Hallo
ich habe ein Problem beim Starten von meinem PC!
Es wird immer die Meldung "Probleme beim Starten von C:\Windows\system32\sshnas21.dll" angezeigt...
Hier die Logs von:
OTL
OTL (Extras)Code:OTL logfile created on: 30.03.2010 15:55:07 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Benutzer\Desktop\AntiVirus 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 334,88 Gb Free Space | 71,90% Space Free | Partition Type: NTFS Drive D: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BENUTZER-PC Current User Name: Benutzer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Benutzer\Desktop\AntiVirus\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Benutzer\Desktop\AntiVirus\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (avg8emc) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg8wd) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 BB EB 93 45 10 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG8\Firefox [2009.12.22 12:02:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.02.26 21:47:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.02.18 14:49:11 | 000,000,000 | ---D | M] [2009.10.28 17:40:55 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\mozilla\Extensions [2010.03.30 14:16:43 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\s0tskgdq.default\extensions [2009.10.28 17:40:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Benutzer\AppData\Roaming\mozilla\Firefox\Profiles\s0tskgdq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.10.28 17:36:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2009.11.10 13:42:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.11.10 13:42:23 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2009.11.10 13:42:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2009.11.10 13:42:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2009.11.10 13:42:23 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe () O4 - HKCU..\Run: [Canaveral] C:\Windows\SysWow64\sshnas21.DLL File not found O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Benutzer\AppData\Local\Temp\Egx.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Benutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.29 11:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{de6f9ac6-c3d5-11de-bf12-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{de6f9ac6-c3d5-11de-bf12-806e6f6e6963}\Shell\AutoRun\command - "" = D:\BlueBirds.exe -- [2009.04.29 11:02:01 | 000,270,336 | R--- | M] (LG Electronics) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.03.30 15:53:47 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\Desktop\AntiVirus [2010.03.09 15:00:48 | 000,000,000 | ---D | C] -- C:\Sounds [2010.03.09 14:51:46 | 000,033,792 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64modem.sys [2010.03.09 14:51:46 | 000,027,136 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64diag.sys [2010.03.09 14:51:46 | 000,017,920 | ---- | C] (LG Electronics Inc.) -- C:\Windows\SysNative\drivers\lgx64bus.sys [2010.03.09 14:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2010.03.09 14:50:36 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\SysWow64\NMSDVDXU.dll [2010.03.09 14:50:36 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\Vsflex7L.ocx [2010.03.09 14:50:36 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msflxgrd.ocx [2010.03.09 14:50:35 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8u.ocx [2010.03.09 14:50:21 | 000,000,000 | ---D | C] -- C:\Users\Benutzer\AppData\Roaming\LG Electronics [2010.03.09 14:50:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG PC Suite II [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.30 15:58:02 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.03.30 15:57:55 | 001,572,864 | -HS- | M] () -- C:\Users\Benutzer\NTUSER.DAT [2010.03.30 15:38:02 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.03.30 14:10:37 | 000,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.30 14:10:37 | 000,010,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.30 14:07:43 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.03.30 14:07:43 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.03.30 14:07:43 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.03.30 14:07:43 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.03.30 14:07:43 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.03.30 14:03:23 | 000,024,072 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2010.03.30 14:03:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.30 14:03:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.30 14:03:10 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys [2010.03.30 14:02:11 | 020,312,837 | -H-- | M] () -- C:\Users\Benutzer\AppData\Local\IconCache.db [2010.03.30 09:23:42 | 058,222,658 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm [2010.03.19 23:48:53 | 000,001,140 | ---- | M] () -- C:\Users\Benutzer\Desktop\CrossFire.lnk [2010.03.09 15:13:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.03.09 14:50:41 | 000,001,748 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.19 22:18:27 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job [2010.03.19 22:18:22 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.03.09 15:13:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.03.09 14:50:41 | 000,001,748 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk [2009.07.30 11:10:55 | 000,000,765 | ---- | C] () -- C:\Windows\Edofma.INI [2009.07.22 10:31:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.07.22 10:08:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.05.21 06:12:56 | 000,007,755 | ---- | C] () -- C:\Windows\cadx2.ini [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2010.03.30 15:47:06 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\ICQ [2010.03.09 14:50:21 | 000,000,000 | ---D | M] -- C:\Users\Benutzer\AppData\Roaming\LG Electronics [2010.01.28 15:30:16 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.03.30 15:38:02 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.03.30 15:58:02 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job ========== Purity Check ========== < End of report >
Code:OTL Extras logfile created on: 30.03.2010 15:55:07 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Benutzer\Desktop\AntiVirus 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free 8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,76 Gb Total Space | 334,88 Gb Free Space | 71,90% Space Free | Partition Type: NTFS Drive D: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BENUTZER-PC Current User Name: Benutzer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support "{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes "{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{27C0CED3-E9FA-4EA0-96AA-FAECE5F81031}" = Nero 7 Essentials "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.1015.1 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility "{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Age of Empires 2.0" = Microsoft Age of Empires II "AstrumNival Allods" = Allods Online 1.0.05.41 "AVG8Uninstall" = AVG Free 8.5 "Cross Fire_is1" = Cross Fire En "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Empires Dawn of the Modern World" = Empires Dawn of the Modern World "Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.02.026 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2 "ICQToolbar" = ICQ Toolbar "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8) "OpenAL" = OpenAL "Uninstall_is1" = Uninstall 1.0.0.1 "Warcraft III" = Warcraft III ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report >
Sophos
Code:Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc Started logging on 30.03.2010 at 16:07:26 User "Benutzer" on computer "BENUTZER-PC" Windows version 6.1 SP 0.0 build 7600 SM=0x300 PT=0x1 WOW64 Info: Starting registry scan. Hidden: registry item \HKEY_USERS\S-1-5-18\Control Panel\International\sShortTime Info: Starting disk scan of C: (NTFS). Hidden: file C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.20518_none_728bae1bb60da796\wmploc.DLL Hidden: file C:\Program Files (x86)\Z8Games\CrossFire\MFC71.dll Hidden: file C:\Users\Benutzer\AppData\Local\Temp\ckz_F5D7\setup.exe Hidden: file C:\Program Files (x86)\Z8Games\CrossFire\patcher_cf.exe Hidden: file C:\Program Files (x86)\DivX\DivXCodecUninstall.exe Hidden: file C:\Netts\Florensia\Data\Sound\hcc_move_soil_06.mp3 Hidden: file C:\Program Files (x86)\DivX\DivXConverterUninstall.exe Hidden: file C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe Hidden: file C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\aacadec.dll Hidden: file C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe Hidden: file C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe Hidden: file C:\Program Files (x86)\DivX\DivXBundleUninstall.exe Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\de_Kinderwagen-tragen-_15468_i.html__trkparms=65%25253A12%25257C66%25253A2%25257C39%25253A1%25257C72%25253A2473&_nkw=quinny&_trksid=p3286.c0[1].m14%26_pgn%3D3 Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7PUPC0EA\225_RTM;seg=GL_MetaViewWatchSearch_12576;seg=GL_MetaViewWatchSearch_9800;sz=300x100;ord=1259591294279;tile=2;um=0;us=13;eb_trk=132973;pr=20;xp=20;np=20[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\g=GL_MetaViewWatchSearch_12576;seg=GL_MetaViewWatchSearch_9800;sz=300x250;ord=1259591294279;dcopt=ist;tile=1;um=0;us=13;eb_trk=132974;pr=20;xp=20;np=20[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMMDUNS6\=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=23927;sz=160x600;ord=1259591806899;dcopt=ist;tile=1;um=2;us=12;eb_trk=132976;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\atchSearch_12576;seg=GL_MetaViewWatchSearch_12081;tcat=23610;items=23928;sz=180x150;ord=1259591309277;tile=2;um=0;us=13;eb_trk=137926;pr=20;xp=20;np=20[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7PUPC0EA\_12576;seg=GL_MetaViewWatchSearch_12081;tcat=23610;items=23928;sz=160x600;ord=1259591309277;dcopt=ist;tile=1;um=0;us=13;eb_trk=132976;pr=20;xp=20;np=20[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\h_12576;seg=GL_MetaViewWatchSearch_12081;tcat=15469;items=7840;sz=160x600;ord=1259591321649;dcopt=ist;tile=1;um=0;us=13;eb_trk=132976;pr=20;xp=20;np=20[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMMDUNS6\cat=15468;cat=23610;seg=GL_MetaViewWatchSearch_12576;tcat=15469;items=72;sz=180x150;ord=1259591338715;tile=2;um=0;us=13;eb_trk=137927;pr=20;xp=20;np=20[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\rch_12576;seg=GL_MetaViewWatchSearch_12081;tcat=15469;items=72;sz=160x600;ord=1259591338715;dcopt=ist;tile=1;um=0;us=13;eb_trk=132975;pr=20;xp=20;np=20[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\at=15468;seg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23621;items=530;sz=180x150;ord=1259591814668;tile=2;um=2;us=12;eb_trk=137927;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\eg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23621;items=530;sz=160x600;ord=1259591814668;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I531QG26\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1530;sz=160x600;ord=1259591906650;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMMDUNS6\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1530;sz=160x600;ord=1259591947877;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I531QG26\p.ebay.de%252Fi.html%253F_nkw%253Dmaxi+cosi%2526_sacat%253D15468%2526_trksid%253Dp3286.m270[2].l1313%2526_sop%253D1%2526_odkw%253Dquinny%2526_osacat%253D15468 Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7PUPC0EA\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1530;sz=160x600;ord=1259592080862;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7PUPC0EA\t=15468;seg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1530;sz=180x150;ord=1259592226670;tile=2;um=2;us=12;eb_trk=137927;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMMDUNS6\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1530;sz=160x600;ord=1259592226670;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I531QG26\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1527;sz=160x600;ord=1259592296082;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7PUPC0EA\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1530;sz=160x600;ord=1259592325943;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1BVAY9EH\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1530;sz=160x600;ord=1259592385156;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I531QG26\p.ebay.de%252Fi.html%253F_nkw%253Dmaxi+cosi%2526_sacat%253D15468%2526_trksid%253Dp3286.m270[1].l1313%2526_sop%253D1%2526_odkw%253Dquinny%2526_osacat%253D15468 Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMMDUNS6\eg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23621;items=529;sz=160x600;ord=1259592424994;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I531QG26\earch_12081;seg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;items=0;sz=160x600;ord=1259592517916;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7PUPC0EA\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1003;sz=160x600;ord=1259592531004;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMMDUNS6\t=15468;seg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1003;sz=180x150;ord=1259592558035;tile=2;um=2;us=12;eb_trk=137927;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7PUPC0EA\g=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;tcat=23610;items=1003;sz=160x600;ord=1259592558035;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HMMDUNS6\earch_12081;seg=GL_AllBid_Mar05;seg=GL_AllSucBuy_Mar05;items=0;sz=160x600;ord=1259592597480;dcopt=ist;tile=1;um=2;us=12;eb_trk=132975;pr=23;xp=28;np=23[1].htm Hidden: file C:\Program Files (x86)\AVG\AVG8\avgcorex.dll Hidden: file C:\Program Files (x86)\Z8Games\CrossFire\crossfire.exe Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5UQPHSXI\XTrapVa[1].dll Hidden: file C:\Users\Benutzer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI5SPMPA\XTrapVa[1].dll Hidden: file C:\Program Files (x86)\Z8Games\CrossFire\XTrap\XTrapVa.dll Hidden: file C:\Users\Benutzer\AppData\Local\Mozilla\Firefox\Profiles\s0tskgdq.default\Cache\3B1735A1d01 Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\ISSetup.dll Hidden: file C:\Program Files (x86)\Common Files\Ahead\Lib\mfc71u.dll Hidden: file C:\Program Files (x86)\Common Files\Ahead\Lib\MFC71.dll Hidden: file C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\MFC71.dll Hidden: file C:\Program Files (x86)\Activision\Empires Dawn of the Modern World\Empires_DMW.exe Hidden: file C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe Hidden: file C:\Program Files (x86)\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\ISSetup.dll Hidden: file C:\Program Files (x86)\gPotato.eu\FLYFF\Neuz.exe Hidden: file C:\Program Files (x86)\Gamigo Games\Fiesta Online(EU_German)\uninst.exe Hidden: file C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\bin\MFC71.dll Hidden: file C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V\bina1\MFC71.dll Hidden: file C:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V - Tribes of the East\bin\MFC71.dll Hidden: file C:\Windows\System32\DriverStore\FileRepository\prnca00g.inf_amd64_neutral_6f76b14b2912fa55\Amd64\CNBXRF4.DLL Hidden: file C:\Windows\System32\DriverStore\FileRepository\prnca00z.inf_amd64_neutral_27f402ce616c3ebc\Amd64\CNBDR4_5.DLL Hidden: file C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\EP0NB01A.DLL Hidden: file C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\EP0NB03A.DLL Hidden: file C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\EP0NB04A.DLL Hidden: file C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\EP0NB05A.DLL Hidden: file C:\Windows\System32\DriverStore\FileRepository\prnep003.inf_amd64_neutral_92ed2d842e0dd4ea\Amd64\EP0NB07A.DLL Hidden: file C:\Windows\System32\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll Hidden: file C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe Hidden: file C:\Windows\System32\WindowsPowerShell\v1.0\PSEvents.dll Hidden: file C:\Windows\System32\WindowsPowerShell\v1.0\pspluginwkr.dll Hidden: file C:\Windows\winsxs\wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7600.16385_none_71b35f189d2b8237\wmploc.DLL Hidden: file C:\Windows\winsxs\x86_microsoft-windows-d..ndwritingrecognizer_31bf3856ad364e35_6.1.7600.16385_none_2bca79fd9bfe072a\mshwjpnrIME.dll Hidden: file C:\Windows\winsxs\x86_microsoft-windows-ime-korean-hwresource_31bf3856ad364e35_6.1.7600.16385_none_502bcdd40d7e6385\mshwkorrIME.dll Hidden: file C:\Windows\winsxs\x86_microsoft-windows-i..hinese-imepadapplet_31bf3856ad364e35_6.1.7600.16385_none_faff6acb5cd29b45\MSHWCHTRIME.dll Stopped logging on 30.03.2010 at 16:33:36
HJT Scanlist
Code:$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ º º hjtscanlist v2.0 º º $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ Microsoft Windows [Version 6.1.7600] C: 30.03.2010 14:03 C:\service.log --------- 125 C:\pagefile.sys --------- C:\hiberfil.sys --------- 29.03.2010 17:22 C:\System Volume Information --------- 49152 22.03.2010 12:57 C:\$AVG8.VAULT$ --------- 0 22.03.2010 11:57 C:\Windows --------- 28672 09.03.2010 15:00 C:\Sounds --------- 0 09.03.2010 14:51 C:\Program Files (x86) --------- 12288 27.02.2010 10:13 C:\Netts --------- 0 26.02.2010 21:52 C:\gPotato.eu --------- 0 26.02.2010 15:31 C:\Program Files --------- 8192 24.02.2010 16:54 C:\Games --------- 0 06.11.2009 22:12 C:\CFLog --------- 0 28.10.2009 18:00 C:\Recovery --------- 0 28.10.2009 18:00 C:\ProgramData --------- 4096 28.10.2009 17:47 C:\$WINDOWS.~Q --------- 0 28.10.2009 17:41 C:\Users --------- 4096 28.10.2009 17:22 C:\BOOTSECT.BAK --------- 8192 28.10.2009 17:22 C:\Boot --------- 4096 28.10.2009 17:08 C:\$INPLACE.~TR --------- 0 20.08.2009 12:46 C:\GAMIGO --------- 0 17.08.2009 20:18 C:\alaplaya --------- 0 29.07.2009 14:27 C:\CrashReport --------- 0 22.07.2009 10:19 C:\csb.log --------- 197 22.07.2009 10:15 C:\RHDSetup.log --------- 473 22.07.2009 10:09 C:\Intel --------- 0 22.07.2009 10:03 C:\Programme --------- 0 22.07.2009 10:03 C:\Dokumente und Einstellungen --------- 0 14.07.2009 07:09 C:\$Recycle.Bin --------- 0 14.07.2009 07:08 C:\Documents and Settings --------- 0 14.07.2009 05:20 C:\PerfLogs --------- 0 14.07.2009 03:38 C:\bootmgr --------- 383562 ---------------------------------------- C:\Windows 30.03.2010 16:34 C:\Windows\WindowsUpdate.log --------- 1470286 30.03.2010 14:03 C:\Windows\gdrv.sys --------- 24072 30.03.2010 14:03 C:\Windows\setupact.log --------- 4116980 30.03.2010 14:03 C:\Windows\bootstat.dat --------- 67584 28.02.2010 11:24 C:\Windows\PFRO.log --------- 8614 21.02.2010 19:14 C:\Windows\DirectX.log --------- 110060 25.11.2009 23:25 C:\Windows\msxml4-KB973688-enu.LOG --------- 287238 31.10.2009 08:34 C:\Windows\explorer.exe --------- 2870272 28.10.2009 17:47 C:\Windows\comsetup.log --------- 6161 28.10.2009 17:41 C:\Windows\DtcInstall.log --------- 4141 28.10.2009 17:41 C:\Windows\Edofma.INI --------- 765 28.10.2009 17:28 C:\Windows\TSSysprep.log --------- 1313 28.10.2009 17:03 C:\Windows\WindowsUpdate (1).log --------- 1339140 28.10.2009 16:34 C:\Windows\diagwrn.xml --------- 2544 28.10.2009 16:34 C:\Windows\diagerr.xml --------- 1890 22.07.2009 13:25 C:\Windows\ie8_main.log --------- 2084 22.07.2009 13:24 C:\Windows\msxml4-KB954430-enu.LOG --------- 299354 22.07.2009 11:53 C:\Windows\uxeventlog.txt --------- 8128 22.07.2009 11:53 C:\Windows\dd_dotnetfx35install_lp.txt --------- 83250 22.07.2009 11:53 C:\Windows\dd_NET_Framework35_LangPack_MSI19E7.txt --------- 849802 22.07.2009 11:53 C:\Windows\dd_depcheck_NETFX_EXP_35.txt --------- 36060 22.07.2009 11:53 C:\Windows\dd_dotnetfx35error_lp.txt --------- 2 22.07.2009 10:19 C:\Windows\xlink.bat --------- 127 22.07.2009 10:17 C:\Windows\GSetup.ini --------- 10 22.07.2009 10:15 C:\Windows\DIFxAPI.dll --------- 525792 22.07.2009 10:15 C:\Windows\HideWin.exe --------- 319488 14.07.2009 06:54 C:\Windows\WindowsShell.Manifest --------- 749 14.07.2009 06:51 C:\Windows\setuperr.log --------- 0 14.07.2009 03:39 C:\Windows\write.exe --------- 10240 14.07.2009 03:39 C:\Windows\splwow64.exe --------- 61952 14.07.2009 03:39 C:\Windows\regedit.exe --------- 427008 14.07.2009 03:39 C:\Windows\notepad.exe --------- 193536 14.07.2009 03:39 C:\Windows\HelpPane.exe --------- 733696 14.07.2009 03:39 C:\Windows\hh.exe --------- 16896 14.07.2009 03:39 C:\Windows\fveupdate.exe --------- 15360 14.07.2009 03:38 C:\Windows\bfsvc.exe --------- 71168 14.07.2009 03:16 C:\Windows\twain_32.dll --------- 51200 14.07.2009 03:14 C:\Windows\winhlp32.exe --------- 9728 14.07.2009 03:14 C:\Windows\twunk_32.exe --------- 31232 14.07.2009 01:06 C:\Windows\mib.bin --------- 43131 10.06.2009 23:41 C:\Windows\twunk_16.exe --------- 49680 10.06.2009 23:41 C:\Windows\twain.dll --------- 94784 10.06.2009 23:08 C:\Windows\system.ini --------- 219 10.06.2009 22:52 C:\Windows\WMSysPr9.prx --------- 316640 10.06.2009 22:36 C:\Windows\msdfmap.ini --------- 1405 10.06.2009 22:31 C:\Windows\Starter.xml --------- 48201 10.06.2009 22:30 C:\Windows\HomePremium.xml --------- 48265 21.05.2009 06:12 C:\Windows\cadx2.ini --------- 7755 24.07.2008 12:18 C:\Windows\SkyTel.exe --------- 1833504 24.07.2008 12:18 C:\Windows\RtlUpd64.exe --------- 1371168 24.07.2008 12:18 C:\Windows\RAVCpl64.exe --------- 6452256 15.07.2008 07:58 C:\Windows\RtlExUpd.dll --------- 524288 13.11.2007 18:18 C:\Windows\USetup.iss --------- 553 21.06.2007 08:34 C:\Windows\GSetup.exe --------- 203328 02.11.2006 17:44 C:\Windows\win.ini --------- 144 ---------------------------------------- C:\Windows\System ---------------------------------------- C:\Windows\System32 30.03.2010 14:10 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 10880 30.03.2010 14:10 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 10880 30.03.2010 14:07 C:\Windows\system32\perfh009.dat --------- 606992 30.03.2010 14:07 C:\Windows\system32\perfc009.dat --------- 103370 30.03.2010 14:07 C:\Windows\system32\perfc007.dat --------- 126188 30.03.2010 14:07 C:\Windows\system32\perfh007.dat --------- 643628 30.03.2010 14:07 C:\Windows\system32\PerfStringBackup.INI --------- 1472002 30.03.2010 14:02 C:\Windows\system32\config --------- 16384 29.03.2010 17:22 C:\Windows\system32\catroot2 --------- 20480 24.03.2010 13:02 C:\Windows\system32\catroot --------- 4096 21.03.2010 12:17 C:\Windows\system32\Tasks --------- 4096 09.03.2010 15:13 C:\Windows\system32\drivers --------- 65536 09.03.2010 14:51 C:\Windows\system32\DriverStore --------- 4096 02.03.2010 08:01 C:\Windows\system32\MRT.exe --------- 32687048 26.02.2010 07:25 C:\Windows\system32\FNTCACHE.DAT --------- 283312 24.02.2010 22:56 C:\Windows\system32\de-DE --------- 327680 24.02.2010 16:55 C:\Windows\system32\wrap_oal.dll --------- 431104 24.02.2010 16:55 C:\Windows\system32\OpenAL32.dll --------- 116736 24.02.2010 11:16 C:\Windows\system32\MpSigStub.exe --------- 212864 02.02.2010 10:36 C:\Windows\system32\tzres.dll --------- 2048 19.01.2010 11:05 C:\Windows\system32\secproc_ssp.dll --------- 121856 19.01.2010 11:05 C:\Windows\system32\secproc_isv.dll --------- 422912 19.01.2010 11:05 C:\Windows\system32\secproc_ssp_isv.dll --------- 121856 19.01.2010 11:05 C:\Windows\system32\secproc.dll --------- 424960 19.01.2010 11:00 C:\Windows\system32\RMActivate_ssp_isv.exe --------- 305152 19.01.2010 11:00 C:\Windows\system32\RMActivate_isv.exe --------- 357888 19.01.2010 11:00 C:\Windows\system32\RMActivate_ssp.exe --------- 306688 19.01.2010 11:00 C:\Windows\system32\RMActivate.exe --------- 356352 17.01.2010 21:05 C:\Windows\system32\LogFiles --------- 4096 11.01.2010 09:44 C:\Windows\system32\iedkcs32.dll --------- 445952 22.12.2009 10:36 C:\Windows\system32\wow64.dll --------- 243200 19.12.2009 11:51 C:\Windows\system32\wininet.dll --------- 1192960 19.12.2009 11:51 C:\Windows\system32\urlmon.dll --------- 1492480 19.12.2009 11:50 C:\Windows\system32\tsbyuv.dll --------- 14848 19.12.2009 11:49 C:\Windows\system32\quartz.dll --------- 1572352 19.12.2009 11:47 C:\Windows\system32\msyuv.dll --------- 25088 19.12.2009 11:47 C:\Windows\system32\msvidc32.dll --------- 38912 19.12.2009 11:47 C:\Windows\system32\msrle32.dll --------- 16384 19.12.2009 11:47 C:\Windows\system32\mshtml.dll --------- 9276928 19.12.2009 11:47 C:\Windows\system32\msfeedsbs.dll --------- 82944 19.12.2009 11:46 C:\Windows\system32\iyuv_32.dll --------- 54272 19.12.2009 11:46 C:\Windows\system32\ieframe.dll --------- 12356608 13.12.2009 11:46 C:\Windows\system32\psisdecd.dll --------- 613888 13.12.2009 11:46 C:\Windows\system32\CPFilters.dll --------- 960512 13.12.2009 11:46 C:\Windows\system32\msdri.dll --------- 552960 13.12.2009 11:44 C:\Windows\system32\MSNP.ax --------- 288256 02.12.2009 11:15 C:\Windows\system32\jscript.dll --------- 852480 08.11.2009 21:57 C:\Windows\system32\wdi --------- 4096 29.10.2009 09:36 C:\Windows\system32\DRVSTORE --------- 0 28.10.2009 18:17 C:\Windows\system32\restore --------- 0 28.10.2009 17:54 C:\Windows\system32\license.rtf --------- 52953 28.10.2009 17:46 C:\Windows\system32\emptyregdb.dat --------- 22960 28.10.2009 17:38 C:\Windows\system32\SPReview --------- 4096 28.10.2009 17:38 C:\Windows\system32\RemInst --------- 0 28.10.2009 17:38 C:\Windows\system32\NDF --------- 0 28.10.2009 17:38 C:\Windows\system32\EventProviders --------- 4096 28.10.2009 17:38 C:\Windows\system32\en-US --------- 4096 28.10.2009 17:38 C:\Windows\system32\Branding --------- 0 28.10.2009 17:33 C:\Windows\system32\CodeIntegrity --------- 0 28.10.2009 17:28 C:\Windows\system32\sysprep --------- 0 28.10.2009 17:22 C:\Windows\system32\oobe --------- 12288 28.10.2009 17:21 C:\Windows\system32\Microsoft --------- 0 28.10.2009 17:03 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 4112 28.10.2009 17:03 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 4112 28.10.2009 08:24 C:\Windows\system32\winlogon.exe --------- 389632 19.10.2009 16:46 C:\Windows\system32\t2embed.dll --------- 148480 19.10.2009 16:46 C:\Windows\system32\fontsub.dll --------- 100864 11.09.2009 12:46 C:\Windows\system32\avgrssta.dll --------- 12464 10.09.2009 08:28 C:\Windows\system32\msv1_0.dll --------- 311808 03.09.2009 09:36 C:\Windows\system32\CertEnroll.dll --------- 1975296 29.08.2009 09:53 C:\Windows\system32\wmp.dll --------- 14629376 29.08.2009 09:50 C:\Windows\system32\msasn1.dll --------- 46592 29.08.2009 09:45 C:\Windows\system32\wmploc.DLL --------- 12625920 30.07.2009 07:07 C:\Windows\system32\atmfd.dll --------- 366080 22.07.2009 10:42 C:\Windows\system32\ca-ES --------- 0 22.07.2009 10:42 C:\Windows\system32\eu-ES --------- 0 22.07.2009 10:42 C:\Windows\system32\SLUI --------- 0 22.07.2009 10:42 C:\Windows\system32\vi-VN --------- 0 14.07.2009 20:18 C:\Windows\system32\wbem --------- 65536 14.07.2009 20:07 C:\Windows\system32\Recovery --------- 0 14.07.2009 19:58 C:\Windows\system32\winrm --------- 0 14.07.2009 19:58 C:\Windows\system32\migwiz --------- 4096 14.07.2009 19:58 C:\Windows\system32\WinBioPlugIns --------- 0 14.07.2009 19:58 C:\Windows\system32\migration --------- 4096 14.07.2009 19:58 C:\Windows\system32\Setup --------- 4096 14.07.2009 19:58 C:\Windows\system32\Boot --------- 0 14.07.2009 19:58 C:\Windows\system32\0407 --------- 0 14.07.2009 19:58 C:\Windows\system32\slmgr --------- 0 14.07.2009 19:58 C:\Windows\system32\Dism --------- 4096 14.07.2009 19:58 C:\Windows\system32\MUI --------- 0 14.07.2009 19:58 C:\Windows\system32\WCN --------- 0 14.07.2009 19:58 C:\Windows\system32\Printing_Admin_Scripts --------- 0 14.07.2009 19:58 C:\Windows\system32\de --------- 0 14.07.2009 19:58 C:\Windows\system32\com --------- 4096 14.07.2009 19:58 C:\Windows\system32\perfd007.dat --------- 38104 14.07.2009 19:58 C:\Windows\system32\perfi007.dat --------- 295922 14.07.2009 07:32 C:\Windows\system32\WinBioDatabase --------- 0 14.07.2009 07:32 C:\Windows\system32\WindowsPowerShell --------- 0 14.07.2009 07:32 C:\Windows\system32\Speech --------- 0 14.07.2009 07:14 C:\Windows\system32\umstartup.etl --------- 21504 ---------------------------------------- C:\Windows\Prefetch ---------------------------------------- C:\Windows\Tasks 30.03.2010 16:38 C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job --------- 252 30.03.2010 15:58 C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job --------- 250 30.03.2010 14:03 C:\Windows\Tasks\SA.DAT --------- 6 28.01.2010 15:30 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632 ---------------------------------------- C:\Windows\Temp ---------------------------------------- C:\Users\Benutzer\AppData\Local\Temp 30.03.2010 16:33 C:\Users\Benutzer\AppData\Local\Temp\sarscan.log --------- 12077 30.03.2010 16:17 C:\Users\Benutzer\AppData\Local\Temp\samples.sar --------- 33811223 30.03.2010 14:03 C:\Users\Benutzer\AppData\Local\Temp\WPDNSE --------- 0 30.03.2010 13:44 C:\Users\Benutzer\AppData\Local\Temp\Low --------- 0 30.03.2010 13:44 C:\Users\Benutzer\AppData\Local\Temp\StructuredQuery.log --------- 1616 30.03.2010 12:53 C:\Users\Benutzer\AppData\Local\Temp\~DF9F05566472916D62.TMP --------- 16384 30.03.2010 12:20 C:\Users\Benutzer\AppData\Local\Temp\~DF6870AFD9EF05AF90.TMP --------- 16384 30.03.2010 12:11 C:\Users\Benutzer\AppData\Local\Temp\~DF80FDB753A7FC72E1.TMP --------- 16384 30.03.2010 12:07 C:\Users\Benutzer\AppData\Local\Temp\wmplog00.sqm --------- 1528 30.03.2010 09:24 C:\Users\Benutzer\AppData\Local\Temp\~DF76F517AF5B82AF16.TMP --------- 16384 29.03.2010 18:58 C:\Users\Benutzer\AppData\Local\Temp\~DFE6EA5DF2E52EA5E9.TMP --------- 16384 29.03.2010 17:24 C:\Users\Benutzer\AppData\Local\Temp\~DF07E12433BFCF2B17.TMP --------- 16384 29.03.2010 17:23 C:\Users\Benutzer\AppData\Local\Temp\~DF7FA40F2BFAEF201A.TMP --------- 16384 28.03.2010 21:20 C:\Users\Benutzer\AppData\Local\Temp\~DF8ADFB7522ED80ABB.TMP --------- 16384 28.03.2010 14:28 C:\Users\Benutzer\AppData\Local\Temp\~DF7558E1BB8EA7AC26.TMP --------- 16384 28.03.2010 14:01 C:\Users\Benutzer\AppData\Local\Temp\~DF420ADEBF65C857E6.TMP --------- 16384 28.03.2010 13:59 C:\Users\Benutzer\AppData\Local\Temp\~DFFFE6172DFD61C9A9.TMP --------- 16384 28.03.2010 11:53 C:\Users\Benutzer\AppData\Local\Temp\~DF1B5BAD1B4DE11DC8.TMP --------- 16384 28.03.2010 11:04 C:\Users\Benutzer\AppData\Local\Temp\~DF14A4C475F9DA3CBD.TMP --------- 16384 28.03.2010 10:42 C:\Users\Benutzer\AppData\Local\Temp\~DF1391752DFB2D9468.TMP --------- 16384 28.03.2010 09:14 C:\Users\Benutzer\AppData\Local\Temp\~DFD66383D45BBD321E.TMP --------- 16384 28.03.2010 09:12 C:\Users\Benutzer\AppData\Local\Temp\~DF4004E86B015D0F9C.TMP --------- 16384 28.03.2010 02:38 C:\Users\Benutzer\AppData\Local\Temp\~DF6F17B927324BA0FF.TMP --------- 16384 28.03.2010 00:56 C:\Users\Benutzer\AppData\Local\Temp\~DF776D0FF9C7DCF133.TMP --------- 16384 28.03.2010 00:15 C:\Users\Benutzer\AppData\Local\Temp\~DFC96A0A25723198E1.TMP --------- 16384 27.03.2010 23:24 C:\Users\Benutzer\AppData\Local\Temp\~DFD107BB6100CF4F96.TMP --------- 16384 27.03.2010 21:03 C:\Users\Benutzer\AppData\Local\Temp\~DF15C9BEE3EC232738.TMP --------- 16384 27.03.2010 20:52 C:\Users\Benutzer\AppData\Local\Temp\~DF50A8FE5B521EC66D.TMP --------- 16384 27.03.2010 20:47 C:\Users\Benutzer\AppData\Local\Temp\~DF2012C15D14BC363D.TMP --------- 16384 27.03.2010 18:09 C:\Users\Benutzer\AppData\Local\Temp\~DFA7E178A5D6915F61.TMP --------- 16384 27.03.2010 15:21 C:\Users\Benutzer\AppData\Local\Temp\~DF4D7EB70EE39EB084.TMP --------- 16384 27.03.2010 15:02 C:\Users\Benutzer\AppData\Local\Temp\~DFED7CB946B0F04821.TMP --------- 16384 27.03.2010 14:52 C:\Users\Benutzer\AppData\Local\Temp\~DFA786BCDE4C627300.TMP --------- 16384 26.03.2010 09:30 C:\Users\Benutzer\AppData\Local\Temp\d1ca5409-e1a1-48df-94ae-e3289ca6c759.tmp --------- 121247289 26.03.2010 09:30 C:\Users\Benutzer\AppData\Local\Temp\fcce07c3-05ce-4a54-9bf7-3c8ee6e01f4e.tmp --------- 24713968 26.03.2010 09:30 C:\Users\Benutzer\AppData\Local\Temp\14463507-22d1-4277-9dbc-5e65f8fab473.tmp --------- 63861202 26.03.2010 09:29 C:\Users\Benutzer\AppData\Local\Temp\548a39e5-a73e-4e53-99f8-bc7915fc83eb.tmp --------- 0 26.03.2010 09:29 C:\Users\Benutzer\AppData\Local\Temp\194102bf-77b4-4aa5-a164-2536fbefb91f.tmp --------- 0 26.03.2010 09:29 C:\Users\Benutzer\AppData\Local\Temp\35e125b3-6cc5-4d1c-bbf7-ae3601271462.tmp --------- 0 26.03.2010 09:29 C:\Users\Benutzer\AppData\Local\Temp\3260e1eb-19dc-4982-9c44-162f2b91bece.tmp --------- 0 26.03.2010 09:28 C:\Users\Benutzer\AppData\Local\Temp\476bc598-ec38-4eb0-a833-2ba96c1e0b66.tmp --------- 140717476 24.03.2010 15:37 C:\Users\Benutzer\AppData\Local\Temp\~DFA9FCA6159C3F7906.TMP --------- 16384 23.03.2010 19:42 C:\Users\Benutzer\AppData\Local\Temp\~DF52AF2A4EE5513A7E.TMP --------- 16384 23.03.2010 15:05 C:\Users\Benutzer\AppData\Local\Temp\~DF0584877F45EBEC76.TMP --------- 16384 23.03.2010 14:33 C:\Users\Benutzer\AppData\Local\Temp\~DF308B2053F5A1CD4A.TMP --------- 16384 22.03.2010 20:15 C:\Users\Benutzer\AppData\Local\Temp\~DFAE7F8B160C5FDE78.TMP --------- 16384 22.03.2010 14:01 C:\Users\Benutzer\AppData\Local\Temp\~DFAF702E55EFB69AAA.TMP --------- 16384 21.03.2010 21:28 C:\Users\Benutzer\AppData\Local\Temp\~DFEC8CBF17D173C587.TMP --------- 16384 21.03.2010 21:20 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-62 --------- 4096 21.03.2010 16:08 C:\Users\Benutzer\AppData\Local\Temp\~DF16562F6DF893BC42.TMP --------- 16384 21.03.2010 11:38 C:\Users\Benutzer\AppData\Local\Temp\~DF6D21CE9D2EA67FB0.TMP --------- 16384 20.03.2010 23:27 C:\Users\Benutzer\AppData\Local\Temp\~DF6AFE85DC1E720703.TMP --------- 16384 20.03.2010 17:54 C:\Users\Benutzer\AppData\Local\Temp\~DF0DBA3A33812CC574.TMP --------- 16384 20.03.2010 16:10 C:\Users\Benutzer\AppData\Local\Temp\~DF23F94686D08EFA28.TMP --------- 16384 20.03.2010 13:33 C:\Users\Benutzer\AppData\Local\Temp\delete.ini --------- 0 20.03.2010 13:28 C:\Users\Benutzer\AppData\Local\Temp\~DF4E021C4DF39AF62B.TMP --------- 16384 19.03.2010 23:49 C:\Users\Benutzer\AppData\Local\Temp\~DF0D47983DA1581F42.TMP --------- 16384 19.03.2010 22:18 C:\Users\Benutzer\AppData\Local\Temp\~DF38190EB74F0F3C39.TMP --------- 16384 19.03.2010 22:12 C:\Users\Benutzer\AppData\Local\Temp\~DF76F6DD0B99C62A21.TMP --------- 16384 19.03.2010 22:08 C:\Users\Benutzer\AppData\Local\Temp\~DF3B2F5CFEDBA13D74.TMP --------- 16384 13.03.2010 20:14 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-61 --------- 4096 09.03.2010 15:11 C:\Users\Benutzer\AppData\Local\Temp\wmsetup.log --------- 18649 09.03.2010 14:52 C:\Users\Benutzer\AppData\Local\Temp\{FA82D38E-B1F5-4510-8D48-3AE9B45D3230} --------- 4096 09.03.2010 14:52 C:\Users\Benutzer\AppData\Local\Temp\{C0C2AE88-A773-4452-92BB-D226A0AE2175} --------- 0 09.03.2010 14:51 C:\Users\Benutzer\AppData\Local\Temp\byeC20.tmp --------- 0 09.03.2010 14:44 C:\Users\Benutzer\AppData\Local\Temp\DMI5BC5.tmp --------- 0 28.02.2010 21:36 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-60 --------- 4096 27.02.2010 16:37 C:\Users\Benutzer\AppData\Local\Temp\~DFCF237F729BAA5DFE.TMP --------- 16384 27.02.2010 13:37 C:\Users\Benutzer\AppData\Local\Temp\ckz_WF05 --------- 0 27.02.2010 13:31 C:\Users\Benutzer\AppData\Local\Temp\ckz_F5D7 --------- 0 26.02.2010 21:26 C:\Users\Benutzer\AppData\Local\Temp\ckz_XPOV --------- 0 26.02.2010 14:12 C:\Users\Benutzer\AppData\Local\Temp\ckz_SXV3 --------- 0 25.02.2010 10:35 C:\Users\Benutzer\AppData\Local\Temp\msdt --------- 0 25.02.2010 10:29 C:\Users\Benutzer\AppData\Local\Temp\isprd3e1.rra --------- 243858 25.02.2010 10:29 C:\Users\Benutzer\AppData\Local\Temp\isprd336.rra --------- 243858 25.02.2010 10:29 C:\Users\Benutzer\AppData\Local\Temp\{47695E10-BC0D-4D67-AB61-34AC10133E46} --------- 0 25.02.2010 10:29 C:\Users\Benutzer\AppData\Local\Temp\ispCD2E.tmp --------- 243858 25.02.2010 10:29 C:\Users\Benutzer\AppData\Local\Temp\ispCCC0.tmp --------- 0 24.02.2010 16:55 C:\Users\Benutzer\AppData\Local\Temp\dd_vcredistUI3B54.txt --------- 11222 24.02.2010 16:55 C:\Users\Benutzer\AppData\Local\Temp\dd_vcredistMSI3B54.txt --------- 364912 24.02.2010 15:54 C:\Users\Benutzer\AppData\Local\Temp\~DF4AC889F39536BFAF.TMP --------- 16384 24.02.2010 15:53 C:\Users\Benutzer\AppData\Local\Temp\~DF5AAE77F2EEDBC425.TMP --------- 16384 24.02.2010 15:30 C:\Users\Benutzer\AppData\Local\Temp\~DF1975AEE861258522.TMP --------- 16384 24.02.2010 15:30 C:\Users\Benutzer\AppData\Local\Temp\~DF9BE27A975DBD60B3.TMP --------- 16384 22.02.2010 20:18 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-59 --------- 4096 21.02.2010 19:14 C:\Users\Benutzer\AppData\Local\Temp\~DF681926B37DCBF9B7.TMP --------- 245760 21.02.2010 11:22 C:\Users\Benutzer\AppData\Local\Temp\JETA237.tmp --------- 0 20.02.2010 23:03 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-58 --------- 4096 15.02.2010 00:22 C:\Users\Benutzer\AppData\Local\Temp\tmp65528.WMC --------- 0 15.02.2010 00:21 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-57 --------- 4096 13.02.2010 23:30 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-56 --------- 4096 11.02.2010 21:35 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-55 --------- 4096 11.02.2010 08:27 C:\Users\Benutzer\AppData\Local\Temp\JET88DD.tmp --------- 0 10.02.2010 18:14 C:\Users\Benutzer\AppData\Local\Temp\JETAF13.tmp --------- 0 10.02.2010 17:51 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-54 --------- 4096 10.02.2010 17:50 C:\Users\Benutzer\AppData\Local\Temp\flaE38E.tmp --------- 4998784 10.02.2010 17:29 C:\Users\Benutzer\AppData\Local\Temp\JET9B83.tmp --------- 0 10.02.2010 16:45 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-53 --------- 4096 10.02.2010 16:43 C:\Users\Benutzer\AppData\Local\Temp\flaA84.tmp --------- 9016615 10.02.2010 12:00 C:\Users\Benutzer\AppData\Local\Temp\JETC8AB.tmp --------- 0 09.02.2010 13:10 C:\Users\Benutzer\AppData\Local\Temp\QTInstallCode.log --------- 9311 09.02.2010 13:10 C:\Users\Benutzer\AppData\Local\Temp\SetupAdminA1C.log --------- 84 09.02.2010 13:10 C:\Users\Benutzer\AppData\Local\Temp\qtplugin.log --------- 4226 08.02.2010 21:02 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-52 --------- 4096 07.02.2010 20:50 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-51 --------- 0 07.02.2010 00:30 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-50 --------- 4096 06.02.2010 15:59 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-49 --------- 4096 06.02.2010 15:54 C:\Users\Benutzer\AppData\Local\Temp\flaEA0A.tmp --------- 6294105 06.02.2010 11:36 C:\Users\Benutzer\AppData\Local\Temp\JETA18B.tmp --------- 0 05.02.2010 22:51 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-48 --------- 4096 04.02.2010 22:02 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-47 --------- 4096 04.02.2010 19:54 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-46 --------- 0 04.02.2010 19:52 C:\Users\Benutzer\AppData\Local\Temp\flaF80F.tmp --------- 4249585 04.02.2010 12:26 C:\Users\Benutzer\AppData\Local\Temp\JET98E4.tmp --------- 0 01.02.2010 22:24 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-45 --------- 0 01.02.2010 15:36 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-44 --------- 4096 01.02.2010 15:35 C:\Users\Benutzer\AppData\Local\Temp\fla4530.tmp --------- 9506757 01.02.2010 12:22 C:\Users\Benutzer\AppData\Local\Temp\JET7E91.tmp --------- 0 31.01.2010 21:53 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-43 --------- 4096 31.01.2010 12:55 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-42 --------- 4096 29.01.2010 23:39 C:\Users\Benutzer\AppData\Local\Temp\xprt54a4.ico --------- 4286 29.01.2010 23:33 C:\Users\Benutzer\AppData\Local\Temp\xprt6e33.ico --------- 4286 29.01.2010 23:31 C:\Users\Benutzer\AppData\Local\Temp\xprt71ee.ico --------- 4286 29.01.2010 23:27 C:\Users\Benutzer\AppData\Local\Temp\xprt3bce.ico --------- 4286 29.01.2010 23:25 C:\Users\Benutzer\AppData\Local\Temp\xprt6e49.ico --------- 4286 29.01.2010 22:57 C:\Users\Benutzer\AppData\Local\Temp\xprt4ad2.ico --------- 4286 29.01.2010 22:57 C:\Users\Benutzer\AppData\Local\Temp\xprt75f8.ico --------- 4286 28.01.2010 21:26 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-41 --------- 4096 26.01.2010 22:21 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-40 --------- 4096 25.01.2010 18:37 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-39 --------- 4096 25.01.2010 18:33 C:\Users\Benutzer\AppData\Local\Temp\flaE4A3.tmp --------- 5102275 25.01.2010 14:35 C:\Users\Benutzer\AppData\Local\Temp\JET7E33.tmp --------- 0 24.01.2010 21:59 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-38 --------- 4096 24.01.2010 21:48 C:\Users\Benutzer\AppData\Local\Temp\patch_2.0.10.1853.en_2.0.11.1862.en.exe --------- 2330257 24.01.2010 00:35 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-37 --------- 4096 22.01.2010 22:50 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-36 --------- 4096 21.01.2010 21:52 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-35 --------- 4096 20.01.2010 21:19 C:\Users\Benutzer\AppData\Local\Temp\Cookies --------- 4096 20.01.2010 20:18 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-34 --------- 4096 20.01.2010 20:16 C:\Users\Benutzer\AppData\Local\Temp\fla4A73.tmp --------- 6105740 20.01.2010 18:10 C:\Users\Benutzer\AppData\Local\Temp\CabB38E.tmp --------- 29771 20.01.2010 10:18 C:\Users\Benutzer\AppData\Local\Temp\JET7F9A.tmp --------- 0 19.01.2010 21:13 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-33 --------- 4096 18.01.2010 22:05 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-32 --------- 4096 18.01.2010 14:48 C:\Users\Benutzer\AppData\Local\Temp\~DF8CC9D9607D4FDD4E.TMP --------- 311296 15.01.2010 23:39 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-31 --------- 4096 14.01.2010 20:19 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-30 --------- 4096 13.01.2010 20:26 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-29 --------- 4096 10.01.2010 21:48 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-28 --------- 4096 10.01.2010 00:17 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-27 --------- 4096 06.01.2010 22:39 C:\Users\Benutzer\AppData\Local\Temp\ICQ1763.tmp --------- 9079 05.01.2010 14:09 C:\Users\Benutzer\AppData\Local\Temp\History --------- 0 05.01.2010 14:09 C:\Users\Benutzer\AppData\Local\Temp\Temporary Internet Files --------- 0 04.01.2010 00:25 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-26 --------- 4096 03.01.2010 19:27 C:\Users\Benutzer\AppData\Local\Temp\~DF25E23CDE13857431.TMP --------- 16384 02.01.2010 23:42 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-25 --------- 4096 31.12.2009 19:27 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-24 --------- 4096 30.12.2009 21:37 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-23 --------- 4096 28.12.2009 21:47 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-22 --------- 4096 28.12.2009 21:40 C:\Users\Benutzer\AppData\Local\Temp\fla3A99.tmp --------- 9955118 28.12.2009 19:08 C:\Users\Benutzer\AppData\Local\Temp\DMI3EAB.tmp --------- 0 28.12.2009 12:45 C:\Users\Benutzer\AppData\Local\Temp\JET8FFF.tmp --------- 0 27.12.2009 21:09 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-21 --------- 4096 27.12.2009 19:49 C:\Users\Benutzer\AppData\Local\Temp\fla7E51.tmp --------- 1007128 27.12.2009 19:49 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-20 --------- 4096 27.12.2009 11:47 C:\Users\Benutzer\AppData\Local\Temp\JETA5DF.tmp --------- 0 27.12.2009 00:15 C:\Users\Benutzer\AppData\Local\Temp\DMI9AF4.tmp --------- 0 25.12.2009 00:01 C:\Users\Benutzer\AppData\Local\Temp\DMI70C9.tmp --------- 0 23.12.2009 17:47 C:\Users\Benutzer\AppData\Local\Temp\manifest.xml --------- 218 22.12.2009 21:07 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-19 --------- 4096 20.12.2009 22:34 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-18 --------- 0 19.12.2009 22:22 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-17 --------- 4096 15.12.2009 21:39 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-16 --------- 4096 14.12.2009 19:42 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-15 --------- 4096 13.12.2009 20:36 C:\Users\Benutzer\AppData\Local\Temp\tmp13387.WMC --------- 0 13.12.2009 18:35 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-14 --------- 0 12.12.2009 23:21 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-13 --------- 4096 10.12.2009 19:35 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-12 --------- 4096 09.12.2009 21:53 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-11 --------- 4096 08.12.2009 21:34 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-10 --------- 4096 05.12.2009 00:51 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-9 --------- 4096 03.12.2009 20:09 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-8 --------- 4096 02.12.2009 22:21 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-7 --------- 4096 01.12.2009 21:36 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-6 --------- 4096 01.12.2009 20:32 C:\Users\Benutzer\AppData\Local\Temp\tmp55678.WMC --------- 0 30.11.2009 21:43 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-5 --------- 4096 28.11.2009 22:41 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-4 --------- 4096 27.11.2009 21:49 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-3 --------- 4096 21.11.2009 23:36 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-2 --------- 4096 19.11.2009 20:25 C:\Users\Benutzer\AppData\Local\Temp\plugtmp-1 --------- 4096 17.11.2009 14:31 C:\Users\Benutzer\AppData\Local\Temp\JETA1BA.tmp --------- 0 16.11.2009 21:20 C:\Users\Benutzer\AppData\Local\Temp\plugtmp --------- 4096 11.11.2009 18:59 C:\Users\Benutzer\AppData\Local\Temp\~DF6A400687F0C70419.TMP --------- 16384 10.11.2009 23:01 C:\Users\Benutzer\AppData\Local\Temp\v3init2.log --------- 3954 09.11.2009 19:06 C:\Users\Benutzer\AppData\Local\Temp\~DF0F653C6D26CCDD9D.TMP --------- 16384 09.11.2009 14:03 C:\Users\Benutzer\AppData\Local\Temp\~DFB6199982B05A06A7.TMP --------- 16384 08.11.2009 21:27 C:\Users\Benutzer\AppData\Local\Temp\~DF967ACFB31C02F0D0.TMP --------- 16384 08.11.2009 21:10 C:\Users\Benutzer\AppData\Local\Temp\~DF9F0EF3BDD633B911.TMP --------- 16384 08.11.2009 21:08 C:\Users\Benutzer\AppData\Local\Temp\~DFED7E748A9A375B13.TMP --------- 16384 08.11.2009 21:04 C:\Users\Benutzer\AppData\Local\Temp\~DFE0ACE06276C14A0B.TMP --------- 16384 07.11.2009 17:21 C:\Users\Benutzer\AppData\Local\Temp\~DFE1F12F787842AD5B.TMP --------- 16384 07.11.2009 10:07 C:\Users\Benutzer\AppData\Local\Temp\~DF50563CD09272B2BC.TMP --------- 16384 06.11.2009 22:39 C:\Users\Benutzer\AppData\Local\Temp\~DF60719F7848D093F7.TMP --------- 16384 06.11.2009 22:37 C:\Users\Benutzer\AppData\Local\Temp\~DFECB572FF5414E5F8.TMP --------- 16384 06.11.2009 22:35 C:\Users\Benutzer\AppData\Local\Temp\~DFAEB5E719A1B39F95.TMP --------- 16384 06.11.2009 22:30 C:\Users\Benutzer\AppData\Local\Temp\~DF4E3E2734951EDF68.TMP --------- 16384 06.11.2009 22:24 C:\Users\Benutzer\AppData\Local\Temp\~DFC2256A0F05A18384.TMP --------- 16384 06.11.2009 22:21 C:\Users\Benutzer\AppData\Local\Temp\~DF412F89375357CE92.TMP --------- 16384 06.11.2009 22:18 C:\Users\Benutzer\AppData\Local\Temp\~DF6E4BAC270B3F63BE.TMP --------- 16384 06.11.2009 22:12 C:\Users\Benutzer\AppData\Local\Temp\~DFD69D34E5389C2A0A.TMP --------- 16384 06.11.2009 22:11 C:\Users\Benutzer\AppData\Local\Temp\~DFFB01020575A15D97.TMP --------- 16384 06.11.2009 22:11 C:\Users\Benutzer\AppData\Local\Temp\~DF4BE41C68EED3BD57.TMP --------- 16384 29.10.2009 20:28 C:\Users\Benutzer\AppData\Local\Temp\TarB38F.tmp --------- 77580 28.10.2009 18:02 C:\Users\Benutzer\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0 17.08.2009 13:57 C:\Users\Benutzer\AppData\Local\Temp\d049.rra --------- 4751360 17.08.2009 13:55 C:\Users\Benutzer\AppData\Local\Temp\SetC7F0.tmp --------- 109712 17.08.2009 13:55 C:\Users\Benutzer\AppData\Local\Temp\SetC206.tmp --------- 109712 14.07.2009 03:17 C:\Users\Benutzer\AppData\Local\Temp\npAF43.tmp --------- 1289712 14.07.2009 03:11 C:\Users\Benutzer\AppData\Local\Temp\npAF53.tmp --------- 836608 ---------------------------------------- C:\Program Files 24.03.2010 23:05 C:\Program Files\Internet Explorer --------- 4096 09.02.2010 13:11 C:\Program Files\iTunes --------- 4096 09.02.2010 13:11 C:\Program Files\iPod --------- 0 29.10.2009 13:37 C:\Program Files\Windows Media Player --------- 4096 28.10.2009 18:00 C:\Program Files\Gemeinsame Dateien --------- 0 28.10.2009 18:00 C:\Program Files\Windows NT --------- 4096 28.10.2009 17:31 C:\Program Files\Windows Photo Gallery --------- 0 28.10.2009 17:31 C:\Program Files\Windows Collaboration --------- 0 28.10.2009 17:31 C:\Program Files\Windows Calendar --------- 0 28.10.2009 17:31 C:\Program Files\Microsoft Games --------- 4096 28.10.2009 17:31 C:\Program Files\Common Files --------- 4096 28.10.2009 17:31 C:\Program Files\Bonjour --------- 0 14.07.2009 20:18 C:\Program Files\DVD Maker --------- 4096 14.07.2009 20:18 C:\Program Files\Windows Journal --------- 4096 14.07.2009 19:58 C:\Program Files\Windows Mail --------- 4096 14.07.2009 19:58 C:\Program Files\Windows Sidebar --------- 4096 14.07.2009 19:58 C:\Program Files\Windows Photo Viewer --------- 4096 14.07.2009 19:58 C:\Program Files\Windows Defender --------- 4096 14.07.2009 07:32 C:\Program Files\Windows Portable Devices --------- 0 14.07.2009 07:32 C:\Program Files\Reference Assemblies --------- 0 14.07.2009 07:32 C:\Program Files\MSBuild --------- 0 14.07.2009 07:09 C:\Program Files\Uninstall Information --------- 0 14.07.2009 06:54 C:\Program Files\desktop.ini --------- 174 ---------------------------------------- C:\ProgramData\.. Benutzer Default Public Default User All Users desktop.ini ---------------------------------------- C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ---------------------------------------- Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung ========================= ======== ================ =========== =============== System Idle Process 0 Services 0 24 K System 4 Services 0 97.984 K smss.exe 316 Services 0 1.136 K csrss.exe 440 Services 0 4.796 K wininit.exe 500 Services 0 4.512 K csrss.exe 524 Console 1 6.064 K services.exe 556 Services 0 8.524 K lsass.exe 576 Services 0 11.432 K lsm.exe 584 Services 0 4.284 K svchost.exe 692 Services 0 9.812 K nvvsvc.exe 760 Services 0 4.020 K svchost.exe 800 Services 0 8.332 K svchost.exe 860 Services 0 23.424 K svchost.exe 892 Services 0 130.576 K svchost.exe 928 Services 0 37.904 K winlogon.exe 960 Console 1 7.380 K svchost.exe 332 Services 0 18.072 K svchost.exe 1092 Services 0 15.620 K nvvsvc.exe 1136 Console 1 7.676 K spoolsv.exe 1268 Services 0 11.720 K svchost.exe 1296 Services 0 16.080 K AppleMobileDeviceService. 1392 Services 0 4.672 K avgwdsvc.exe 1424 Services 0 2.376 K mDNSResponder.exe 1444 Services 0 4.856 K svchost.exe 1472 Services 0 14.272 K GSvr.exe 1524 Services 0 3.936 K ICQ Service.exe 1544 Services 0 4.596 K taskhost.exe 1640 Console 1 10.600 K dwm.exe 1792 Console 1 30.728 K explorer.exe 1828 Console 1 83.680 K RichVideo.exe 2028 Services 0 4.264 K svchost.exe 1064 Services 0 5.440 K IAANTmon.exe 1680 Services 0 6.408 K avgrsa.exe 1916 Services 0 532 K avgnsa.exe 2056 Services 0 1.344 K avgemc.exe 2140 Services 0 1.944 K avgcsrvx.exe 2388 Services 0 11.616 K RAVCpl64.exe 2468 Console 1 9.728 K IAAnotif.exe 2504 Console 1 6.892 K sidebar.exe 2588 Console 1 41.356 K PDVDServ.exe 336 Console 1 5.300 K avgtray.exe 3128 Console 1 1.948 K iTunesHelper.exe 3148 Console 1 12.656 K SearchIndexer.exe 3156 Services 0 26.588 K wmpnetwk.exe 3460 Services 0 13.768 K svchost.exe 3656 Services 0 15.792 K iPodService.exe 3796 Services 0 7.500 K svchost.exe 664 Services 0 29.812 K audiodg.exe 1360 Services 0 17.724 K firefox.exe 392 Console 1 75.864 K taskeng.exe 636 Console 1 5.920 K SearchProtocolHost.exe 1716 Services 0 8.940 K SearchFilterHost.exe 3516 Services 0 6.892 K cmd.exe 1580 Console 1 3.584 K conhost.exe 3568 Console 1 5.540 K dllhost.exe 1612 Console 1 6.132 K tasklist.exe 3048 Console 1 5.640 K WmiPrvSE.exe 2728 Services 0 6.364 K ***** Ende des Scans 30.03.2010 um 16:38:50,83 ***
Ich hoffe das waren alle nötigen Logs...
Grüße
Max
mich an --> 
