Hilfe für "TrojanDownloader:Win32/Renos.MQ" gesucht

[jazzb6p]

Hallo,

ich hoffe ich bin hier richtig. Habe mir wohl einen Trojaner auf meinem Rechner. Der Windows Defender zeigt folgende Nachricht immer wieder an:

Name:
TrojanDownloader:Win32/Renos.MQ

Warnstufe: Schwerwiegend

Hier meine Logfiles:

Nr. 1:

Code:

OTL Extras logfile created on: 15.08.2010 22:06:04 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\jones\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,79 Gb Total Space | 59,97 Gb Free Space | 41,71% Space Free | Partition Type: NTFS
Drive D: | 140,29 Gb Total Space | 16,37 Gb Free Space | 11,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JONES-PC
Current User Name: jones
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{183B02AB-7FD9-4745-B6D4-ACE4C41F63F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F37FE6B-9B9E-4C24-A5C7-D72BA05F4081}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{34DDF236-2394-45EE-ABC7-9C4692CD4609}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3DB8547B-1857-46BF-9DC2-E3521A6514DA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4029CB7D-B720-49AE-ACB6-6D3DDC94BA14}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4EA60005-D1A0-4AA8-94F6-BD247BB928BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6C6B5110-E5CB-401D-BD86-7412E92992A6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91E5CCBF-F977-402F-AF91-AF51F029737B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A4754AA5-F8CE-41FC-8088-B69D3E370512}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A965A2C5-1F65-449A-8026-C826CB0F2C57}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BC4D45ED-FC71-41D5-90CE-00932326FC58}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C333A63F-6B0C-4EB7-9884-0FE7CA82D746}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D81D617E-F4C5-4690-A7EE-D50550D940F1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D932173A-23AF-49AD-B445-93F34FE8B7B6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DA303970-F284-49A4-BF95-A2C2552ADFF2}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E7797BFB-0CF0-4E5C-AD54-E0F6F54B40C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F61581DD-6C75-4EFD-AC6A-4291D1EF0E07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F7FD3F83-4114-4F5D-B708-0529EBFCC409}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24FFDC3E-6BD3-4F7C-A026-BEAD8527E5B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2C5E027F-96D5-47EE-8C36-52806CF843DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{52DC1D7C-AF61-42DB-B0AD-58CC10124CB1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{861A828D-A26C-4EA7-A48F-197A37DE724B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9B54C972-1E29-41B7-9ADD-4C02DD177CE8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A5F16CA7-7C96-4329-9211-8160B3D50375}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B681D541-F5EE-47FB-830C-4561EC486CBB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{B69F56F8-9836-4FD8-AE7F-748650076BFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CEBD7EE4-0CCB-4EF9-8F8E-8BD7C243F0EB}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{DC7552D1-5033-4C77-A320-A3285931535C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1BFF08A-DDE8-4D1E-95FF-65C124828ED5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{1B653C06-6899-4E60-8B79-70CF412F96F7}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{212811B6-386D-4713-9055-13439E061ABC}C:\users\jones\downloads\freezer.exe" = protocol=6 | dir=in | app=c:\users\jones\downloads\freezer.exe | 
"TCP Query User{2629830F-9915-4BAC-AAEB-D164817043E7}D:\emule\emule.exe" = protocol=6 | dir=in | app=d:\emule\emule.exe | 
"TCP Query User{35499B9D-4834-4E3B-A435-1DF174C5F32D}C:\users\jones\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\temp\ixp000.tmp\smpcsetup.exe | 
"TCP Query User{391C56C0-9DD9-4456-A965-A214FD6CBA55}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3EBCE36F-B3AB-4D8F-94FF-919587E207A4}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{517753B0-31CA-4717-927D-C255EB32B78D}C:\windows\temp\spoolsv\spoolsv.exe" = protocol=6 | dir=in | app=c:\windows\temp\spoolsv\spoolsv.exe | 
"TCP Query User{5E631CD8-7F7E-40DF-9B21-F8A36524E1F2}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{8108A262-729F-4477-8FB0-935B2C19BFC8}C:\users\jones\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0w6mxlm\installer-13387-32de-nero-showtime-deutsch[1].exe" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0w6mxlm\installer-13387-32de-nero-showtime-deutsch[1].exe | 
"TCP Query User{8D415FA0-B225-4588-9CD3-51A21448FEE3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{B2881564-59D1-49CE-920B-AC95C86EA41E}C:\users\jones\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=6 | dir=in | app=c:\users\jones\appdata\local\temp\ixp000.tmp\smwinvnc.exe | 
"TCP Query User{C8DA8B40-3415-4085-894F-7DAD74093CED}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"TCP Query User{CABEFC32-3ADE-4239-8891-69CABCD258C5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E7115334-9B3F-4D56-B2EC-2856C661D2B5}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{0890C1E8-E663-48C3-A5D0-FF930DB20E52}C:\users\jones\appdata\local\temp\ixp000.tmp\smpcsetup.exe" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\temp\ixp000.tmp\smpcsetup.exe | 
"UDP Query User{1628BAE4-BD40-4AD6-B4FF-546D1429310D}C:\windows\temp\spoolsv\spoolsv.exe" = protocol=17 | dir=in | app=c:\windows\temp\spoolsv\spoolsv.exe | 
"UDP Query User{218A2EE1-189A-476A-9CD8-18243553AF94}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4636EFD2-ABEC-4315-A81B-F021038119F8}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd | 
"UDP Query User{4E9631BF-8DDD-4B51-9515-318A7E0117A6}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{6E681985-E0A1-47D1-9938-9B37BB03E7DF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{7E6B75CD-6891-4977-9B75-ED28974D6E11}C:\users\jones\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0w6mxlm\installer-13387-32de-nero-showtime-deutsch[1].exe" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\microsoft\windows\temporary internet files\content.ie5\i0w6mxlm\installer-13387-32de-nero-showtime-deutsch[1].exe | 
"UDP Query User{A4810A0A-1894-486A-897B-9FF1AF703340}C:\users\jones\appdata\local\temp\ixp000.tmp\smwinvnc.exe" = protocol=17 | dir=in | app=c:\users\jones\appdata\local\temp\ixp000.tmp\smwinvnc.exe | 
"UDP Query User{B6A21CE3-E4CE-430A-B246-547B45DC7364}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{C9DE4D9A-E22D-411B-A210-9F58F489251D}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{D0444557-F59E-475F-BD34-4036D37EC4FD}C:\users\jones\downloads\freezer.exe" = protocol=17 | dir=in | app=c:\users\jones\downloads\freezer.exe | 
"UDP Query User{D0AFEC94-5306-4989-9ED5-259FF9367F04}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{D4A2BFCE-A903-4655-A410-2741F763AA3B}D:\emule\emule.exe" = protocol=17 | dir=in | app=d:\emule\emule.exe | 
"UDP Query User{EF6EACDE-51CC-484D-A98F-04B8BB91C774}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4900
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"7-Zip" = 7-Zip 4.65
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Applied Acoustics Lounge Lizard EP VSTi DXi v3.0" = Applied Acoustics Lounge Lizard EP VSTi DXi v3.0
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cakewalk Pro Audio 9" = Cakewalk Pro Audio 9
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free FLV Converter_is1" = Free FLV Converter V 6.91.0
"GridVista" = Acer GridVista
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"jeapliv" = Favorit
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 8.0.1" = Live 8.0.1
"Live-Player" = Live-Player
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Elektrik Piano" = Native Instruments Elektrik Piano
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 12.0" = RealPlayer
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 0.9.6
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.08.2010 15:26:21 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:26:22 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:26:35 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:26:35 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:26:36 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:26:37 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:28:24 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:28:25 | Computer Name = jones-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 15.08.2010 15:41:05 | Computer Name = jones-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.08.2010 15:41:05 | Computer Name = jones-PC | Source = Windows Search Service | ID = 3013
Description = 
 
[ System Events ]
Error - 15.08.2010 06:11:53 | Computer Name = jones-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2010 09:03:34 | Computer Name = jones-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 15.08.2010 09:22:10 | Computer Name = jones-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.08.2010 um 15:18:43 unerwartet heruntergefahren.
 
Error - 15.08.2010 09:21:15 | Computer Name = jones-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 15.08.2010 09:22:32 | Computer Name = jones-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2010 10:36:48 | Computer Name = jones-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 15.08.2010 um 16:33:01 unerwartet heruntergefahren.
 
Error - 15.08.2010 10:38:15 | Computer Name = jones-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2010 13:08:13 | Computer Name = jones-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 15.08.2010 13:12:03 | Computer Name = jones-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
 nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
 oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
 auswählen.
 
Error - 15.08.2010 13:19:57 | Computer Name = jones-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Nr.2:

Code:

OTL logfile created on: 15.08.2010 22:06:04 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\jones\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,79 Gb Total Space | 59,97 Gb Free Space | 41,71% Space Free | Partition Type: NTFS
Drive D: | 140,29 Gb Total Space | 16,37 Gb Free Space | 11,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 4,19 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: JONES-PC
Current User Name: jones
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jones\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\jones\AppData\Local\Temp\Obh.exe (ApexDC++ Development Team)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avnotify.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\jones\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Inc.)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
PRC - C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\jones\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Inc.)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DKbFltr) -- C:\Windows\System32\DRIVERS\DKbFltr.sys File not found
DRV - (cpuz132) -- C:\Users\jones\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8800
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.29 00:44:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 01:44:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 01:44:16 | 000,000,000 | ---D | M]
 
[2008.07.02 10:03:24 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\mozilla\Extensions
[2010.08.15 16:48:17 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\mozilla\Firefox\Profiles\bhab9b82.default\extensions
[2010.06.25 11:23:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jones\AppData\Roaming\mozilla\Firefox\Profiles\bhab9b82.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.02.16 16:29:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jones\AppData\Roaming\mozilla\Firefox\Profiles\bhab9b82.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}(51)
[2010.03.29 01:57:24 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\jones\AppData\Roaming\mozilla\Firefox\Profiles\bhab9b82.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.05.20 19:29:59 | 000,002,354 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\ecosia.xml
[2010.08.15 12:56:09 | 000,000,950 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\icqplugin-1.xml
[2009.05.03 10:50:12 | 000,000,950 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\icqplugin-2.xml
[2009.06.14 23:46:30 | 000,000,950 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\icqplugin-3.xml
[2009.10.01 14:28:10 | 000,000,950 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\icqplugin-4.xml
[2009.10.01 21:41:45 | 000,000,950 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\icqplugin-5.xml
[2010.02.13 12:15:40 | 000,000,950 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\icqplugin-6.xml
[2009.04.26 21:02:01 | 000,000,944 | ---- | M] () -- C:\Users\jones\AppData\Roaming\Mozilla\FireFox\Profiles\bhab9b82.default\searchplugins\icqplugin.xml
[2010.05.23 21:09:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.04.09 21:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.23 21:09:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.12 11:16:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 11:16:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 11:16:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 11:16:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 11:16:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [spoolsv] C:\Windows\temp\spoolsv\spoolsv.exe (mIRC Co. Ltd.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Metropolis] C:\Users\jones\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\jones\AppData\Local\Temp\Obh.exe (ApexDC++ Development Team)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1215252763 (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6480808995-8553582333-437146345-7690\wingn.exe) - C:\RECYCLER\S-1-5-21-6480808995-8553582333-437146345-7690\wingn.exe ()
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jones\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\jones\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.15 22:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.08.15 12:22:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.15 12:22:49 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.15 12:22:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.15 12:22:49 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.15 12:22:49 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 12:22:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.15 12:22:49 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.15 12:22:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.15 12:22:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.15 12:22:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.15 12:22:48 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.15 12:22:48 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.15 12:22:48 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.15 12:22:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.15 12:22:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.15 12:22:47 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.15 12:22:36 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.15 12:22:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.15 12:21:54 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.15 12:21:53 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.05 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\jones\Documents\Ableton
[2010.08.05 13:22:02 | 000,000,000 | ---D | C] -- C:\Users\jones\AppData\Roaming\Ableton
[2010.08.05 13:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton
[2010.08.05 13:19:56 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010.08.05 13:19:56 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll
[2010.08.05 13:18:51 | 000,000,000 | ---D | C] -- C:\Programme\Ableton
[2010.08.05 12:36:38 | 000,000,000 | ---D | C] -- C:\Users\jones\Desktop\NI Akoustik 16Bit
[2008.03.20 11:07:40 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.03.20 11:07:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.02.19 04:43:23 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.15 22:09:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{92920DEF-B77C-4A90-A488-46460ADB4D57}.job
[2010.08.15 22:08:30 | 004,456,448 | -HS- | M] () -- C:\Users\jones\ntuser.dat
[2010.08.15 22:03:00 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.15 21:55:03 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.15 21:52:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.15 21:19:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 21:19:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 20:52:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.15 19:21:08 | 000,081,883 | ---- | M] () -- C:\Users\jones\AppData\Roaming\nvModes.001
[2010.08.15 19:19:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 19:19:38 | 000,324,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.15 19:19:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.15 19:18:18 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.15 19:09:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.15 14:41:08 | 000,069,632 | ---- | M] () -- C:\Users\jones\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 18:42:16 | 003,363,226 | -H-- | M] () -- C:\Users\jones\AppData\Local\IconCache.db
[2010.08.13 02:17:51 | 000,783,242 | ---- | M] () -- C:\Users\jones\Desktop\nm.cpr
[2010.08.12 18:31:52 | 000,031,445 | ---- | M] () -- C:\Users\jones\Desktop\christina.jpg
[2010.08.12 12:36:05 | 000,081,883 | ---- | M] () -- C:\Users\jones\AppData\Roaming\nvModes.dat
[2010.08.09 23:45:53 | 000,810,301 | ---- | M] () -- C:\Users\jones\Desktop\new.cpr
[2010.08.09 21:53:04 | 001,123,683 | ---- | M] () -- C:\Users\jones\Desktop\wb weit.cpr
[2010.08.09 21:52:47 | 001,078,802 | ---- | M] () -- C:\Users\jones\Desktop\ratten nattern-02.mp3
[2010.08.05 13:19:58 | 000,001,006 | ---- | M] () -- C:\Users\jones\Desktop\Live 8.0.1.lnk
[2010.07.29 00:40:44 | 000,812,851 | ---- | M] () -- C:\Users\jones\Desktop\abends.cpr
[2010.07.23 02:37:16 | 000,311,296 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\Windows\System32\TubeFinder.exe
[2010.07.20 19:51:00 | 000,047,104 | ---- | M] () -- C:\Users\jones\Documents\Falldarstellung verfremdung.doc
 
========== Files Created - No Company Name ==========
 
[2010.08.15 19:37:39 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.15 19:37:35 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.13 02:14:30 | 000,783,242 | ---- | C] () -- C:\Users\jones\Desktop\nm.cpr
[2010.08.12 18:31:52 | 000,031,445 | ---- | C] () -- C:\Users\jones\Desktop\christina.jpg
[2010.08.09 23:45:53 | 000,810,301 | ---- | C] () -- C:\Users\jones\Desktop\new.cpr
[2010.08.09 21:50:12 | 001,078,802 | ---- | C] () -- C:\Users\jones\Desktop\ratten nattern-02.mp3
[2010.08.09 21:02:07 | 001,123,683 | ---- | C] () -- C:\Users\jones\Desktop\wb weit.cpr
[2010.08.05 13:19:58 | 000,001,006 | ---- | C] () -- C:\Users\jones\Desktop\Live 8.0.1.lnk
[2010.07.20 23:59:14 | 000,812,851 | ---- | C] () -- C:\Users\jones\Desktop\abends.cpr
[2010.07.20 19:02:00 | 000,047,104 | ---- | C] () -- C:\Users\jones\Documents\Falldarstellung verfremdung.doc
[2010.07.10 23:57:36 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010.07.10 23:57:35 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010.07.10 23:57:35 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010.07.10 23:57:35 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2010.01.27 20:40:00 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.01.24 17:43:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.01.24 14:30:38 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.01.15 22:32:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.28 15:52:43 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008.05.27 11:19:16 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.05.27 11:19:16 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.03.20 19:43:10 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008.03.20 19:43:03 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008.02.19 07:22:40 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.02.19 04:43:25 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.02.19 04:43:25 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.02.19 04:43:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.18 22:08:44 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.02.18 21:15:19 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.03.29 13:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.05.09 13:36:45 | 000,000,000 | -HSD | M] -- C:\Users\jones\AppData\Roaming\.#
[2010.08.05 13:22:02 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Ableton
[2008.05.08 17:08:02 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Acer
[2008.02.18 21:40:07 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Acer GameZone Console
[2008.09.27 21:47:09 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Applied Acoustics Systems
[2010.07.12 14:05:02 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Audacity
[2010.05.19 11:13:42 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.26 02:24:57 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Facebook
[2010.06.28 00:16:10 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\FreeFLVConverter
[2010.05.23 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\GrabPro
[2010.05.18 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Iggels
[2008.11.21 20:07:41 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Kazaa Lite
[2010.03.11 21:59:04 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\live-player
[2010.05.23 18:16:00 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Orbit
[2010.05.27 00:34:23 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Roni Music
[2008.09.27 21:18:00 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\Steinberg
[2010.05.14 19:32:37 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\temp
[2008.11.20 00:00:33 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\UseNeXT
[2008.11.09 20:17:49 | 000,000,000 | ---D | M] -- C:\Users\jones\AppData\Roaming\zweitgeist
[2010.08.15 19:09:27 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.15 22:09:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{92920DEF-B77C-4A90-A488-46460ADB4D57}.job
[2010.08.15 21:55:03 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.15 22:03:00 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
========== Purity Check ==========
 
 
< End of report >

Vielen Dank für die Hilfe.
Jazzb6p

[kira]

Herzlich Willkommen hier bei uns am HijackThis Supportboard!

**Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!**
Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst

ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!

Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, dazu:
1.
Zunächst bitte folgende Einstellungen vornehmen: System-Dateien und -Ordner unter XP, Vista und Win7 sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

2.
Systemdetails mit RSIT prüfen

• Lade Random's System Information Tool (RSIT) von random/random herunter,
• speichere es auf Deinem Desktop.
• Schließe alle Fenster und Programme inkl. Browser.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
• In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
• Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt) hier in den Thread.

3.
"Dateiliste mit HJTscanlist.bat erstellen"
Lade dir HJTscanlist.zip. -(Punkt 6) herunter ( den angegebenen Link anklicken ► Punkt 6. aussuchen ► Anweisungen folgen) anschließend das erhaltene Logfile hier posten.

4.

• Download den CCleaner
• Software-Lizenzvereinbarung lesen, falls angeboten wird ("Füge CCleaner Yahoo! Toolbar hinzu" - abwählen!)-> starten -> Falls nötig, unter Options settings -> "german" einstellen.
• starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
• ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Bitte alle Ergebnisse im Code-Tags posten!

vor dein Logfile (Textergebnis) schreibst du:[code]
hier kommt dein Logfile rein
dahinter:[/code]

gruß
argos

[jazzb6p]

Code:

Logfile of random's system information tool 1.08 (written by random/random)
Run by jones at 2010-08-16 11:32:50
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 61 GB (42%) free of 147 GB
Total RAM: 3069 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:33:11, on 16.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Users\jones\AppData\Local\Temp\Obh.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\jones\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jones\Downloads\RSIT.exe
C:\Program Files\trend micro\jones.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [spoolsv] "C:\Windows\temp\spoolsv\spoolsv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\jones\AppData\Local\Temp\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\jones\AppData\Local\Temp\Obh.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1215252763
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9879 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{92920DEF-B77C-4A90-A488-46460ADB4D57}.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-29 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - DVDVideoSoft Toolbar - C:\Program Files\DVDVideoSoft\tbDVDV.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"ALaunch"=C:\Acer\ALaunch\AlaunchClient.exe []
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-24 4702208]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2008-01-24 102400]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-11-22 178712]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2008-01-30 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-01-30 8501792]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-01-30 81920]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe []
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-03-30 267048]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"spoolsv"=C:\Windows\temp\spoolsv\spoolsv.exe [2007-11-28 1790464]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Skytel"=C:\Windows\Skytel.exe [2008-01-24 1826816]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-29 202256]
"PLFSetL"=C:\Windows\PLFSetL.exe [2007-07-05 94208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Metropolis"=C:\Users\jones\AppData\Local\Temp\sshnas21.dll [2010-08-15 241664]
"ZE18MW23GY"=C:\Users\jones\AppData\Local\Temp\Obh.exe [2010-08-15 188416]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-16 11:32:50 ----D---- C:\rsit
2010-08-16 11:32:50 ----D---- C:\Program Files\trend micro
2010-08-15 22:01:31 ----D---- C:\ProgramData\WindowsSearch
2010-08-15 12:22:51 ----A---- C:\Windows\system32\mshtml.dll
2010-08-15 12:22:51 ----A---- C:\Windows\system32\iertutil.dll
2010-08-15 12:22:50 ----A---- C:\Windows\system32\ieframe.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\wininet.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\urlmon.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\occache.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\mstime.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-15 12:22:49 ----A---- C:\Windows\system32\ieui.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\iesetup.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\iepeers.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-15 12:22:49 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-15 12:22:48 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-15 12:22:48 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-15 12:22:48 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-15 12:22:48 ----A---- C:\Windows\system32\iernonce.dll
2010-08-15 12:22:47 ----A---- C:\Windows\system32\iccvid.dll
2010-08-15 12:22:45 ----A---- C:\Windows\system32\schannel.dll
2010-08-15 12:22:36 ----A---- C:\Windows\system32\win32k.sys
2010-08-15 12:22:31 ----A---- C:\Windows\system32\rtutils.dll
2010-08-15 12:21:54 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-15 12:21:53 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-15 12:21:43 ----A---- C:\Windows\system32\msxml3.dll
2010-08-15 12:21:30 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-15 12:21:29 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-15 12:21:14 ----A---- C:\Windows\system32\shell32.dll
2010-08-15 12:21:05 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-05 13:22:02 ----D---- C:\Users\jones\AppData\Roaming\Ableton
2010-08-05 13:22:02 ----D---- C:\ProgramData\Ableton
2010-08-05 13:19:56 ----A---- C:\Windows\system32\REX Shared Library.dll
2010-08-05 13:19:56 ----A---- C:\Windows\system32\ReWire.dll
2010-08-05 13:18:51 ----D---- C:\Program Files\Ableton

======List of files/folders modified in the last 1 months======

2010-08-16 11:32:57 ----D---- C:\Windows\Temp
2010-08-16 11:32:50 ----RD---- C:\Program Files
2010-08-16 11:27:34 ----SHD---- C:\System Volume Information
2010-08-16 11:22:19 ----D---- C:\Windows\system32\Tasks
2010-08-16 11:22:18 ----D---- C:\Windows\Tasks
2010-08-15 22:54:17 ----D---- C:\Windows\Prefetch
2010-08-15 22:01:31 ----HD---- C:\ProgramData
2010-08-15 21:28:36 ----D---- C:\Windows\Microsoft.NET
2010-08-15 21:28:25 ----RSD---- C:\Windows\assembly
2010-08-15 19:12:11 ----D---- C:\Program Files\Internet Explorer
2010-08-15 19:12:10 ----D---- C:\Windows\system32\migration
2010-08-15 19:12:10 ----D---- C:\Windows\System32
2010-08-15 19:12:08 ----D---- C:\Program Files\Movie Maker
2010-08-15 19:12:06 ----D---- C:\Windows\system32\drivers
2010-08-15 19:09:12 ----D---- C:\Windows\winsxs
2010-08-15 12:20:32 ----D---- C:\Windows\system32\catroot
2010-08-15 12:20:31 ----D---- C:\Windows\system32\catroot2
2010-08-11 18:53:19 ----D---- C:\Windows\inf
2010-08-05 16:43:53 ----D---- C:\Program Files\Native Instruments
2010-08-05 13:19:07 ----SHD---- C:\Windows\Installer
2010-08-05 11:56:57 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-04 23:43:05 ----D---- C:\Windows\Downloaded Installations
2010-08-04 23:26:10 ----D---- C:\Program Files\CyberLink
2010-08-04 23:23:20 ----D---- C:\ProgramData\CyberLink
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-29 23:26:55 ----D---- C:\Users\jones\AppData\Roaming\Skype
2010-07-29 20:46:32 ----D---- C:\Users\jones\AppData\Roaming\skypePM
2010-07-24 01:44:16 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 15:04:06 ----D---- C:\Program Files\Free FLV Converter
2010-07-23 02:37:16 ----A---- C:\Windows\system32\TubeFinder.exe
2010-07-19 10:23:40 ----D---- C:\ProgramData\DivX
2010-07-19 10:23:34 ----D---- C:\Program Files\DivX
2010-07-19 10:23:15 ----D---- C:\Program Files\Common Files\PX Storage Engine

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-11-22 308248]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2008-01-24 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2008-01-24 8704]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2008-01-24 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2008-01-24 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 1950552]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-02-18 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-30 7629504]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-13 1749376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-24 192816]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-01-24 660480]
R3 winbondcir;Winbond IR Transceiver; C:\Windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
S3 61883;61883-Einheitsgerät; C:\Windows\system32\DRIVERS\61883.sys [2008-01-21 45696]
S3 Avc;AVC-Gerät; C:\Windows\system32\DRIVERS\avc.sys [2008-01-21 40448]
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BthPort;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2007-12-14 79664]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-12-14 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-14 16432]
S3 cpuz132;cpuz132; \??\C:\Users\jones\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ALaunchService;ALaunch Service; C:\Acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-05-16 267432]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-11-22 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2007-11-27 110592]
R2 RS_Service;Raw Socket Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [2007-09-28 233472]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2008-01-24 386560]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-20 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

-----------------EOF-----------------



Nr.2

info.txt logfile of random's system information tool 1.08 2010-08-16 11:33:13

======Uninstall list======

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer Crystal Eye Webcam Video Class Camera -->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer GameZone Console 2.0.1.1-->"C:\Program Files\Acer GameZone\GameConsole\unins000.exe"
Acer GridVista-->C:\Windows\GVUni.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x7  -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9  -removeonly
Acer VCM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}\setup.exe" -l0x7  -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Applied Acoustics Lounge Lizard EP VSTi DXi v3.0-->D:\LOUNGE~1.0\UNWISE.EXE D:\LOUNGE~1.0\INSTALL.LOG
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Audacity 1.3.11 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Cakewalk Pro Audio 9-->C:\Windows\IsUn0407.exe -f"C:\Program Files\Cakewalk\Cakewalk Pro Audio 9\CWPA9_Uninst.isu"
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVID~1\UNWISE.EXE   /U C:\PROGRA~1\DVDVID~1\INSTALL.LOG  
EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Favorit-->c:\users\jones\appdata\local\jeapliv.bat
Free FLV Converter V 6.91.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Live 8.0.1-->C:\PROGRA~1\Ableton\LIVE80~1.1\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE80~1.1\Install\INSTALL.LOG
Live-Player-->C:\Program Files\Live-Player\uninst.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2000 SR-1 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{4EA2F95F-A537-4D17-9E7F-6B3FF8D9BBE3}
mIRC-->"C:\Windows\temp\spoolsv\spoolsv.exe" -uninstall
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Native Instruments B4 II-->C:\PROGRA~1\NATIVE~1\B4II~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\B4II~1\INSTALL.LOG
Native Instruments Elektrik Piano-->C:\PROGRA~1\NATIVE~1\ELEKTR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\ELEKTR~1\INSTALL.LOG
Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly 
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0407
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1031 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x7 anything
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Steinberg Cubase SX v3.1.1.944-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosofts Lizenz Kontrolle-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
UseNeXT-->"C:\Program Files\UseNeXT\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Winbond CIR Drivers-->MsiExec.exe /X{427967BF-09F8-46D5-9275-37001CCBBA5D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: jones-PC
Event Code: 4201
Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.
Record Number: 323051
Source Name: Tcpip
Time Written: 20100425114539.554776-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 8033
Message: Der Suchdienst hat eine Wahl auf dem Netzwerk "\Device\NetBT_Tcpip_{FAB17B99-3779-4F91-864D-2E701F41FA15}" erzwungen, da der Hauptsuchdienst beendet wurde.
Record Number: 323050
Source Name: BROWSER
Time Written: 20100425114537.000000-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 4201
Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.
Record Number: 323049
Source Name: Tcpip
Time Written: 20100425114443.878376-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 4201
Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.
Record Number: 323048
Source Name: Tcpip
Time Written: 20100425114443.878376-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 4201
Message: Netzwerkadapter "Drahtlosnetzwerkverbindung" wurde mit dem Netzwerk verbunden, und das System im normalen Zustand gestartet.
Record Number: 323047
Source Name: Tcpip
Time Written: 20100425114252.119976-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: jones-PC
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten enthalten die neuen Werte der Registrierungseinträge "Last Counter" und "Last Help".
Record Number: 82333
Source Name: Microsoft-Windows-LoadPerf
Time Written: 20090817165934.000000-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 82332
Source Name: SecurityCenter
Time Written: 20090817165734.000000-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 0
Message: 
Record Number: 82331
Source Name: iPod Service
Time Written: 20090817165546.000000-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 1003
Message: Der Windows-Suchdienst wurde gestartet.

Record Number: 82330
Source Name: Microsoft-Windows-Search
Time Written: 20090817165536.000000-000
Event Type: Informationen
User: 

Computer Name: jones-PC
Event Code: 7500
Message: Intel RAID-Controller: Unbekannter Controller
Anzahl der Serial ATA-Anschlüsse: 3
 
RAID Option ROM - Version: Unbekannt
Treiberversion: 7.8.0.1012
RAID-Plug-In - Version: 7.8.0.1013
Sprachressourcenversion des RAID-Plug-In:  Datei nicht gefunden
Assistent zum Erstellen eines Volumes - Version: 7.8.0.1013
Sprachressourcenversion für Assistenten zum Erstellen eines Volumes: Datei nicht gefunden
Assistent zum Erstellen eines Volumes von einer vorhandenen Festplatte - Version: 7.8.0.1013
Sprachressourcenversion des Assistenten zum Erstellen eines Volumes von einer vorhandener Festplatte:  Datei nicht gefunden
Assistent zum Bearbeiten des Volumes - Version: 7.8.0.1013
Sprachressourcenversion des Assistenten zum Bearbeiten des Volumes: Datei nicht gefunden
Assistent zum Löschen eines Volumes - Version: 7.8.0.1013
Sprachressourcenversion des Assistenten zum Löschen eines Volumes:  Datei nicht gefunden
ISDI Bibliothek Version: 7.8.0.1013
Version 7.8.0.1013 des Benutzerbenachrichtigungstools des Event Monitor
Sprachressourcenversion des Benutzerbenachrichtigungstools des Event Monitor:  Datei nicht gefunden
Event Monitor - Version: 7.8.0.1013
 
Festplatte 0
Verwendung: Unbekannte Festplattenverwendung
Status: Normal
Geräteanschluss: 0
Geräteanschlussposition: Intern
Aktueller Serial ATA-Übertragungsmodus: Generation 2
Modell: WDC WD3200BEVT-22ZCT0
Seriennummer: WD-WXH208622839
Firmware: 11.01A11
Native Command Queuing-Unterstützung: Ja
Systemfestplatte: Ja
Gesamtgröße: 298 GB
Physische Sektorgröße: 512 Byte
Logische Sektorgröße: 512 Byte
 
Unbelegter Anschluss 0
Geräteanschluss: 1
Geräteanschlussposition: Intern
 
Unbelegter Anschluss 1
Geräteanschluss: 2
Geräteanschlussposition: Intern

Record Number: 82329
Source Name: IAANTmon
Time Written: 20090817165535.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: jones-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		JONES-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-20
	Kontoname:		NETZWERKDIENST
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e4
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2c4
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 86692
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210172819.867020-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: jones-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 86691
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210172819.679819-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: jones-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		JONES-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			5

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x2c4
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Arbeitsstationsname:	
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		Advapi  
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 86690
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210172819.679819-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: jones-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		JONES-PC$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2c4
	Prozessname:		C:\Windows\System32\services.exe

Netzwerkinformationen:
	Netzwerkadresse:	-
	Port:			-

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 86689
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210172819.679819-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: jones-PC
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

	Anzahl von Elementen:	0
	Richtlinienkennung:	0x1912a
Record Number: 86688
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091210172819.648618-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE

-----------------EOF-----------------

[jazzb6p]

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  16.08.2010 11:42     C:\rsit --------- 0   
  16.08.2010 11:32     C:\Program Files --------- 24576   
  16.08.2010 11:27     C:\System Volume Information --------- 20480   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  15.08.2010 22:01     C:\ProgramData --------- 8192   
  11.07.2010 00:02     C:\Windows --------- 32768   
  23.05.2010 18:13     C:\Downloads --------- 0   
  14.05.2010 18:20     C:\crashAddress.txt --------- 1667   
  12.02.2010 16:51     C:\Boot --------- 4096   
  13.12.2009 21:47     C:\RECYCLER --------- 4096   
  11.04.2009 08:36     C:\bootmgr --------- 333257   
  14.12.2008 17:27     C:\MCEDS.log --------- 91   
  14.12.2008 17:27     C:\SDMA.log --------- 90   
  14.12.2008 17:26     C:\PMovie.log --------- 91   
  14.12.2008 17:26     C:\PowerDV.log --------- 437   
  14.12.2008 17:26     C:\MDR.log --------- 91   
  14.12.2008 17:26     C:\MDisc.log --------- 91   
  21.11.2008 19:42     C:\My Shared Folder --------- 0   
  20.11.2008 17:56     C:\BDELog.txt --------- 525   
  11.10.2008 15:26     C:\MSDOS.SYS --------- 0   
  11.10.2008 15:26     C:\IO.SYS --------- 0   
  06.05.2008 21:39     C:\$RECYCLE.BIN --------- 0   
  06.05.2008 21:39     C:\Acer --------- 4096   
  06.05.2008 21:39     C:\Users --------- 4096   
  06.05.2008 21:38     C:\Programme --------- 0   
  06.05.2008 21:38     C:\Dokumente und Einstellungen --------- 0   
  20.03.2008 19:43     C:\DRV --------- 4096   
  20.03.2008 11:01     C:\CLSetup --------- 0   
  20.03.2008 11:01     C:\Medion.ini --------- 20   
  20.03.2008 10:58     C:\Partition.txt --------- 60   
  19.02.2008 04:44     C:\BOOTSECT.BAK --------- 8192   
  19.02.2008 04:43     C:\Book --------- 0   
  18.02.2008 22:37     C:\Convesoft --------- 0   
  18.02.2008 21:52     C:\setup.log --------- 86   
  18.02.2008 21:52     C:\TEM --------- 0   
  18.02.2008 21:15     C:\RHDSetup.log --------- 426   
  18.02.2008 21:10     C:\Intel --------- 0   
  21.01.2008 04:32     C:\PerfLogs --------- 0   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  18.09.2006 23:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  16.08.2010 11:26     C:\Windows\WindowsUpdate.log --------- 1528062   
  16.08.2010 11:21     C:\Windows\bootstat.dat --------- 67584   
  16.08.2010 01:26     C:\Windows\bthservsdp.dat --------- 12   
  15.08.2010 19:11     C:\Windows\PFRO.log --------- 5283102   
  10.06.2010 17:03     C:\Windows\setupact.log --------- 154833   
  09.05.2010 14:14     C:\Windows\DirectX.log --------- 121342   
  27.01.2010 20:40     C:\Windows\cdplayer.ini --------- 25   
  18.01.2010 00:10     C:\Windows\msxml4-KB973688-enu.LOG --------- 279442   
  15.01.2010 22:32     C:\Windows\ODBC.INI --------- 400   
  15.01.2010 22:32     C:\Windows\ODBCINST.INI --------- 1471   
  08.09.2009 17:25     C:\Windows\ie8_main.log --------- 2084   
  28.04.2009 15:52     C:\Windows\Menu.INI --------- 32   
  11.04.2009 08:27     C:\Windows\explorer.exe --------- 2926592   
  13.11.2008 19:32     C:\Windows\msxml4-KB954430-enu.LOG --------- 281344   
  11.10.2008 15:28     C:\Windows\_detmp.1 --------- 199713   
  24.06.2008 20:20     C:\Windows\MEMORY.DMP --------- 343722561   
  06.05.2008 22:07     C:\Windows\msxml4-KB936181-enu.LOG --------- 256168   
  06.05.2008 21:39     C:\Windows\Patch.log --------- 4563   
  06.05.2008 21:39     C:\Windows\MORChangeID.LOG --------- 84   
  20.03.2008 19:43     C:\Windows\CLEANUP.CMD --------- 1746   
  20.03.2008 19:43     C:\Windows\AFirst.cmd --------- 3   
  20.03.2008 11:15     C:\Windows\DtcInstall.log --------- 4506   
  20.03.2008 11:13     C:\Windows\MBRWR.LOG --------- 62   
  20.03.2008 11:10     C:\Windows\GridV.UNI --------- 92   
  20.03.2008 11:04     C:\Windows\DPINST.LOG --------- 20540   
  20.03.2008 10:55     C:\Windows\BCDCFG.LOG --------- 1553   
  20.03.2008 10:50     C:\Windows\TSSysprep.log --------- 3652   
  18.02.2008 21:15     C:\Windows\DIFxAPI.dll --------- 319456   
  18.02.2008 21:14     C:\Windows\HideWin.exe --------- 315392   
  18.02.2008 21:09     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 15450112   
  18.02.2008 21:09     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 49152   
  18.02.2008 21:09     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 16384   
  14.02.2008 05:01     C:\Windows\csup.txt --------- 10   
  10.02.2008 13:53     C:\Windows\eRy.exe --------- 17730504   
  24.01.2008 04:29     C:\Windows\RtDefLvl.ini --------- 1132   
  24.01.2008 04:29     C:\Windows\SetSpkDefault.exe --------- 65536   
  24.01.2008 04:29     C:\Windows\RtHDVCpl.exe --------- 4702208   
  24.01.2008 04:29     C:\Windows\SkyTel.exe --------- 1826816   
  24.01.2008 04:29     C:\Windows\RtlExUpd.dll --------- 520192   
  24.01.2008 04:29     C:\Windows\RtlUpd.exe --------- 1191936   
  21.01.2008 04:43     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 04:24     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 04:24     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 04:24     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 04:24     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 04:23     C:\Windows\notepad.exe --------- 151040   
  10.01.2008 05:44     C:\Windows\GVUni.exe --------- 199176   
  03.12.2007 09:11     C:\Windows\UNINST32.EXE --------- 207368   
  05.07.2007 12:35     C:\Windows\PLFSetL.exe --------- 94208   
  28.06.2007 09:18     C:\Windows\PidList.ini --------- 131   
  26.04.2007 17:02     C:\Windows\offline.reg --------- 294   
  25.04.2007 14:47     C:\Windows\PLFSet.dll --------- 45056   
  29.03.2007 14:11     C:\Windows\BtwIEProxy.exe --------- 285488   
  15.01.2007 14:28     C:\Windows\ACERTOURREMINDERRUN.REG --------- 336   
  02.11.2006 15:04     C:\Windows\win.ini --------- 144   
  02.11.2006 14:52     C:\Windows\setuperr.log --------- 0   
  02.11.2006 14:47     C:\Windows\SETUPAPI.LOG --------- 94   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  19.09.2006 09:49     C:\Windows\HomePremium_X86_DE_SP1.ID --------- 14   
  18.09.2006 23:46     C:\Windows\system.ini --------- 219   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  01.10.2004 22:32     C:\Windows\CLEANUP.INI --------- 92   
  14.06.2004 02:24     C:\Windows\SetPanel.ini --------- 30   
  22.05.2003 00:50     C:\Windows\WMSysPr8.prx --------- 156910   
  14.11.2002 16:32     C:\Windows\devcon.exe --------- 55808   
  17.11.1998 13:44     C:\Windows\IsUn0407.exe --------- 328704   
----------------------------------------

 
C:\Windows\System

 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 16.08.2010 11:39     C:\Windows\system32\Tasks --------- 8192  
 16.08.2010 11:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 16.08.2010 11:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3216  
 15.08.2010 19:19     C:\Windows\system32\FNTCACHE.DAT --------- 324600  
 15.08.2010 19:12     C:\Windows\system32\migration --------- 8192  
 15.08.2010 19:12     C:\Windows\system32\drivers --------- 73728  
 15.08.2010 12:20     C:\Windows\system32\catroot --------- 4096  
 15.08.2010 12:20     C:\Windows\system32\catroot2 --------- 12288  
 03.08.2010 20:09     C:\Windows\system32\mrt.exe --------- 35962312  
 26.07.2010 17:51     C:\Windows\system32\shell32.dll --------- 11584512  
 23.07.2010 02:37     C:\Windows\system32\TubeFinder.exe --------- 311296  
 10.07.2010 23:57     C:\Windows\system32\x64 --------- 0  
 29.06.2010 05:38     C:\Windows\system32\config --------- 12288  
 29.06.2010 05:37     C:\Windows\system32\spool --------- 4096  
 29.06.2010 05:37     C:\Windows\system32\Msdtc --------- 4096  
 29.06.2010 05:37     C:\Windows\system32\wbem --------- 73728  
 29.06.2010 00:44     C:\Windows\system32\rmoc3260.dll --------- 185920  
 29.06.2010 00:44     C:\Windows\system32\pndx5032.dll --------- 5632  
 29.06.2010 00:44     C:\Windows\system32\pndx5016.dll --------- 6656  
 29.06.2010 00:43     C:\Windows\system32\pncrt.dll --------- 278528  
 26.06.2010 08:05     C:\Windows\system32\wininet.dll --------- 916480  
 26.06.2010 08:05     C:\Windows\system32\urlmon.dll --------- 1210368  
 26.06.2010 08:04     C:\Windows\system32\occache.dll --------- 206848  
 26.06.2010 08:03     C:\Windows\system32\mstime.dll --------- 611840  
 26.06.2010 08:03     C:\Windows\system32\mshtml.dll --------- 5951488  
 26.06.2010 08:03     C:\Windows\system32\msfeeds.dll --------- 599040  
 26.06.2010 08:03     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 26.06.2010 08:02     C:\Windows\system32\jsproxy.dll --------- 25600  
 26.06.2010 08:02     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 26.06.2010 08:02     C:\Windows\system32\ieui.dll --------- 164352  
 26.06.2010 08:02     C:\Windows\system32\iesysprep.dll --------- 109056  
 26.06.2010 08:02     C:\Windows\system32\iesetup.dll --------- 71680  
 26.06.2010 08:02     C:\Windows\system32\iertutil.dll --------- 1986560  
 26.06.2010 08:02     C:\Windows\system32\iernonce.dll --------- 55808  
 26.06.2010 08:02     C:\Windows\system32\iepeers.dll --------- 184320  
 26.06.2010 08:02     C:\Windows\system32\ieframe.dll --------- 11077120  
 26.06.2010 08:02     C:\Windows\system32\iedkcs32.dll --------- 387584  
 26.06.2010 06:25     C:\Windows\system32\ieUnatt.exe --------- 133632  
 26.06.2010 06:24     C:\Windows\system32\ie4uinit.exe --------- 173056  
 26.06.2010 06:24     C:\Windows\system32\msfeedssync.exe --------- 13312  
 26.06.2010 06:23     C:\Windows\system32\mshtml.tlb --------- 1638912  
 21.06.2010 15:37     C:\Windows\system32\win32k.sys --------- 2037760  
 18.06.2010 19:31     C:\Windows\system32\rtutils.dll --------- 36864  
 15.06.2010 20:24     C:\Windows\system32\LogFiles --------- 0  
 11.06.2010 18:16     C:\Windows\system32\schannel.dll --------- 274944  
 11.06.2010 18:15     C:\Windows\system32\msxml3.dll --------- 1248768  
 08.06.2010 19:35     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 08.06.2010 19:35     C:\Windows\system32\ntkrnlpa.exe --------- 3600768  
 27.05.2010 22:08     C:\Windows\system32\iccvid.dll --------- 81920  
 26.05.2010 19:06     C:\Windows\system32\atmlib.dll --------- 34304  
 26.05.2010 16:47     C:\Windows\system32\atmfd.dll --------- 289792  
 26.05.2010 15:14     C:\Windows\system32\de-DE --------- 528384  
 23.05.2010 21:09     C:\Windows\system32\jupdate-1.6.0_20-b02.log --------- 3188  
 21.05.2010 14:14     C:\Windows\system32\MpSigStub.exe --------- 221568  
 27.04.2010 00:04     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592  
 23.04.2010 16:13     C:\Windows\system32\tzres.dll --------- 2048  
 12.04.2010 17:29     C:\Windows\system32\javaws.exe --------- 153376  
 12.04.2010 17:29     C:\Windows\system32\javaw.exe --------- 145184  
 12.04.2010 17:29     C:\Windows\system32\java.exe --------- 145184  
 12.04.2010 17:29     C:\Windows\system32\deployJava1.dll --------- 411368  
 05.04.2010 19:01     C:\Windows\system32\asycfilt.dll --------- 67072  
 30.03.2010 22:46     C:\Windows\system32\jupdate-1.6.0_19-b04.log --------- 4394  
 10.03.2010 21:29     C:\Windows\system32\dpl100.dll --------- 94208  
 05.03.2010 16:01     C:\Windows\system32\vbscript.dll --------- 420352  
 21.02.2010 01:06     C:\Windows\system32\nshhttp.dll --------- 24064  
 21.02.2010 01:05     C:\Windows\system32\httpapi.dll --------- 30720  
 19.02.2010 21:27     C:\Windows\system32\DivX.dll --------- 720384  
 19.02.2010 21:27     C:\Windows\system32\divx_xx07.dll --------- 856064  
 19.02.2010 21:27     C:\Windows\system32\divx_xx11.dll --------- 839680  
 19.02.2010 21:27     C:\Windows\system32\divx_xx0a.dll --------- 847872  
 19.02.2010 21:27     C:\Windows\system32\divx_xx16.dll --------- 843776  
 19.02.2010 21:27     C:\Windows\system32\divx_xx0c.dll --------- 856064  
 18.02.2010 15:30     C:\Windows\system32\iphlpsvc.dll --------- 200704  
 13.02.2010 12:15     C:\Windows\system32\Adobe --------- 0  
 12.02.2010 16:43     C:\Windows\system32\perfc007.dat --------- 9808  
 12.02.2010 16:43     C:\Windows\system32\perfh007.dat --------- 24826  
 12.02.2010 16:43     C:\Windows\system32\PerfStringBackup.INI --------- 25780  
 12.02.2010 16:34     C:\Windows\system32\ca-ES --------- 0  
 12.02.2010 16:34     C:\Windows\system32\lv-LV --------- 0  
 12.02.2010 16:34     C:\Windows\system32\XPSViewer --------- 4096  
 12.02.2010 16:34     C:\Windows\system32\da-DK --------- 0  
 12.02.2010 16:34     C:\Windows\system32\hr-HR --------- 0  
 12.02.2010 16:34     C:\Windows\system32\sk-SK --------- 0  
 12.02.2010 16:34     C:\Windows\system32\et-EE --------- 0  
 12.02.2010 16:34     C:\Windows\system32\ko-KR --------- 0  
 12.02.2010 16:34     C:\Windows\system32\en-US --------- 8192  
 12.02.2010 16:34     C:\Windows\system32\it-IT --------- 0  
 12.02.2010 16:34     C:\Windows\system32\el-GR --------- 0  
 12.02.2010 16:34     C:\Windows\system32\oobe --------- 4096  
 12.02.2010 16:34     C:\Windows\system32\AdvancedInstallers --------- 4096  
 12.02.2010 16:34     C:\Windows\system32\eu-ES --------- 0  
 12.02.2010 16:34     C:\Windows\system32\ru-RU --------- 0  
 12.02.2010 16:34     C:\Windows\system32\sv-SE --------- 0  
 12.02.2010 16:34     C:\Windows\system32\fr-FR --------- 0  
 12.02.2010 16:34     C:\Windows\system32\he-IL --------- 0  
 12.02.2010 16:34     C:\Windows\system32\fi-FI --------- 0  
 12.02.2010 16:34     C:\Windows\system32\setup --------- 4096  
 12.02.2010 16:34     C:\Windows\system32\cs-CZ --------- 0  
 12.02.2010 16:34     C:\Windows\system32\hu-HU --------- 0  
 12.02.2010 16:34     C:\Windows\system32\pt-PT --------- 0  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 16.08.2010 11:53     C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job --------- 286  
 16.08.2010 11:52     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1094  
 16.08.2010 11:50     C:\Windows\Tasks\User_Feed_Synchronization-{92920DEF-B77C-4A90-A488-46460ADB4D57}.job --------- 418  
 16.08.2010 11:27     C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job --------- 286  
 16.08.2010 11:21     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1090  
 16.08.2010 11:21     C:\Windows\Tasks\SA.DAT --------- 6  
 16.08.2010 01:26     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32558  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\jones\AppData\Local\Temp

 16.08.2010 11:53     C:\Users\jones\AppData\Local\Temp\Rar$DI00.162 --------- 0  
 16.08.2010 11:27     C:\Users\jones\AppData\Local\Temp\jusched.log --------- 95675  
 16.08.2010 11:27     C:\Users\jones\AppData\Local\Temp\plugtmp-17 --------- 0  
 16.08.2010 11:22     C:\Users\jones\AppData\Local\Temp\divFB4E.tmp --------- 0  
 16.08.2010 11:22     C:\Users\jones\AppData\Local\Temp\WPDNSE --------- 0  
 16.08.2010 11:22     C:\Users\jones\AppData\Local\Temp\jones.bmp --------- 31832  
 16.08.2010 01:00     C:\Users\jones\AppData\Local\Temp\div8A54.tmp --------- 0  
 15.08.2010 22:47     C:\Users\jones\AppData\Local\Temp\hsperfdata_jones --------- 0  
 15.08.2010 21:16     C:\Users\jones\AppData\Local\Temp\wmplog01.sqm --------- 1586  
 15.08.2010 21:07     C:\Users\jones\AppData\Local\Temp\wmplog00.sqm --------- 9650  
 15.08.2010 19:37     C:\Users\jones\AppData\Local\Temp\Obh.exe --------- 188416  
 15.08.2010 19:37     C:\Users\jones\AppData\Local\Temp\Obg.exe --------- 199680  
 15.08.2010 19:37     C:\Users\jones\AppData\Local\Temp\sshnas21.dll --------- 241664  
 15.08.2010 19:37     C:\Users\jones\AppData\Local\Temp\Obf.exe --------- 311808  
 15.08.2010 19:20     C:\Users\jones\AppData\Local\Temp\div9E22.tmp --------- 0  
 15.08.2010 16:37     C:\Users\jones\AppData\Local\Temp\divC82E.tmp --------- 0  
 15.08.2010 16:31     C:\Users\jones\AppData\Local\Temp\x28r5rmp.bmp --------- 97254  
 15.08.2010 16:30     C:\Users\jones\AppData\Local\Temp\plugtmp-16 --------- 0  
 15.08.2010 15:26     C:\Users\jones\AppData\Local\Temp\D2E9.dir --------- 0  
 15.08.2010 15:26     C:\Users\jones\AppData\Local\Temp\D2E9.tmp --------- 0  
 15.08.2010 15:22     C:\Users\jones\AppData\Local\Temp\div536C.tmp --------- 0  
 15.08.2010 14:58     C:\Users\jones\AppData\Local\Temp\plugtmp-15 --------- 0  
 15.08.2010 12:15     C:\Users\jones\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 740  
 15.08.2010 12:15     C:\Users\jones\AppData\Local\Temp\AUCHECK_CORE.txt --------- 3020  
 15.08.2010 12:11     C:\Users\jones\AppData\Local\Temp\divB72D.tmp --------- 0  
 14.08.2010 12:15     C:\Users\jones\AppData\Local\Temp\div8E4A.tmp --------- 0  
 13.08.2010 18:34     C:\Users\jones\AppData\Local\Temp\divA1AB.tmp --------- 0  
 13.08.2010 18:29     C:\Users\jones\AppData\Local\Temp\div9720.tmp --------- 0  
 13.08.2010 01:13     C:\Users\jones\AppData\Local\Temp\div7261.tmp --------- 0  
 12.08.2010 22:11     C:\Users\jones\AppData\Local\Temp\divB846.tmp --------- 0  
 12.08.2010 18:29     C:\Users\jones\AppData\Local\Temp\div48B2.tmp --------- 0  
 12.08.2010 12:14     C:\Users\jones\AppData\Local\Temp\div8852.tmp --------- 0  
 12.08.2010 09:32     C:\Users\jones\AppData\Local\Temp\div9AF7.tmp --------- 0  
 12.08.2010 01:18     C:\Users\jones\AppData\Local\Temp\div902D.tmp --------- 0  
 11.08.2010 23:34     C:\Users\jones\AppData\Local\Temp\div8B0F.tmp --------- 0  
 11.08.2010 19:09     C:\Users\jones\AppData\Local\Temp\div93C6.tmp --------- 0  
 11.08.2010 17:15     C:\Users\jones\AppData\Local\Temp\div90AA.tmp --------- 0  
 10.08.2010 23:22     C:\Users\jones\AppData\Local\Temp\div977D.tmp --------- 0  
 10.08.2010 21:05     C:\Users\jones\AppData\Local\Temp\div9491.tmp --------- 0  
 10.08.2010 17:27     C:\Users\jones\AppData\Local\Temp\div9819.tmp --------- 0  
 10.08.2010 16:36     C:\Users\jones\AppData\Local\Temp\div9E12.tmp --------- 0  
 10.08.2010 13:28     C:\Users\jones\AppData\Local\Temp\div9636.tmp --------- 0  
 10.08.2010 12:42     C:\Users\jones\AppData\Local\Temp\div9471.tmp --------- 0  
 09.08.2010 21:32     C:\Users\jones\AppData\Local\Temp\div8F82.tmp --------- 0  
 09.08.2010 19:53     C:\Users\jones\AppData\Local\Temp\divC457.tmp --------- 0  
 09.08.2010 14:14     C:\Users\jones\AppData\Local\Temp\divD0C5.tmp --------- 0  
 08.08.2010 14:01     C:\Users\jones\AppData\Local\Temp\div92CC.tmp --------- 0  
 08.08.2010 12:16     C:\Users\jones\AppData\Local\Temp\div94EE.tmp --------- 0  
 08.08.2010 02:04     C:\Users\jones\AppData\Local\Temp\div950D.tmp --------- 0  
 08.08.2010 01:45     C:\Users\jones\AppData\Local\Temp\div96B3.tmp --------- 0  
 08.08.2010 01:24     C:\Users\jones\AppData\Local\Temp\div8B4D.tmp --------- 0  
 07.08.2010 21:02     C:\Users\jones\AppData\Local\Temp\div9211.tmp --------- 0  
 07.08.2010 18:51     C:\Users\jones\AppData\Local\Temp\div8E79.tmp --------- 0  
 07.08.2010 12:34     C:\Users\jones\AppData\Local\Temp\div2461.tmp --------- 0  
 06.08.2010 21:49     C:\Users\jones\AppData\Local\Temp\div87D6.tmp --------- 0  
 06.08.2010 11:05     C:\Users\jones\AppData\Local\Temp\div9990.tmp --------- 0  
 05.08.2010 21:03     C:\Users\jones\AppData\Local\Temp\div8150.tmp --------- 0  
 05.08.2010 16:27     C:\Users\jones\AppData\Local\Temp\div96F1.tmp --------- 0  
 05.08.2010 13:19     C:\Users\jones\AppData\Local\Temp\dd_vcredistUI0774.txt --------- 11466  
 05.08.2010 13:19     C:\Users\jones\AppData\Local\Temp\dd_vcredistMSI0774.txt --------- 435426  
 05.08.2010 12:47     C:\Users\jones\AppData\Local\Temp\{20f5050e-0f2e-402c-9884-03646835a231} --------- 0  
 05.08.2010 11:57     C:\Users\jones\AppData\Local\Temp\div9B16.tmp --------- 0  
 05.08.2010 00:21     C:\Users\jones\AppData\Local\Temp\CdMkr70.ini --------- 2729  
 04.08.2010 23:43     C:\Users\jones\AppData\Local\Temp\{7968A623-1AA1-4BE1-9E29-377084D1228E} --------- 4096  
 04.08.2010 22:14     C:\Users\jones\AppData\Local\Temp\divD93E.tmp --------- 0  
 04.08.2010 21:22     C:\Users\jones\AppData\Local\Temp\div9BE1.tmp --------- 0  
 30.07.2010 00:29     C:\Users\jones\AppData\Local\Temp\Low --------- 0  
 29.07.2010 23:40     C:\Users\jones\AppData\Local\Temp\div87D5.tmp --------- 0  
 29.07.2010 21:13     C:\Users\jones\AppData\Local\Temp\div85A3.tmp --------- 0  
 29.07.2010 20:42     C:\Users\jones\AppData\Local\Temp\div8C76.tmp --------- 0  
 29.07.2010 20:10     C:\Users\jones\AppData\Local\Temp\div8352.tmp --------- 0  
 29.07.2010 18:50     C:\Users\jones\AppData\Local\Temp\div9185.tmp --------- 0  
 29.07.2010 17:04     C:\Users\jones\AppData\Local\Temp\div86BB.tmp --------- 0  
 29.07.2010 14:37     C:\Users\jones\AppData\Local\Temp\div861F.tmp --------- 0  
 29.07.2010 14:13     C:\Users\jones\AppData\Local\Temp\div96E1.tmp --------- 0  
 29.07.2010 12:07     C:\Users\jones\AppData\Local\Temp\divC985.tmp --------- 0  
 28.07.2010 20:16     C:\Users\jones\AppData\Local\Temp\div8E1B.tmp --------- 0  
 28.07.2010 19:06     C:\Users\jones\AppData\Local\Temp\div83DF.tmp --------- 0  
 28.07.2010 15:24     C:\Users\jones\AppData\Local\Temp\div8B00.tmp --------- 0  
 28.07.2010 15:21     C:\Users\jones\AppData\Local\Temp\div90F8.tmp --------- 0  
 28.07.2010 09:51     C:\Users\jones\AppData\Local\Temp\div8610.tmp --------- 0  
 27.07.2010 21:54     C:\Users\jones\AppData\Local\Temp\div84E7.tmp --------- 0  
 27.07.2010 18:59     C:\Users\jones\AppData\Local\Temp\div8583.tmp --------- 0  
 27.07.2010 18:25     C:\Users\jones\AppData\Local\Temp\div90C9.tmp --------- 0  
 27.07.2010 15:28     C:\Users\jones\AppData\Local\Temp\divB4CD.tmp --------- 0  
 27.07.2010 13:03     C:\Users\jones\AppData\Local\Temp\div8D6F.tmp --------- 0  
 27.07.2010 01:24     C:\Users\jones\AppData\Local\Temp\divC744.tmp --------- 0  
 26.07.2010 12:31     C:\Users\jones\AppData\Local\Temp\div8757.tmp --------- 0  
 25.07.2010 23:54     C:\Users\jones\AppData\Local\Temp\divE906.tmp --------- 0  
 25.07.2010 13:39     C:\Users\jones\AppData\Local\Temp\div21B2.tmp --------- 0  
 24.07.2010 18:52     C:\Users\jones\AppData\Local\Temp\div9433.tmp --------- 0  
 24.07.2010 13:47     C:\Users\jones\AppData\Local\Temp\div8600.tmp --------- 0  
 24.07.2010 12:07     C:\Users\jones\AppData\Local\Temp\div975E.tmp --------- 0  
 24.07.2010 03:43     C:\Users\jones\AppData\Local\Temp\~DF2D9F.tmp --------- 16384  
 24.07.2010 03:43     C:\Users\jones\AppData\Local\Temp\~DFE111.tmp --------- 278528  
 24.07.2010 01:56     C:\Users\jones\AppData\Local\Temp\~DF2D76.tmp --------- 278528  
 24.07.2010 01:44     C:\Users\jones\AppData\Local\Temp\divC7E1.tmp --------- 0  
 23.07.2010 19:08     C:\Users\jones\AppData\Local\Temp\divA717.tmp --------- 0  
 23.07.2010 15:05     C:\Users\jones\AppData\Local\Temp\~DF1F73.tmp --------- 16384  
 23.07.2010 15:04     C:\Users\jones\AppData\Local\Temp\~DFB028.tmp --------- 16384  
 23.07.2010 15:04     C:\Users\jones\AppData\Local\Temp\~DF1BEB.tmp --------- 278528  
 23.07.2010 15:03     C:\Users\jones\AppData\Local\Temp\~DFD3B9.tmp --------- 278528  
 23.07.2010 13:34     C:\Users\jones\AppData\Local\Temp\div1EE5.tmp --------- 0  
 23.07.2010 11:29     C:\Users\jones\AppData\Local\Temp\divB8B3.tmp --------- 0  
 23.07.2010 00:04     C:\Users\jones\AppData\Local\Temp\Cookies --------- 0  
 23.07.2010 00:04     C:\Users\jones\AppData\Local\Temp\divB1A2.tmp --------- 0  
 22.07.2010 22:22     C:\Users\jones\AppData\Local\Temp\divB23E.tmp --------- 0  
 22.07.2010 19:04     C:\Users\jones\AppData\Local\Temp\div9951.tmp --------- 0  
 22.07.2010 16:32     C:\Users\jones\AppData\Local\Temp\div8249.tmp --------- 0  
 22.07.2010 12:38     C:\Users\jones\AppData\Local\Temp\div9F2B.tmp --------- 0  
 22.07.2010 09:38     C:\Users\jones\AppData\Local\Temp\div82C5.tmp --------- 0  
 22.07.2010 00:16     C:\Users\jones\AppData\Local\Temp\div8D13.tmp --------- 0  
 21.07.2010 19:46     C:\Users\jones\AppData\Local\Temp\div9D67.tmp --------- 0  
 21.07.2010 17:46     C:\Users\jones\AppData\Local\Temp\divCFBC.tmp --------- 0  
 21.07.2010 10:12     C:\Users\jones\AppData\Local\Temp\div9D38.tmp --------- 0  
 21.07.2010 08:08     C:\Users\jones\AppData\Local\Temp\div8BF9.tmp --------- 0  
 21.07.2010 00:39     C:\Users\jones\AppData\Local\Temp\div9A7A.tmp --------- 0  
 21.07.2010 00:31     C:\Users\jones\AppData\Local\Temp\plugtmp-14 --------- 0  
 20.07.2010 18:41     C:\Users\jones\AppData\Local\Temp\divA025.tmp --------- 0  
 20.07.2010 15:27     C:\Users\jones\AppData\Local\Temp\div90E9.tmp --------- 0  
 20.07.2010 13:13     C:\Users\jones\AppData\Local\Temp\div980A.tmp --------- 0  
 20.07.2010 11:27     C:\Users\jones\AppData\Local\Temp\divC7E0.tmp --------- 0  
 20.07.2010 11:04     C:\Users\jones\AppData\Local\Temp\div226E.tmp --------- 0  
 20.07.2010 09:13     C:\Users\jones\AppData\Local\Temp\divF22A.tmp --------- 0  
 19.07.2010 23:39     C:\Users\jones\AppData\Local\Temp\MSI5a327.LOG --------- 324  
 19.07.2010 23:39     C:\Users\jones\AppData\Local\Temp\java_install_sp.log --------- 2009  
 19.07.2010 23:38     C:\Users\jones\AppData\Local\Temp\jinstall.cfg --------- 1217  
 19.07.2010 22:06     C:\Users\jones\AppData\Local\Temp\div92BD.tmp --------- 0  
 19.07.2010 18:21     C:\Users\jones\AppData\Local\Temp\div87F3.tmp --------- 0  
 19.07.2010 18:16     C:\Users\jones\AppData\Local\Temp\plugtmp-13 --------- 0  
 19.07.2010 18:01     C:\Users\jones\AppData\Local\Temp\div9EAE.tmp --------- 0  
 19.07.2010 16:04     C:\Users\jones\AppData\Local\Temp\divE0FB.tmp --------- 0  
 19.07.2010 14:12     C:\Users\jones\AppData\Local\Temp\div9137.tmp --------- 0  
 19.07.2010 10:23     C:\Users\jones\AppData\Local\Temp\divA469.tmp --------- 0  
 19.07.2010 10:22     C:\Users\jones\AppData\Local\Temp\div95C9.tmp --------- 0  
 18.07.2010 23:25     C:\Users\jones\AppData\Local\Temp\div8FFF.tmp --------- 0  
 18.07.2010 20:49     C:\Users\jones\AppData\Local\Temp\div889F.tmp --------- 0  
 18.07.2010 17:52     C:\Users\jones\AppData\Local\Temp\div139F.tmp --------- 0  
 18.07.2010 10:28     C:\Users\jones\AppData\Local\Temp\div9A0D.tmp --------- 0  
 18.07.2010 00:15     C:\Users\jones\AppData\Local\Temp\div5FAC.tmp --------- 0  
 17.07.2010 19:24     C:\Users\jones\AppData\Local\Temp\plugtmp-12 --------- 0  
 17.07.2010 19:14     C:\Users\jones\AppData\Local\Temp\div904D.tmp --------- 0  
 17.07.2010 16:16     C:\Users\jones\AppData\Local\Temp\div8EC7.tmp --------- 0  
 17.07.2010 13:47     C:\Users\jones\AppData\Local\Temp\divAE29.tmp --------- 0  
 17.07.2010 13:36     C:\Users\jones\AppData\Local\Temp\div956B.tmp --------- 0  
 17.07.2010 10:50     C:\Users\jones\AppData\Local\Temp\div7C50.tmp --------- 0  
 16.07.2010 21:10     C:\Users\jones\AppData\Local\Temp\div8803.tmp --------- 0  
 16.07.2010 11:30     C:\Users\jones\AppData\Local\Temp\div94BF.tmp --------- 0  
 16.07.2010 11:18     C:\Users\jones\AppData\Local\Temp\divD557.tmp --------- 0  
 16.07.2010 10:39     C:\Users\jones\AppData\Local\Temp\div8CC4.tmp --------- 0  
 15.07.2010 11:50     C:\Users\jones\AppData\Local\Temp\div8DCD.tmp --------- 0  
 15.07.2010 09:08     C:\Users\jones\AppData\Local\Temp\divB26D.tmp --------- 0  
 14.07.2010 22:26     C:\Users\jones\AppData\Local\Temp\divB569.tmp --------- 0  
 14.07.2010 20:20     C:\Users\jones\AppData\Local\Temp\divA478.tmp --------- 0  
 14.07.2010 19:29     C:\Users\jones\AppData\Local\Temp\divA801.tmp --------- 0  
 14.07.2010 13:26     C:\Users\jones\AppData\Local\Temp\sqlite_042kXd97gOGKI5B --------- 0  
 14.07.2010 09:10     C:\Users\jones\AppData\Local\Temp\div7389.tmp --------- 0  
 14.07.2010 00:07     C:\Users\jones\AppData\Local\Temp\divC495.tmp --------- 0  
 13.07.2010 22:06     C:\Users\jones\AppData\Local\Temp\div3967.tmp --------- 0  
 13.07.2010 22:00     C:\Users\jones\AppData\Local\Temp\divB47F.tmp --------- 0  
 13.07.2010 21:38     C:\Users\jones\AppData\Local\Temp\~DFF07D.tmp --------- 16384  
 13.07.2010 21:38     C:\Users\jones\AppData\Local\Temp\~DFAD3F.tmp --------- 16384  
 13.07.2010 21:37     C:\Users\jones\AppData\Local\Temp\~DF3251.tmp --------- 278528  
 13.07.2010 21:25     C:\Users\jones\AppData\Local\Temp\divCC05.tmp --------- 0  
 13.07.2010 13:26     C:\Users\jones\AppData\Local\Temp\div8FA1.tmp --------- 0  
 13.07.2010 09:07     C:\Users\jones\AppData\Local\Temp\divCB3A.tmp --------- 0  
 13.07.2010 01:51     C:\Users\jones\AppData\Local\Temp\div9A89.tmp --------- 0  
 12.07.2010 14:05     C:\Users\jones\AppData\Local\Temp\audacity_temp --------- 0  
 12.07.2010 13:59     C:\Users\jones\AppData\Local\Temp\div7EEF.tmp --------- 0  
 12.07.2010 11:12     C:\Users\jones\AppData\Local\Temp\div82B6.tmp --------- 0  
 11.07.2010 23:48     C:\Users\jones\AppData\Local\Temp\div7DF5.tmp --------- 0  
 11.07.2010 18:05     C:\Users\jones\AppData\Local\Temp\div83CF.tmp --------- 0  
 11.07.2010 17:11     C:\Users\jones\AppData\Local\Temp\div7EC0.tmp --------- 0  
 11.07.2010 10:54     C:\Users\jones\AppData\Local\Temp\div83A1.tmp --------- 0  
 11.07.2010 00:02     C:\Users\jones\AppData\Local\Temp\divC013.tmp --------- 0  
 10.07.2010 23:58     C:\Users\jones\AppData\Local\Temp\{7DD9DB1C-0E58-467C-9152-EA4128F13EF1} --------- 0  
 10.07.2010 23:22     C:\Users\jones\AppData\Local\Temp\div81EB.tmp --------- 0  
 09.07.2010 22:53     C:\Users\jones\AppData\Local\Temp\div58F8.tmp --------- 0  
 09.07.2010 16:13     C:\Users\jones\AppData\Local\Temp\sqlite_82FmiNC0pzC5DCV --------- 0  
 09.07.2010 14:53     C:\Users\jones\AppData\Local\Temp\div894B.tmp --------- 0  
 08.07.2010 23:57     C:\Users\jones\AppData\Local\Temp\div83A0.tmp --------- 0  
 08.07.2010 21:29     C:\Users\jones\AppData\Local\Temp\div8094.tmp --------- 0  
 08.07.2010 20:45     C:\Users\jones\AppData\Local\Temp\divBCB9.tmp --------- 0  
 08.07.2010 19:06     C:\Users\jones\AppData\Local\Temp\div8E69.tmp --------- 0  
 08.07.2010 00:03     C:\Users\jones\AppData\Local\Temp\divC65A.tmp --------- 0  
 07.07.2010 18:35     C:\Users\jones\AppData\Local\Temp\div7D3A.tmp --------- 0  
 07.07.2010 17:59     C:\Users\jones\AppData\Local\Temp\div8D12.tmp --------- 0  
 07.07.2010 12:53     C:\Users\jones\AppData\Local\Temp\div9C00.tmp --------- 0  
 07.07.2010 01:09     C:\Users\jones\AppData\Local\Temp\plugtmp-11 --------- 0  
 06.07.2010 19:05     C:\Users\jones\AppData\Local\Temp\divA275.tmp --------- 0  
 06.07.2010 18:19     C:\Users\jones\AppData\Local\Temp\div814F.tmp --------- 0  
 06.07.2010 12:50     C:\Users\jones\AppData\Local\Temp\~DFFAC4.tmp --------- 16384  
 06.07.2010 12:49     C:\Users\jones\AppData\Local\Temp\div7F5C.tmp --------- 0  
 06.07.2010 12:49     C:\Users\jones\AppData\Local\Temp\~DF79AC.tmp --------- 278528  
 06.07.2010 11:04     C:\Users\jones\AppData\Local\Temp\div18FC.tmp --------- 0  
 06.07.2010 00:00     C:\Users\jones\AppData\Local\Temp\div2B82.tmp --------- 0  
 05.07.2010 22:37     C:\Users\jones\AppData\Local\Temp\wmsetup.log --------- 1646  
 05.07.2010 21:28     C:\Users\jones\AppData\Local\Temp\div845B.tmp --------- 0  
 04.07.2010 21:36     C:\Users\jones\AppData\Local\Temp\div80C3.tmp --------- 0  
 04.07.2010 01:16     C:\Users\jones\AppData\Local\Temp\div80D2.tmp --------- 0  
 03.07.2010 21:14     C:\Users\jones\AppData\Local\Temp\div9D47.tmp --------- 0  
 03.07.2010 20:06     C:\Users\jones\AppData\Local\Temp\divA10F.tmp --------- 0  
 03.07.2010 19:13     C:\Users\jones\AppData\Local\Temp\plugtmp-10 --------- 0  
 03.07.2010 19:12     C:\Users\jones\AppData\Local\Temp\div83DE.tmp --------- 0  
 03.07.2010 14:50     C:\Users\jones\AppData\Local\Temp\div7ECF.tmp --------- 0  
 03.07.2010 13:24     C:\Users\jones\AppData\Local\Temp\div87E5.tmp --------- 0  
 03.07.2010 01:04     C:\Users\jones\AppData\Local\Temp\div7D2A.tmp --------- 0  
 02.07.2010 23:28     C:\Users\jones\AppData\Local\Temp\div94A0.tmp --------- 0  
 02.07.2010 19:20     C:\Users\jones\AppData\Local\Temp\div97FA.tmp --------- 0  
 02.07.2010 19:16     C:\Users\jones\AppData\Local\Temp\divBCC9.tmp --------- 0  
 02.07.2010 13:46     C:\Users\jones\AppData\Local\Temp\div8574.tmp --------- 0  
 02.07.2010 02:12     C:\Users\jones\AppData\Local\Temp\div81BC.tmp --------- 0  
 02.07.2010 00:47     C:\Users\jones\AppData\Local\Temp\div68FE.tmp --------- 0  
 02.07.2010 00:45     C:\Users\jones\AppData\Local\Temp\~DF443D.tmp --------- 512  
 02.07.2010 00:45     C:\Users\jones\AppData\Local\Temp\~DF4429.tmp --------- 16384  
 01.07.2010 23:47     C:\Users\jones\AppData\Local\Temp\plugtmp-9 --------- 0  
 01.07.2010 22:55     C:\Users\jones\AppData\Local\Temp\div8AFF.tmp --------- 0  
 01.07.2010 22:50     C:\Users\jones\AppData\Local\Temp\plugtmp-8 --------- 0  
 01.07.2010 17:18     C:\Users\jones\AppData\Local\Temp\divE7CE.tmp --------- 0  
 01.07.2010 16:30     C:\Users\jones\AppData\Local\Temp\~DF8618.tmp --------- 16384  
 01.07.2010 16:30     C:\Users\jones\AppData\Local\Temp\~DF1681.tmp --------- 278528  
 01.07.2010 11:21     C:\Users\jones\AppData\Local\Temp\div7EFE.tmp --------- 0  
 01.07.2010 01:10     C:\Users\jones\AppData\Local\Temp\div8BE9.tmp --------- 0  
 30.06.2010 17:41     C:\Users\jones\AppData\Local\Temp\div959A.tmp --------- 0  
 30.06.2010 14:11     C:\Users\jones\AppData\Local\Temp\div847A.tmp --------- 0  
 30.06.2010 12:32     C:\Users\jones\AppData\Local\Temp\div7F7B.tmp --------- 0  
 29.06.2010 23:30     C:\Users\jones\AppData\Local\Temp\div8851.tmp --------- 0  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DF5907.tmp --------- 16384  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DFBF49.tmp --------- 16384  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DFBF85.tmp --------- 32768  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DFBF90.tmp --------- 512  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DFBF54.tmp --------- 512  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DFBEF6.tmp --------- 512  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DFBEEA.tmp --------- 32768  
 29.06.2010 23:27     C:\Users\jones\AppData\Local\Temp\~DF498A.tmp --------- 0  
 29.06.2010 22:46     C:\Users\jones\AppData\Local\Temp\div895A.tmp --------- 0  
 29.06.2010 19:22     C:\Users\jones\AppData\Local\Temp\divF862.tmp --------- 0  
 29.06.2010 11:36     C:\Users\jones\AppData\Local\Temp\div9443.tmp --------- 0  
 29.06.2010 00:52     C:\Users\jones\AppData\Local\Temp\divBDB3.tmp --------- 0  
 29.06.2010 00:44     C:\Users\jones\AppData\Local\Temp\~rnsetu0 --------- 0  
 29.06.2010 00:38     C:\Users\jones\AppData\Local\Temp\~DFE2B8.tmp --------- 278528  
 29.06.2010 00:28     C:\Users\jones\AppData\Local\Temp\~rnsetup --------- 0  
 29.06.2010 00:27     C:\Users\jones\AppData\Local\Temp\offer --------- 0  
 28.06.2010 19:42     C:\Users\jones\AppData\Local\Temp\divC15B.tmp --------- 0  
 28.06.2010 16:17     C:\Users\jones\AppData\Local\Temp\div8A15.tmp --------- 0  
 28.06.2010 10:58     C:\Users\jones\AppData\Local\Temp\div87E4.tmp --------- 0  
 28.06.2010 02:04     C:\Users\jones\AppData\Local\Temp\div2432.tmp --------- 0  
 28.06.2010 01:20     C:\Users\jones\AppData\Local\Temp\div978D.tmp --------- 0  
 28.06.2010 00:35     C:\Users\jones\AppData\Local\Temp\~DF9760.tmp --------- 16384  
 28.06.2010 00:33     C:\Users\jones\AppData\Local\Temp\~DFDC7F.tmp --------- 16384  
 28.06.2010 00:33     C:\Users\jones\AppData\Local\Temp\~DF2073.tmp --------- 278528  
 28.06.2010 00:24     C:\Users\jones\AppData\Local\Temp\~DFB3A9.tmp --------- 16384  
 28.06.2010 00:24     C:\Users\jones\AppData\Local\Temp\~DF5A52.tmp --------- 278528  
 28.06.2010 00:22     C:\Users\jones\AppData\Local\Temp\~DFCDD1.tmp --------- 16384  
 28.06.2010 00:22     C:\Users\jones\AppData\Local\Temp\~DF4CD2.tmp --------- 278528  
 28.06.2010 00:17     C:\Users\jones\AppData\Local\Temp\~DF8A7D.tmp --------- 16384  
 28.06.2010 00:17     C:\Users\jones\AppData\Local\Temp\~DF2E0E.tmp --------- 16384  
 28.06.2010 00:16     C:\Users\jones\AppData\Local\Temp\~DF873.tmp --------- 16384  
 28.06.2010 00:16     C:\Users\jones\AppData\Local\Temp\~DF6741.tmp --------- 278528  
 27.06.2010 22:37     C:\Users\jones\AppData\Local\Temp\~DF5D4B.tmp --------- 278528  
 27.06.2010 18:22     C:\Users\jones\AppData\Local\Temp\DMIC9E3.tmp --------- 0  
 27.06.2010 16:55     C:\Users\jones\AppData\Local\Temp\div97DB.tmp --------- 0  
 27.06.2010 00:28     C:\Users\jones\AppData\Local\Temp\div85C2.tmp --------- 0  
 27.06.2010 00:25     C:\Users\jones\AppData\Local\Temp\~DF6CF1.tmp --------- 512  
 27.06.2010 00:25     C:\Users\jones\AppData\Local\Temp\~DF6CE6.tmp --------- 16384  
 26.06.2010 23:57     C:\Users\jones\AppData\Local\Temp\div8B2E.tmp --------- 0  
 26.06.2010 14:12     C:\Users\jones\AppData\Local\Temp\msoclip1 --------- 0  
 26.06.2010 12:47     C:\Users\jones\AppData\Local\Temp\div6805.tmp --------- 0  
 26.06.2010 02:30     C:\Users\jones\AppData\Local\Temp\{93a3994b-2458-4c1c-a2fc-bae3483bce67} --------- 0  
 26.06.2010 02:28     C:\Users\jones\AppData\Local\Temp\7zO99C7.tmp --------- 0  
 26.06.2010 02:13     C:\Users\jones\AppData\Local\Temp\isC7E7.tmp --------- 0  
 26.06.2010 01:17     C:\Users\jones\AppData\Local\Temp\~DF1497.tmp --------- 278528  
 25.06.2010 19:28     C:\Users\jones\AppData\Local\Temp\div87D4.tmp --------- 0  
 25.06.2010 13:05     C:\Users\jones\AppData\Local\Temp\div2654.tmp --------- 0  
 25.06.2010 11:23     C:\Users\jones\AppData\Local\Temp\div8DDD.tmp --------- 0  
 25.06.2010 01:06     C:\Users\jones\AppData\Local\Temp\div4346.tmp --------- 0  
 24.06.2010 14:16     C:\Users\jones\AppData\Local\Temp\divF5E2.tmp --------- 0  
 24.06.2010 11:10     C:\Users\jones\AppData\Local\Temp\divBE5E.tmp --------- 0  
 24.06.2010 00:48     C:\Users\jones\AppData\Local\Temp\div5070.tmp --------- 0  
 23.06.2010 22:30     C:\Users\jones\AppData\Local\Temp\div8277.tmp --------- 0  
 23.06.2010 19:54     C:\Users\jones\AppData\Local\Temp\div7A3D.tmp --------- 0  
 23.06.2010 13:47     C:\Users\jones\AppData\Local\Temp\div9108.tmp --------- 0  
 23.06.2010 10:56     C:\Users\jones\AppData\Local\Temp\div8B6D.tmp --------- 0  
 23.06.2010 01:14     C:\Users\jones\AppData\Local\Temp\plugtmp-7 --------- 0  
 23.06.2010 00:25     C:\Users\jones\AppData\Local\Temp\divB5A7.tmp --------- 0  
 23.06.2010 00:19     C:\Users\jones\AppData\Local\Temp\~PI57FA.tmp --------- 17301504  
 23.06.2010 00:19     C:\Users\jones\AppData\Local\Temp\~PI50F6.tmp --------- 17301504  
 23.06.2010 00:19     C:\Users\jones\AppData\Local\Temp\~PI3E8D.tmp --------- 17301504  
 23.06.2010 00:19     C:\Users\jones\AppData\Local\Temp\~PI2F7E.tmp --------- 17301504  
 23.06.2010 00:19     C:\Users\jones\AppData\Local\Temp\~PIC86D.tmp --------- 655360  
 23.06.2010 00:18     C:\Users\jones\AppData\Local\Temp\~PIA443.tmp --------- 655360  
 23.06.2010 00:16     C:\Users\jones\AppData\Local\Temp\plugtmp-6 --------- 0  
 22.06.2010 18:31     C:\Users\jones\AppData\Local\Temp\div8229.tmp --------- 0  
 22.06.2010 17:19     C:\Users\jones\AppData\Local\Temp\div9B83.tmp --------- 0  
 22.06.2010 17:00     C:\Users\jones\AppData\Local\Temp\divC531.tmp --------- 0  
 22.06.2010 16:55     C:\Users\jones\AppData\Local\Temp\~DFAFB6.tmp --------- 512  
 22.06.2010 16:55     C:\Users\jones\AppData\Local\Temp\~DFAFA2.tmp --------- 16384  
 22.06.2010 16:53     C:\Users\jones\AppData\Local\Temp\plugtmp-5 --------- 0  
 22.06.2010 15:46     C:\Users\jones\AppData\Local\Temp\div929D.tmp --------- 0  
 22.06.2010 15:42     C:\Users\jones\AppData\Local\Temp\plugtmp-4 --------- 0  
 22.06.2010 15:25     C:\Users\jones\AppData\Local\Temp\divB0BA.tmp --------- 0  
 22.06.2010 15:25     C:\Users\jones\AppData\Local\Temp\divF1A1.tmp --------- 0  
 22.06.2010 15:02     C:\Users\jones\AppData\Local\Temp\Div167E.tmp --------- 0  
 22.06.2010 15:02     C:\Users\jones\AppData\Local\Temp\DivXSetup.exe --------- 895256  
 22.06.2010 13:13     C:\Users\jones\AppData\Local\Temp\VBE --------- 0  
 21.06.2010 15:09     C:\Users\jones\AppData\Local\Temp\plugtmp-3 --------- 0  
 21.06.2010 00:11     C:\Users\jones\AppData\Local\Temp\~DFF5C0.tmp --------- 16384  
 21.06.2010 00:11     C:\Users\jones\AppData\Local\Temp\~DFBF02.tmp --------- 16384  
 21.06.2010 00:10     C:\Users\jones\AppData\Local\Temp\~DFF1D.tmp --------- 278528  
 21.06.2010 00:08     C:\Users\jones\AppData\Local\Temp\FreeFLV --------- 0  
 21.06.2010 00:08     C:\Users\jones\AppData\Local\Temp\~DFC87F.tmp --------- 278528  
 20.06.2010 23:00     C:\Users\jones\AppData\Local\Temp\~DF90AA.tmp --------- 512  
 20.06.2010 23:00     C:\Users\jones\AppData\Local\Temp\~DF909C.tmp --------- 16384  
 20.06.2010 22:58     C:\Users\jones\AppData\Local\Temp\plugtmp-2 --------- 0  
 20.06.2010 22:56     C:\Users\jones\AppData\Local\Temp\SkypeSetup.exe --------- 22971688  
 19.06.2010 19:34     C:\Users\jones\AppData\Local\Temp\{588a05dd-0fb4-4a32-94b1-2aa42297c4d6} --------- 0  
 19.06.2010 12:58     C:\Users\jones\AppData\Local\Temp\{8a6dab53-9e5c-4f7b-a4b0-dcbdc94c448b} --------- 0  
 19.06.2010 12:44     C:\Users\jones\AppData\Local\Temp\GLG3862.tmp --------- 1140  
 19.06.2010 12:44     C:\Users\jones\AppData\Local\Temp\GLF3894.tmp --------- 0  
 19.06.2010 12:44     C:\Users\jones\AppData\Local\Temp\GLK2EB0.tmp --------- 31232  
 19.06.2010 12:44     C:\Users\jones\AppData\Local\Temp\GLJ2CAC.tmp --------- 2560  
 19.06.2010 12:44     C:\Users\jones\AppData\Local\Temp\GLC2C9B.tmp --------- 164864  
 19.06.2010 12:43     C:\Users\jones\AppData\Local\Temp\QTInstallCode.log --------- 1669  
 19.06.2010 11:15     C:\Users\jones\AppData\Local\Temp\~DF3207.tmp --------- 512  
 19.06.2010 11:15     C:\Users\jones\AppData\Local\Temp\~DF31FC.tmp --------- 16384  
 19.06.2010 11:14     C:\Users\jones\AppData\Local\Temp\plugtmp-1 --------- 0  
 17.06.2010 20:14     C:\Users\jones\AppData\Local\Temp\BTN%Copy%1 --------- 0  
 15.06.2010 19:28     C:\Users\jones\AppData\Local\Temp\plugtmp --------- 0  
 11.06.2010 10:22     C:\Users\jones\AppData\Local\Temp\DMIAEE4.tmp --------- 0  
 07.06.2010 19:48     C:\Users\jones\AppData\Local\Temp\plugtmp-22 --------- 0  
 07.06.2010 16:15     C:\Users\jones\AppData\Local\Temp\antilope.jpg --------- 4152  
 07.06.2010 16:14     C:\Users\jones\AppData\Local\Temp\tauch.JPG --------- 889407  
 29.03.2010 14:46     C:\Users\jones\AppData\Local\Temp\AMPing.exe --------- 28480  
 15.03.2010 13:24     C:\Users\jones\AppData\Local\Temp\k.laue.vcf --------- 340  
 12.03.2010 16:10     C:\Users\jones\AppData\Local\Temp\Jg38-21_2009-12-15_10.pdf --------- 174650  
 24.02.2010 09:52     C:\Users\jones\AppData\Local\Temp\InstallManager_BAB_BAB.exe --------- 880992  
 04.10.2009 20:31     C:\Users\jones\AppData\Local\Temp\etilqs_awxibJg1iddjXMRfgqvC --------- 0  
 01.10.2009 14:21     C:\Users\jones\AppData\Local\Temp\etilqs_g5BPodXWqEjiUTRsbdXG --------- 0  
 01.10.2009 13:10     C:\Users\jones\AppData\Local\Temp\etilqs_PRjfRqrwbtL4YCqGow7h --------- 12304  
 18.06.2009 23:07     C:\Users\jones\AppData\Local\Temp\etilqs_eXpOzVAEMq3cwEIPqlxt --------- 4104  
 15.06.2009 16:43     C:\Users\jones\AppData\Local\Temp\etilqs_Jc2dAKDgrsKALLpVO5MH --------- 12304  
 14.06.2009 20:50     C:\Users\jones\AppData\Local\Temp\etilqs_6JwrmS7OrNSnmJDbeDgQ --------- 12304  
 11.05.2009 13:06     C:\Users\jones\AppData\Local\Temp\etilqs_7S7yMCraLGbxsieeSHI9 --------- 4104  
 22.04.2009 23:10     C:\Users\jones\AppData\Local\Temp\etilqs_EnxBuUTF5v0ic7jke7Ny --------- 4104  
 20.04.2009 22:21     C:\Users\jones\AppData\Local\Temp\etilqs_64u5qJv4Lzm8r1fHNIT1 --------- 12304  
 18.04.2009 21:53     C:\Users\jones\AppData\Local\Temp\Pressemitteilung_Entwurf-1.doc --------- 156160  
 18.04.2009 21:53     C:\Users\jones\AppData\Local\Temp\Pressemitteilung_Entwurf.doc --------- 156160  
 18.04.2009 21:50     C:\Users\jones\AppData\Local\Temp\Pressemitteilung Entwurf.pdf --------- 133302  
 18.04.2009 21:46     C:\Users\jones\AppData\Local\Temp\etilqs_CxocQueKZn5dmmCO9od3 --------- 12304  
 15.04.2009 19:14     C:\Users\jones\AppData\Local\Temp\etilqs_oU15GJXju8UMGVJjZ5mR --------- 28704  
 14.04.2009 23:36     C:\Users\jones\AppData\Local\Temp\etilqs_2bvy93qeNheYfMGNFUPH --------- 12304  
 12.04.2009 21:38     C:\Users\jones\AppData\Local\Temp\etilqs_Z7c6t7F4qvbR7oWkGXod --------- 28704  
 08.04.2009 22:45     C:\Users\jones\AppData\Local\Temp\etilqs_hvPWc2LQWvV3chuc0VnA --------- 12304  
 08.04.2009 15:58     C:\Users\jones\AppData\Local\Temp\etilqs_8JJjVc8VQodNCL3E3Pdd --------- 28704  
 05.04.2009 18:55     C:\Users\jones\AppData\Local\Temp\etilqs_lBfbQ0ITTUhqaQIMvBDa --------- 28700  
 03.04.2009 21:34     C:\Users\jones\AppData\Local\Temp\etilqs_QJPLusHcCb76dy1s8lOM --------- 28704  
 02.04.2009 21:18     C:\Users\jones\AppData\Local\Temp\etilqs_EYLeZCy1Wj8rb7x5QkXg --------- 28704  
 28.11.2008 14:49     C:\Users\jones\AppData\Local\Temp\etilqs_uDXvIK6P1U1lwuyTVeId --------- 28704  
 20.11.2008 23:48     C:\Users\jones\AppData\Local\Temp\TempFolder.aab --------- 0  
 20.11.2008 23:45     C:\Users\jones\AppData\Local\Temp\TempFolder.aaa --------- 0  
 20.11.2008 17:36     C:\Users\jones\AppData\Local\Temp\History --------- 0  
 20.11.2008 17:36     C:\Users\jones\AppData\Local\Temp\Temporary Internet Files --------- 0  
 19.11.2008 02:43     C:\Users\jones\AppData\Local\Temp\etilqs_ymbojQsChrjxVW9XI8ZV --------- 12304  
 18.11.2008 00:45     C:\Users\jones\AppData\Local\Temp\etilqs_jQd2xuIBJg5UzGkHqQ8c --------- 12304  
 08.11.2008 16:17     C:\Users\jones\AppData\Local\Temp\etilqs_wNdfyrSL5iOcYUT2PoJ5 --------- 12304  
 30.10.2008 13:02     C:\Users\jones\AppData\Local\Temp\etilqs_hiSkKJ0WHv39CGBxQiS8 --------- 12304  
 02.10.2008 11:01     C:\Users\jones\AppData\Local\Temp\listen.asx --------- 226  
 26.09.2008 18:50     C:\Users\jones\AppData\Local\Temp\etilqs_5MOp6cCIY2aVfkXynhbk --------- 12304  
 26.09.2008 09:06     C:\Users\jones\AppData\Local\Temp\etilqs_zR2RZn6EqTkGpNMmkrOh --------- 28700  
 24.09.2008 17:57     C:\Users\jones\AppData\Local\Temp\etilqs_JtzM4Jcki8A3m6SLu1go --------- 12304  
 06.05.2008 21:40     C:\Users\jones\AppData\Local\Temp\RtkBtMnt.exe --------- 208896  
 20.12.2006 09:53     C:\Users\jones\AppData\Local\Temp\Set1AF1.tmp --------- 171568  
 30.09.2006 23:51     C:\Users\jones\AppData\Local\Temp\eauninstall.exe --------- 344064  
 03.08.2006 12:40     C:\Users\jones\AppData\Local\Temp\FIFA Manager 07_uninst.exe --------- 73728  
 22.08.2005 15:55     C:\Users\jones\AppData\Local\Temp\Akoustik Piano Setup.exe --------- 200250602  
 22.03.2005 18:49     C:\Users\jones\AppData\Local\Temp\WISEOSC.dll --------- 344064  
 31.03.2004 17:13     C:\Users\jones\AppData\Local\Temp\Elektrik Piano Setup.exe --------- 12773428  
 31.03.2004 12:49     C:\Users\jones\AppData\Local\Temp\GLF3893.tmp --------- 9951  
 05.11.2001 09:30     C:\Users\jones\AppData\Local\Temp\GLF3863.tmp --------- 10752  
 01.03.2000 03:35     C:\Users\jones\AppData\Local\Temp\PDSetup40d6.exe --------- 520255  
----------------------------------------

 
C:\Program Files

 16.08.2010 11:33     C:\Program Files\trend micro --------- 0  
 15.08.2010 19:12     C:\Program Files\Internet Explorer --------- 4096  
 15.08.2010 19:12     C:\Program Files\Movie Maker --------- 8192  
 05.08.2010 16:43     C:\Program Files\Native Instruments --------- 4096  
 05.08.2010 13:18     C:\Program Files\Ableton --------- 0  
 05.08.2010 11:56     C:\Program Files\InstallShield Installation Information --------- 12288  
 04.08.2010 23:26     C:\Program Files\CyberLink --------- 0  
 24.07.2010 01:44     C:\Program Files\Mozilla Firefox --------- 40960  
 23.07.2010 15:04     C:\Program Files\Free FLV Converter --------- 8192  
 19.07.2010 10:23     C:\Program Files\DivX --------- 8192  
 10.07.2010 23:57     C:\Program Files\Common Files --------- 4096  
 29.06.2010 00:44     C:\Program Files\Real --------- 0  
 26.06.2010 13:55     C:\Program Files\PESEdit --------- 0  
 26.06.2010 02:23     C:\Program Files\7-Zip --------- 4096  
 26.06.2010 02:14     C:\Program Files\Google --------- 0  
 26.06.2010 01:22     C:\Program Files\Lame for Audacity --------- 0  
 21.06.2010 00:21     C:\Program Files\Roni Music --------- 0  
 19.06.2010 19:40     C:\Program Files\Digidesign --------- 0  
 23.05.2010 21:09     C:\Program Files\Java --------- 0  
 17.05.2010 11:25     C:\Program Files\Windows Mail --------- 4096  
 16.04.2010 15:52     C:\Program Files\Instafinder --------- 0  
 01.04.2010 05:16     C:\Program Files\Live-Player --------- 4096  
 29.03.2010 02:57     C:\Program Files\Avira --------- 0  
 29.03.2010 01:57     C:\Program Files\Conduit --------- 0  
 27.03.2010 17:24     C:\Program Files\Audacity 1.3 Beta (Unicode) --------- 4096  
 25.03.2010 22:04     C:\Program Files\Apple Software Update --------- 4096  
 12.02.2010 16:34     C:\Program Files\Windows Calendar --------- 0  
 12.02.2010 16:34     C:\Program Files\Windows Sidebar --------- 4096  
 12.02.2010 16:34     C:\Program Files\Windows Media Player --------- 4096  
 12.02.2010 16:34     C:\Program Files\Windows Collaboration --------- 4096  
 12.02.2010 16:34     C:\Program Files\Windows Journal --------- 4096  
 12.02.2010 16:34     C:\Program Files\Windows Photo Gallery --------- 4096  
 12.02.2010 16:34     C:\Program Files\Windows Defender --------- 4096  
 18.01.2010 00:10     C:\Program Files\Microsoft Works --------- 28672  
 16.01.2010 01:01     C:\Program Files\Microsoft Office --------- 4096  
 26.12.2009 01:31     C:\Program Files\Yahoo --------- 0  
 04.10.2009 19:41     C:\Program Files\Skype --------- 0  
 01.10.2009 15:10     C:\Program Files\EPSON --------- 0  
 17.07.2009 00:48     C:\Program Files\Microsoft Games --------- 4096  
 19.05.2009 20:11     C:\Program Files\Bonjour --------- 0  
 26.04.2009 00:48     C:\Program Files\Adobe --------- 0  
 17.04.2009 11:35     C:\Program Files\Steinberg --------- 0  
 09.04.2009 21:22     C:\Program Files\ICQ6Toolbar --------- 0  
 22.11.2008 13:48     C:\Program Files\VideoLAN --------- 0  
 20.11.2008 23:47     C:\Program Files\studiVZ-Fotobuch --------- 0  
 20.11.2008 17:53     C:\Program Files\Altnet --------- 0  
 20.11.2008 00:00     C:\Program Files\UseNeXT --------- 4096  
 19.11.2008 13:46     C:\Program Files\Sunbelt Software --------- 0  
 03.10.2008 19:42     C:\Program Files\ASIO4ALL v2 --------- 4096  
 27.09.2008 21:11     C:\Program Files\Syncrosoft --------- 4096  
 27.05.2008 11:58     C:\Program Files\AVSMedia --------- 0  
 27.05.2008 11:57     C:\Program Files\Ahead --------- 0  
 18.05.2008 16:45     C:\Program Files\WinRAR --------- 4096  
 12.05.2008 18:25     C:\Program Files\iTunes --------- 4096  
 12.05.2008 18:25     C:\Program Files\iPod --------- 0  
 06.05.2008 22:07     C:\Program Files\MSXML 4.0 --------- 0  
 06.05.2008 21:38     C:\Program Files\Gemeinsame Dateien --------- 0  
 06.05.2008 21:38     C:\Program Files\Windows NT --------- 4096  
 20.03.2008 11:10     C:\Program Files\Acer Inc --------- 0  
 20.03.2008 11:09     C:\Program Files\ACER CrystalEye webcam --------- 4096  
 20.03.2008 11:09     C:\Program Files\SUYIN --------- 0  
 20.03.2008 11:06     C:\Program Files\Acer --------- 0  
 20.03.2008 11:05     C:\Program Files\WIDCOMM --------- 0  
 20.03.2008 10:50     C:\Program Files\Intel --------- 0  
 18.02.2008 22:20     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 0  
 18.02.2008 21:51     C:\Program Files\NewTech Infosystems --------- 0  
 18.02.2008 21:23     C:\Program Files\Winbond Electronics --------- 0  
 18.02.2008 21:20     C:\Program Files\Synaptics --------- 0  
 18.02.2008 21:17     C:\Program Files\Broadcom --------- 0  
 18.02.2008 21:15     C:\Program Files\Realtek --------- 0  
 18.02.2008 20:57     C:\Program Files\CONEXANT --------- 0  
 21.01.2008 04:43     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

jones    
Public    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        27.652 K
smss.exe                       548 Services                   0           700 K
csrss.exe                      616 Services                   0         6.084 K
wininit.exe                    668 Services                   0         3.740 K
csrss.exe                      680 Console                    1        10.056 K
services.exe                   712 Services                   0         6.496 K
lsass.exe                      724 Services                   0         2.532 K
lsm.exe                        732 Services                   0         3.716 K
winlogon.exe                   820 Console                    1         5.312 K
svchost.exe                    912 Services                   0         6.172 K
svchost.exe                    992 Services                   0         6.376 K
svchost.exe                   1040 Services                   0        48.704 K
svchost.exe                   1092 Services                   0        13.760 K
svchost.exe                   1120 Services                   0        78.688 K
svchost.exe                   1136 Services                   0       106.352 K
audiodg.exe                   1228 Services                   0        14.900 K
svchost.exe                   1248 Services                   0         4.640 K
SLsvc.exe                     1264 Services                   0         9.720 K
svchost.exe                   1308 Services                   0        12.192 K
svchost.exe                   1424 Services                   0        21.240 K
spoolsv.exe                   1828 Services                   0         9.132 K
sched.exe                     1864 Services                   0         1.664 K
svchost.exe                   1896 Services                   0        16.912 K
taskeng.exe                   2036 Console                    1        10.760 K
dwm.exe                       2044 Console                    1         3.468 K
explorer.exe                   436 Console                    1        46.352 K
taskeng.exe                     12 Services                   0         5.680 K
ALaunchSvc.exe                1904 Services                   0         9.372 K
MSASCui.exe                    540 Console                    1        15.096 K
RtHDVCpl.exe                   584 Console                    1         7.440 K
SynTPStart.exe                1564 Console                    1         4.032 K
IAAnotif.exe                  2060 Console                    1         5.476 K
rundll32.exe                  2296 Console                    1         4.848 K
iTunesHelper.exe              2344 Console                    1         5.068 K
cledx.exe                     2352 Console                    1         7.612 K
jusched.exe                   2372 Console                    1         3.296 K
avgnt.exe                     2400 Console                    1         2.236 K
DivXUpdate.exe                2416 Console                    1        14.848 K
realsched.exe                 2424 Console                    1           240 K
sidebar.exe                   2440 Console                    1        31.740 K
ehtray.exe                    2448 Console                    1         2.116 K
rundll32.exe                  2456 Console                    1         4.636 K
avguard.exe                   2484 Services                   0        17.192 K
mDNSResponder.exe             2500 Services                   0         4.740 K
svchost.exe                   2520 Services                   0         3.436 K
IAANTmon.exe                  2620 Services                   0         5.664 K
LSSrvc.exe                    2676 Services                   0         3.316 K
avshadow.exe                  2716 Services                   0         5.264 K
MobilityService.exe           2768 Services                   0         9.032 K
svchost.exe                   2920 Services                   0         5.136 K
AcerVCM.exe                   2948 Console                    1        20.260 K
BTTray.exe                    2956 Console                    1         7.424 K
RS_Service.exe                3068 Services                   0         2.848 K
svchost.exe                   3132 Services                   0         5.980 K
svchost.exe                   3168 Services                   0         1.932 K
SearchIndexer.exe             3200 Services                   0        22.564 K
XAudio.exe                    3328 Services                   0         2.380 K
eRecoveryService.exe          3376 Services                   0        10.820 K
eRAgent.exe                   3580 Console                    1         4.788 K
WmiPrvSE.exe                  3608 Services                   0        12.036 K
rundll32.exe                  3772 Console                    1         5.712 K
ehmsas.exe                    3856 Console                    1         3.428 K
iPodService.exe               1772 Services                   0         5.020 K
RtkBtMnt.exe                  1284 Console                    1         3.668 K
SynTPEnh.exe                  2388 Console                    1         5.336 K
acp2HID.exe                   4288 Console                    1         3.920 K
firefox.exe                   5124 Console                    1       114.820 K
plugin-container.exe          5060 Console                    1        17.316 K
VSSVC.exe                     5648 Services                   0        12.828 K
svchost.exe                   5944 Services                   0         7.264 K
Obh.exe                       5488 Console                    1        71.880 K
SearchProtocolHost.exe        2312 Services                   0         8.432 K
WinRAR.exe                    2928 Console                    1        11.880 K
cmd.exe                        288 Console                    1         2.868 K
conime.exe                     608 Console                    1         3.516 K
SearchFilterHost.exe          4944 Services                   0         4.404 K
tasklist.exe                   372 Console                    1         4.636 K

 
***** Ende des Scans 16.08.2010 um 11:54:32,07 ***

[jazzb6p]

Code:

7-Zip 4.65		25.06.2010	3,13MB	
Acer Crystal Eye webcam	SUYIN	19.03.2008		1.0.14
Acer Crystal Eye Webcam Video Class Camera	Suyin	10.07.2010		5.8.31.500-1.0
Acer GameZone Console 2.0.1.1	Oberon Media, Inc.	17.02.2008	38,5MB	
Acer GridVista		19.03.2008	1,50MB	2.69.110
Acer Mobility Center Plug-In	Acer Inc.	17.02.2008	4,13MB	1.0.4301
Acer ScreenSaver	Acer Inc.	19.03.2008		1.21.20071207
Acer VCM	Acer Inc.	19.03.2008	18,5MB	2.5.3101.7463
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	19.03.2008	14,0MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	10.03.2010		10.0.45.2
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	23.06.2010		10.1.53.64
Adobe Reader 8.1.3	Adobe Systems Incorporated	25.04.2009	85,0MB	8.1.3
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	12.02.2010		11.5.6.606
Adobe SVG Viewer 3.0		13.02.2009	4,78MB	 3.0
Apple Application Support	Apple Inc.	24.03.2010	32,4MB	1.1.0
Apple Software Update	Apple Inc.	24.03.2010	2,16MB	2.1.1.116
Applied Acoustics Lounge Lizard EP VSTi DXi v3.0		02.10.2008	12,0MB	
ASIO4ALL		02.10.2008	0,40MB	
Audacity 1.3.11 (Unicode)	Audacity Team	26.03.2010	34,3MB	
Avira AntiVir Personal - Free Antivirus	Avira GmbH	15.05.2010	93,3MB	10.0.0.567
Bonjour	Apple Inc.	18.05.2009	0,49MB	1.0.106
Broadcom Gigabit Integrated Controller	Broadcom Corporation	17.02.2008	0,75MB	10.15.10
Cakewalk Pro Audio 9		10.10.2008		
CCleaner	Piriform	15.08.2010	2,91MB	2.34
DivX-Setup	DivX, Inc. 	18.07.2010	2,04MB	1.0.2.23
DVDVideoSoft Toolbar		28.03.2010	8,67MB	
EPSON-Drucker-Software	SEIKO EPSON Corporation	30.09.2009		
Facebook Plug-In	Facebook, Inc.	25.03.2010	6,26MB	
Favorit		10.03.2010		
Free FLV Converter V 6.91.0	Koyote Soft	22.07.2010	11,6MB	6.91.0.0
HDAUDIO Soft Data Fax Modem with SmartCP		17.02.2008	1,02MB	
Intel® Matrix Storage Manager		19.03.2008	37,2MB	
iTunes	Apple Inc.	11.05.2008	73,4MB	7.6.2.9
Java(TM) 6 Update 20	Sun Microsystems, Inc.	25.03.2009	97,0MB	6.0.200
LAME v3.98.2 for Audacity		25.06.2010	1,18MB	
Live 8.0.1		04.08.2010	667,0MB	
Live-Player	Favorit Network S.L.	10.03.2010	3,24MB	2.0
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	22.08.2009	27,8MB	
Microsoft Office 2000 SR-1 Premium	Microsoft Corporation	14.01.2010	62,1MB	9.00.3821
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	06.08.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	04.08.2010	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	28.03.2010	0,58MB	9.0.30729.4148
Microsoft Works	Microsoft Corporation	16.01.2010	282,6MB	08.05.0822
mIRC		19.06.2009		
Mozilla Firefox (3.6.8)	Mozilla	23.07.2010	29,2MB	3.6.8 (de)
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	05.05.2008	1,27MB	4.20.9848.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	16.01.2010	1,34MB	4.20.9876.0
Native Instruments B4 II		16.06.2010	102,0MB	
Native Instruments Elektrik Piano		18.06.2010	1.838,4MB	
Native Instruments Guitar Rig 3		18.06.2010	149,4MB	
NTI Backup NOW! 4.7	NewTech Infosystems	17.02.2008	7,23MB	1.00.0000
NTI CD & DVD-Maker	NewTech Infosystems	17.02.2008	40,2MB	7
NVIDIA Drivers		19.03.2008		
Pro Evolution Soccer 2010	KONAMI	25.06.2010	3.368,9MB	1.03.0000
RealPlayer	RealNetworks	28.06.2010	64,2MB	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	17.02.2008	15,4MB	6.0.1.5470
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02		19.03.2008	1,93MB	3.52.02
Skype Toolbars	Skype Technologies S.A.	19.06.2010	6,12MB	1.0.4051
Skype™ 4.2	Skype Technologies S.A.	19.06.2010	31,1MB	4.2.169
Steinberg Cubase SX v3.1.1.944		16.04.2009	179,9MB	
Synaptics Pointing Device Driver	Synaptics	17.02.2008	14,0MB	10.0.15.0
SyncroSoft Emu (Remove only)		05.12.2008	10,3MB	
Syncrosofts Lizenz Kontrolle	Syncrosoft Hard- Und Software GmbH	26.09.2008	10,3MB	
UseNeXT	Aviteo Ltd	18.11.2008	4,39MB	
VLC media player 0.9.6	VideoLAN Team	21.11.2008	49,5MB	0.9.6
WIDCOMM Bluetooth Software 6.0.1.4900	Broadcom Corporation	19.03.2008	40,8MB	6.0.1.4900
Winbond CIR Drivers	Winbond Electronics	17.02.2008	2,10MB	7.60.1002
Windows Media Player Firefox Plugin	Microsoft Corp	07.02.2010	0,29MB	1.0.0.8
WinRAR		17.05.2008	3,66MB

[kira]

dein Rechner ist ja sehr wohl von Malware/Schadprogramm befallen

1.
Live-Player:

Live-Player ist eine kostenlose, werbeunterstützte Software von Favorit Network...
Live-Player ist kostenlos, da es eine werbeunterstützte Software ist...

Ich würde nicht als "Sichere Umgebung" zu bezeichnen

2.
Kannst über dieses Programm mehr verraten?:

Code:

Live 8.0.1

3.
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

• Also lade dir Gmer von *dieser Seite* oder von hier majorgeeks.com/gmer.zip - runter und entpacke es auf deinen Desktop.
• "Show all" soll nicht angehakt sein!
• Starte gmer.exe. Alle anderen Programme sollen geschlossen sein.
• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• ►Sollte sich ein Fenster mit folgender Warnung öffnen:
  
  Code:

  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system?

• Unbedingt auf "No" klicken
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage [Strg+ V] (oder Umschalt+Einfg) in deine Antwort hier ein.

Wichtig: während des Scan-Vorgangs sollen:

• alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein - ►Klicken Sie auf der Taskleiste im Infobereich (Der Bereich in der Taskleiste rechts neben den Schaltflächen der Taskleiste. Im Infobereich wird die Uhrzeit angezeigt. Außerdem kann dieser Bereich Verknüpfungen für einen schnellen Zugriff auf Programme enthalten.) mit der rechten Maustaste auf das entsprechende Programmsymbol für das Firewall-, Antispyware- oder Antivirenprogramm, und klicken Sie dann auf Beenden oder Deaktivieren.
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
• nichts am Rechner getan werden

Scanner wieder einschalten, bevor Du ins Netz gehst!
Das Tool "Gmer" bitte nur EINMAL ausführen! Bei Probleme keine weitere Versuch, sondern mit Punkt 2 fort fahren!
Anleitung:-> Rootkit-Scanner Anleitungen

► NUR DOWNLOADEN, WENN GMER NICHT AUSGEFÜHRT WERDEN KANN:
4.
Lade und installiere das Tool RootRepeal herunter

• setze einen Hacken bei: "Drivers"-> "Scan"-> Save Report"...
• "Stealth Objects" -> "Scan"-> Save Report"...
• "Hidden Services" -> "Scan"-> Save Report"...
• speichere das Logfile als "RootRepeal.txt" auf dem Desktop und Kopiere den Inhalt hier in den Thread

5.
Lade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel herunter:

Malwarebytes - MajorGeeks.com - BestTechie

• Anwendbar auf Windows 2000, XP, Vista und Windows 7.
• Installiere das Programm in den vorgegebenen Pfad.
• Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
• Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
• Aktiviere "Komplett Scan durchführen" => Scan.
• Wähle alle verfügbaren Laufwerke aus und starte den Scan.
• Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
• Bei Funden in C:\System Volume Information den Haken entfernen.
  Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
  Er könnte jedoch trotz Malware noch gebraucht werden.
  
• Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Löschen".
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
• Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

[jazzb6p]

ich weiß nicht mehr genau, wo ich den player her bekommen habe. aber ich weiß, dass ich versucht hatte ihn wieder zu deinstallieren. das hat aber nie richtig funktioniert. ansonsten hat der player wie der real player oder der vcl player normal videos abgespielt. aber ich brauche ja keinen zusätzlichen player. also sollte der runter. der ordner ist immer noch vorhanden. im ordner befindet sich eine datei zur deinstallation. wenn ich die anklicke, kommt die meldung von vista, dass das programm nicht gefunden werden kann.

hier der scan:

Code:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-16 21:09:19
Windows 6.0.6002 Service Pack 2
Running: tpdcupdi.exe; Driver: C:\Users\jones\AppData\Local\Temp\fwrcypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                        section is writeable [0x8F60C360, 0x35BB38, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                            [746F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                             [7474A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                         [746FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                   [746EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                             [746F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                          [746EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]              [74728395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                 [746FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                         [746EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                          [746EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                           [746E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                   [7477CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                      [7471C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                         [746ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                   [746E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                  [746E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[436] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                     [746F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\OLE32.dll [USER32.dll!CreateWindowExW]    [00419A16] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\OLE32.dll [USER32.dll!ShowWindow]         [00419A90] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowPos]     [00419B42] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW]  [00419A16] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA]  [0041999C] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW]  [00419A16] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\shell32.dll [USER32.dll!CreateWindowExW]  [00419A16] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos]     [00419B42] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)
IAT             C:\Users\jones\AppData\Local\Temp\Obh.exe[5504] @ C:\Windows\system32\shell32.dll [USER32.dll!ShowWindow]       [00419A90] C:\Users\jones\AppData\Local\Temp\Obh.exe (Ape/ApexDC++ Development Tea)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                         Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                         Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\001e4cd1a122                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\001e4cd1a122 (not active ControlSet)                 

---- EOF - GMER 1.0.15 ----

[kira]

Ok, wir werden ja um dieses Problem noch kümmern, arbeite bitte zunächst die Punkte vollständig ab

[jazzb6p]

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4439

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

17.08.2010 11:36:27
mbam-log-2010-08-17 (11-36-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 233952
Laufzeit: 1 Stunde(n), 19 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 4
Infizierte Dateien: 17

Infizierte Speicherprozesse:
C:\Users\jones\AppData\Local\Temp\Obh.exe (Trojan.Agent.Gen) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Users\jones\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spoolsv (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Worm.AutoRun) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\RECYCLER\S-1-5-21-6480808995-8553582333-437146345-7690\wingn.exe,explorer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Windows\Temp\spoolsv (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\download (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\logs (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\sounds (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\jones\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\jones\AppData\Local\Temp\Obh.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Windows\Temp\spoolsv\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\jones\AppData\Local\Temp\Obf.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\jones\AppData\Local\Temp\Obg.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\aliases.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\com.mrc (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\control.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\fullname.txt (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\ident.txt (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\mirc.ico (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\mirc.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\remote.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\servers.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\users.ini (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\spoolsv\xmas.jpg (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

[kira]

Punkt 6. bitte noch:-> Hilfe für "TrojanDownloader:Win32/Renos.MQ" gesucht