMP --------- 0 
 07/07/2008 14:44      H:\DOCUME~1\andi\CONFIG~1\Temp\626e_appcompat.txt --------- 24540 
 07/07/2008 01:21      H:\DOCUME~1\andi\CONFIG~1\Temp\24ce_appcompat.txt --------- 24540 
 01/07/2008 03:32      H:\DOCUME~1\andi\CONFIG~1\Temp\a774_appcompat.txt --------- 24540 
 29/06/2008 09:16      H:\DOCUME~1\andi\CONFIG~1\Temp\ac09_appcompat.txt --------- 24540 
 29/06/2008 06:33      H:\DOCUME~1\andi\CONFIG~1\Temp\e2ad_appcompat.txt --------- 24540 
 21/06/2008 17:42      H:\DOCUME~1\andi\CONFIG~1\Temp\6745_appcompat.txt --------- 24540 
 21/06/2008 11:11      H:\DOCUME~1\andi\CONFIG~1\Temp\814b_appcompat.txt --------- 24540 
 13/06/2008 00:17      H:\DOCUME~1\andi\CONFIG~1\Temp\fef2_appcompat.txt --------- 24540 
 11/06/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF58E6.tmp --------- 49152 
 10/06/2008 18:39      H:\DOCUME~1\andi\CONFIG~1\Temp\WER911e.dir00 --------- 0 
 10/06/2008 14:53      H:\DOCUME~1\andi\CONFIG~1\Temp\jre-6u7-windows-i586-p-iftw_bdb28397.exe --------- 382352 
 06/06/2008 16:17      H:\DOCUME~1\andi\CONFIG~1\Temp\ImageUploader_Temp --------- 0 
 05/06/2008 21:22      H:\DOCUME~1\andi\CONFIG~1\Temp\bcd3_appcompat.txt --------- 24540 
 05/06/2008 07:45      H:\DOCUME~1\andi\CONFIG~1\Temp\eaa4_appcompat.txt --------- 24540 
 04/06/2008 20:13      H:\DOCUME~1\andi\CONFIG~1\Temp\Neroce125442753a4a2dba7f069bb1dadf9c.nrd --------- 12658 
 04/06/2008 19:42      H:\DOCUME~1\andi\CONFIG~1\Temp\TempCover6 --------- 0 
 04/06/2008 08:20      H:\DOCUME~1\andi\CONFIG~1\Temp\a504_appcompat.txt --------- 24540 
 31/05/2008 17:09      H:\DOCUME~1\andi\CONFIG~1\Temp\7011_appcompat.txt --------- 24540 
 30/05/2008 23:23      H:\DOCUME~1\andi\CONFIG~1\Temp\e06d_appcompat.txt --------- 24540 
 30/05/2008 20:39      H:\DOCUME~1\andi\CONFIG~1\Temp\on.gif --------- 108 
 30/05/2008 20:39      H:\DOCUME~1\andi\CONFIG~1\Temp\caption.gif --------- 1913 
 30/05/2008 20:39      H:\DOCUME~1\andi\CONFIG~1\Temp\off.gif --------- 101 
 28/05/2008 07:44      H:\DOCUME~1\andi\CONFIG~1\Temp\94a9_appcompat.txt --------- 24540 
 27/05/2008 20:10      H:\DOCUME~1\andi\CONFIG~1\Temp\h2rD.tmp --------- 0 
 27/05/2008 20:10      H:\DOCUME~1\andi\CONFIG~1\Temp\r2hC.tmp --------- 212 
 27/05/2008 20:09      H:\DOCUME~1\andi\CONFIG~1\Temp\h2rA.tmp --------- 0 
 27/05/2008 20:09      H:\DOCUME~1\andi\CONFIG~1\Temp\r2h9.tmp --------- 212 
 27/05/2008 20:08      H:\DOCUME~1\andi\CONFIG~1\Temp\h2r7.tmp --------- 0 
 27/05/2008 20:08      H:\DOCUME~1\andi\CONFIG~1\Temp\r2h6.tmp --------- 212 
 27/05/2008 20:07      H:\DOCUME~1\andi\CONFIG~1\Temp\h2r4.tmp --------- 0 
 27/05/2008 20:07      H:\DOCUME~1\andi\CONFIG~1\Temp\r2h3.tmp --------- 212 
 23/05/2008 23:53      H:\DOCUME~1\andi\CONFIG~1\Temp\4e5c_appcompat.txt --------- 24540 
 21/05/2008 19:27      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF8E42.tmp --------- 512 
 21/05/2008 19:27      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF8AD0.tmp --------- 512 
 21/05/2008 19:20      H:\DOCUME~1\andi\CONFIG~1\Temp\VGXF.tmp --------- 346013 
 21/05/2008 19:20      H:\DOCUME~1\andi\CONFIG~1\Temp\VGXE.tmp --------- 282950 
 21/05/2008 19:20      H:\DOCUME~1\andi\CONFIG~1\Temp\VGXD.tmp --------- 2572 
 21/05/2008 19:20      H:\DOCUME~1\andi\CONFIG~1\Temp\VGXC.tmp --------- 3074 
 21/05/2008 19:20      H:\DOCUME~1\andi\CONFIG~1\Temp\VGXB.tmp --------- 6278 
 20/05/2008 07:32      H:\DOCUME~1\andi\CONFIG~1\Temp\3a73_appcompat.txt --------- 24540 
 18/05/2008 19:15      H:\DOCUME~1\andi\CONFIG~1\Temp\ee7f_appcompat.txt --------- 24540 
 18/05/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF28CE.tmp --------- 49152 
 18/05/2008 09:05      H:\DOCUME~1\andi\CONFIG~1\Temp\9b9_appcompat.txt --------- 24540 
 15/05/2008 17:01      H:\DOCUME~1\andi\CONFIG~1\Temp\b02a_appcompat.txt --------- 24540 
 12/05/2008 17:23      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIf2ed9.LOG --------- 350 
 12/05/2008 17:22      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIf2ed8.LOG --------- 350 
 11/05/2008 14:39      H:\DOCUME~1\andi\CONFIG~1\Temp\bd48_appcompat.txt --------- 24540 
 10/05/2008 18:12      H:\DOCUME~1\andi\CONFIG~1\Temp\c857_appcompat.txt --------- 24540 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp21827.swf --------- 78286 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp22534.swf --------- 54529 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp23110.swf --------- 105671 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp12355.swf --------- 119651 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp21650.swf --------- 39966 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp22406.swf --------- 82312 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp6971.swf --------- 62417 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp1406.swf --------- 113359 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp9474.swf --------- 151204 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa03692.swf --------- 48269 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp2459.w3d --------- 31956 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp20356.w3d --------- 300372 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp11220.w3d --------- 75040 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp13480.w3d --------- 2027980 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp14776.w3d --------- 36640 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp23113.w3d --------- 46208 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa03692.w3d --------- 1498836 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp11194.cct --------- 38802 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa03692.cct --------- 12782 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\tmpD1956.FOT --------- 1409 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX47C.tmp --------- 33660 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mp8680.dcr --------- 2086218 
 07/05/2008 23:45      H:\DOCUME~1\andi\CONFIG~1\Temp\mpa03692.dcr --------- 15413 
 07/05/2008 19:02      H:\DOCUME~1\andi\CONFIG~1\Temp\52f0bb.mst --------- 196096 
 07/05/2008 19:02      H:\DOCUME~1\andi\CONFIG~1\Temp\52f0ba.mst --------- 110592 
 07/05/2008 19:00      H:\DOCUME~1\andi\CONFIG~1\Temp\ICD1.tmp --------- 0 
 02/05/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF3D97.tmp --------- 49152 
 27/04/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\344018467 --------- 0 
 27/04/2008 16:52      H:\DOCUME~1\andi\CONFIG~1\Temp\2.tmp --------- 1885 
 23/04/2008 18:22      H:\DOCUME~1\andi\CONFIG~1\Temp\7704_appcompat.txt --------- 24540 
 20/04/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DFB4C3.tmp --------- 49152 
 18/04/2008 10:14      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX2.tmp --------- 33660 
 13/04/2008 18:00      H:\DOCUME~1\andi\CONFIG~1\Temp\~DF778E.tmp --------- 49152 
 11/04/2008 00:11      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache14737.tmp --------- 592 
 11/04/2008 00:11      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache14738.tmp --------- 634 
 11/04/2008 00:11      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache14735.tmp --------- 1908 
 11/04/2008 00:11      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache14734.tmp --------- 1007 
 11/04/2008 00:10      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache14732.tmp --------- 849 
 11/04/2008 00:10      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache14733.tmp --------- 869 
 06/04/2008 18:28      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI4525b.LOG --------- 350 
 04/04/2008 20:27      H:\DOCUME~1\andi\CONFIG~1\Temp\jre-6u5-windows-i586-p-iftw_1b121abb.exe --------- 382352 
 02/04/2008 20:13      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache42294.tmp --------- 3541 
 02/04/2008 20:13      H:\DOCUME~1\andi\CONFIG~1\Temp\jar_cache42295.tmp --------- 172 
 01/04/2008 18:36      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI8e1b3.LOG --------- 350 
 01/04/2008 18:36      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI8e1b2.LOG --------- 350 
 28/03/2008 17:14      H:\DOCUME~1\andi\CONFIG~1\Temp\MPC2.tmp --------- 314 
 27/03/2008 23:22      H:\DOCUME~1\andi\CONFIG~1\Temp\K1Z600KR.emf --------- 112688 
 27/03/2008 23:22      H:\DOCUME~1\andi\CONFIG~1\Temp\OJH4KRMH.emf --------- 372 
 05/03/2008 14:26      H:\DOCUME~1\andi\CONFIG~1\Temp\99f8_appcompat.txt --------- 24540 
 03/03/2008 00:49      H:\DOCUME~1\andi\CONFIG~1\Temp\43dd_appcompat.txt --------- 24540 
 26/02/2008 19:29      H:\DOCUME~1\andi\CONFIG~1\Temp\C.tmp --------- 1885 
 24/02/2008 17:38      H:\DOCUME~1\andi\CONFIG~1\Temp\WZSE0.TMP --------- 0 
 16/02/2008 01:36      H:\DOCUME~1\andi\CONFIG~1\Temp\efc6_appcompat.txt --------- 24540 
 07/02/2008 00:37      H:\DOCUME~1\andi\CONFIG~1\Temp\ab91_appcompat.txt --------- 24540 
 30/01/2008 08:46      H:\DOCUME~1\andi\CONFIG~1\Temp\e6f1_appcompat.txt --------- 24540 
 27/01/2008 19:20      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI78f1a.LOG --------- 350 
 20/01/2008 01:36      H:\DOCUME~1\andi\CONFIG~1\Temp\6bd4_appcompat.txt --------- 24540 
 19/01/2008 21:02      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI5746e.LOG --------- 350 
 19/01/2008 21:00      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI5746d.LOG --------- 350 
 19/01/2008 21:00      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI5746c.LOG --------- 350 
 19/01/2008 14:31      H:\DOCUME~1\andi\CONFIG~1\Temp\Q1PRUTAR.emf --------- 112688 
 19/01/2008 14:31      H:\DOCUME~1\andi\CONFIG~1\Temp\BR1SDYXO.emf --------- 372 
 19/01/2008 14:30      H:\DOCUME~1\andi\CONFIG~1\Temp\WD9LOQMM.emf --------- 372 
 19/01/2008 14:30      H:\DOCUME~1\andi\CONFIG~1\Temp\86B472DM.emf --------- 112688 
 12/01/2008 11:19      H:\DOCUME~1\andi\CONFIG~1\Temp\MSIe33be.LOG --------- 350 
 09/01/2008 19:01      H:\DOCUME~1\andi\CONFIG~1\Temp\Historial --------- 0 
 09/01/2008 19:01      H:\DOCUME~1\andi\CONFIG~1\Temp\Archivos temporales de Internet --------- 0 
 20/12/2007 14:50      H:\DOCUME~1\andi\CONFIG~1\Temp\bdb5_appcompat.txt --------- 24540 
 16/12/2007 00:02      H:\DOCUME~1\andi\CONFIG~1\Temp\2455_appcompat.txt --------- 24540 
 15/12/2007 15:59      H:\DOCUME~1\andi\CONFIG~1\Temp\c954_appcompat.txt --------- 24540 
 12/12/2007 19:37      H:\DOCUME~1\andi\CONFIG~1\Temp\WGANotify.settings --------- 409 
 11/12/2007 22:40      H:\DOCUME~1\andi\CONFIG~1\Temp\MSI92c59.LOG --------- 350 
 30/11/2007 16:55      H:\DOCUME~1\andi\CONFIG~1\Temp\8eea_appcompat.txt --------- 24540 
 22/11/2007 16:01      H:\DOCUME~1\andi\CONFIG~1\Temp\8ef9_appcompat.txt --------- 24540 
 22/11/2007 15:57      H:\DOCUME~1\andi\CONFIG~1\Temp\W5WTLQQ3.emf --------- 887968 
 22/11/2007 15:57      H:\DOCUME~1\andi\CONFIG~1\Temp\LM6CVX82.emf --------- 262448 
 08/11/2007 18:02      H:\DOCUME~1\andi\CONFIG~1\Temp\DFC5A2B2.TMP --------- 113 
 02/11/2007 22:04      H:\DOCUME~1\andi\CONFIG~1\Temp\{AC76BA86-7AD7-1031-7B44-A81000000003}.ini --------- 673 
 29/10/2007 20:19      H:\DOCUME~1\andi\CONFIG~1\Temp\TempCover5 --------- 0 
 29/10/2007 20:02      H:\DOCUME~1\andi\CONFIG~1\Temp\TempCover4 --------- 0 
 26/10/2007 00:10      H:\DOCUME~1\andi\CONFIG~1\Temp\Nero31a3b1c390584da5b9ac65ef96856e62.nri --------- 19059 
 26/10/2007 00:05      H:\DOCUME~1\andi\CONFIG~1\Temp\TempCover3 --------- 0 
 25/10/2007 07:42      H:\DOCUME~1\andi\CONFIG~1\Temp\Neroc19041899f48482a93fe9f6102e8df6c.nra --------- 8268 
 24/10/2007 04:47      H:\DOCUME~1\andi\CONFIG~1\Temp\475f_appcompat.txt --------- 24540 
 18/10/2007 00:04      H:\DOCUME~1\andi\CONFIG~1\Temp\C8YHMV1T.htm --------- 111569 
 12/10/2007 23:10      H:\DOCUME~1\andi\CONFIG~1\Temp\VGX582.tmp --------- 136322 
 12/10/2007 23:10      H:\DOCUME~1\andi\CONFIG~1\Temp\VGX581.tmp --------- 69592 
 12/10/2007 23:10      H:\DOCUME~1\andi\CONFIG~1\Temp\VGX580.tmp --------- 261824 
 12/10/2007 21:44      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX574.tmp --------- 44256 
 12/10/2007 21:39      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX571.tmp --------- 44256 
 12/10/2007 21:38      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX570.tmp --------- 44256 
 12/10/2007 21:36      H:\DOCUME~1\andi\CONFIG~1\Temp\AAX56F.tmp --------- 44256 
 06/10/2007 01:10      H:\DOCUME~1\andi\CONFIG~1\Temp\973f_appcompat.txt --------- 24540 
 02/10/2007 21:33      H:\DOCUME~1\andi\CONFIG~1\Temp\nsw6.tmp --------- 0 
 01/10/2007 23:17      H:\DOCUME~1\andi\CONFIG~1\Temp\ccfa_appcompat.txt --------- 24540 
 01/10/2007 21:23      H:\DOCUME~1\andi\CONFIG~1\Temp\5c7f_appcompat.txt --------- 24540 
 30/09/2007 23:00      H:\DOCUME~1\andi\CONFIG~1\Temp\88fa_appcompat.txt --------- 24540 
 30/09/2007 00:48      H:\DOCUME~1\andi\CONFIG~1\Temp\e453_appcompat.txt --------- 24540 
 29/09/2007 22:46      H:\DOCUME~1\andi\CONFIG~1\Temp\_bo35.tmp --------- 0 
 29/09/2007 22:46      H:\DOCUME~1\andi\CONFIG~1\Temp\_bo35.html --------- 13 
 29/09/2007 22:46      H:\DOCUME~1\andi\CONFIG~1\Temp\BOS34.tmp --------- 0 
 29/09/2007 22:43      H:\DOCUME~1\andi\CONFIG~1\Temp\bwineuro_de.exe --------- 4518344 
 29/09/2007 22:40      H:\DOCUME~1\andi\CONFIG~1\Temp\GLB29.tmp --------- 71680 
 29/09/2007 16:57      H:\DOCUME~1\andi\CONFIG~1\Temp\Outlook Startup.Log --------- 1088 
 29/09/2007 16:57      H:\DOCUME~1\andi\CONFIG~1\Temp\Outlook Startup.BAK --------- 1104 
 29/09/2007 16:15      H:\DOCUME~1\andi\CONFIG~1\Temp\7b99_appcompat.txt --------- 24540 
 29/09/2007 14:27      H:\DOCUME~1\andi\CONFIG~1\Temp\bye49.tmp --------- 0 
 29/09/2007 14:27      H:\DOCUME~1\andi\CONFIG~1\Temp\isp28.tmp --------- 0 
 29/09/2007 14:27      H:\DOCUME~1\andi\CONFIG~1\Temp\bye24.tmp --------- 0 
 28/09/2007 19:11      H:\DOCUME~1\andi\CONFIG~1\Temp\GLG9B2.tmp --------- 275736 
 28/09/2007 19:08      H:\DOCUME~1\andi\CONFIG~1\Temp\GLK9B0.tmp --------- 34304 
 28/09/2007 19:08      H:\DOCUME~1\andi\CONFIG~1\Temp\GLJ9AF.tmp --------- 2560 
 28/09/2007 19:08      H:\DOCUME~1\andi\CONFIG~1\Temp\GLC9AE.tmp --------- 164864 
 28/09/2007 15:44      H:\DOCUME~1\andi\CONFIG~1\Temp\00000E5A --------- 844800 
 28/09/2007 15:44      H:\DOCUME~1\andi\CONFIG~1\Temp\00000E4E --------- 4049920 
 28/09/2007 15:43      H:\DOCUME~1\andi\CONFIG~1\Temp\00000DEE --------- 656896 
 28/09/2007 15:42      H:\DOCUME~1\andi\CONFIG~1\Temp\00000AC9 --------- 4535664 
 28/09/2007 15:41      H:\DOCUME~1\andi\CONFIG~1\Temp\000009CB --------- 5828775 
 28/09/2007 15:41      H:\DOCUME~1\andi\CONFIG~1\Temp\000009C5 --------- 844800 
 28/09/2007 15:41      H:\DOCUME~1\andi\CONFIG~1\Temp\000009B9 --------- 4049920 
 28/09/2007 15:40      H:\DOCUME~1\andi\CONFIG~1\Temp\000007AC --------- 531456 
 28/09/2007 15:40      H:\DOCUME~1\andi\CONFIG~1\Temp\00000782 --------- 768512 
 28/09/2007 15:30      H:\DOCUME~1\andi\CONFIG~1\Temp\000003B7 --------- 1309184 
 28/09/2007 15:30      H:\DOCUME~1\andi\CONFIG~1\Temp\00000370 --------- 797500 
 28/09/2007 15:30      H:\DOCUME~1\andi\CONFIG~1\Temp\0000036F --------- 802683 
 28/09/2007 15:28      H:\DOCUME~1\andi\CONFIG~1\Temp\0000031F --------- 1309184 
 28/09/2007 15:20      H:\DOCUME~1\andi\CONFIG~1\Temp\00000215 --------- 1029120 
 28/09/2007 15:19      H:\DOCUME~1\andi\CONFIG~1\Temp\00000193 --------- 768512 
 24/09/2007 00:06      H:\DOCUME~1\andi\CONFIG~1\Temp\b90b_appcompat.txt --------- 24540 
 23/09/2007 18:31      H:\DOCUME~1\andi\CONFIG~1\Temp\VBE --------- 0 
 23/09/2007 10:52      H:\DOCUME~1\andi\CONFIG~1\Temp\Neroe12a26e6fd8249eeaa1a324f885ccc67.nri --------- 854 
 23/09/2007 10:42      H:\DOCUME~1\andi\CONFIG~1\Temp\TempCover2 --------- 0 
 21/09/2007 19:53      H:\DOCUME~1\andi\CONFIG~1\Temp\drm_dialogs.dll --------- 65536 
 21/09/2007 19:52      H:\DOCUME~1\andi\CONFIG~1\Temp\temp.ani --------- 13592 
 21/09/2007 19:52      H:\DOCUME~1\andi\CONFIG~1\Temp\drm_dyndata_7290009.dll --------- 212992 
 21/09/2007 19:31      H:\DOCUME~1\andi\CONFIG~1\Temp\sxeD.7z --------- 13328238 
 21/09/2007 19:31      H:\DOCUME~1\andi\CONFIG~1\Temp\sxeD.tmp --------- 0 
 21/09/2007 19:30      H:\DOCUME~1\andi\CONFIG~1\Temp\nsmC.tmp --------- 0 
 17/09/2007 22:07      H:\DOCUME~1\andi\CONFIG~1\Temp\sw --------- 0 
 17/09/2007 22:07      H:\DOCUME~1\andi\CONFIG~1\Temp\GLB18.tmp --------- 71680 
 17/09/2007 22:07      H:\DOCUME~1\andi\CONFIG~1\Temp\MSW17.tmp --------- 0 
 17/09/2007 22:06      H:\DOCUME~1\andi\CONFIG~1\Temp\VGX11.tmp --------- 2432 
 15/09/2007 15:42      H:\DOCUME~1\andi\CONFIG~1\Temp\Adobe --------- 0 
 14/09/2007 11:37      H:\DOCUME~1\andi\CONFIG~1\Temp\c3c_appcompat.txt --------- 24540 
 14/09/2007 00:26      H:\DOCUME~1\andi\CONFIG~1\Temp\ASPNETSetup_00003.log --------- 5012 
 14/09/2007 00:24      H:\DOCUME~1\andi\CONFIG~1\Temp\ASPNETSetup_00002.log --------- 5012 
 14/09/2007 00:20      H:\DOCUME~1\andi\CONFIG~1\Temp\ASPNETSetup_00001.log --------- 5012 
 13/09/2007 23:44      H:\DOCUME~1\andi\CONFIG~1\Temp\14_appcompat.txt --------- 24540 
 09/09/2007 15:26      H:\DOCUME~1\andi\CONFIG~1\Temp\nps.tmp --------- 0 
 09/09/2007 15:19      H:\DOCUME~1\andi\CONFIG~1\Temp\nro.log --------- 0 
 09/09/2007 15:16      H:\DOCUME~1\andi\CONFIG~1\Temp\install --------- 0 
 09/09/2007 15:09      H:\DOCUME~1\andi\CONFIG~1\Temp\is-C67F8.tmp --------- 0 
 09/09/2007 15:06      H:\DOCUME~1\andi\CONFIG~1\Temp\GoogleToolbarInstaller1.log --------- 1231 
 09/09/2007 15:06      H:\DOCUME~1\andi\CONFIG~1\Temp\GoogleToolbarInstaller2.log --------- 98362 
 09/09/2007 14:39      H:\DOCUME~1\andi\CONFIG~1\Temp\_is8 --------- 0 
 08/09/2007 21:32      H:\DOCUME~1\andi\CONFIG~1\Temp\RarSFX1 --------- 0 
 08/09/2007 21:26      H:\DOCUME~1\andi\CONFIG~1\Temp\RarSFX0 --------- 0 
 08/09/2007 18:05      H:\DOCUME~1\andi\CONFIG~1\Temp\Office 2000 Premium Setup(0002)_MsiExec.txt --------- 294432 
 08/09/2007 17:58      H:\DOCUME~1\andi\CONFIG~1\Temp\Office 2000 Premium Setup(0002).txt --------- 1738 
 08/09/2007 17:58      H:\DOCUME~1\andi\CONFIG~1\Temp\offcln9.log --------- 31488 
 08/09/2007 14:20      H:\DOCUME~1\andi\CONFIG~1\Temp\{36CDA33B-909B-4719-97D1-C4B99309BDC7} --------- 0 
 08/09/2007 14:20      H:\DOCUME~1\andi\CONFIG~1\Temp\isEC.tmp --------- 0 
 08/09/2007 14:14      H:\DOCUME~1\andi\CONFIG~1\Temp\dd_netfx20UI0CD8.txt --------- 14148 
 08/09/2007 14:11      H:\DOCUME~1\andi\CONFIG~1\Temp\ASPNETSetup_00000.log --------- 4562 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\iss10.tmp --------- 0 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Turkish.bin --------- 20859 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Hebrew.bin --------- 18436 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Arabic.bin --------- 19506 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Portuguese(Brazil).bin --------- 23522 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Polish.bin --------- 22606 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\SimChin.bin --------- 15534 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Czech.bin --------- 22862 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Norwegian.bin --------- 20608 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Finnish.bin --------- 21562 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Greek.bin --------- 23467 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Hungarian.bin --------- 24446 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Thai.bin --------- 20733 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\TradChin.bin --------- 16913 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Italian.bin --------- 25824 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\SWEDISH.bin --------- 22684 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Spanish.bin --------- 26062 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Russian.bin --------- 24638 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\German.bin --------- 24274 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\French.bin --------- 25665 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Portuguese.bin --------- 24654 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\English.bin --------- 21857 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Dutch.bin --------- 24173 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Korean.bin --------- 19048 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Japanese.bin --------- 22809 
 08/09/2007 13:29      H:\DOCUME~1\andi\CONFIG~1\Temp\Danish.bin --------- 21343 
 08/09/2007 13:25      H:\DOCUME~1\andi\CONFIG~1\Temp\isp63.tmp --------- 0 
 08/09/2007 13:24      H:\DOCUME~1\andi\CONFIG~1\Temp\iss46.tmp --------- 0 
 08/09/2007 13:22      H:\DOCUME~1\andi\CONFIG~1\Temp\{B4865502-F9A1-469C-843D-EF13A32F7AB8} --------- 0 
 08/09/2007 13:22      H:\DOCUME~1\andi\CONFIG~1\Temp\iss1F.tmp --------- 0 
 08/09/2007 13:21      H:\DOCUME~1\andi\CONFIG~1\Temp\GLB19.tmp --------- 71680 
 02/09/2007 23:56      H:\DOCUME~1\andi\CONFIG~1\Temp\FCCADD4F.TMP --------- 21 
 01/05/2007 15:32      H:\DOCUME~1\andi\CONFIG~1\Temp\_is4.exe --------- 464408 
 05/02/2007 04:47      H:\DOCUME~1\andi\CONFIG~1\Temp\19245f0.mst --------- 90112 
 04/01/2007 19:44      H:\DOCUME~1\andi\CONFIG~1\Temp\2bcbdb.mst --------- 44032 
 04/09/2006 10:20      H:\DOCUME~1\andi\CONFIG~1\Temp\16ec69.mst --------- 50176 
 01/09/2006 10:24      H:\DOCUME~1\andi\CONFIG~1\Temp\nerodeltmp.exe --------- 860160 
 14/11/2005 10:24      H:\DOCUME~1\andi\CONFIG~1\Temp\SET5F.tmp --------- 121064 
 28/09/2001 17:00      H:\DOCUME~1\andi\CONFIG~1\Temp\GLF9B3.tmp --------- 10752 
 05/09/2001 08:24      H:\DOCUME~1\andi\CONFIG~1\Temp\IEC5.tmp --------- 344923 
 05/09/2001 08:24      H:\DOCUME~1\andi\CONFIG~1\Temp\IEC4.tmp --------- 344923 
 05/09/2001 08:24      H:\DOCUME~1\andi\CONFIG~1\Temp\IEC2.tmp --------- 344923 
 21/01/1999 15:40      H:\DOCUME~1\andi\CONFIG~1\Temp\GLF13.tmp --------- 9728 
 21/01/1999 14:40      H:\DOCUME~1\andi\CONFIG~1\Temp\GLFA.tmp --------- 9728 
 21/01/1999 14:40      H:\DOCUME~1\andi\CONFIG~1\Temp\GLFD.tmp --------- 9728 
 21/01/1999 14:40      H:\DOCUME~1\andi\CONFIG~1\Temp\GLFF.tmp --------- 9728 
 21/01/1999 14:40      H:\DOCUME~1\andi\CONFIG~1\Temp\GLF12.tmp --------- 9728 
----------------------------------------

 
H:\Archivos de programa

----------------------------------------

 
H:\Documents and Settings\All Users\.. 

andi    
LocalService    
Default User    
NetworkService    
All Users    
----------------------------------------

 
H:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

----------------------------------------

 

Nombre de imagen             PID Nombre de sesi¢n N£m. de  Uso de memor
========================= ====== ================ ======== ============
System Idle Process            0 Console                 0        28 KB
System                         4 Console                 0       256 KB
smss.exe                     636 Console                 0       944 KB
csrss.exe                    684 Console                 0     7.876 KB
winlogon.exe                 716 Console                 0    18.948 KB
services.exe                 760 Console                 0    19.192 KB
lsass.exe                    772 Console                 0     1.944 KB
ati2evxx.exe                 964 Console                 0     8.284 KB
svchost.exe                  984 Console                 0    19.972 KB
svchost.exe                 1048 Console                 0    18.384 KB
svchost.exe                 1180 Console                 0    36.724 KB
ati2evxx.exe                1372 Console                 0     8.528 KB
svchost.exe                 1396 Console                 0    17.116 KB
ssonsvr.exe                 1504 Console                 0     4.760 KB
svchost.exe                 1548 Console                 0    20.584 KB
explorer.exe                1744 Console                 0    40.968 KB
spoolsv.exe                 1832 Console                 0    19.632 KB
sched.exe                   1892 Console                 0    16.876 KB
RTHDCPL.exe                 1924 Console                 0    35.388 KB
AirGCFG.exe                 1964 Console                 0    17.068 KB
CLI.exe                     1984 Console                 0     5.372 KB
WZCSLDR2.exe                1996 Console                 0    16.048 KB
jusched.exe                 2044 Console                 0    17.584 KB
BJMYPRT.EXE                  184 Console                 0    14.216 KB
iTunesHelper.exe             200 Console                 0    22.352 KB
avgnt.exe                    232 Console                 0     1.560 KB
ctfmon.exe                   248 Console                 0    16.732 KB
GoogleToolbarNotifier.exe    264 Console                 0     1.376 KB
NMBgMonitor.exe              272 Console                 0    20.980 KB
wcescomm.exe                 284 Console                 0    18.676 KB
NMIndexStoreSvr.exe          352 Console                 0    23.080 KB
rapimgr.exe                  404 Console                 0    19.048 KB
ZDWlan.exe                   508 Console                 0    18.468 KB
avguard.exe                 1320 Console                 0     1.652 KB
AppleMobileDeviceService.   1336 Console                 0     8.728 KB
mDNSResponder.exe           1384 Console                 0    16.964 KB
jqs.exe                     1884 Console                 0     1.380 KB
svchost.exe                 2360 Console                 0    18.432 KB
wdfmgr.exe                  2436 Console                 0     5.576 KB
wscntfy.exe                 2848 Console                 0    13.888 KB
iPodService.exe             2888 Console                 0     8.668 KB
alg.exe                     3316 Console                 0    17.104 KB
wmiapsrv.exe                3984 Console                 0    18.280 KB
CLI.exe                      900 Console                 0    18.892 KB
CLI.exe                      396 Console                 0    19.924 KB
ntvdm.exe                   3996 Console                 0    16.340 KB
iexplore.exe                2112 Console                 0    24.960 KB
iexplore.exe                 528 Console                 0    21.708 KB
iexplore.exe                3344 Console                 0    19.032 KB
explorer.exe                1664 Console                 0    20.488 KB
WINZIP32.EXE                3420 Console                 0    12.460 KB
cmd.exe                     2996 Console                 0     2.192 KB
tasklist.exe                3248 Console                 0     4.284 KB
wmiprvse.exe                 212 Console                 0     5.644 KB

 
***** Ende des Scans 30/08/2009 um 22:27:31,45 ***

Code:

Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2 - Deutsch
Adobe Shockwave Player
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Utilidad de desinstalación de software
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
ATI Problem Report Wizard
AudioCatalyst
Avira AntiVir Personal - Free Antivirus
AVIVO Codecs
BMW M3 Challenge
Bonjour
Caillou. Letras y parejas
Canon i350
Canon MP Navigator EX 1.0
Canon MP520 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catz 5
CCleaner (remove only)
DivX Web Player
Dogz (remove only)
Google Earth
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio - KB888111
HijackThis 2.0.2
Horsez
IKEA Home Planner
iTunes
Java 2 Runtime Environment, SE v1.4.2_13
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Logitech Harmony Remote Software 7
Meine Tierarztpraxis (remove only)
MetaFrame Presentation Server Client
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Miss Spider
MSXML 4.0 SP2 (KB936181)
Nero 7 Premium
Norton Security Scan
NVIDIA Drivers
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
RENTA 2007
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Shareaza 2.4.0.0
WEB.DE Club SmartFax
Windows Installer 3.1 (KB893803)
Windows XP Service Pack 2
WinZip 11.1
Ya sé leer
ZyDAS IEEE 802.11g Wireless LAN - USB

Vielen Dank im voraus ,
Andreas

[virusfound]

Wollte noch das aktuelle Hijackthis log anfügen:

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:35, on 30/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Archivos de programa\Citrix\ICA Client\ssonsvr.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Archivos de programa\D-Link\AirPlus G\AirGCFG.exe
H:\Archivos de programa\ATI Technologies\ATI.ACE\CLI.EXE
H:\Archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe
H:\Archivos de programa\Java\jre6\bin\jusched.exe
H:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe
H:\Archivos de programa\iTunes\iTunesHelper.exe
H:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
H:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe
H:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe
H:\Archivos de programa\Archivos comunes\Ahead\Lib\NMIndexStoreSvr.exe
H:\ARCHIV~1\MICROS~4\rapimgr.exe
H:\Archivos de programa\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
H:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
H:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Archivos de programa\Bonjour\mDNSResponder.exe
H:\Archivos de programa\Java\jre6\bin\jqs.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Archivos de programa\iPod\bin\iPodService.exe
H:\WINDOWS\System32\wbem\wmiapsrv.exe
H:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
H:\Archivos de programa\ATI Technologies\ATI.ACE\cli.exe
H:\WINDOWS\system32\ntvdm.exe
H:\Archivos de programa\Internet Explorer\iexplore.exe
H:\Documents and Settings\andi\Escritorio\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///H:/Documents%20and%20Settings/andi/Escritorio/bolsa24.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - H:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Archivos de programa\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - H:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Shareaza MediaBar - {196C3A46-4758-433D-A600-802C804AF39C} - H:\Archivos de programa\Shareaza Applications\Shareaza MediaBar\ShareazaMediaBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - H:\Archivos de programa\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "H:\Archivos de programa\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] H:\Archivos de programa\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] H:\Archivos de programa\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] H:\Archivos de programa\Archivos comunes\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Archivos de programa\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Archivos de programa\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [CanonSolutionMenu] H:\Archivos de programa\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] H:\Archivos de programa\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "H:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "H:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] H:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Archivos de programa\Archivos comunes\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "H:\Archivos de programa\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SERVICIO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Servicio de red')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = H:\Archivos de programa\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: ZDWLan Utility.lnk = H:\Archivos de programa\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - H:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - H:\ARCHIV~1\MICROS~4\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-es/FlashAX.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - H:\Archivos de programa\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Servicio de transferencia inteligente en segundo plano (BITS) - Unknown owner - H:\WINDOWS\
O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - H:\Archivos de programa\Bonjour\mDNSResponder.exe
O23 - Service: Servicio Google Update (gupdate1ca2256fe37fa76) (gupdate1ca2256fe37fa76) - Google Inc. - H:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - H:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - H:\Archivos de programa\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Actualizaciones automáticas (wuauserv) - Unknown owner - H:\WINDOWS\

--
End of file - 8765 bytes

[kira]

hi

1.
Kannst Du den Bericht von Antivir mit den Malwarefunde hier posten?

2.

Code:

Shareaza

die Nutzung der P2P- Netzwerke oder von Filesharing (halt Filesharing (deutsch "Dateifreigabe" oder "gemeinsamer Dateizugriff", wörtlich "Dateien teilen") )- Plattformen ...

Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!

Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...

3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren (Die alte Java-Versionen verbleiben auf dem PC...aus Sicherheitsgründen müssen entfernt werden,auch in Zukunft darauf achten! )

Lade JavaRa von prm753 herunter und entpacke es auf den Desktop.

• Doppelklicke die JavaRa.exe, um das Programm zu starten.
• Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
• Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.

► Downloade nun die Offline-Version von Java (Java Runtime Environment (JRE) 6 Update aktuelle Version) von SUN und installiere es.

► Adobe Reader: sehe nach, ob neuere Versionen vorhanden sind

4.
Führe dann einen FullSystem Scan durch mit:
Kaspersky Onlinescanner - (Kostenlose Online Scanner - Anleitung)
Setze die Sicherheitseinstellungen im IE zurück (`Mittel`) und erlaube AktiveX.(Dies ist notwendig, damit auf deine Festplatte zugegriffen werden kann)
Speichere das Logfile des Scans.
vergiss nicht, die Sicherheitseinstellungen im IE nach dem Scan wieder hochzustellen.
Poste bitte das Logfile des Kaspersky-Online-Scans.

5.
► Falls Du nicht unbedingt brauchst - Bonjour:
Bonjour wird von Apple (mit Quicktime, Photoshop und iTunes) wird ungefragt mitinstalliert
*Wikipedia/Bonjour*
*marijan-kelava.com*
*Unerwartetes Verhalten des iPod, wenn Windows den iPod mit einem Netzwerklaufwerk verwechselt*
die man einfach über die Systemsteuerung unter Software aufgerufen und deinstallieren kann