Rootkit.agent gefunden. Telekom meldet Spamversand.

[totalegal]

Hallo liebes HijackThis Forum Team,

ich habe Probleme zu lokalisieren von welchem Computer in meinem Netzwerk der Spamversand ausgeht. Die Telekom hat mir Informationen zugesandt mit denen ich allerdings nicht besonders viel anfangen kann, ich habe alle Computer mit Malwarebytes gescannt und bei zweien eine Verseuchung festgestellt. Auch nach Bereinigung scheint der Spamversand allerdings nicht zu stoppen.

Hier poste ich jetzt die Information von der Telekom, Logs vom 18.8. und die aktuellen Logs von Malwarebytes.

Über Hilfe wäre ich sehr dankbar. Ich weiß momentan nicht weiter.

Liebe Grüße
Jens

Telekom E-Mail:

Code:

6TBWXEEUQUXW, email@linckersdorff.de


1.  Feedback-Type: abuse
User-Agent: T-Abuse-DB/0.2
Version: 0.1
Source-IP: 79.193.8.87
Arrival-Date: Mon, 16 Aug 2010 19:50:07 +0200
X-Loginname: t-online-com/6TBWXEEUQUXW@t-online-com.de


[ SpamCop V4.6.0.031 ]
This message is brief for your comfort.  Please use links below for details.

Email from 79.193.8.87 / Mon, 16 Aug 2010 19:50:07 +0200
http://www.spamcop.net/w3m?i=z5149635510z1ec1366d46a477341baf88bbf92c9bb1z
79.193.8.87 is open proxy, see: http://www.spamcop.net/mky-proxies.html

[ Offending message ]
Return-Path: <ouidinezef4962@t-ipconnect.de>
Received: from mwinf3502.me.freeserve.com (mwinf3502 [10.232.28.24])
	 by mwinb7304 with LMTPA;
	 Mon, 16 Aug 2010 19:50:07 +0200
X-Sieve: CMU Sieve 2.3
X-Bcc: x
Envelope-to: x
Received: from smtp6.freeserve.com (localhost [127.0.0.1])
	by mwinf3502.me.freeserve.com (SMTP Server) with ESMTP id 680891C00A2D
	for <x>; Mon, 16 Aug 2010 19:50:07 +0200 (CEST)
Received: from me-wanadoo.net (localhost [127.0.0.1])
	by mwinf3502.me.freeserve.com (SMTP Server) with ESMTP id 5D9881C00A31
	for <x>; Mon, 16 Aug 2010 19:50:07 +0200 (CEST)
Received: from t-ipconnect.de (p4FC10857.dip0.t-ipconnect.de [79.193.8.87])
	by mwinf3502.me.freeserve.com (SMTP Server) with ESMTP id 3821F1C00A2D
	for <x>; Mon, 16 Aug 2010 19:50:07 +0200 (CEST)
X-ME-UUID: 20100816175007230.3821F1C00A2D@mwinf3502.me.freeserve.com
From: <ouidinezef4962@t-ipconnect.de>
To: x
Reply-To: <ouidinezef4962@t-ipconnect.de>
Subject: *** SPAM ***Re: our meeting
Date: Mon, 16 Aug 2010 19:43:29 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Message-Id: <2010___________________0A2D@mwinf3502.me.freeserve.com>
X-me-spamlevel: med
X-me-spamrating: 78.617088
X-me-spamcause:  OK, (507)(1000)gggruggvucftvghtrhhoucdtuddrfedttddrtdeigdduiedujecuteggodetufdouefnucfrrhhofhhilhgvmecuohhrrghnghgvrdhukhenuceurghilhhouhhtmecufedttdenucfuuhhmmhgvrhculdehtdejmd


Once word gets out of your amazing-sized manhood, you will become a legend

http://www.sonpan.ru/









2.  Feedback-Type: abuse
User-Agent: T-Abuse-DB/0.2
Version: 0.1
Source-IP: 79.193.12.67
Arrival-Date: Sat, 14 Aug 2010 01:31:39 +0200
X-Loginname: t-online-com/6TBWXEEUQUXW@t-online-com.de


Hello Abuse-Team,

your Server with the IP: 79.193.12.67 has attacked one of our server on the service:
"postfix"  on Time: Sat, 14 Aug 2010 01:31:39 +0200
The IP was automatically blocked for more than 10 minutes. To block an IP, it needs
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)!

Please check the machine behind the IP 79.193.12.67 (p4FC10C43.dip0.t-ipconnect.de) and fix the problem.

real-time data for this day available at:

http://support.clean-mx.de/clean-mx/publog?ip=79.193.12.67


You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2. attachment = Logs).
You found more Information about X-Arf under http://www.x-arf.org/specification.html

If you have a special x-arf email contact, please drop us a note.

In the attachment of this mail you can find the original protocols of our systems.



yours

Gerhard W. Recher
(Geschaeftsfuehrer)

NETpilot GmbH

Wilhelm-Riehl-Str. 13
D-80687 Muenchen

GSM: ++49 171 4802507

Handelsregister Muenchen: HRB 124497

w3: http://www.clean-mx.de
e-Mail:   mailto:abuse@clean-mx.de
PGP-KEY:   Fingerprint: A4E317B6DC6494DCC9616366A75AB34CDD0CE552 id: 0xDD0CE552
Location: http://www.clean-mx.de/downloads/abuse-at-clean-mx.de.pub.asc

Evidence:
attacked server: relay1.netpilot.net
envelopesender: ejiurukygu9223@t-ipconnect.de
enveloperecpient: eickholt@verdi-bub.de
Helo: t-ipconnect.de
source-ip: 79.193.12.67
protocol: ESMTP
instance: predata05.6103.4c65d5db.3363.0
size: 1184
reason: 5 -->554 User (%s)  not known to us please verify your adressbook for any typos in this email adress or inquire manually
Evidences so far in total for this ip:2




3.  Feedback-Type: abuse
User-Agent: T-Abuse-DB/0.2
Version: 0.1
Source-IP: 79.193.0.224
Arrival-Date: Sat, 14 Aug 2010 12:08:51 +0000
X-Loginname: t-online-com/6TBWXEEUQUXW@t-online-com.de


Hello,

this is an autogenerated abuse complaint regarding your network.

abusix.org will return every single spamtrap hit as well as any other
abusive behavior to the responsible Network Operator or Abuse Desk.

PLEASE SEE ATTACHMENT FOR MORE SPECIFIC INFORMATION REGARDING THIS INCIDENT!
Report format is ARF (Abuse Reporting Format).

Further information can be found here:
http://www.ietf.org/rfc/rfc3462.txt
http://tools.ietf.org/id/draft-ietf-marf-base-00.txt

Need help parsing ARF?
http://rubyforge.org/projects/arfparser/
http://search.cpan.org/perldoc?Email::ARF

Information about this project can be found at http://www.abusix.org
Any questions left? Feel free to contact us directly by email: info [at] abusix.org

Thank you for your cooperation,

Your Abusix-Team

Scan vom 18.8.

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4445

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

18.08.2010 14:29:04
mbam-log-2010-08-18 (14-29-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 516399
Time elapsed: 1 hour(s), 36 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\ABBYY\sp.DLL_ (Trojan.Proxy) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\system32\7j2XIR1L.dll.vir (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gwebmwit.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Scan vom 31.08.

Code:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4508

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.08.2010 13:57:02
mbam-log-2010-08-31 (13-57-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 502512
Time elapsed: 1 hour(s), 36 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\drivers\gwebmwit.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

PS.: Jetzt arbeite ich gerade den "Neu hier?" Strang ab. Logs des anderen infizierten Computers und in "Neu hier?" geforderte kommen bald.

[totalegal]

OTL Logs nach Scan wie im "Neu hier?" Strang gefordert:
Extras.txt

Code:

OTL Extras logfile created on: 31.08.2010 14:07:48 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\ebay\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,25 Gb Total Space | 13,91 Gb Free Space | 31,44% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 18,23 Gb Free Space | 18,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
Drive H: | 930,86 Gb Total Space | 346,83 Gb Free Space | 37,26% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: EBAY1
Current User Name: ebay
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [CmdHere] -- C:\Windows\System32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{391F4F4A-B36E-4C5C-8A79-8827B0758673}" = PDFCreator 0.9.8
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DD55F6E-97CE-4987-8270-51521E51F776}" = T-Eumex 820 LAN V1.40
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6FC6B75A-3837-42D7-96D9-0B51254EE0FC}" = Ghostscript 8.70
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{762EBEC5-7ADC-48DC-ADDE-882616730050}" = TransType Pro
"{775A4588-63E7-4BB1-9D60-6BB1D3110C9A}" = Waves
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.31 Final
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR 1.5.2.8870
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player 11.5.1.601
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR 1.5.2.8870
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_697a06b96d8bcbe2d77b88e7d5448d0" = Adobe Creative Suite 4 Master Collection
"Agent Ransack_is1" = Agent Ransack 2010
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Defraggler" = Defraggler
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.3
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"FreeUndelete" = FreeUndelete
"GalleryMaker_is1" = GalleryMaker
"InstallShield_{3DD55F6E-97CE-4987-8270-51521E51F776}" = T-Eumex 820 LAN V1.40
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Minefield (3.7a5pre)" = Minefield (3.7a5pre)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.0
"Spyware Doctor" = Spyware Doctor 7.0
"Streamripper" = Streamripper (Remove only)
"TeamViewer 5" = TeamViewer 5
"UltraISO_is1" = UltraISO Premium V9.35
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.08.2010 18:30:56 | Computer Name = ebay1 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 27.08.2010 10:19:51 | Computer Name = ebay1 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 27.08.2010 18:30:58 | Computer Name = ebay1 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 28.08.2010 05:42:28 | Computer Name = ebay1 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 29.08.2010 00:06:50 | Computer Name = ebay1 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 29.08.2010 19:39:35 | Computer Name = ebay1 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 30.08.2010 09:40:44 | Computer Name = ebay1 | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 11.0.0.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: f68    Start
 Time: 01cb453721a0578f    Termination Time: 305    Application Path: D:\Adobe\Adobe Photoshop
 CS4\Photoshop.exe    Report Id: 1d87b85d-b43c-11df-b149-00241d52ada2  
 
Error - 30.08.2010 14:35:08 | Computer Name = ebay1 | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 30.08.2010 18:30:50 | Computer Name = ebay1 | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 31.08.2010 06:56:45 | Computer Name = ebay1 | Source = Application Hang | ID = 1002
Description = The program thunderbird.exe version 1.9.2.3866 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 86c    Start
 Time: 01cb48f8e7789aaf    Termination Time: 31    Application Path: C:\Program Files\Mozilla
 Thunderbird\thunderbird.exe    Report Id: 6d0d0696-b4ee-11df-b149-00241d52ada2  
 
[ System Events ]
Error - 16.08.2010 03:45:56 | Computer Name = ebay1 | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
 the server reached the configured limit for nonpaged pool allocations.
 
Error - 16.08.2010 03:46:42 | Computer Name = ebay1 | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
 the server reached the configured limit for nonpaged pool allocations.
 
Error - 16.08.2010 04:04:42 | Computer Name = ebay1 | Source = srv | ID = 2017
Description = The server was unable to allocate from the system nonpaged pool because
 the server reached the configured limit for nonpaged pool allocations.
 
Error - 17.08.2010 19:37:35 | Computer Name = ebay1 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 18.08.2010 03:52:03 | Computer Name = ebay1 | Source = BROWSER | ID = 8032
Description = 
 
Error - 18.08.2010 08:50:21 | Computer Name = ebay1 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 18.08.2010 09:03:37 | Computer Name = ebay1 | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service.  However,
 the system is configured to not allow interactive services.  This service may not
 function properly.
 
Error - 18.08.2010 13:33:12 | Computer Name = ebay1 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 24.08.2010 20:15:50 | Computer Name = ebay1 | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 27.08.2010 06:53:30 | Computer Name = ebay1 | Source = BROWSER | ID = 8032
Description = 
 
 
< End of report >

Otl.Txt

Code:

OTL logfile created on: 31.08.2010 14:07:48 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\ebay\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44,25 Gb Total Space | 13,91 Gb Free Space | 31,44% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 18,23 Gb Free Space | 18,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
Drive H: | 930,86 Gb Total Space | 346,83 Gb Free Space | 37,26% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
 
Computer Name: EBAY1
Current User Name: ebay
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.31 14:06:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\ebay\Desktop\OTL.exe
PRC - [2010.08.18 18:54:23 | 012,746,928 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.07.27 13:29:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.07.27 13:29:04 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.06.13 23:54:26 | 007,585,280 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe
PRC - [2010.03.10 16:10:53 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.11.12 06:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.11.12 06:42:50 | 000,661,072 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009.10.10 02:42:38 | 002,810,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2007.12.06 22:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.31 14:06:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\ebay\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.07.06 17:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010.03.15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.03.11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010.03.10 16:10:53 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.02.18 17:47:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.01.29 23:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.11.13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.11.12 06:42:50 | 000,661,072 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.08.01 10:12:17 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2007.12.06 22:03:41 | 000,660,768 | ---- | M] (ABBYY (BIT Software)) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\ebay\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2010.03.29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010.03.10 16:10:55 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.03.10 16:10:52 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010.03.10 16:10:50 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.03.10 16:10:47 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.11.10 13:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.11.10 13:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 13:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:52 | 000,139,776 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.04.30 23:02:00 | 009,850,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2009.02.10 18:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 EB 35 30 5B B1 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
 
 
FF - HKLM\software\mozilla\Minefield 3.7a5pre\extensions\\Components: C:\Program Files\Minefield\components [2010.05.28 11:50:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Minefield 3.7a5pre\extensions\\Plugins: C:\Program Files\Minefield\plugins [2010.07.05 13:28:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 13:29:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 13:29:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.18 18:54:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.02.23 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\Mozilla\Extensions
[2010.02.23 17:36:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ebay\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.31 13:35:26 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions
[2010.06.03 18:25:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.07.02 15:46:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.28 12:02:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.05.12 14:52:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010.04.15 13:37:31 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.07.21 10:36:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.05 13:28:52 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.12 16:17:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.30 14:00:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.11 13:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2010.08.11 14:47:33 | 000,000,497 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Copy Handler]  File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.31 14:06:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\ebay\Desktop\OTL.exe
[2010.08.27 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\ebay\Documents\ottosuhrallee59
[2010.08.26 14:05:15 | 000,000,000 | ---D | C] -- C:\Users\ebay\AppData\Roaming\BMSEV
[2010.08.26 14:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BMSEV
[2010.08.26 14:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\BMSEV
[2010.08.18 15:08:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.18 15:07:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.18 14:48:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.18 12:45:35 | 000,000,000 | ---D | C] -- C:\Users\ebay\AppData\Local\VirtualStore
[2010.08.12 13:51:00 | 000,000,000 | ---D | C] -- C:\Users\ebay\Desktop\gilt
[2010.08.11 14:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.08.11 13:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010.08.11 13:53:15 | 000,000,000 | ---D | C] -- C:\Users\ebay\AppData\Local\Threat Expert
[2010.08.11 13:53:01 | 000,000,000 | ---D | C] -- C:\Users\ebay\Library
[2010.08.11 13:53:00 | 000,000,000 | ---D | C] -- C:\Users\ebay\AppData\Roaming\com.adobe.ExMan
[2002.11.11 04:00:10 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\SlpV24.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.31 14:09:52 | 003,407,872 | -HS- | M] () -- C:\Users\ebay\NTUSER.DAT
[2010.08.31 14:09:43 | 000,050,477 | ---- | M] () -- C:\Users\ebay\Desktop\Defogger.exe
[2010.08.31 14:09:29 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\gwebmwit.sys
[2010.08.31 14:09:20 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.31 14:09:20 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.31 14:06:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\ebay\Desktop\OTL.exe
[2010.08.31 13:57:13 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\wpkvfma.sys
[2010.08.30 18:31:39 | 000,280,235 | ---- | M] () -- C:\Users\ebay\Documents\img066.jpg
[2010.08.26 14:05:15 | 000,001,056 | ---- | M] () -- C:\Users\ebay\Desktop\GalleryMaker.lnk
[2010.08.25 17:17:23 | 000,006,888 | ---- | M] () -- C:\Users\ebay\Desktop\Unbenannt-1.html
[2010.08.18 15:11:55 | 000,110,584 | ---- | M] () -- C:\Users\ebay\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.18 15:03:40 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.18 14:36:13 | 000,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.18 14:36:13 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.18 14:36:13 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.18 14:31:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.18 14:31:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.18 14:31:07 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.18 14:29:41 | 002,278,837 | -H-- | M] () -- C:\Users\ebay\AppData\Local\IconCache.db
[2010.08.18 12:45:49 | 002,675,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 13:50:56 | 000,247,531 | ---- | M] () -- C:\Users\ebay\Desktop\gilt.zip
[2010.08.11 14:47:33 | 000,000,497 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.06 14:43:47 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.31 13:57:13 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\wpkvfma.sys
[2010.08.30 17:08:29 | 000,280,235 | ---- | C] () -- C:\Users\ebay\Documents\img066.jpg
[2010.08.26 14:05:15 | 000,001,056 | ---- | C] () -- C:\Users\ebay\Desktop\GalleryMaker.lnk
[2010.08.25 17:17:23 | 000,006,888 | ---- | C] () -- C:\Users\ebay\Desktop\Unbenannt-1.html
[2010.08.12 13:50:56 | 000,247,531 | ---- | C] () -- C:\Users\ebay\Desktop\gilt.zip
[2010.08.11 13:57:57 | 001,509,689 | ---- | C] () -- C:\Users\ebay\Adobe CS4 Installer Database removal script.log
[2010.08.06 14:43:47 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.07.02 15:32:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\New Text Document.txt
[2010.06.29 14:16:13 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.06.14 17:30:33 | 000,000,000 | R--- | C] () -- C:\ProgramData\Mj81B365.exe
[2010.05.25 13:25:34 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\gwebmwit.sys
[2010.03.05 17:59:03 | 000,134,504 | ---- | C] () -- C:\Windows\System32\smdll.dll
[2010.03.05 17:59:00 | 000,389,120 | ---- | C] () -- C:\Windows\System32\HookShield.dll
[2010.03.05 17:59:00 | 000,225,280 | ---- | C] () -- C:\Windows\System32\HookMap.dll
[2010.03.05 17:58:59 | 000,036,200 | ---- | C] () -- C:\Windows\System32\Auxiliary.dll
[2010.02.23 17:10:11 | 000,000,000 | ---- | C] () -- C:\Users\ebay\AppData\Local\ch.log
[2010.02.22 17:13:02 | 001,481,728 | ---- | C] () -- C:\Windows\System32\LegitCheckControl.dll
[2010.02.22 17:13:02 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll
[2010.02.18 17:32:54 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2009.10.06 01:13:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 17:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 17:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.09.04 13:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2001.10.28 23:42:30 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
 
========== LOP Check ==========
 
[2010.03.16 16:24:26 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\Acronis
[2010.08.26 14:05:15 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\BMSEV
[2010.08.11 13:53:00 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\com.adobe.ExMan
[2010.06.11 13:05:53 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\EPSON
[2010.08.30 17:47:44 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\FileZilla
[2010.07.08 13:28:57 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\ImgBurn
[2010.05.26 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\IrfanView
[2010.03.09 13:05:47 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\Leadertech
[2010.02.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\Notepad++
[2010.04.09 14:18:14 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\streamripper
[2010.03.15 17:17:03 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\TeamViewer
[2010.02.23 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\Thunderbird
[2010.02.22 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\ebay\AppData\Roaming\Western Digital
[2009.07.14 06:53:46 | 000,011,352 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

[Speedy]

hi

wie viele rechner könnten betroffen sein?

zusätzlich bitte

erstelle mit hjtscanlist von mopao ein logfile, verwende für die erstellung "1"
(wenn man sich an die anleitung hält, ist der tag [code] schon integriert)

und ein normales hjt logfile posten

p.s. wann hattest du combofix eingesetzt und unter welcher anleitung ausgeführt?

Bitte die nachfolgenden dateien bei einem der hier angeführten multimalwarescanner überprüfen lassen, das komplette ergebnis hier im bb-code formatiert posten! so soll das aussehen!

• virustotal oder
• virscan.org, alternativ geht auch
• novirusthanks.org (hier kann man dateien direkt von der webseite zur überprüfung hochladen), oder
• jotti
• virus.org derzeit wird die seite gewartet, dauert mir aber schon zu lange
• viruschief nicht zu empfehlen, da keine aktualisierung der scanner und der vdf durchgeführt wird

dateien zu überprüfen!

C:\Windows\System32\drivers\wpkvfma.sys
C:\Windows\System32\drivers\gwebmwit.sys
C:\Users\ebay\Desktop\gilt.zip
C:\ProgramData\Mj81B365.exe

[totalegal]

Hallo Speedy,

es könnten bis zu vier Rechner betroffen sein, Malwarebytes meldet aber nur bei zweien einen Befall. (Ich weiß das heißt nicht viel) Ich trage bei dem XP Rechner die im "Neu hier?" Strang geforderten Logs zusammen, aber ich denke es macht mehr Sinn nach und nach zu prüfen ob die Rechner in Ordnung sind. Erstmal würde ich gerne den Windows 7 Rechner bereinigen.

Combofix habe ich auf eigene Initiative ausgeführt. Ich hoffe damit habe ich nichts zerstört. ComboFix fand Root Aktivität und hat diese dann ausgeschaltet... dachte ich zumindestens.

Hier die geforderten Logs:

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

  31.08.2010 14:21     C:\Program Files --------- 24576   
       C:\pagefile.sys ---------    
  26.08.2010 14:05     C:\ProgramData --------- 8192   
  26.08.2010 00:00     C:\System Volume Information --------- 4096   
  22.08.2010 01:00     C:\Windows --------- 28672   
  18.08.2010 15:08     C:\Qoobox --------- 4096   
  18.08.2010 15:08     C:\ComboFix.txt --------- 12086   
  18.08.2010 15:07     C:\$RECYCLE.BIN --------- 0   
  18.08.2010 14:44     C:\Config.Msi --------- 0   
       C:\hiberfil.sys ---------    
  27.07.2010 17:19     C:\Programme --------- 24576   
  27.07.2010 17:08     C:\Users --------- 4096   
  23.07.2010 13:53     C:\log_fs.log --------- 245708   
  01.07.2010 17:11     C:\Boot --------- 4096   
  14.06.2010 16:31     C:\Program Files (x86) --------- 4096   
  11.06.2010 16:15     C:\rsit --------- 0   
  25.05.2010 13:40     C:\rkill.log --------- 355   
  04.03.2010 14:19     C:\Temp --------- 0   
  23.02.2010 16:53     C:\found.000 --------- 114688   
  23.02.2010 16:33     C:\EPSON --------- 0   
  22.02.2010 17:22     C:\winx.ld --------- 0   
  22.02.2010 17:22     C:\grldr --------- 203836   
  19.02.2010 02:08     C:\BOOTSECT.BAK --------- 8192   
  18.02.2010 17:32     C:\Recovery --------- 0   
  05.02.2010 02:59     C:\Boot.ini.saved --------- 355   
  04.02.2010 18:14     C:\w7ldr --------- 171136   
  21.09.2009 19:03     C:\Diskeeper --------- 0   
  21.09.2009 18:56     C:\Boot.BAK --------- 355   
  06.08.2009 14:45     C:\anzeigen --------- 0   
  05.08.2009 17 begin_of_the_skype_highlighting**************0 05.08.2009 17******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************0 05.08.2009 17******end_of_the_skype_highlighting:15     C:\ntldr --------- 251712   
  28.07.2009 15:35     C:\.tdbd --------- 58   
  14.07.2009 06:53     C:\Documents and Settings --------- 0   
  14.07.2009 04:37     C:\PerfLogs --------- 0   
  14.07.2009 03:38     C:\bootmgr --------- 383562   
  10.07.2009 14:42     C:\InstallHelper.log --------- 327   
  10.06.2009 23:42     C:\autoexec.bat --------- 24   
  10.06.2009 23:42     C:\config.sys --------- 10   
  06.01.2009 17:15     C:\dell --------- 0   
  22.10.2008 14:04     C:\product.php --------- 2028   
  30.05.2008 16:57     C:\Speicherkarte --------- 0   
  22.05.2008 16:41     C:\multigoopt.xml --------- 99   
  16.05.2008 14:32     C:\PANDA --------- 0   
  26.09.2006 12:29     C:\MSOCache --------- 0   
  22.09.2006 11:35     C:\Dokumente und Einstellungen --------- 4096   
  21.09.2006 18:46     C:\IO.SYS --------- 0   
  21.09.2006 18:46     C:\MSDOS.SYS --------- 0   
  17.07.2006 04:00     C:\bootfont.bin --------- 4952   
  17.07.2006 04:00     C:\NTDETECT.COM --------- 47564   
----------------------------------------

 
C:\Windows

  31.08.2010 15:19     C:\Windows\WindowsUpdate.log --------- 656959   
  24.08.2010 11:35     C:\Windows\setupact.log --------- 112   
  22.08.2010 01:00     C:\Windows\setuperr.log --------- 0   
  18.08.2010 15:03     C:\Windows\system.ini --------- 215   
  18.08.2010 14:31     C:\Windows\bootstat.dat --------- 67584   
  26.04.2010 15:58     C:\Windows\PEV.exe --------- 256512   
  22.02.2010 17:23     C:\Windows\nsreg.dat --------- 0   
  22.02.2010 17:16     C:\Windows\pkeyconfig.xrm-ms --------- 783424   
  18.02.2010 18:19     C:\Windows\win.ini --------- 478   
  18.02.2010 17:32     C:\Windows\gswin32.ini --------- 43   
  22.01.2010 09:56     C:\Windows\SGDetectionTool.dll --------- 149456   
  22.01.2010 09:56     C:\Windows\PCTBDRes.dll --------- 165840   
  22.01.2010 09:56     C:\Windows\PCTBDCore.dll --------- 1652688   
  22.01.2010 09:55     C:\Windows\BDTSupport.dll --------- 767952   
  22.01.2010 09:44     C:\Windows\RegISSImport.xml --------- 879   
  22.01.2010 09:44     C:\Windows\RegSDImport.xml --------- 882   
  28.10.2009 01:36     C:\Windows\UDB.zip --------- 1152444   
  25.10.2009 06:11     C:\Windows\MBR.exe --------- 77312   
  10.10.2009 02:42     C:\Windows\explorer.exe --------- 2810880   
  01.10.2009 04:59     C:\Windows\oemlogo.bmp --------- 47054   
  30.07.2009 10:21     C:\Windows\FreeMem.exe --------- 9728   
  14.07.2009 06:41     C:\Windows\WindowsShell.Manifest --------- 749   
  14.07.2009 03:16     C:\Windows\twain_32.dll --------- 51200   
  14.07.2009 03:14     C:\Windows\write.exe --------- 9216   
  14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
  14.07.2009 03:14     C:\Windows\regedit.exe --------- 398336   
  14.07.2009 03:14     C:\Windows\notepad.exe --------- 179712   
  14.07.2009 03:14     C:\Windows\hh.exe --------- 15360   
  14.07.2009 03:14     C:\Windows\HelpPane.exe --------- 497152   
  14.07.2009 03:14     C:\Windows\fveupdate.exe --------- 13824   
  14.07.2009 03:14     C:\Windows\bfsvc.exe --------- 65024   
  14.07.2009 00:58     C:\Windows\mib.bin --------- 43131   
  10.07.2009 19:15     C:\Windows\WLXPGSS.SCR --------- 306544   
  10.06.2009 23:42     C:\Windows\_default.pif --------- 707   
  10.06.2009 23:42     C:\Windows\winhelp.exe --------- 256192   
  10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
  10.06.2009 23:34     C:\Windows\WMSysPr9.prx --------- 316640   
  10.06.2009 23:19     C:\Windows\msdfmap.ini --------- 1405   
  10.06.2009 23:14     C:\Windows\Ultimate.xml --------- 51867   
  10.06.2009 23:14     C:\Windows\Starter.xml --------- 48201   
  20.04.2009 12:56     C:\Windows\NIRCMD.exe --------- 31232   
  26.11.2008 12:08     C:\Windows\IDB.zip --------- 131   
  05.02.2007 21:05     C:\Windows\AviSplitter.INI --------- 38   
  31.08.2000 08:00     C:\Windows\SWSC.exe --------- 136704   
  31.08.2000 08:00     C:\Windows\SWXCACLS.exe --------- 212480   
  31.08.2000 08:00     C:\Windows\grep.exe --------- 80412   
  31.08.2000 08:00     C:\Windows\zip.exe --------- 68096   
  31.08.2000 08:00     C:\Windows\SWREG.exe --------- 161792   
  31.08.2000 08:00     C:\Windows\sed.exe --------- 98816   
----------------------------------------

 
C:\Windows\System

 13.07.2009 23:41      C:\Windows\System\OLESVR.DLL --------- 24064 
 13.07.2009 23:41      C:\Windows\System\WFWNET.DRV --------- 12704 
 13.07.2009 23:41      C:\Windows\System\COMMDLG.DLL --------- 32816 
 13.07.2009 23:41      C:\Windows\System\TIMER.DRV --------- 4048 
 13.07.2009 23:41      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 13.07.2009 23:41      C:\Windows\System\mmtask.tsk --------- 1152 
 13.07.2009 23:41      C:\Windows\System\mouse.drv --------- 2032 
 13.07.2009 23:41      C:\Windows\System\vga.drv --------- 2176 
 13.07.2009 23:41      C:\Windows\System\sound.drv --------- 1744 
 13.07.2009 23:41      C:\Windows\System\keyboard.drv --------- 2000 
 13.07.2009 23:41      C:\Windows\System\SHELL.DLL --------- 5120 
 13.07.2009 23:41      C:\Windows\System\system.drv --------- 3360 
 10.06.2009 23:42      C:\Windows\System\ver.dll --------- 9008 
 10.06.2009 23:42      C:\Windows\System\olecli.dll --------- 82944 
 10.06.2009 23:42      C:\Windows\System\lzexpand.dll --------- 9936 
 10.06.2009 23:25      C:\Windows\System\stdole.tlb --------- 5532 
 10.06.2009 23:21      C:\Windows\System\msvideo.dll --------- 126912 
 10.06.2009 23:21      C:\Windows\System\mciwave.drv --------- 28160 
 10.06.2009 23:21      C:\Windows\System\mciseq.drv --------- 25264 
 10.06.2009 23:21      C:\Windows\System\mciavi.drv --------- 73376 
 10.06.2009 23:21      C:\Windows\System\avifile.dll --------- 109456 
 10.06.2009 23:21      C:\Windows\System\avicap.dll --------- 69584 
----------------------------------------

 
C:\Windows\System32

 31.08.2010 15:21     C:\Windows\system32\hjtscanlist.txt --------- 8085  
 31.08.2010 14:09     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 19568  
 31.08.2010 14:09     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 19568  
 31.08.2010 13:57     C:\Windows\system32\drivers --------- 65536  
 26.08.2010 00:11     C:\Windows\system32\config --------- 24576  
 19.08.2010 00:00     C:\Windows\system32\catroot2 --------- 20480  
 18.08.2010 14:36     C:\Windows\system32\perfc009.dat --------- 104340  
 18.08.2010 14:36     C:\Windows\system32\perfh009.dat --------- 618026  
 18.08.2010 14:36     C:\Windows\system32\PerfStringBackup.INI --------- 717892  
 18.08.2010 12:45     C:\Windows\system32\FNTCACHE.DAT --------- 2675288  
 15.07.2010 12:17     C:\Windows\system32\NDF --------- 0  
 02.07.2010 15:33     C:\Windows\system32\Tasks --------- 28672  
 11.06.2010 13:58     C:\Windows\system32\jupdate-1.6.0_20-b02.log --------- 4440  
 27.05.2010 13:50     C:\Windows\system32\appmgmt --------- 0  
 12.04.2010 17:29     C:\Windows\system32\javaws.exe --------- 153376  
 12.04.2010 17:29     C:\Windows\system32\java.exe --------- 145184  
 12.04.2010 17:29     C:\Windows\system32\deployJava1.dll --------- 411368  
 30.03.2010 14:01     C:\Windows\system32\ezsidmv.dat --------- 56  
 22.03.2010 18:07     C:\Windows\system32\FxsTmp --------- 0  
 10.03.2010 16:10     C:\Windows\system32\catroot --------- 4096  
 10.03.2010 16:10     C:\Windows\system32\DriverStore --------- 4096  
 05.03.2010 18:00     C:\Windows\system32\AGEIA --------- 0  
 24.02.2010 14:28     C:\Windows\system32\wdi --------- 4096  
 22.02.2010 09:00     C:\Windows\system32\LogFiles --------- 4096  
 19.02.2010 02:27     C:\Windows\system32\CodeIntegrity --------- 0  
 19.02.2010 02:13     C:\Windows\system32\license.rtf --------- 42045  
 19.02.2010 02:13     C:\Windows\system32\sysprep --------- 0  
 18.02.2010 17:36     C:\Windows\system32\wbem --------- 65536  
 18.02.2010 17:33     C:\Windows\system32\restore --------- 0  
 18.02.2010 17:32     C:\Windows\system32\javaw.exe --------- 145184  
 18.02.2010 17:32     C:\Windows\system32\Macromed --------- 0  
 21.12.2009 20:20     C:\Windows\system32\acaptuser32.dll --------- 112056  
 10.11.2009 13:55     C:\Windows\system32\LMouFiltCoInst.dll --------- 52240  
 10.11.2009 13:55     C:\Windows\system32\LkmdfCoInst.dll --------- 1581072  
 12.10.2009 00:26     C:\Windows\system32\spwizimg.dll --------- 15139840  
 11.10.2009 12:58     C:\Windows\system32\imageres.dll --------- 72796160  
 10.10.2009 17:20     C:\Windows\system32\shell32.dll --------- 22016000  
 09.10.2009 20:28     C:\Windows\system32\Shellext --------- 0  
 09.10.2009 20:28     C:\Windows\system32\Adobe --------- 0  
 06.10.2009 01:13     C:\Windows\system32\ff_vfw.dll --------- 85504  
 07.09.2009 04:13     C:\Windows\system32\pthreadGC2.dll --------- 69382  
 04.09.2009 23:44     C:\Windows\system32\xactengine3_5.dll --------- 238936  
 04.09.2009 23:44     C:\Windows\system32\xaudio2_5.dll --------- 515416  
 04.09.2009 23:44     C:\Windows\system32\XAPOFX1_3.dll --------- 69464  
 04.09.2009 23:29     C:\Windows\system32\d3dx11_42.dll --------- 235344  
 04.09.2009 23:29     C:\Windows\system32\d3dx10_42.dll --------- 453456  
 04.09.2009 23:29     C:\Windows\system32\d3dcsx_42.dll --------- 5501792  
 04.09.2009 23:29     C:\Windows\system32\d3dcompiler_42.dll --------- 1974616  
 04.09.2009 23:29     C:\Windows\system32\d3dx9_42.dll --------- 1892184  
 28.08.2009 15:38     C:\Windows\system32\MRT.exe --------- 24689600  
 20.08.2009 00:50     C:\Windows\system32\AdobePDFUI.dll --------- 22872  
 20.08.2009 00:50     C:\Windows\system32\AdobePDF.dll --------- 46928  
 11.08.2009 22:18     C:\Windows\system32\ac3filter.acm --------- 497664  
 01.08.2009 10:12     C:\Windows\system32\uxtheme.dll --------- 249856  
 01.08.2009 10:12     C:\Windows\system32\themeui.dll --------- 2755072  
 01.08.2009 10:12     C:\Windows\system32\themeservice.dll --------- 37376  
 26.07.2009 16:44     C:\Windows\system32\sirenacm.dll --------- 48448  
 21.07.2009 08:52     C:\Windows\system32\msvcr71.dll --------- 348160  
 21.07.2009 08:52     C:\Windows\system32\msvcp71.dll --------- 499712  
 14.07.2009 09:49     C:\Windows\system32\en-US --------- 327680  
 14.07.2009 09:19     C:\Windows\system32\Recovery --------- 0  
 14.07.2009 06:56     C:\Windows\system32\umstartup.etl --------- 21504  
 14.07.2009 06:56     C:\Windows\system32\migwiz --------- 4096  
 14.07.2009 06:56     C:\Windows\system32\winrm --------- 0  
 14.07.2009 06:56     C:\Windows\system32\Setup --------- 4096  
 14.07.2009 06:56     C:\Windows\system32\0409 --------- 0  
 14.07.2009 06:56     C:\Windows\system32\slmgr --------- 0  
 14.07.2009 06:56     C:\Windows\system32\en --------- 0  
 14.07.2009 06:56     C:\Windows\system32\WinBioPlugIns --------- 0  
 14.07.2009 06:56     C:\Windows\system32\oobe --------- 4096  
 14.07.2009 06:56     C:\Windows\system32\migration --------- 4096  
 14.07.2009 06:56     C:\Windows\system32\Boot --------- 0  
 14.07.2009 06:56     C:\Windows\system32\Dism --------- 4096  
 14.07.2009 06:56     C:\Windows\system32\WCN --------- 0  
 14.07.2009 06:56     C:\Windows\system32\MUI --------- 0  
 14.07.2009 06:56     C:\Windows\system32\Printing_Admin_Scripts --------- 0  
 14.07.2009 06:56     C:\Windows\system32\com --------- 0  
 14.07.2009 06:54     C:\Windows\system32\wfp --------- 0  
 14.07.2009 06:52     C:\Windows\system32\WindowsPowerShell --------- 0  
 14.07.2009 06:52     C:\Windows\system32\WinBioDatabase --------- 0  
 14.07.2009 06:47     C:\Windows\system32\umstartup000.etl --------- 9216  
 14.07.2009 06:42     C:\Windows\system32\desktop.ini --------- 73  
 14.07.2009 06:42     C:\Windows\system32\migwiz.lnk --------- 1244  
 14.07.2009 06:42     C:\Windows\system32\mapisvc.inf --------- 535  
 14.07.2009 06:41     C:\Windows\system32\spool --------- 0  
 14.07.2009 06:34     C:\Windows\system32\Microsoft --------- 0  
 14.07.2009 04:37     C:\Windows\system32\zh-TW --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\zh-HK --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\zh-CN --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\winevt --------- 0  
 14.07.2009 04:37     C:\Windows\system32\uk-UA --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\tr-TR --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\th-TH --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\sv-SE --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\sr-Latn-CS --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\sppui --------- 0  
 14.07.2009 04:37     C:\Windows\system32\spp --------- 0  
 14.07.2009 04:37     C:\Windows\system32\sl-SI --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\sk-SK --------- 4096  
 14.07.2009 04:37     C:\Windows\system32\SMI --------- 0  
----------------------------------------

 
C:\Windows\Prefetch

 31.08.2010 15:21     C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf --------- 15132  
 31.08.2010 15:21     C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 9806  
 31.08.2010 15:21     C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 15450  
 31.08.2010 15:20     C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf --------- 74442  
 31.08.2010 15:20     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1971459536-3496063487-1411823843-1000.db --------- 914763  
 31.08.2010 15:20     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1971459536-3496063487-1411823843-1000.db --------- 1135089  
 31.08.2010 15:20     C:\Windows\Prefetch\7ZG.EXE-2A7D43BC.pf --------- 46802  
 31.08.2010 15:20     C:\Windows\Prefetch\SKYPENAMES2.EXE-9C9B11B0.pf --------- 15328  
 31.08.2010 15:20     C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 78390  
 31.08.2010 15:18     C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf --------- 13214  
 31.08.2010 15:18     C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf --------- 20976  
 31.08.2010 15:18     C:\Windows\Prefetch\DLLHOST.EXE-10C3CA32.pf --------- 14726  
 31.08.2010 15:18     C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 30210  
 31.08.2010 15:18     C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 201792  
 31.08.2010 15:17     C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 136862  
 31.08.2010 15:17     C:\Windows\Prefetch\NOTEPAD++.EXE-A5D7A5DB.pf --------- 56858  
 31.08.2010 15:16     C:\Windows\Prefetch\RUNDLL32.EXE-596BE144.pf --------- 52510  
 31.08.2010 15:15     C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf --------- 22628  
 31.08.2010 15:07     C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf --------- 176862  
 31.08.2010 15:01     C:\Windows\Prefetch\SCHTASKS.EXE-2DE769BF.pf --------- 10550  
 31.08.2010 15:00     C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 7268  
 31.08.2010 14:29     C:\Windows\Prefetch\LJCJBG.EXE-6C08CDCD.pf --------- 42522  
 31.08.2010 14:27     C:\Windows\Prefetch\SARGUI.EXE-39E1C84D.pf --------- 18882  
 31.08.2010 14:26     C:\Windows\Prefetch\PROCEXP.EXE-55A79221.pf --------- 56964  
 31.08.2010 14:25     C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf --------- 31582  
 31.08.2010 14:21     C:\Windows\Prefetch\HELPER.EXE-09378A4E.pf --------- 33118  
 31.08.2010 14:21     C:\Windows\Prefetch\SAR_15_SFX.EXE-55CFAEB3.pf --------- 43036  
 31.08.2010 14:17     C:\Windows\Prefetch\DEFOGGER.EXE-9C8DBD5E.pf --------- 13932  
 31.08.2010 14:10     C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 20008  
 31.08.2010 14:10     C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf --------- 9402  
 31.08.2010 14:07     C:\Windows\Prefetch\OTL.EXE-D9275202.pf --------- 33320  
 31.08.2010 14:04     C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf --------- 43848  
 31.08.2010 14:04     C:\Windows\Prefetch\RUNDLL32.EXE-E447C111.pf --------- 29556  
 31.08.2010 14:01     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1325896  
 31.08.2010 14:01     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 486516  
 31.08.2010 14:01     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2219553  
 31.08.2010 14:01     C:\Windows\Prefetch\AgRobust.db --------- 205588  
 31.08.2010 13:53     C:\Windows\Prefetch\THUNDERBIRD.EXE-EDED9AF7.pf --------- 232324  
 31.08.2010 13:46     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 125008  
 31.08.2010 12:56     C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 52450  
 31.08.2010 12:48     C:\Windows\Prefetch\ACROBATINFO.EXE-A85F4775.pf --------- 95326  
 31.08.2010 12:40     C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf --------- 448448  
 31.08.2010 12:38     C:\Windows\Prefetch\ESCNDV.EXE-C2E9914E.pf --------- 66410  
 31.08.2010 12:38     C:\Windows\Prefetch\WIAACMGR.EXE-0D8C134A.pf --------- 23846  
 31.08.2010 10:15     C:\Windows\Prefetch\Layout.ini --------- 777484  
 31.08.2010 00:30     C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf --------- 113968  
 31.08.2010 00:00     C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 16256  
 31.08.2010 00:00     C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 26936  
 30.08.2010 18:32     C:\Windows\Prefetch\WSTREAMRIPPER.EXE-1407CAD8.pf --------- 35110  
 30.08.2010 18:30     C:\Windows\Prefetch\WINAMP.EXE-97ED5809.pf --------- 217656  
 30.08.2010 17:44     C:\Windows\Prefetch\MBAM.EXE-CD3441D7.pf --------- 64464  
 30.08.2010 17:12     C:\Windows\Prefetch\FIREFOX.EXE-573E6C11.pf --------- 34018  
 30.08.2010 17:09     C:\Windows\Prefetch\ACROBAT.EXE-136339A1.pf --------- 118826  
 30.08.2010 15:54     C:\Windows\Prefetch\FNPLICENSINGSERVICE.EXE-8B3343A3.pf --------- 14606  
 30.08.2010 14:03     C:\Windows\Prefetch\JAVA.EXE-066C5985.pf --------- 77580  
 30.08.2010 14:03     C:\Windows\Prefetch\JP2LAUNCHER.EXE-713231C9.pf --------- 19700  
 30.08.2010 13:59     C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf --------- 215428  
 30.08.2010 01:00     C:\Windows\Prefetch\PING.EXE-B29F6629.pf --------- 12110  
 30.08.2010 01:00     C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf --------- 13362  
 30.08.2010 01:00     C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf --------- 111794  
 30.08.2010 01:00     C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf --------- 54886  
 30.08.2010 01:00     C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf --------- 13030  
 30.08.2010 01:00     C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf --------- 1284  
 30.08.2010 00:00     C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf --------- 878  
 29.08.2010 03:14     C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf --------- 14620  
 29.08.2010 03:14     C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 14448  
 27.08.2010 14:55     C:\Windows\Prefetch\WINWORD.EXE-6AC9169C.pf --------- 211188  
 27.08.2010 14:44     C:\Windows\Prefetch\DLLHOST.EXE-7D2183B8.pf --------- 20822  
 27.08.2010 10:43     C:\Windows\Prefetch\INDESIGN.EXE-EAB13AA9.pf --------- 234344  
 27.08.2010 10:41     C:\Windows\Prefetch\ILLUSTRATOR.EXE-8DB6CA02.pf --------- 247532  
 27.08.2010 02:30     C:\Windows\Prefetch\AITAGENT.EXE-AB818914.pf --------- 616  
 26.08.2010 18:11     C:\Windows\Prefetch\RUNDLL32.EXE-DBCD88C4.pf --------- 35034  
 26.08.2010 17:55     C:\Windows\Prefetch\PHOTOSHOP.EXE-9CA3ADFF.pf --------- 238378  
 26.08.2010 16:24     C:\Windows\Prefetch\HELPPANE.EXE-D1016F9E.pf --------- 58502  
 26.08.2010 14:05     C:\Windows\Prefetch\GALLERYMAKERE.EXE-BF8E42B7.pf --------- 39904  
 26.08.2010 14:05     C:\Windows\Prefetch\IS-BP8P3.TMP-82160143.pf --------- 31500  
 26.08.2010 14:05     C:\Windows\Prefetch\GALMAKENT.EXE-C49F2890.pf --------- 15654  
 26.08.2010 14:05     C:\Windows\Prefetch\TRUEIMAGEHOMESERVICE.EXE-9582E005.pf --------- 36892  
 26.08.2010 14:05     C:\Windows\Prefetch\TRUEIMAGEHOMENOTIFY.EXE-6695DB4D.pf --------- 28464  
 26.08.2010 13:24     C:\Windows\Prefetch\OFFICELIVESIGNIN.EXE-3E8ACCCB.pf --------- 14414  
 26.08.2010 13:24     C:\Windows\Prefetch\EXCEL.EXE-63933DC7.pf --------- 113064  
 26.08.2010 00:01     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 214754  
 25.08.2010 17:47     C:\Windows\Prefetch\DREAMWEAVER.EXE-F4501015.pf --------- 352444  
 25.08.2010 14:20     C:\Windows\Prefetch\I_VIEW32.EXE-C66B5A98.pf --------- 27508  
 25.08.2010 14:00     C:\Windows\Prefetch\MSPAINT.EXE-89BB51A7.pf --------- 44906  
 25.08.2010 13:56     C:\Windows\Prefetch\FINEEXEC.EXE-40B5EB8E.pf --------- 91724  
 25.08.2010 13:56     C:\Windows\Prefetch\FINERE~1.EXE-CE911363.pf --------- 150464  
 25.08.2010 12:24     C:\Windows\Prefetch\WMIAPSRV.EXE-576286C3.pf --------- 16400  
 25.08.2010 12:21     C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 71768  
 25.08.2010 11:09     C:\Windows\Prefetch\SIDEBAR.EXE-3A7B3FCC.pf --------- 61656  
 24.08.2010 16:15     C:\Windows\Prefetch\CALC.EXE-AC08706A.pf --------- 23358  
 24.08.2010 13:43     C:\Windows\Prefetch\SETHC.EXE-B64E7B06.pf --------- 18328  
 24.08.2010 12:54     C:\Windows\Prefetch\RUNDLL32.EXE-B40F8CA2.pf --------- 34730  
 24.08.2010 12:08     C:\Windows\Prefetch\RUNDLL32.EXE-FD629F3D.pf --------- 51842  
 24.08.2010 11:54     C:\Windows\Prefetch\FIREWORKS.EXE-BAD6680F.pf --------- 201780  
 24.08.2010 11:35     C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf --------- 12250  
 24.08.2010 08:48     C:\Windows\Prefetch\POWERCFG.EXE-37D2B69C.pf --------- 562  
 23.08.2010 18:49     C:\Windows\Prefetch\RUNDLL32.EXE-98C09AFC.pf --------- 52362  
 23.08.2010 17:28     C:\Windows\Prefetch\MAILPV.EXE-1C41F721.pf --------- 31998  
 22.08.2010 15:11     C:\Windows\Prefetch\PRL_REPORT.EXE-A95D01C9.pf --------- 34596  
 22.08.2010 15:11     C:\Windows\Prefetch\PRL_STAT.EXE-8CE3F7D9.pf --------- 64612  
 22.08.2010 15:11     C:\Windows\Prefetch\TASKLIST.EXE-9811F41E.pf --------- 19196  
 19.08.2010 15:04     C:\Windows\Prefetch\RUNDLL32.EXE-14F92548.pf --------- 41092  
 18.08.2010 15:07     C:\Windows\Prefetch\NIRCMD.CFXXE-734F129E.pf --------- 179180  
 18.08.2010 15:07     C:\Windows\Prefetch\PEV.CFXXE-1696C50C.pf --------- 118320  
 18.08.2010 15:06     C:\Windows\Prefetch\SED.CFXXE-8ADA8E01.pf --------- 5806  
 18.08.2010 15:06     C:\Windows\Prefetch\GREP.CFXXE-B42D9BFB.pf --------- 6658  
 18.08.2010 14:44     C:\Windows\Prefetch\MSIEXEC.EXE-B5AFA339.pf --------- 189126  
 18.08.2010 14:44     C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 19112  
 18.08.2010 14:32     C:\Windows\Prefetch\ReadyBoot --------- 0  
 18.08.2010 14:32     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 2352934  
 18.08.2010 14:29     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  
 11.08.2010 14:18     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1971459536-3496063487-1411823843-1000.snp.db --------- 979192  
 11.08.2010 13:07     C:\Windows\Prefetch\AgCx_SC3_C9888834.db --------- 370278  
 28.07.2010 15:50     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1971459536-3496063487-1411823843-500.db --------- 482913  
 28.07.2010 15:50     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1971459536-3496063487-1411823843-500.db --------- 105068  
 14.06.2010 17:28     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  
----------------------------------------

 
C:\Windows\Tasks

 18.08.2010 14:31     C:\Windows\Tasks\SA.DAT --------- 6  
 14.07.2009 06:53     C:\Windows\Tasks\SCHEDLGU.TXT --------- 11352  
----------------------------------------

 
C:\Windows\Temp

 31.08.2010 15:18     C:\Windows\Temp\bf21067acc5b0204e7c8d2ad.tmp --------- 1729027  
 31.08.2010 15:18     C:\Windows\Temp\40a5bb76270519b5a25af444.tmp --------- 435  
 31.08.2010 14:25     C:\Windows\Temp\fwtsqmfile00.sqm --------- 140  
 31.08.2010 13:38     C:\Windows\Temp\1c75e3691ed55d319fa99d2.tmp --------- 16  
 31.08.2010 12:51     C:\Windows\Temp\cc796bb31d376d95592f90b0.tmp --------- 17  
 31.08.2010 12:00     C:\Windows\Temp\93e0440537bd7e3c3238178.tmp --------- 16  
 31.08.2010 11:12     C:\Windows\Temp\e3a2e9beed12cd38578d7a3d.tmp --------- 16  
 31.08.2010 10:31     C:\Windows\Temp\7cb8923fb91537b63ad3d7e2.tmp --------- 3802  
 31.08.2010 10:31     C:\Windows\Temp\417c9343793eaee65b140cd9.tmp --------- 16  
 31.08.2010 09:28     C:\Windows\Temp\e939eb36e9fd1f9287373676.tmp --------- 17  
 31.08.2010 08:39     C:\Windows\Temp\e399164bf68f48ecfb850354.tmp --------- 14  
 31.08.2010 07:51     C:\Windows\Temp\892d05d7e2618585ae02fe26.tmp --------- 19  
 31.08.2010 06:59     C:\Windows\Temp\d82a5fe3ef76055591fa11a.tmp --------- 14  
 31.08.2010 06:09     C:\Windows\Temp\ae4218634fbfced0c7ddc047.tmp --------- 18  
 31.08.2010 05:20     C:\Windows\Temp\7e6dda55dcd00540314ee45.tmp --------- 17  
 31.08.2010 04:30     C:\Windows\Temp\4e084a4677305c1cd77475f.tmp --------- 19  
 31.08.2010 03:41     C:\Windows\Temp\962e38fccec6af89babee8d5.tmp --------- 18  
 31.08.2010 02:48     C:\Windows\Temp\8c9284a94dc72566216d603.tmp --------- 15  
 31.08.2010 01:58     C:\Windows\Temp\7fe49c4aa979cd87d6268859.tmp --------- 16  
 31.08.2010 01:10     C:\Windows\Temp\b071756f93ddf77ace3713e.tmp --------- 19  
 31.08.2010 00:18     C:\Windows\Temp\b1140127c0ece1343136a72c.tmp --------- 12  
 30.08.2010 23:29     C:\Windows\Temp\b05faa7bcfbd61c320e2ec6a.tmp --------- 15  
 30.08.2010 22:41     C:\Windows\Temp\cf8222c9f31734a13c04095.tmp --------- 16  
 30.08.2010 21:49     C:\Windows\Temp\2577d98ff7867ae031973131.tmp --------- 17  
 30.08.2010 21:05     C:\Windows\Temp\abb92f044371686b687780e1.tmp --------- 15  
 30.08.2010 20:09     C:\Windows\Temp\58fb28b7237930581e0c2b60.tmp --------- 16  
 30.08.2010 19:18     C:\Windows\Temp\271d2ebcdb96b5c113c50810.tmp --------- 17  
 30.08.2010 18:32     C:\Windows\Temp\98e2ef2e5cfc4b03ad8d24e9.tmp --------- 18  
 30.08.2010 17:37     C:\Windows\Temp\5188c81c7d9e7fd19f289223.tmp --------- 16  
 30.08.2010 16:52     C:\Windows\Temp\1f51b0d9341142cbafa8662a.tmp --------- 14  
 30.08.2010 16:01     C:\Windows\Temp\417d82061c8755ef142cdcd8.tmp --------- 16  
 30.08.2010 15:11     C:\Windows\Temp\91fbe255fa6bf015ede9c2ae.tmp --------- 17  
 30.08.2010 14:24     C:\Windows\Temp\8744ed34feba41c21a61170e.tmp --------- 19  
 30.08.2010 13:27     C:\Windows\Temp\699248619c91f02f5a5e707.tmp --------- 18  
 30.08.2010 13:24     C:\Windows\Temp\e4fe9cfb75500e8f91f1187d.tmp --------- 3808  
 30.08.2010 11:49     C:\Windows\Temp\e0baf5b05a79e284f8c02b94.tmp --------- 424  
 30.08.2010 10:58     C:\Windows\Temp\9749cb8358dd2d03d93f5a43.tmp --------- 16  
 30.08.2010 10:08     C:\Windows\Temp\d1b84b0ccbcd50c61428445b.tmp --------- 16  
 30.08.2010 09:22     C:\Windows\Temp\da7a40a08d7d3f9d913893cb.tmp --------- 16  
 30.08.2010 08:27     C:\Windows\Temp\de7f7f1db697560a9e081d10.tmp --------- 16  
 30.08.2010 07:43     C:\Windows\Temp\798e0da236e55100a52c4ae3.tmp --------- 15  
 30.08.2010 06:51     C:\Windows\Temp\a2b9a9615fc40f683a377ce8.tmp --------- 17  
 30.08.2010 05:58     C:\Windows\Temp\bd1a2ac55f4ce741581cdf49.tmp --------- 15  
 30.08.2010 05:09     C:\Windows\Temp\212faf22b29257dce0df0273.tmp --------- 16  
 30.08.2010 04:19     C:\Windows\Temp\17fefa08770e1781df2605fc.tmp --------- 17  
 30.08.2010 03:28     C:\Windows\Temp\6f27492de9ad43d591c3c21f.tmp --------- 18  
 30.08.2010 02:37     C:\Windows\Temp\68a2a05496c71de59ef758ee.tmp --------- 16  
 30.08.2010 01:50     C:\Windows\Temp\f135748f2a4b43a91eb95b75.tmp --------- 15  
 30.08.2010 01:01     C:\Windows\Temp\6a71d306309637fce7568e7e.tmp --------- 14  
 30.08.2010 00:09     C:\Windows\Temp\aae411f6b8965304afcdb7d9.tmp --------- 17  
 29.08.2010 23:22     C:\Windows\Temp\fb10c4aab713e259f9d02079.tmp --------- 16  
 29.08.2010 22:30     C:\Windows\Temp\7fd8d4eca9d14e8e28de63c2.tmp --------- 18  
 29.08.2010 21:40     C:\Windows\Temp\8f8827c2073b34f3f39b999.tmp --------- 16  
 29.08.2010 20:49     C:\Windows\Temp\1437b4b9c8db3dfb5d7ea1ee.tmp --------- 17  
 29.08.2010 19:57     C:\Windows\Temp\1dbccf9125e6a94f9c7b6e80.tmp --------- 17  
 29.08.2010 19:08     C:\Windows\Temp\861c7699b69e23d4b13a3430.tmp --------- 16  
 29.08.2010 18:17     C:\Windows\Temp\aa9f1483a34ef593a0da3d1f.tmp --------- 15  
 29.08.2010 17:27     C:\Windows\Temp\4ea08d969e4503026e7968e.tmp --------- 16  
 29.08.2010 16:40     C:\Windows\Temp\a5593b988f746f8a625a36e.tmp --------- 15  
 29.08.2010 15:48     C:\Windows\Temp\ccc64ef72281afa6def2451f.tmp --------- 17  
 29.08.2010 15:02     C:\Windows\Temp\ea0d8c1ac115b320545b5b0b.tmp --------- 13  
 29.08.2010 14:15     C:\Windows\Temp\945817639ea9b105bf71452a.tmp --------- 16  
 29.08.2010 13:20     C:\Windows\Temp\f9565ef65d5df2ff7db6b7da.tmp --------- 16  
 29.08.2010 12:30     C:\Windows\Temp\d0d475e35048ece6c1f2f29b.tmp --------- 16  
 29.08.2010 11:39     C:\Windows\Temp\f4c473c2d826b9b0e14af0a7.tmp --------- 18  
 29.08.2010 11:33     C:\Windows\Temp\749d464e475051df59de7c5.tmp --------- 3805  
 29.08.2010 11:33     C:\Windows\Temp\8aaac373af231acd3f2563c6.tmp --------- 16  
 29.08.2010 10:39     C:\Windows\Temp\925d2ae3684c2e717b4c2cc5.tmp --------- 20  
 29.08.2010 10:09     C:\Windows\Temp\4d644bf7ae702204938cc8e6.tmp --------- 15  
 29.08.2010 09:38     C:\Windows\Temp\805439d297dfa8c86224704.tmp --------- 17  
 29.08.2010 09:07     C:\Windows\Temp\a5e4240cbebabcb453a74216.tmp --------- 14  
 29.08.2010 08:37     C:\Windows\Temp\78234b04b42617e647b4410.tmp --------- 20  
 29.08.2010 08:19     C:\Windows\Temp\b1f575e6d4e9bfe16c8f71f7.tmp --------- 22  
 29.08.2010 07:38     C:\Windows\Temp\d071a9501bdce71a9730cac.tmp --------- 19  
 29.08.2010 07:09     C:\Windows\Temp\68157651142ee3e6fd5b5ad3.tmp --------- 17  
 29.08.2010 06:40     C:\Windows\Temp\4ced638164378e12b943905e.tmp --------- 19  
 29.08.2010 06:08     C:\Windows\Temp\858c4a37718cbb1fb2fc6c1f.tmp --------- 15  
 29.08.2010 05:38     C:\Windows\Temp\eef708955fd737d0c3404280.tmp --------- 20  
 29.08.2010 05:13     C:\Windows\Temp\45dd84b9d80d639bb616dbd.tmp --------- 14  
 29.08.2010 04:37     C:\Windows\Temp\a0ea53bacce09166d14a788.tmp --------- 15  
 29.08.2010 04:09     C:\Windows\Temp\158ec3b81205d9dcbd8d6a5.tmp --------- 20  
 29.08.2010 03:39     C:\Windows\Temp\6a637d119f28467e39fc190d.tmp --------- 15  
 29.08.2010 03:08     C:\Windows\Temp\64c6fc4a7c186e0746c78c6d.tmp --------- 18  
 29.08.2010 02:37     C:\Windows\Temp\ad0945bfa020e31c61da1e5.tmp --------- 19  
 29.08.2010 02:14     C:\Windows\Temp\92c1305a5b1836571643393.tmp --------- 15  
 29.08.2010 01:37     C:\Windows\Temp\4ebbc75e282ca01332f43ef3.tmp --------- 17  
 29.08.2010 01:11     C:\Windows\Temp\3dd087384e9181b0dffd2c74.tmp --------- 15  
 29.08.2010 00:37     C:\Windows\Temp\1d742b8a5bd3f131b1150719.tmp --------- 15  
 29.08.2010 00:07     C:\Windows\Temp\43c84a3630f62a03decbe45e.tmp --------- 17  
 28.08.2010 23:39     C:\Windows\Temp\8fbcc881aa634c04d532d495.tmp --------- 15  
 28.08.2010 23:08     C:\Windows\Temp\1a27ed5bd40f0ea4e01185c2.tmp --------- 15  
 28.08.2010 22:39     C:\Windows\Temp\850fc7c870ea874b7fc2db1.tmp --------- 20  
 28.08.2010 22:08     C:\Windows\Temp\ba0f89085e3a7f338b578138.tmp --------- 16  
 28.08.2010 21:39     C:\Windows\Temp\96d99d056f30fa3de0cfceeb.tmp --------- 15  
 28.08.2010 21:08     C:\Windows\Temp\e0abc3e6d08be0c5d9c33f12.tmp --------- 17  
 28.08.2010 20:43     C:\Windows\Temp\3fa1ad0ea4ffc2743fdffd18.tmp --------- 18  
 28.08.2010 20:12     C:\Windows\Temp\581a8338dfc689b48f5e8ec8.tmp --------- 17  
 28.08.2010 19:39     C:\Windows\Temp\40052bad337bae72aa40c8b4.tmp --------- 15  
 28.08.2010 19:09     C:\Windows\Temp\635459d14f1ebf14cb590ca8.tmp --------- 17  
 28.08.2010 18:40     C:\Windows\Temp\edb558936cd6ddaba0837ef3.tmp --------- 17  
 28.08.2010 18:13     C:\Windows\Temp\d4e2e4a0563691ed9d22fc2.tmp --------- 16  
 28.08.2010 17:39     C:\Windows\Temp\19d7efdd8cff99c5dd45f10b.tmp --------- 15  
 28.08.2010 17:13     C:\Windows\Temp\286b51ebea806072fddd36a5.tmp --------- 15  
 28.08.2010 16:38     C:\Windows\Temp\c61e44f393bffc04ca0a6097.tmp --------- 17  
 28.08.2010 16:13     C:\Windows\Temp\c1f90915e538de13fac9fd1.tmp --------- 14  
 28.08.2010 15:44     C:\Windows\Temp\c49a01704de28bf4d7dfe94.tmp --------- 20  
 28.08.2010 15:07     C:\Windows\Temp\5f1e82d8913ceb29f2fcbb15.tmp --------- 21  
 28.08.2010 14:44     C:\Windows\Temp\1b198841d1fbb017d8e35ac8.tmp --------- 16  
 28.08.2010 14:15     C:\Windows\Temp\cd8b1052110ff7668a26da5d.tmp --------- 3929  
 28.08.2010 14:15     C:\Windows\Temp\aa96bc504e7518fbb3de8675.tmp --------- 2157  
 28.08.2010 09:39     C:\Windows\Temp\1744d4931cadf7a17b9e6027.tmp --------- 756  
 28.08.2010 09:08     C:\Windows\Temp\a83f8a8a598ea93bfafdfb01.tmp --------- 20  
 28.08.2010 08:38     C:\Windows\Temp\c8a5a720edda8c87b8674e30.tmp --------- 19  
 28.08.2010 08:07     C:\Windows\Temp\bae066162d1c531d8b798101.tmp --------- 14  
 28.08.2010 07:39     C:\Windows\Temp\d50bb615c55a702df117ad4.tmp --------- 14  
 28.08.2010 07:09     C:\Windows\Temp\2d0c5fa142f8f5e87d0bda6.tmp --------- 17  
 28.08.2010 06:39     C:\Windows\Temp\b75c01fda23195799cb8f17d.tmp --------- 18  
 28.08.2010 06:09     C:\Windows\Temp\abaff262a34810357b2a5521.tmp --------- 20  
 28.08.2010 05:37     C:\Windows\Temp\58b89054b54b516e6ecd9ef2.tmp --------- 17  
 28.08.2010 05:10     C:\Windows\Temp\39eb33c4721eafbfcde930d.tmp --------- 19  
 28.08.2010 04:40     C:\Windows\Temp\76e12f4d75339bcef95e152a.tmp --------- 15  
 28.08.2010 04:10     C:\Windows\Temp\65ee34dbba20f5cc57e16280.tmp --------- 18  
 28.08.2010 03:40     C:\Windows\Temp\a48e07f3b5c375050d7e2b5.tmp --------- 16  
 28.08.2010 03:08     C:\Windows\Temp\5b87a5165ddf8b515256bfb4.tmp --------- 14  
 28.08.2010 02:38     C:\Windows\Temp\d5853e9cae2b889868df6e8f.tmp --------- 19  
 28.08.2010 02:10     C:\Windows\Temp\da39c0723d5662a64882cb03.tmp --------- 18  
 28.08.2010 01:39     C:\Windows\Temp\b861420756e3e9786ca932e.tmp --------- 16  
 28.08.2010 01:08     C:\Windows\Temp\7680afda793b420ae366e44d.tmp --------- 20  
 28.08.2010 00:37     C:\Windows\Temp\4af7db6fb2ce4c2ed5b6bd48.tmp --------- 20  
 28.08.2010 00:28     C:\Windows\Temp\ddb7c0f56971551eb7d87178.tmp --------- 19  
 27.08.2010 23:42     C:\Windows\Temp\ec2eb2a19c812a0438944b2.tmp --------- 18  
 27.08.2010 23:08     C:\Windows\Temp\69bcc94199e6bb76c73defe2.tmp --------- 19  
 27.08.2010 22:39     C:\Windows\Temp\14910e5c15d1f5d8362d409f.tmp --------- 16  
 27.08.2010 22:08     C:\Windows\Temp\2fa2a6e05018522ea869836a.tmp --------- 19  
 27.08.2010 21:37     C:\Windows\Temp\558dbc757e8199ea36f9452.tmp --------- 14  
 27.08.2010 21:09     C:\Windows\Temp\e2f2b79a40995e75914c32a0.tmp --------- 22  
 27.08.2010 20:39     C:\Windows\Temp\2756c990ad1d1cb1cb846f18.tmp --------- 14  
 27.08.2010 20:09     C:\Windows\Temp\1bacf8e53d786d2fa5036f6b.tmp --------- 16  
 27.08.2010 19:37     C:\Windows\Temp\ead5d855b32efd5ffa856506.tmp --------- 19  
 27.08.2010 19:13     C:\Windows\Temp\28c0d6cdacc8da3b3f5a3e7f.tmp --------- 17  
 27.08.2010 18:38     C:\Windows\Temp\b28ef9d68772fa275843d44f.tmp --------- 18  
 27.08.2010 18:09     C:\Windows\Temp\3cf0dc2a8ccda4effdc1defe.tmp --------- 16  
 27.08.2010 17:38     C:\Windows\Temp\9114a7167868d34922344b79.tmp --------- 19  
 27.08.2010 17:07     C:\Windows\Temp\5f25d48f892d4f4acc8dd29f.tmp --------- 15  
 27.08.2010 16:39     C:\Windows\Temp\99ac9fe0bf5bbc0cc78f7659.tmp --------- 17  
 27.08.2010 16:14     C:\Windows\Temp\b2fc838a55c9da0a48fcccd.tmp --------- 16  
 27.08.2010 15:42     C:\Windows\Temp\fc38cd6749163f7684aed12.tmp --------- 14  
 27.08.2010 15:09     C:\Windows\Temp\a15fd70ee2e524658c9cb742.tmp --------- 18  
 27.08.2010 14:44     C:\Windows\Temp\ffcffca4777b1a81d0718a35.tmp --------- 17  
 27.08.2010 14:13     C:\Windows\Temp\9a92e07acf8d7181cb47e458.tmp --------- 17  
 27.08.2010 13:39     C:\Windows\Temp\f49881f924b3b5b99057b2c.tmp --------- 16  
 27.08.2010 13:09     C:\Windows\Temp\6c7002822230a9c55a7cf7f6.tmp --------- 17  
 27.08.2010 12:42     C:\Windows\Temp\4ea43e604aeab4aee2386146.tmp --------- 20  
 27.08.2010 12:15     C:\Windows\Temp\ab3a6dda84a0cada9ccab4fa.tmp --------- 16  
 27.08.2010 11:37     C:\Windows\Temp\69fd7072500c4ae719c64efd.tmp --------- 15  
 27.08.2010 11:09     C:\Windows\Temp\b35bba2d37dd4dc488ea36e2.tmp --------- 17  
 27.08.2010 10:38     C:\Windows\Temp\cbd5edd0d7beafa08b22d936.tmp --------- 18  
 27.08.2010 10:09     C:\Windows\Temp\161d68904c12916a574e20b8.tmp --------- 13  
 27.08.2010 09:42     C:\Windows\Temp\5fecd99f9bfd3da71a3d4133.tmp --------- 17  
 27.08.2010 09:07     C:\Windows\Temp\833fddd0a17129153afac619.tmp --------- 16  
 27.08.2010 08:42     C:\Windows\Temp\16ef5faa9c7f282851a47482.tmp --------- 15  
 27.08.2010 08:32     C:\Windows\Temp\3e656be5ca620c5749de3d34.tmp --------- 579  
 27.08.2010 08:32     C:\Windows\Temp\c21ca999370392ed6083b93.tmp --------- 3619  
 27.08.2010 08:32     C:\Windows\Temp\26400a7a2095f42736c48e8.tmp --------- 1977  
 27.08.2010 08:15     C:\Windows\Temp\7d653bc44c027f7355333808.tmp --------- 16  
 27.08.2010 07:40     C:\Windows\Temp\9ffee225e4e35f124d17a42b.tmp --------- 17  
 27.08.2010 07:15     C:\Windows\Temp\bc70a3399b90c7b29e164f6b.tmp --------- 19  
 27.08.2010 06:41     C:\Windows\Temp\96f9b6ef2d998f3e4b46ee.tmp --------- 19  
 27.08.2010 06:07     C:\Windows\Temp\12812f073063e1fb189049b5.tmp --------- 17  
 27.08.2010 05:48     C:\Windows\Temp\b7ba2df9762220216d5660.tmp --------- 21  
 27.08.2010 05:10     C:\Windows\Temp\3f8952eb860f863526fc4b88.tmp --------- 18  
 27.08.2010 04:41     C:\Windows\Temp\78d27b286fa1e41e5b21692.tmp --------- 17  
 27.08.2010 04:08     C:\Windows\Temp\2ced0f6955d241d841a8a517.tmp --------- 15  
 27.08.2010 03:42     C:\Windows\Temp\fd525ba94e5ead274e5786a5.tmp --------- 16  
 27.08.2010 03:07     C:\Windows\Temp\25cff290bc236156662d9709.tmp --------- 21  
 27.08.2010 02:38     C:\Windows\Temp\f08c334dccb5f6bac52eef57.tmp --------- 19  
 27.08.2010 02:08     C:\Windows\Temp\bffed016e20bef29e3cf461e.tmp --------- 15  
 27.08.2010 01:45     C:\Windows\Temp\4d2d0872c23019e4ebffcab.tmp --------- 14  
 27.08.2010 01:08     C:\Windows\Temp\6af69a8f2b0d49e81584b486.tmp --------- 15  
 27.08.2010 00:40     C:\Windows\Temp\10a08dd0d204773dba500ff.tmp --------- 19  
 27.08.2010 00:12     C:\Windows\Temp\5a3476c9a44489ff8ee0f2ed.tmp --------- 19  
 26.08.2010 23:38     C:\Windows\Temp\bb78c7381ab6944ce287455.tmp --------- 16  
 26.08.2010 23:09     C:\Windows\Temp\a862716047bb6f77bb21193c.tmp --------- 19  
 26.08.2010 22:38     C:\Windows\Temp\9cbc0b3c16120fde1712cbc8.tmp --------- 17  
 26.08.2010 22:08     C:\Windows\Temp\3602656597c19117dc7ddd6d.tmp --------- 16  
 26.08.2010 21:38     C:\Windows\Temp\e9d4e21ea6e858a9a332bb3f.tmp --------- 20  
 26.08.2010 21:07     C:\Windows\Temp\f7f01324a4d7dc95d9bb691c.tmp --------- 14  
 26.08.2010 20:37     C:\Windows\Temp\18cd1a18a6ce55b12f1edd3a.tmp --------- 16  
 26.08.2010 20:08     C:\Windows\Temp\d3cb709ff862086849531a73.tmp --------- 20  
 26.08.2010 19:40     C:\Windows\Temp\2432c4a56954798dae0ea18.tmp --------- 16  
 26.08.2010 19:15     C:\Windows\Temp\c7a067d94060f635e44dcd05.tmp --------- 21  
 26.08.2010 18:37     C:\Windows\Temp\9110d0d1f27134904190329b.tmp --------- 18  
 26.08.2010 18:07     C:\Windows\Temp\f8e868d49ed8635fd80f96ab.tmp --------- 15  
 26.08.2010 17:38     C:\Windows\Temp\c92c9b06f401a3197eaaf5b3.tmp --------- 16  
 26.08.2010 17:09     C:\Windows\Temp\ce574044579dfa9a7d56f3cc.tmp --------- 16  
 26.08.2010 16:38     C:\Windows\Temp\5013f05d270c34bf2a8e68ed.tmp --------- 19  
 26.08.2010 16:10     C:\Windows\Temp\19f19487d8a6c65e56c7ea64.tmp --------- 14  
 26.08.2010 15:39     C:\Windows\Temp\f90004ffa6525d99545fc1a6.tmp --------- 25  
 26.08.2010 15:08     C:\Windows\Temp\45f5fa7ed042334facfd1c59.tmp --------- 18  
 26.08.2010 14:38     C:\Windows\Temp\ea8b5c6a122214d479e914f3.tmp --------- 16  
 26.08.2010 14:10     C:\Windows\Temp\40a639d74d086bb83b4d296d.tmp --------- 20  
 26.08.2010 13:53     C:\Windows\Temp\516ccab32a44d82c4a05a5c9.tmp --------- 16  
 26.08.2010 13:09     C:\Windows\Temp\d919cebb6254525ca53754a.tmp --------- 17  
 26.08.2010 12:40     C:\Windows\Temp\896294c7ae0e59b6896d2125.tmp --------- 12  
 26.08.2010 12:10     C:\Windows\Temp\e222fc84529e2daeb6416599.tmp --------- 18  
 26.08.2010 11:38     C:\Windows\Temp\6d20c4c8498d574ee1807c.tmp --------- 18  
 26.08.2010 11:08     C:\Windows\Temp\8e7eafc2d6561da2527dee32.tmp --------- 17  
 26.08.2010 10:39     C:\Windows\Temp\287378f5cc5fceea71f8897d.tmp --------- 13  
 26.08.2010 10:08     C:\Windows\Temp\f63ad971a59536e09615c5d3.tmp --------- 15  
 26.08.2010 09:37     C:\Windows\Temp\f03c9255cb02ea1808ec0.tmp --------- 17  
 26.08.2010 09:09     C:\Windows\Temp\98285d4d31fad9565a503cf.tmp --------- 22  
 26.08.2010 08:37     C:\Windows\Temp\d166124f159f320bab5ca573.tmp --------- 21  
 26.08.2010 08:08     C:\Windows\Temp\97d0e6192c75300b49596300.tmp --------- 17  
 26.08.2010 07:39     C:\Windows\Temp\ed11237375cf82f760de259.tmp --------- 19  
 26.08.2010 07:08     C:\Windows\Temp\6f1dcb6a702e39d4d130705f.tmp --------- 16  
 26.08.2010 06:39     C:\Windows\Temp\7a0f8991512d336dac406be9.tmp --------- 18  
 26.08.2010 06:07     C:\Windows\Temp\472d904beedbc6b22d01dac1.tmp --------- 17  
 26.08.2010 05:42     C:\Windows\Temp\3677b2d63e9947d98acc9b65.tmp --------- 15  
 26.08.2010 05:09     C:\Windows\Temp\279cb6b7b7629629662ba71e.tmp --------- 14  
 26.08.2010 04:38     C:\Windows\Temp\19b7f2fd35c37604327987a7.tmp --------- 15  
 26.08.2010 04:12     C:\Windows\Temp\723a4b9bad3f7c2fb3a44f9f.tmp --------- 17  
 26.08.2010 03:38     C:\Windows\Temp\365106768f54094f5c254343.tmp --------- 17  
 26.08.2010 03:12     C:\Windows\Temp\c8fe722d2449af49e707ab54.tmp --------- 20  
 26.08.2010 02:37     C:\Windows\Temp\4a23686d67b73f722f127252.tmp --------- 18  
 26.08.2010 02:09     C:\Windows\Temp\5998f5b118d9a2761d65b03e.tmp --------- 17  
 26.08.2010 01:38     C:\Windows\Temp\1c591842e51fe647fefeaa69.tmp --------- 17  
 26.08.2010 01:09     C:\Windows\Temp\95213132901cbe6289b554e0.tmp --------- 17  
 26.08.2010 00:39     C:\Windows\Temp\ab01ef9e84fb28a1a378282b.tmp --------- 17  
 26.08.2010 00:11     C:\Windows\Temp\17b9eef1fde4998a5c1f134c.tmp --------- 19  
 25.08.2010 23:40     C:\Windows\Temp\83ae1c51f4a5e03476d33e2.tmp --------- 15  
 25.08.2010 23:09     C:\Windows\Temp\8b60c61b6d48865681312272.tmp --------- 16  
 25.08.2010 22:40     C:\Windows\Temp\825294a0a5840651fd49648e.tmp --------- 19  
 25.08.2010 22:09     C:\Windows\Temp\2ce2974082c469f83930e309.tmp --------- 15  
 25.08.2010 21:37     C:\Windows\Temp\38529a42a09099a3a60b90ae.tmp --------- 15  
 25.08.2010 21:07     C:\Windows\Temp\f3d2a9b7506e00c8c40b1640.tmp --------- 17  
 25.08.2010 20:39     C:\Windows\Temp\14fb53bb754b093aa33803a3.tmp --------- 13  
 25.08.2010 20:08     C:\Windows\Temp\96b3789e799b8aef44cb0906.tmp --------- 19  
 25.08.2010 19:39     C:\Windows\Temp\90ba0bee82c45eab9868b3f.tmp --------- 17  
 25.08.2010 19:07     C:\Windows\Temp\1a37b226362fb1d8983c479c.tmp --------- 20  
 25.08.2010 18:38     C:\Windows\Temp\72bbcc18cdf92692e22196a2.tmp --------- 15  
 25.08.2010 18:07     C:\Windows\Temp\e35bce20befe380b3a6661e6.tmp --------- 16  
 25.08.2010 17:38     C:\Windows\Temp\72622a29bea8a101b90f83b1.tmp --------- 15  
 25.08.2010 17:07     C:\Windows\Temp\45f014d06bc1d10946800bb1.tmp --------- 15  
 25.08.2010 16:41     C:\Windows\Temp\c9c9a4ccedb81a259cdf9328.tmp --------- 14  
 25.08.2010 16:06     C:\Windows\Temp\db954bdd7061beebd077af29.tmp --------- 18  
 25.08.2010 15:42     C:\Windows\Temp\eb22594c6f025e0481762110.tmp --------- 16  
 25.08.2010 15:08     C:\Windows\Temp\6289805ad6111c24f8969b73.tmp --------- 17  
 25.08.2010 14:39     C:\Windows\Temp\f4c26c663fe966eb734ff808.tmp --------- 16  
 25.08.2010 14:09     C:\Windows\Temp\686164b99e4288cd2950ebd3.tmp --------- 16  
 25.08.2010 13:38     C:\Windows\Temp\942d5da589ae9785a00aaad9.tmp --------- 16  
 25.08.2010 13:09     C:\Windows\Temp\856e30dd77d7e015e75ec629.tmp --------- 17  
 25.08.2010 12:38     C:\Windows\Temp\7bb280d7111b0132e84055.tmp --------- 15  
 25.08.2010 12:08     C:\Windows\Temp\7c77b7ae1f156fc57fe8889.tmp --------- 18  
 25.08.2010 11:39     C:\Windows\Temp\89804793ab09f03c788d2109.tmp --------- 15  
 25.08.2010 11:10     C:\Windows\Temp\2116c7fe98a750e6f38c8169.tmp --------- 19  
 25.08.2010 10:37     C:\Windows\Temp\a1193489db64e459b4a6bf23.tmp --------- 18  
 25.08.2010 10:10     C:\Windows\Temp\cfb181dc6015b976946c632.tmp --------- 15  
 25.08.2010 09:45     C:\Windows\Temp\91c3a9e187503332ea6acff6.tmp --------- 3658  
 25.08.2010 09:45     C:\Windows\Temp\afcae0fc6403337a32e64647.tmp --------- 18  
 25.08.2010 09:45     C:\Windows\Temp\71202e6d89876d609e5d6c42.tmp --------- 1885  
 25.08.2010 09:08     C:\Windows\Temp\c9ec8faf8eca57967e15f769.tmp --------- 15  
 25.08.2010 08:38     C:\Windows\Temp\e2099f949273d273939f1446.tmp --------- 18  
 25.08.2010 08:09     C:\Windows\Temp\312eac00103e2cb92179a24b.tmp --------- 17  
 25.08.2010 07:38     C:\Windows\Temp\5ee9e5bb92e6594be257bb8.tmp --------- 15  
 25.08.2010 07:14     C:\Windows\Temp\d64914c4ac9d2d7ed7a4c43b.tmp --------- 22  
 25.08.2010 06:38     C:\Windows\Temp\22794b4d936a1eab10ff6b5.tmp --------- 17  
 25.08.2010 06:09     C:\Windows\Temp\e0b91619501bcc0bdb8b0b2f.tmp --------- 19  
 25.08.2010 05:38     C:\Windows\Temp\5350e6c488a2b5dcccbe3d54.tmp --------- 16  
 25.08.2010 05:09     C:\Windows\Temp\8849519038894e4ff5c3a160.tmp --------- 17  
 25.08.2010 04:39     C:\Windows\Temp\4da4ceecf31398c42d6dd2de.tmp --------- 19  
 25.08.2010 04:08     C:\Windows\Temp\f7c0b7ee49371d5197b4c9e3.tmp --------- 20  
 25.08.2010 03:38     C:\Windows\Temp\889ab23cd9b560c3a1ce2e25.tmp --------- 18  
 25.08.2010 03:09     C:\Windows\Temp\f2f043c48f8419bd5be8f00.tmp --------- 15  
 25.08.2010 02:43     C:\Windows\Temp\b0537e76da227f68df5a5142.tmp --------- 20  
 25.08.2010 02:09     C:\Windows\Temp\524ca620b0281c08edf15da8.tmp --------- 18  
 25.08.2010 01:38     C:\Windows\Temp\d329c1704e154c77b45f5322.tmp --------- 17  
 25.08.2010 01:08     C:\Windows\Temp\d8ce96e9c91a245d5b7524c9.tmp --------- 19  
 25.08.2010 00:39     C:\Windows\Temp\52356e0f31a56b018c00b240.tmp --------- 19  
 25.08.2010 00:08     C:\Windows\Temp\9a304931eec4f4e64a7558fd.tmp --------- 18  
 24.08.2010 23:39     C:\Windows\Temp\97aafff06bd6095e2ad3599f.tmp --------- 15  
 24.08.2010 23:08     C:\Windows\Temp\a50109acfe37044adf419928.tmp --------- 16  
 24.08.2010 22:38     C:\Windows\Temp\c00f5d2ed9152606461db0c4.tmp --------- 21  
 24.08.2010 22:09     C:\Windows\Temp\15b98e5f797ccd57acbbdf93.tmp --------- 16  
 24.08.2010 21:40     C:\Windows\Temp\d0f40f8c6f68f9bf28fc62b5.tmp --------- 16  
 24.08.2010 21:08     C:\Windows\Temp\3dad5b5c4e1137408fecf590.tmp --------- 17  
 24.08.2010 20:39     C:\Windows\Temp\7afbd21c94f2946393b887ad.tmp --------- 18  
 24.08.2010 20:14     C:\Windows\Temp\23432a8c1d6603e6d145c019.tmp --------- 19  
 24.08.2010 19:39     C:\Windows\Temp\4bf8b686693b1b71b1d8b43d.tmp --------- 14  
 24.08.2010 19:11     C:\Windows\Temp\1ae18482ae5aa0026e9421c.tmp --------- 19  
 24.08.2010 18:39     C:\Windows\Temp\3ad7dc4ae38011d6dc9e6512.tmp --------- 16  
 24.08.2010 18:10     C:\Windows\Temp\779d21e11e57ef3ae4fb8d3.tmp --------- 3630  
 24.08.2010 18:10     C:\Windows\Temp\b89e510c7289566931580900.tmp --------- 1973  
 24.08.2010 10:39     C:\Windows\Temp\d019d91eecfc0e3dfc1db2d6.tmp --------- 744  
 24.08.2010 10:09     C:\Windows\Temp\9693d934665e817eb917b20f.tmp --------- 18  
 24.08.2010 09:45     C:\Windows\Temp\722bf346e2a1066774bceddc.tmp --------- 15  
 24.08.2010 09:09     C:\Windows\Temp\e47b697ee2b4e859a258ac32.tmp --------- 17  
 24.08.2010 08:38     C:\Windows\Temp\1d55e522deb39bd4c704433d.tmp --------- 15  
 24.08.2010 08:10     C:\Windows\Temp\c7eccca891210de4c0bf8ab7.tmp --------- 22  
 24.08.2010 07:38     C:\Windows\Temp\75e8d6d3c435c60acac32934.tmp --------- 16  
 24.08.2010 07:08     C:\Windows\Temp\141931ccb4a14f4eff621c6d.tmp --------- 16  
 24.08.2010 06:39     C:\Windows\Temp\f37edb0449cceb0a5407713e.tmp --------- 15  
 24.08.2010 06:09     C:\Windows\Temp\7a99e01fdb3a1c196ffc46a0.tmp --------- 13  
 24.08.2010 05:38     C:\Windows\Temp\cf0a804ac3e04f1fe6db8821.tmp --------- 14  
 24.08.2010 05:15     C:\Windows\Temp\f0cf2dba408b7dc693406a6a.tmp --------- 18  
 24.08.2010 04:38     C:\Windows\Temp\d6c74c01439d67409a32e472.tmp --------- 17  
 24.08.2010 04:09     C:\Windows\Temp\4e32fbad7234161ad7b219bd.tmp --------- 15  
 24.08.2010 03:38     C:\Windows\Temp\e263734227bf3d1cdd6aa22f.tmp --------- 15  
 24.08.2010 03:08     C:\Windows\Temp\f3fabbcb61de349122ddd119.tmp --------- 15  
 24.08.2010 02:42     C:\Windows\Temp\e52e3c80fc4666091f010e6.tmp --------- 13  
 24.08.2010 02:12     C:\Windows\Temp\ccdd7b247a9b7bbcd12aa29.tmp --------- 15  
 24.08.2010 01:42     C:\Windows\Temp\c0918c82e80b9fb217c9a55e.tmp --------- 21  
 24.08.2010 01:12     C:\Windows\Temp\dc3dd922b1ecc34bca79c07d.tmp --------- 17  
 24.08.2010 00:37     C:\Windows\Temp\394519173b2b85e56970ad71.tmp --------- 15  
 24.08.2010 00:10     C:\Windows\Temp\ee4dbb8585d8148b0545baf.tmp --------- 18  
 23.08.2010 23:42     C:\Windows\Temp\9a46bd31285368cf654d1310.tmp --------- 20  
 23.08.2010 23:09     C:\Windows\Temp\799dca7eec9cf59de7b22e51.tmp --------- 18  
 23.08.2010 22:39     C:\Windows\Temp\eccf3611e206593d854a8194.tmp --------- 19  
 23.08.2010 22:10     C:\Windows\Temp\962d6d7653d8488906b444b.tmp --------- 17  
 23.08.2010 21:41     C:\Windows\Temp\b4b71827c2d1730c8991ef47.tmp --------- 18  
 23.08.2010 21:13     C:\Windows\Temp\a2b49d3b7819008c2234d92c.tmp --------- 17  
 23.08.2010 20:39     C:\Windows\Temp\69bcee11761752a5c6d4449a.tmp --------- 19  
 23.08.2010 20:10     C:\Windows\Temp\c5c7a0c64207ad158cdc07ee.tmp --------- 18  
 23.08.2010 19:39     C:\Windows\Temp\ba9c2d9a43e6d6855bff67dc.tmp --------- 15  
 23.08.2010 19:10     C:\Windows\Temp\b45324602e4d5fd4bcded50.tmp --------- 19  
 23.08.2010 18:40     C:\Windows\Temp\4ba99a0ba88c9ea6c5f06c93.tmp --------- 17  
 23.08.2010 18:09     C:\Windows\Temp\b06503c2f4b5162eebba539e.tmp --------- 19  
 23.08.2010 17:39     C:\Windows\Temp\70f26435fb2659ab808e6d31.tmp --------- 14  
 23.08.2010 17:08     C:\Windows\Temp\db03a17fb3a1c6d8bba8fb50.tmp --------- 19  
 23.08.2010 16:46     C:\Windows\Temp\a95fa73ca3ac46bcc21fa546.tmp --------- 18  
 23.08.2010 16:07     C:\Windows\Temp\81b6cd593de5f4562a48eed7.tmp --------- 15  
 23.08.2010 15:40     C:\Windows\Temp\7d72c2d740ae573584c1834a.tmp --------- 19  
 23.08.2010 15:08     C:\Windows\Temp\fef43b84c266fcb457def74a.tmp --------- 14  
 23.08.2010 14:39     C:\Windows\Temp\a548167c21c462de2d751a21.tmp --------- 13  
 23.08.2010 14:09     C:\Windows\Temp\a089aaa552fb156bf9825be3.tmp --------- 19  
 23.08.2010 13:38     C:\Windows\Temp\190cd04916691fdcaab230c2.tmp --------- 20  
 23.08.2010 13:10     C:\Windows\Temp\85a3142c88476376d8f1816.tmp --------- 20  
 23.08.2010 12:40     C:\Windows\Temp\2fe1d8912b122cb6f51f732.tmp --------- 21  
 23.08.2010 12:10     C:\Windows\Temp\d0147ab78dc703cb152983a3.tmp --------- 15  
 23.08.2010 11:44     C:\Windows\Temp\1174c74764be429c55f8302b.tmp --------- 18  
 23.08.2010 11:12     C:\Windows\Temp\7f90037a78371f258649399.tmp --------- 15  
 23.08.2010 10:43     C:\Windows\Temp\c5ee1892c99cb163863d3cf9.tmp --------- 13  
 23.08.2010 10:12     C:\Windows\Temp\34a4efd1990719e9b4546112.tmp --------- 17  
 23.08.2010 09:38     C:\Windows\Temp\57834463b91210c234466a1a.tmp --------- 16  
 23.08.2010 09:18     C:\Windows\Temp\61c5a05a530f0284a4e01f1e.tmp --------- 3345  
 23.08.2010 09:18     C:\Windows\Temp\e669cdb1e8bf8232ca7df120.tmp --------- 1645  
 22.08.2010 15:11     C:\Windows\Temp\parallels.log --------- 3488  
 21.08.2010 20:38     C:\Windows\Temp\5a35b8ea449a5003a9b0909e.tmp --------- 712  
 21.08.2010 20:08     C:\Windows\Temp\c7d2d1cc9736fd11f0c93a15.tmp --------- 18  
 21.08.2010 19:38     C:\Windows\Temp\bf03f8d48eaafa0cabcca1ec.tmp --------- 16  
 21.08.2010 19:15     C:\Windows\Temp\c82317e7607d71353d03bfa9.tmp --------- 18  
 21.08.2010 18:39     C:\Windows\Temp\a211a7bb8ca5db749898ffcd.tmp --------- 16  
 21.08.2010 18:08     C:\Windows\Temp\fd5fb50f39d17066f436bc5b.tmp --------- 14  
 21.08.2010 17:38     C:\Windows\Temp\cba4788e32a0995de9a2de5.tmp --------- 15  
 21.08.2010 17:09     C:\Windows\Temp\54aca0835ae5a85843c506fc.tmp --------- 17  
 21.08.2010 16:39     C:\Windows\Temp\9b14720f82ba925998b62181.tmp --------- 19  
 21.08.2010 16:09     C:\Windows\Temp\2a0b31e7518684c5db738d91.tmp --------- 17  
 21.08.2010 15:43     C:\Windows\Temp\ed82c6aa1a0b7ba4310cc9ce.tmp --------- 20  
 21.08.2010 15:16     C:\Windows\Temp\904c3b0aa45f181f4381dc66.tmp --------- 17  
 21.08.2010 14:39     C:\Windows\Temp\eec7a2546d8a2d0195da9153.tmp --------- 16  
 21.08.2010 14:08     C:\Windows\Temp\ff3fc294cdad4f458ffc2401.tmp --------- 15  
 21.08.2010 13:39     C:\Windows\Temp\4aec2e33d64766c6c9fe8126.tmp --------- 20  
 21.08.2010 13:13     C:\Windows\Temp\ae9f32e1371ca7c1e5f3337a.tmp --------- 16  
 21.08.2010 12:41     C:\Windows\Temp\6d0f25fa5fee2fe5ed183660.tmp --------- 18  
 21.08.2010 12:10     C:\Windows\Temp\6199072d9703d30e5b7a674f.tmp --------- 19  
 21.08.2010 11:42     C:\Windows\Temp\5aeed4fe2382e5646941bdd.tmp --------- 14  
 21.08.2010 11:09     C:\Windows\Temp\61995318719b2b753593f84.tmp --------- 18  
 21.08.2010 10:39     C:\Windows\Temp\1cb7a5167c7b4012992d2b00.tmp --------- 16  
 21.08.2010 10:11     C:\Windows\Temp\3e67c390b7217fd9625e7932.tmp --------- 15  
 21.08.2010 09:38     C:\Windows\Temp\353e06a360473ccc77387db4.tmp --------- 15  
 21.08.2010 09:12     C:\Windows\Temp\ebd7f17d8621613ebc4caac4.tmp --------- 17  
 21.08.2010 08:37     C:\Windows\Temp\f9ca63a02c021a66625d1193.tmp --------- 19  
 21.08.2010 08:08     C:\Windows\Temp\1ea65dca78e967e93f98ffcf.tmp --------- 16  
 21.08.2010 07:37     C:\Windows\Temp\ab6b0f226971098d288ebdc1.tmp --------- 17  
 21.08.2010 07:09     C:\Windows\Temp\391a7a0016be4c3a1713fb99.tmp --------- 14  
 21.08.2010 06:41     C:\Windows\Temp\c0b77bf85fb4ffbb4396577e.tmp --------- 17  
 21.08.2010 06:07     C:\Windows\Temp\bff36aeceffb2bb0868d604a.tmp --------- 16  
 21.08.2010 05:37     C:\Windows\Temp\7b0cac3e26c67b1dbb52f87a.tmp --------- 14  
 21.08.2010 05:09     C:\Windows\Temp\f7110016b8b261882d863697.tmp --------- 14  
 21.08.2010 04:42     C:\Windows\Temp\ce5c7c3aca7e6c1dbc98c775.tmp --------- 18  
 21.08.2010 04:11     C:\Windows\Temp\574f2abf299fd2f4a29f906c.tmp --------- 16  
 21.08.2010 03:39     C:\Windows\Temp\dc39b21e988bc0528787ddfe.tmp --------- 14  
 21.08.2010 03:09     C:\Windows\Temp\9b836071768b49bc4d8bc1b8.tmp --------- 21  
 21.08.2010 02:39     C:\Windows\Temp\3012d6ab3a78eca814ab3182.tmp --------- 18  
 21.08.2010 02:08     C:\Windows\Temp\182700a9c7365931f1b3e10.tmp --------- 14  
 21.08.2010 01:42     C:\Windows\Temp\94bafc66cbb6d064439096b.tmp --------- 16  
 21.08.2010 01:10     C:\Windows\Temp\3a555ccbf6a23400735bed23.tmp --------- 19  
 21.08.2010 00:40     C:\Windows\Temp\3e043f2f3a2e79024deb445f.tmp --------- 20  
 21.08.2010 00:10     C:\Windows\Temp\d06670d233112b20fe0aa423.tmp --------- 17  
 20.08.2010 23:45     C:\Windows\Temp\54f099b8d1dff036f50d8334.tmp --------- 17  
 20.08.2010 23:07     C:\Windows\Temp\17c08f23a087b2d93c22752b.tmp --------- 15  
 20.08.2010 22:37     C:\Windows\Temp\85204b519c3823dfd8e96bb2.tmp --------- 21  
 20.08.2010 22:13     C:\Windows\Temp\51c837041ea7b77171873e1c.tmp --------- 20  
 20.08.2010 21:38     C:\Windows\Temp\9369e5267f1beebe9cea304.tmp --------- 16  
 20.08.2010 21:10     C:\Windows\Temp\1a64acdfe1f43e1cf16db38.tmp --------- 14  
 20.08.2010 20:39     C:\Windows\Temp\8ebdd8501415af7882d5aa7.tmp --------- 17  
 20.08.2010 10:39     C:\Windows\Temp\de8794231b554948293a0e70.tmp --------- 758  
 20.08.2010 10:09     C:\Windows\Temp\de26ae3b3792471abdba4649.tmp --------- 14  
 20.08.2010 09:38     C:\Windows\Temp\a5ab0f63f54008c1aae08364.tmp --------- 20  
 20.08.2010 09:34     C:\Windows\Temp\dcab24b3f3018cbc86cd709.tmp --------- 3653  
 20.08.2010 09:34     C:\Windows\Temp\17fbfa653021a82a91a24bf7.tmp --------- 2102  
 20.08.2010 09:09     C:\Windows\Temp\29f8deb12a7cf6e9b1aa4a2c.tmp --------- 14  
 20.08.2010 09:04     C:\Windows\Temp\a1667d306315c2178eed2e1.tmp --------- 460  
 20.08.2010 09:04     C:\Windows\Temp\d4ec291ec50cdb639814be67.tmp --------- 16  
 20.08.2010 08:09     C:\Windows\Temp\a0187a8849e80d70800d73fc.tmp --------- 15  
 20.08.2010 07:39     C:\Windows\Temp\bfa54c39df46d92f9f7bc36c.tmp --------- 21  
 20.08.2010 07:08     C:\Windows\Temp\879831be73fa6ad5e3514719.tmp --------- 14  
 20.08.2010 06:38     C:\Windows\Temp\bbffa3d44773a399b036727e.tmp --------- 18  
 20.08.2010 06:08     C:\Windows\Temp\94800b525796fe3d653dee07.tmp --------- 17  
 20.08.2010 05:38     C:\Windows\Temp\d23044e3f14b39ccad24895f.tmp --------- 16  
 20.08.2010 05:12     C:\Windows\Temp\b1ac39c3ba9d82387ed1e533.tmp --------- 16  
 20.08.2010 04:41     C:\Windows\Temp\6d4e4f0a28a28b72f0ad3455.tmp --------- 15  
 20.08.2010 04:13     C:\Windows\Temp\67551c4e4ded00973936fb3e.tmp --------- 19  
 20.08.2010 03:44     C:\Windows\Temp\e9dce2164248e83a69aaf3da.tmp --------- 19  
 20.08.2010 03:14     C:\Windows\Temp\4d400801c273ae426f8d66ea.tmp --------- 18  
 20.08.2010 02:37     C:\Windows\Temp\c1dedfc6e97d74cbef2bfa4.tmp --------- 21  
 20.08.2010 02:08     C:\Windows\Temp\59ad9895375ea9ec8d519657.tmp --------- 14  
 20.08.2010 01:38     C:\Windows\Temp\8b42371c7597f97ef1330d25.tmp --------- 15  
 20.08.2010 01:09     C:\Windows\Temp\a82d03416ddab98b7930eeb3.tmp --------- 16  
 20.08.2010 00:44     C:\Windows\Temp\86d0ce3f288678b9cf20683b.tmp --------- 23  
 20.08.2010 00:08     C:\Windows\Temp\9a6d97b03a7778785a617b18.tmp --------- 19  
 19.08.2010 23:39     C:\Windows\Temp\100a46792da262fe8aebde9.tmp --------- 16  
 19.08.2010 23:08     C:\Windows\Temp\51c9234a64950e9c3c7dcf91.tmp --------- 17  
 19.08.2010 22:40     C:\Windows\Temp\afbcc2f342c5195cbcdc4df3.tmp --------- 15  
 19.08.2010 22:08     C:\Windows\Temp\f8f7e7df77cb6c4cdb596c0c.tmp --------- 17  
 19.08.2010 21:39     C:\Windows\Temp\5bd30db95ee5e4c1d5ad525.tmp --------- 19  
 19.08.2010 21:10     C:\Windows\Temp\ef102132408c95155151cdf.tmp --------- 18  
 19.08.2010 20:38     C:\Windows\Temp\9e9833bae8e8c2853bcd82ac.tmp --------- 459  
 19.08.2010 20:38     C:\Windows\Temp\6deb1b7cf0499b5a55a79a0b.tmp --------- 22  
 19.08.2010 20:35     C:\Windows\Temp\d804f43bbb032aa212b0b525.tmp --------- 459  
 19.08.2010 20:08     C:\Windows\Temp\45e5d54fc9dce24272c81f7f.tmp --------- 15  
 19.08.2010 19:38     C:\Windows\Temp\b95fd92785de63f271c64565.tmp --------- 20  
 19.08.2010 19:10     C:\Windows\Temp\5fa5f39f8ed33343c3d6113.tmp --------- 17  
 19.08.2010 18:40     C:\Windows\Temp\20d48efb737672f66c36c7c8.tmp --------- 18  
 19.08.2010 18:11     C:\Windows\Temp\1f34be427d6f1da83ae3e0ba.tmp --------- 15  
 19.08.2010 17:40     C:\Windows\Temp\c9b0449c17b3ecfcade00920.tmp --------- 20  
 19.08.2010 17:08     C:\Windows\Temp\b64d680b7d73b0f114788789.tmp --------- 19  
 19.08.2010 16:40     C:\Windows\Temp\700012dbc7a0ea61b65ebfdf.tmp --------- 16  
 19.08.2010 16:10     C:\Windows\Temp\df6b995352882bdca88b40ef.tmp --------- 19  
 19.08.2010 15:40     C:\Windows\Temp\e6d08d3ee9ea53d6e9afdee6.tmp --------- 19  
 19.08.2010 15:12     C:\Windows\Temp\1e9c1de6ba5fb4e3ab12729.tmp --------- 19  
 19.08.2010 14:38     C:\Windows\Temp\31c1329aded8dc2633a07a78.tmp --------- 20  
 19.08.2010 14:08     C:\Windows\Temp\22d4db7533d8cb4f30603362.tmp --------- 17  
 19.08.2010 13:39     C:\Windows\Temp\7cb71377f2b58984064ffce.tmp --------- 15  
 19.08.2010 13:08     C:\Windows\Temp\20776ee3536854ada590108b.tmp --------- 13  
 19.08.2010 12:38     C:\Windows\Temp\c8a1d4856c660c33f41fdd67.tmp --------- 16  
 19.08.2010 12:07     C:\Windows\Temp\2804601e375e1c3af78ca7d9.tmp --------- 14  
 19.08.2010 11:43     C:\Windows\Temp\b3fd0edf8c1b2faae8137c2.tmp --------- 18  
 19.08.2010 11:12     C:\Windows\Temp\44c2d69e8ae5407a4902c490.tmp --------- 17  
 19.08.2010 10:58     C:\Windows\Temp\fc5a63324f9e808b6f17e126.tmp --------- 14  
 19.08.2010 10:10     C:\Windows\Temp\90bd74035cba9fa05ac1a49b.tmp --------- 15  
 19.08.2010 09:43     C:\Windows\Temp\ca76398b5f71f89d0c4ff47.tmp --------- 16  
 19.08.2010 09:32     C:\Windows\Temp\6830e58d4432cbd1074c191.tmp --------- 5667  
 19.08.2010 09:32     C:\Windows\Temp\b8045284f8f588f765fe4b1.tmp --------- 2850  
 19.08.2010 09:13     C:\Windows\Temp\f48ff66450eea971bb8c621e.tmp --------- 17  
 19.08.2010 08:38     C:\Windows\Temp\6993f4fad069b44750d06b49.tmp --------- 19  
 19.08.2010 08:07     C:\Windows\Temp\715c67cc75bf4dc1f293548d.tmp --------- 19  
 19.08.2010 07:38     C:\Windows\Temp\442ca1836bd89b6f9864f7.tmp --------- 16  
 19.08.2010 07:12     C:\Windows\Temp\15b64b56869a3b113f158fdd.tmp --------- 18  
 19.08.2010 06:39     C:\Windows\Temp\c52650d2920e44f247a2f064.tmp --------- 19  
 19.08.2010 06:08     C:\Windows\Temp\19b21e12caa1e41d2d128a.tmp --------- 17  
 19.08.2010 05:39     C:\Windows\Temp\cfa393c4f81c212a2142f3e0.tmp --------- 19  
 19.08.2010 05:08     C:\Windows\Temp\6638407d72db85f045a9794d.tmp --------- 18  
 19.08.2010 04:38     C:\Windows\Temp\b13a74175c2579c7e4f5cc7d.tmp --------- 18  
 19.08.2010 04:08     C:\Windows\Temp\951f3a1c9663b8fa2ea5d861.tmp --------- 16  
 19.08.2010 03:41     C:\Windows\Temp\bff11c522e92321d8713af18.tmp --------- 20  
 19.08.2010 03:10     C:\Windows\Temp\4eed2254c35edf7b3b4f2988.tmp --------- 19  
 19.08.2010 02:39     C:\Windows\Temp\b4a5c354cccba44dfa4ff0.tmp --------- 19  
 19.08.2010 02:09     C:\Windows\Temp\d026512186d112d9f70a5162.tmp --------- 19  
 19.08.2010 01:39     C:\Windows\Temp\985a7a85980d77343686f9e1.tmp --------- 16  
 19.08.2010 01:08     C:\Windows\Temp\7e1a779bbdb6cf822ab69f7b.tmp --------- 19  
 19.08.2010 00:37     C:\Windows\Temp\bcad3e276fc9627a3c03ce21.tmp --------- 17  
 19.08.2010 00:08     C:\Windows\Temp\80b8bcf93afcc24271dac3b1.tmp --------- 18  
 18.08.2010 23:37     C:\Windows\Temp\35a4867f872de38046998882.tmp --------- 18  
 18.08.2010 23:10     C:\Windows\Temp\37b0bcb54168e1b886bc1958.tmp --------- 16  
 18.08.2010 22:39     C:\Windows\Temp\b011ce4fca4e9d174c909651.tmp --------- 17  
 18.08.2010 22:08     C:\Windows\Temp\476412a4b465d13a157951e0.tmp --------- 15  
 18.08.2010 21:37     C:\Windows\Temp\719d31a74a8570e23c900f7e.tmp --------- 15  
 18.08.2010 21:10     C:\Windows\Temp\ad92b532248b41c6b0a51a6b.tmp --------- 18  
 18.08.2010 20:42     C:\Windows\Temp\1e79e12b9c2a650811840897.tmp --------- 19  
 18.08.2010 20:08     C:\Windows\Temp\34fdd1e3ab8a986b4cc5a1ed.tmp --------- 16  
 18.08.2010 19:44     C:\Windows\Temp\fb182cf0ad95ae89e676f114.tmp --------- 17  
 18.08.2010 19:09     C:\Windows\Temp\d48e79618f4543ea27e35e57.tmp --------- 19  
 18.08.2010 18:56     C:\Windows\Temp\9d79d9b4d2749bd2554d485e.tmp --------- 13  
 18.08.2010 18:09     C:\Windows\Temp\48c50e3335d1daff87d3a124.tmp --------- 16  
 18.08.2010 17:39     C:\Windows\Temp\69fb8a7e21a064298df7310b.tmp --------- 18  
 18.08.2010 17:16     C:\Windows\Temp\ab085ac0321391e1a4301c8f.tmp --------- 17  
 18.08.2010 16:38     C:\Windows\Temp\bbc128eb9fee9b0045fd35a1.tmp --------- 18  
 18.08.2010 16:12     C:\Windows\Temp\bcf89809cb2a46a62b82767f.tmp --------- 18  
 18.08.2010 15:40     C:\Windows\Temp\88e9b37112b0b390522b295e.tmp --------- 21  
 18.08.2010 15:11     C:\Windows\Temp\51207a26f84b5a51c8e3ce77.tmp --------- 16  
----------------------------------------

 
C:\Users\ebay\AppData\Local\Temp

 31.08.2010 15:15     C:\Users\ebay\AppData\Local\Temp\sarscan.log --------- 3983  
 31.08.2010 14:42     C:\Users\ebay\AppData\Local\Temp\samples.sar --------- 830199  
 31.08.2010 12:49     C:\Users\ebay\AppData\Local\Temp\nsemail.eml --------- 4772204  
 31.08.2010 12:49     C:\Users\ebay\AppData\Local\Temp\nsmail.tmp --------- 289  
 31.08.2010 12:49     C:\Users\ebay\AppData\Local\Temp\nsemail.html --------- 580  
 31.08.2010 12:45     C:\Users\ebay\AppData\Local\Temp\TWAIN.LOG --------- 370400  
 31.08.2010 12:38     C:\Users\ebay\AppData\Local\Temp\Twain001.Mtx --------- 3  
 31.08.2010 12:38     C:\Users\ebay\AppData\Local\Temp\Twunk001.MTX --------- 156  
 30.08.2010 18:34     C:\Users\ebay\AppData\Local\Temp\hsperfdata_ebay --------- 0  
 30.08.2010 15:55     C:\Users\ebay\AppData\Local\Temp\amt.log --------- 6410  
 30.08.2010 15:55     C:\Users\ebay\AppData\Local\Temp\alm.log --------- 208898  
 30.08.2010 15:54     C:\Users\ebay\AppData\Local\Temp\swtag.log --------- 51189  
 30.08.2010 15:36     C:\Users\ebay\AppData\Local\Temp\csxs-IDSN.log --------- 4416  
 30.08.2010 13:48     C:\Users\ebay\AppData\Local\Temp\trk9CA3.tmp --------- 0  
 27.08.2010 14:55     C:\Users\ebay\AppData\Local\Temp\776955288.od --------- 134  
 27.08.2010 14:55     C:\Users\ebay\AppData\Local\Temp\CVR6598.tmp.cvr --------- 0  
 26.08.2010 17:56     C:\Users\ebay\AppData\Local\Temp\csxs-PHXS.log --------- 3541  
 26.08.2010 16:38     C:\Users\ebay\AppData\Local\Temp\csxs-ILST.log --------- 4422  
 25.08.2010 17:47     C:\Users\ebay\AppData\Local\Temp\csxs-DRWV.log --------- 4616  
 25.08.2010 12:21     C:\Users\ebay\AppData\Local\Temp\44jofjuj.bmp --------- 53094  
 25.08.2010 11:26     C:\Users\ebay\AppData\Local\Temp\zj6xJFE3.pdf.part --------- 950811  
 24.08.2010 14:08     C:\Users\ebay\AppData\Local\Temp\KEgfgsD8.pdf.part --------- 1128038  
 24.08.2010 14:06     C:\Users\ebay\AppData\Local\Temp\c4PfHWiS.pdf.part --------- 1128038  
 24.08.2010 14:06     C:\Users\ebay\AppData\Local\Temp\Boozrk47.pdf.part --------- 1128038  
 24.08.2010 14:05     C:\Users\ebay\AppData\Local\Temp\nNyJbizY.pdf.part --------- 1128038  
 24.08.2010 14:01     C:\Users\ebay\AppData\Local\Temp\vvCH_G4M.pdf.part --------- 1128038  
 24.08.2010 12:57     C:\Users\ebay\AppData\Local\Temp\Preflight Acrobat 9 --------- 0  
 24.08.2010 12:22     C:\Users\ebay\AppData\Local\Temp\Save for Web --------- 0  
 24.08.2010 12:08     C:\Users\ebay\AppData\Local\Temp\csxs-FWKS.log --------- 4416  
 19.08.2010 13:44     C:\Users\ebay\AppData\Local\Temp\bof0slqj.bmp --------- 7680054  
 19.08.2010 13:23     C:\Users\ebay\AppData\Local\Temp\gx888r25.bmp --------- 7680054  
 19.08.2010 13:22     C:\Users\ebay\AppData\Local\Temp\Twunk002.MTX --------- 0  
 19.08.2010 13:22     C:\Users\ebay\AppData\Local\Temp\hu3x2xfp.bmp --------- 7680054  
 18.08.2010 17:26     C:\Users\ebay\AppData\Local\Temp\Word8.0 --------- 0  
 18.08.2010 17:26     C:\Users\ebay\AppData\Local\Temp\VBE --------- 0  
 18.08.2010 16:05     C:\Users\ebay\AppData\Local\Temp\Low --------- 0  
 01.07.2010 17:27     C:\Users\ebay\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
----------------------------------------

 
C:\Program Files

 31.08.2010 14:21     C:\Program Files\Sophos --------- 0  
 27.08.2010 14:44     C:\Program Files\Notepad++ --------- 4096  
 26.08.2010 14:05     C:\Program Files\BMSEV --------- 0  
 18.08.2010 18:54     C:\Program Files\Mozilla Thunderbird --------- 28672  
 18.08.2010 14:56     C:\Program Files\Common Files --------- 4096  
 18.08.2010 14:37     C:\Program Files\CCleaner --------- 4096  
 11.08.2010 14:39     C:\Program Files\Adobe --------- 4096  
 11.08.2010 13:59     C:\Program Files\Windows Installer Clean Up --------- 0  
 11.08.2010 13:59     C:\Program Files\MSECache --------- 0  
 04.08.2010 15:52     C:\Program Files\JDownloader --------- 4096  
 27.07.2010 13:29     C:\Program Files\Mozilla Firefox --------- 32768  
 20.07.2010 16:43     C:\Program Files\FileZilla FTP Client --------- 4096  
 19.07.2010 13:48     C:\Program Files\Microsoft --------- 0  
 19.07.2010 13:47     C:\Program Files\Windows Live --------- 4096  
 19.07.2010 13:47     C:\Program Files\Windows Live SkyDrive --------- 0  
 05.07.2010 13:28     C:\Program Files\NOS --------- 0  
 02.07.2010 15:50     C:\Program Files\Defraggler --------- 0  
 01.07.2010 16:59     C:\Program Files\Spyware Doctor --------- 49152  
 30.06.2010 00:32     C:\Program Files\QuickTime --------- 4096  
 29.06.2010 14:21     C:\Program Files\RocketDock --------- 4096  
 11.06.2010 16:30     C:\Program Files\trend micro --------- 4096  
 11.06.2010 13:58     C:\Program Files\Java --------- 0  
 28.05.2010 11:51     C:\Program Files\Minefield --------- 40960  
 27.05.2010 14:06     C:\Program Files\ABBYY FineReader 9.0 --------- 163840  
 26.05.2010 17:49     C:\Program Files\IrfanView --------- 4096  
 25.05.2010 17:53     C:\Program Files\IZArc --------- 4096  
 25.05.2010 13:43     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 14.05.2010 15:32     C:\Program Files\Mythicsoft --------- 0  
 08.05.2010 19:13     C:\Program Files\Streamripper --------- 4096  
 30.03.2010 14:00     C:\Program Files\Skype --------- 0  
 15.03.2010 17:12     C:\Program Files\TeamViewer --------- 0  
 10.03.2010 16:10     C:\Program Files\Acronis --------- 0  
 09.03.2010 13:05     C:\Program Files\Logitech --------- 0  
 05.03.2010 18:00     C:\Program Files\AGEIA Technologies --------- 8192  
 25.02.2010 18:47     C:\Program Files\HTML to Image Wizards --------- 4096  
 24.02.2010 12:45     C:\Program Files\FontLab --------- 0  
 24.02.2010 12:14     C:\Program Files\Foxit Software --------- 0  
 23.02.2010 17:10     C:\Program Files\Copy Handler --------- 4096  
 23.02.2010 16:42     C:\Program Files\FreeUndelete --------- 4096  
 23.02.2010 16:33     C:\Program Files\epson --------- 0  
 22.02.2010 17:44     C:\Program Files\Western Digital --------- 0  
 22.02.2010 17:14     C:\Program Files\7-Zip --------- 4096  
 19.02.2010 17:35     C:\Program Files\Winamp --------- 4096  
 19.02.2010 17:18     C:\Program Files\InstallShield Installation Information --------- 0  
 19.02.2010 17:18     C:\Program Files\T-Com --------- 0  
 18.02.2010 18:17     C:\Program Files\Microsoft Works --------- 4096  
 18.02.2010 18:17     C:\Program Files\MSBuild --------- 0  
 18.02.2010 18:17     C:\Program Files\Microsoft Office --------- 4096  
 18.02.2010 18:16     C:\Program Files\Microsoft Visual Studio --------- 0  
 18.02.2010 18:16     C:\Program Files\Microsoft.NET --------- 0  
 18.02.2010 18:15     C:\Program Files\Microsoft Visual Studio 8 --------- 0  
 18.02.2010 17:52     C:\Program Files\Adobe Media Player --------- 4096  
 18.02.2010 17:39     C:\Program Files\Microsoft Silverlight --------- 4096  
 18.02.2010 17:37     C:\Program Files\PlayReady --------- 4096  
 18.02.2010 17:36     C:\Program Files\Yamicsoft --------- 0  
 18.02.2010 17:36     C:\Program Files\Win7codecs --------- 4096  
 18.02.2010 17:35     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 18.02.2010 17:34     C:\Program Files\Internet Explorer --------- 4096  
 18.02.2010 17:33     C:\Program Files\UltraISO --------- 4096  
 18.02.2010 17:32     C:\Program Files\Utilities --------- 0  
 18.02.2010 17:32     C:\Program Files\gs --------- 0  
 18.02.2010 17:32     C:\Program Files\WinRAR --------- 4096  
 11.10.2009 18:19     C:\Program Files\ImgBurn --------- 4096  
 11.10.2009 18:14     C:\Program Files\Windows Media Player --------- 4096  
 09.10.2009 20:28     C:\Program Files\Universal Termsrv Patch --------- 0  
 09.10.2009 20:28     C:\Program Files\Universal TCPIP Patcher --------- 0  
 09.10.2009 20:28     C:\Program Files\Notepad2 --------- 4096  
 09.10.2009 20:28     C:\Program Files\DVD Decrypter --------- 4096  
 09.10.2009 20:28     C:\Program Files\Logon Changer --------- 0  
 09.10.2009 20:28     C:\Program Files\Reapers CPL Pack --------- 4096  
 29.09.2009 14:26     C:\Program Files\XnViewMP --------- 4096  
 31.07.2009 22:29     C:\Program Files\Messenger Plus Live --------- 4096  
 14.07.2009 09:50     C:\Program Files\DVD Maker --------- 4096  
 14.07.2009 09:50     C:\Program Files\Microsoft Games --------- 0  
 14.07.2009 09:50     C:\Program Files\Windows Journal --------- 0  
 14.07.2009 06:56     C:\Program Files\Windows Sidebar --------- 4096  
 14.07.2009 06:56     C:\Program Files\Windows Mail --------- 4096  
 14.07.2009 06:56     C:\Program Files\Windows Photo Viewer --------- 4096  
 14.07.2009 06:56     C:\Program Files\Windows Defender --------- 0  
 14.07.2009 06:53     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:52     C:\Program Files\Windows Portable Devices --------- 0  
 14.07.2009 06:52     C:\Program Files\Windows NT --------- 0  
 14.07.2009 06:52     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 06:41     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

ebay    
Administrator    
Default    
Public    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com

----------------------------------------

 

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         12 K
System                           4 Services                   0      1.068 K
smss.exe                       380 Services                   0        128 K
csrss.exe                      516 Services                   0      2.212 K
wininit.exe                    840 Services                   0        276 K
csrss.exe                      848 Console                    1      8.132 K
services.exe                   888 Services                   0     20.848 K
lsass.exe                      912 Services                   0      6.480 K
lsm.exe                        920 Services                   0      1.120 K
winlogon.exe                  1060 Console                    1        960 K
svchost.exe                   1104 Services                   0      3.524 K
nvvsvc.exe                    1160 Services                   0         96 K
svchost.exe                   1200 Services                   0      4.488 K
svchost.exe                   1264 Services                   0     11.488 K
svchost.exe                   1380 Services                   0     81.788 K
svchost.exe                   1416 Services                   0     18.932 K
svchost.exe                   1564 Services                   0     11.584 K
nvvsvc.exe                    1672 Console                    1        464 K
svchost.exe                   1684 Services                   0     17.836 K
spoolsv.exe                   1880 Services                   0      5.404 K
svchost.exe                   1916 Services                   0      8.816 K
NetworkLicenseServer.exe      2008 Services                   0        220 K
schedul2.exe                   448 Services                   0      2.068 K
schedhlp.exe                   176 Console                    1        472 K
afcdpsrv.exe                   528 Services                   0        624 K
BDTUpdateService.exe           780 Services                   0        104 K
svchost.exe                   1088 Services                   0      8.904 K
svchost.exe                    432 Services                   0      4.072 K
TeamViewer_Service.exe        2120 Services                   0        316 K
WDDMService.exe               2184 Services                   0      3.028 K
WDSmartWareBackgroundServ     2228 Services                   0        524 K
taskhost.exe                  2400 Console                    1      4.172 K
dwm.exe                       2668 Console                    1     29.644 K
svchost.exe                   3392 Services                   0      2.104 K
wmpnetwk.exe                  4348 Services                   0      9.728 K
svchost.exe                   4504 Services                   0      9.148 K
explorer.exe                  3304 Console                    1     86.228 K
taskhost.exe                   496 Console                    1      1.716 K
explorer.exe                  4140 Console                    1      4.012 K
explorer.exe                  5988 Console                    1      3.484 K
explorer.exe                  1728 Console                    1      3.392 K
explorer.exe                  3876 Console                    1      3.532 K
audiodg.exe                   3640 Services                   0     13.708 K
notepad++.exe                 3184 Console                    1     17.560 K
firefox.exe                   2904 Console                    1    106.984 K
cmd.exe                       4220 Console                    1      3.012 K
conhost.exe                   4408 Console                    1      4.992 K
tasklist.exe                  4608 Console                    1      4.052 K
WmiPrvSE.exe                  5872 Services                   0      4.636 K

 
***** Ende des Scans 31.08.2010 um 15:21:46,12 ***

Code:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:30:26, on 11.06.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7201.0000)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\T-Com\T-Eumex 820 LAN V1.40\ControlCenter.exe
C:\Program Files\Copy Handler\ch.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\RocketDock\RocketDock .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
D:\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ebay\Desktop\RSIT.exe
C:\Program Files\trend micro\ebay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [cbssreg] C:\Windows\TEMP\lyse.tmp\svchost  .exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [cbssreg] C:\Windows\TEMP\lyse.tmp\svchost  .exe (User 'Default user')
O4 - Global Startup: ControlCenter.lnk = C:\Program Files\T-Com\T-Eumex 820 LAN V1.40\ControlCenter.exe
O4 - Global Startup: Copy Handler.lnk = C:\Program Files\Copy Handler\ch.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 7723 bytes

Code:

File name:
wpkvfma.sys
Submission date:
2010-08-31 13:41:40 (UTC)
Current status:
queued queued analysing finished
Result:
1/ 41 (2.4%)Antivirus results
AhnLab-V3 - 2010.08.31.01 - 2010.08.31 - -
AntiVir - 8.2.4.46 - 2010.08.31 - -
Antiy-AVL - 2.0.3.7 - 2010.08.31 - -
Authentium - 5.2.0.5 - 2010.08.31 - -
Avast - 4.8.1351.0 - 2010.08.31 - -
Avast5 - 5.0.594.0 - 2010.08.31 - -
AVG - 9.0.0.851 - 2010.08.31 - -
BitDefender - 7.2 - 2010.08.31 - -
CAT-QuickHeal - 11.00 - 2010.08.31 - -
ClamAV - 0.96.2.0-git - 2010.08.31 - -
Comodo - 5922 - 2010.08.31 - -
DrWeb - 5.0.2.03300 - 2010.08.31 - -
Emsisoft - 5.0.0.37 - 2010.08.31 - -
eSafe - 7.0.17.0 - 2010.08.30 - Win32.TrojanHorse 
eTrust-Vet - 36.1.7828 - 2010.08.31 - -
F-Prot - 4.6.1.107 - 2010.08.31 - -
F-Secure - 9.0.15370.0 - 2010.08.31 - -
Fortinet - 4.1.143.0 - 2010.08.31 - -
GData - 21 - 2010.08.31 - -
Ikarus - T3.1.1.88.0 - 2010.08.31 - -
Jiangmin - 13.0.900 - 2010.08.30 - -
K7AntiVirus - 9.63.2396 - 2010.08.30 - -
Kaspersky - 7.0.0.125 - 2010.08.31 - -
Microsoft - 1.6103 - 2010.08.31 - -
NOD32 - 5412 - 2010.08.31 - -
Norman - 6.05.11 - 2010.08.31 - -
nProtect - 2010-08-31.01 - 2010.08.31 - -
Panda - 10.0.2.7 - 2010.08.30 - -
PCTools - 7.0.3.5 - 2010.08.31 - -
Prevx - 3.0 - 2010.08.31 - -
Rising - 22.63.01.04 - 2010.08.31 - -
Sophos - 4.56.0 - 2010.08.31 - -
Sunbelt - 6817 - 2010.08.31 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.08.31 - -
Symantec - 20101.1.1.7 - 2010.08.31 - -
TheHacker - 6.5.2.1.359 - 2010.08.31 - -
TrendMicro - 9.120.0.1004 - 2010.08.31 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.31 - -
VBA32 - 3.12.14.0 - 2010.08.31 - -
ViRobot - 2010.8.31.4017 - 2010.08.31 - -
VirusBuster - 5.0.27.0 - 2010.08.31 - -
File info:
MD5: e6d35f3aa51a65eb35c1f2340154a25e
SHA1: aabbd57e20d2e7041f9e7abce6cfd8a53c366537
SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516
File size: 54016 bytes
Scan date: 2010-08-31 13:41:40 (UTC)

Wenn ich C:\Windows\System32\drivers\gwebmwit.sys mit virustotal öffnen möchte, kommt eine Meldung die besagt "A device attached to the system is not functioning."

Code:

File name:
gilt.zip
Submission date:
2010-08-31 13:51:02 (UTC)
Current status:
queued (#8) queued (#8) analysing finished
Result:
0/ 43 (0.0%)
Antivirus results
AhnLab-V3 - 2010.08.31.01 - 2010.08.31 - -
AntiVir - 8.2.4.46 - 2010.08.31 - -
Antiy-AVL - 2.0.3.7 - 2010.08.31 - -
Authentium - 5.2.0.5 - 2010.08.31 - -
Avast - 4.8.1351.0 - 2010.08.31 - -
Avast5 - 5.0.594.0 - 2010.08.31 - -
AVG - 9.0.0.851 - 2010.08.31 - -
BitDefender - 7.2 - 2010.08.31 - -
CAT-QuickHeal - 11.00 - 2010.08.31 - -
ClamAV - 0.96.2.0-git - 2010.08.31 - -
Comodo - 5922 - 2010.08.31 - -
DrWeb - 5.0.2.03300 - 2010.08.31 - -
Emsisoft - 5.0.0.37 - 2010.08.31 - -
eSafe - 7.0.17.0 - 2010.08.30 - -
eTrust-Vet - 36.1.7828 - 2010.08.31 - -
F-Prot - 4.6.1.107 - 2010.08.31 - -
F-Secure - 9.0.15370.0 - 2010.08.31 - -
Fortinet - 4.1.143.0 - 2010.08.31 - -
GData - 21 - 2010.08.31 - -
Ikarus - T3.1.1.88.0 - 2010.08.31 - -
Jiangmin - 13.0.900 - 2010.08.30 - -
K7AntiVirus - 9.63.2396 - 2010.08.30 - -
Kaspersky - 7.0.0.125 - 2010.08.31 - -
McAfee - 5.400.0.1158 - 2010.08.31 - -
McAfee-GW-Edition - 2010.1B - 2010.08.31 - -
Microsoft - 1.6103 - 2010.08.31 - -
NOD32 - 5412 - 2010.08.31 - -
Norman - 6.05.11 - 2010.08.31 - -
nProtect - 2010-08-31.01 - 2010.08.31 - -
Panda - 10.0.2.7 - 2010.08.30 - -
PCTools - 7.0.3.5 - 2010.08.31 - -
Prevx - 3.0 - 2010.08.31 - -
Rising - 22.63.01.04 - 2010.08.31 - -
Sophos - 4.56.0 - 2010.08.31 - -
Sunbelt - 6817 - 2010.08.31 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.08.31 - -
Symantec - 20101.1.1.7 - 2010.08.31 - -
TheHacker - 6.5.2.1.359 - 2010.08.31 - -
TrendMicro - 9.120.0.1004 - 2010.08.31 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.08.31 - -
VBA32 - 3.12.14.0 - 2010.08.31 - -
ViRobot - 2010.8.31.4017 - 2010.08.31 - -
VirusBuster - 5.0.27.0 - 2010.08.31 - -
File info:
MD5: 12c6b00d0d9afd4f87d919baca551208
SHA1: b47fb531559e8537a4a900aaae95da1bf16951c8
SHA256: 121cd149c21ec092a4f687dece94204da632bba0c202d5bb3fa8482c5e89f19b
File size: 247531 bytes
Scan date: 2010-08-31 13:51:02 (UTC)

C:\ProgramData\Mj81B365.exe ist ein Dummie File (leere Text Datei unter diesem Namen abgespeichert) Weil ein Trojaner immer wieder diese Datei erstellt hat. Das hat nicht wirklich geholfen aber nach Ausführung von ComboFix gab es dann keine Probleme mehr.

Generell machen die Rechner nicht wirklich Probleme (langsam oder ähnliches), es kommt zum Spamversand und das muss ich unterbinden.

Vielen Dank für die schnelle Antwort.

[Speedy]

das sagt natürlich nur teilweise was aus, aber warum hast du
a) kein antivirentool am system?
b) das system nicht mit acronis zurückgesetzt?

poste bitte das cf logfile (nicht vorher laufen lassen, sondern das letzte!)

[totalegal]

Hallo Speedy,

Welches Antiviren Tool empfiehlst du mir denn? Ich dachte wenn ich aufpasse brauche ich keins, da liege ich scheinbar falsch.

Acronis Backups existieren leider keine, wo ich sicher bin das sie clean sind, da ich nicht weiß ann der Spamversand begonnen hat und ich nicht häufig genug gesichert habe.

Combofix Logs:

Code:

ComboFix 10-08-17.03 - ebay 18.08.2010  14:50:31.2.2 - x86
Microsoft Windows 7 Alchemist Ultimate SE©   6.1.7600.0.1252.1.1033.18.2046.1408 [GMT 2:00]
Running from: c:\users\ebay\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2010-07-18 to 2010-08-18  )))))))))))))))))))))))))))))))
.

2010-08-18 13:03 . 2010-08-18 13:03	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-18 13:03 . 2010-08-18 13:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-18 13:03 . 2010-08-18 13:03	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-08-18 10:45 . 2010-08-18 10:45	--------	d-----w-	c:\users\ebay\AppData\Local\VirtualStore
2010-08-11 12:40 . 2010-08-11 12:40	--------	d-----w-	c:\programdata\ALM
2010-08-11 11:59 . 2010-08-11 11:59	3584	----a-r-	c:\users\ebay\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-08-11 11:59 . 2010-08-11 11:59	--------	d-----w-	c:\program files\Windows Installer Clean Up
2010-08-11 11:53 . 2010-08-11 11:53	--------	d-----w-	c:\users\ebay\AppData\Local\Threat Expert
2010-08-11 11:53 . 2010-08-11 11:53	--------	d-----w-	c:\users\ebay\Library
2010-08-11 11:53 . 2010-08-11 11:53	--------	d-----w-	c:\users\ebay\AppData\Roaming\com.adobe.ExMan
2010-07-27 15:25 . 2010-07-27 15:25	--------	d-----w-	c:\programdata\New folder
2010-07-27 15:20 . 2010-07-27 15:20	--------	d-----w-	c:\users\Administrator\AppData\Roaming\streamripper
2010-07-27 15:20 . 2010-07-27 15:20	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Winamp
2010-07-27 15:19 . 2010-07-27 15:19	--------	d-----w-	c:\users\Administrator\AppData\Local\Threat Expert
2010-07-27 15:10 . 2010-07-27 15:10	--------	d-----w-	c:\users\Administrator\AppData\Local\Western_Digital
2010-07-27 15:10 . 2010-07-27 15:10	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Western Digital
2010-07-27 15:10 . 2010-07-27 15:10	110584	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 15:10 . 2010-07-27 15:10	--------	d-----w-	c:\users\Administrator\AppData\Local\Western Digital

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-18 12:37 . 2009-10-09 18:28	--------	d-----w-	c:\program files\CCleaner
2010-08-18 12:29 . 2010-02-25 16:37	--------	d-----w-	c:\programdata\ABBYY
2010-08-18 10:14 . 2010-02-19 15:40	--------	d-----w-	c:\users\ebay\AppData\Roaming\FileZilla
2010-08-12 11:48 . 2010-02-23 15:36	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-08-11 12:48 . 2010-02-18 15:40	110584	----a-w-	c:\users\ebay\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 12:42 . 2010-02-18 15:43	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-11 12:38 . 2010-02-18 16:02	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-08-11 11:59 . 2010-06-29 13:15	--------	d-----w-	c:\program files\MSECache
2010-08-11 10:36 . 2010-03-30 12:00	--------	d-----w-	c:\users\ebay\AppData\Roaming\Skype
2010-08-11 06:00 . 2010-03-30 12:01	--------	d-----w-	c:\users\ebay\AppData\Roaming\skypePM
2010-08-04 13:52 . 2010-02-24 11:11	--------	d-----w-	c:\program files\JDownloader
2010-07-27 15:09 . 2010-07-27 15:09	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Logitech
2010-07-20 14:43 . 2010-02-19 15:40	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-07-19 11:48 . 2010-07-19 11:47	--------	d-----w-	c:\program files\Microsoft
2010-07-19 11:47 . 2010-02-18 15:34	--------	d-----w-	c:\program files\Windows Live
2010-07-19 11:47 . 2010-07-19 11:47	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-07-19 11:45 . 2010-07-19 11:45	--------	d-----w-	c:\program files\Common Files\Windows Live
2010-07-19 11:44 . 2010-07-19 11:44	--------	d-----w-	c:\programdata\Messenger Plus!
2010-07-08 11:28 . 2010-03-08 15:31	--------	d-----w-	c:\users\ebay\AppData\Roaming\ImgBurn
2010-07-05 11:28 . 2010-07-05 11:28	--------	d-----w-	c:\programdata\NOS
2010-07-05 11:28 . 2010-07-05 11:28	--------	d-----w-	c:\program files\NOS
2010-07-02 14:09 . 2010-02-19 12:59	--------	d-----w-	c:\programdata\FLEXnet
2010-07-02 13:50 . 2010-07-02 13:50	--------	d-----w-	c:\program files\Defraggler
2010-07-01 14:59 . 2010-06-29 12:13	--------	d-----w-	c:\program files\Spyware Doctor
2010-06-29 22:32 . 2010-02-18 15:34	--------	d-----w-	c:\program files\QuickTime
2010-06-29 12:21 . 2010-02-18 15:36	--------	d-----w-	c:\program files\RocketDock
2010-06-29 12:16 . 2010-06-29 12:13	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-06-29 12:13 . 2010-06-29 12:13	--------	d-----w-	c:\users\ebay\AppData\Roaming\PC Tools
2010-06-29 12:13 . 2010-06-29 12:11	--------	d-----w-	c:\programdata\PC Tools
2010-06-11 14:14 . 2010-06-11 14:14	824681	----a-w-	c:\programdata\Desktop\amc\RSIT.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

	
Code:
	
<pre>
c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VERSIO~2 .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask  .exe
c:\program files\RocketDock\RocketDock .exe
</pre>
 ------- Sigcheck -------

[-] 2009-10-10 . 2FECC3C5CBE8C8284A523BC4B40368CE . 2810880 . . [6.1.7600.16385] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copy Handler"="" [N/A]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5140960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Copy Handler.lnk - c:\program files\Copy Handler\ch.exe [2010-2-23 436224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-03-10 911680]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-10 2480048]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-10 160288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]


--- Other Services/Drivers In Memory ---

*Deregistered* - gwebmwit

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: d:\adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gwebmwit]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,7d,1b,4b,a1,92,25,40,80,0c,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,7d,1b,4b,a1,92,25,40,80,0c,bd,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3304)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-08-18  15:08:36
ComboFix-quarantined-files.txt  2010-08-18 13:08
ComboFix2.txt  2010-07-01 15:35

Pre-Run: 15.429.906.432 bytes free
Post-Run: 15.265.148.928 bytes free

- - End Of File - - 4174CE3EAB293F5ACE640E82C799AD49

Code:

ComboFix 10-06-30.03 - ebay 01.07.2010  17:13:41.1.2 - x86
Microsoft Windows 7 Alchemist Ultimate SE©   6.1.7600.0.1252.1.1033.18.2046.1205 [GMT 2:00]
Running from: c:\users\ebay\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\hb_1370.tmp
C:\Thumbs.db
c:\users\ebay\AppData\Roaming\02000000d63a2650922C.manifest
c:\users\ebay\AppData\Roaming\02000000d63a2650922O.manifest
c:\users\ebay\AppData\Roaming\02000000d63a2650922P.manifest
c:\users\ebay\AppData\Roaming\02000000d63a2650922S.manifest
c:\windows\system32\7j2Xir1l.dll
c:\windows\system32\Startup.exe

Infected copy of c:\windows\system32\DRIVERS\vdrvroot.sys was found and disinfected 
Restored copy from - Kitty ate it :p 
.
(((((((((((((((((((((((((   Files Created from 2010-06-01 to 2010-07-01  )))))))))))))))))))))))))))))))
.

2010-07-01 15:25 . 2010-07-01 15:27	--------	d-----w-	c:\users\ebay\AppData\Local\temp
2010-07-01 15:25 . 2010-07-01 15:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-29 13:15 . 2010-06-29 13:15	--------	d-----w-	c:\program files\MSECache
2010-06-29 12:13 . 2010-06-29 12:13	--------	d-----w-	c:\users\ebay\AppData\Roaming\PC Tools
2010-06-29 12:11 . 2010-06-29 12:13	--------	d-----w-	c:\programdata\PC Tools
2010-06-14 15:30 . 2010-06-14 15:30	--------	d--h--w-	c:\windows\PIF
2010-06-11 14:15 . 2010-06-11 14:30	--------	d-----w-	c:\program files\trend micro
2010-06-11 14:15 . 2010-06-11 14:15	--------	d-----w-	C:\rsit
2010-06-11 11:58 . 2010-04-12 15:29	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-06-11 11:05 . 2010-06-11 11:05	--------	d-----w-	c:\users\ebay\AppData\Roaming\EPSON

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 14:59 . 2010-06-29 12:13	--------	d-----w-	c:\program files\Spyware Doctor
2010-07-01 14:58 . 2010-02-19 15:40	--------	d-----w-	c:\users\ebay\AppData\Roaming\FileZilla
2010-06-29 22:32 . 2010-02-18 15:34	--------	d-----w-	c:\program files\QuickTime
2010-06-29 12:31 . 2010-02-23 15:36	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-06-29 12:21 . 2010-02-18 15:36	--------	d-----w-	c:\program files\RocketDock
2010-06-29 12:16 . 2010-06-29 12:13	--------	d-----w-	c:\program files\Common Files\PC Tools
2010-06-15 09:52 . 2010-06-14 17:30	112	----a-w-	c:\programdata\4s6Y6wm7F.dat
2010-06-11 11:58 . 2009-10-09 18:28	--------	d-----w-	c:\program files\Java
2010-06-04 16:33 . 2010-02-25 16:37	--------	d-----w-	c:\programdata\ABBYY
2010-06-04 11:48 . 2010-02-19 15:33	--------	d-----w-	c:\users\ebay\AppData\Roaming\Winamp
2010-05-28 15:52 . 2010-03-30 12:00	--------	d-----w-	c:\users\ebay\AppData\Roaming\Skype
2010-05-28 14:01 . 2010-03-30 12:01	--------	d-----w-	c:\users\ebay\AppData\Roaming\skypePM
2010-05-28 09:51 . 2010-03-12 14:58	--------	d-----w-	c:\program files\Minefield
2010-05-27 12:06 . 2010-05-27 12:01	--------	d-----w-	c:\program files\ABBYY FineReader 9.0
2010-05-27 12:03 . 2010-05-27 12:03	--------	d-----w-	c:\program files\Common Files\ABBYY
2010-05-26 15:49 . 2010-05-26 15:49	--------	d-----w-	c:\users\ebay\AppData\Roaming\IrfanView
2010-05-26 15:49 . 2010-05-26 15:49	--------	d-----w-	c:\program files\IrfanView
2010-05-25 15:53 . 2010-05-25 15:53	--------	d-----w-	c:\program files\IZArc
2010-05-25 11:43 . 2010-05-25 11:43	--------	d-----w-	c:\users\ebay\AppData\Roaming\Malwarebytes
2010-05-25 11:43 . 2010-05-25 11:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-25 11:43 . 2010-05-25 11:43	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-18 14:35 . 2010-05-18 14:35	--------	d-----w-	c:\program files\QS
2010-05-14 13:32 . 2010-05-14 13:32	--------	d-----w-	c:\program files\Mythicsoft
2010-05-14 11:05 . 2010-05-14 11:05	--------	d-----w-	c:\program files\Smith Micro
2010-05-08 17:13 . 2010-04-09 12:17	--------	d-----w-	c:\program files\Streamripper
2010-04-29 10:19 . 2010-05-25 11:43	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 10:19 . 2010-05-25 11:43	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-08 12:29 . 2010-06-29 12:13	63360	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

	
Code:
	
<pre>
c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VERSIO~2 .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask  .exe
c:\program files\RocketDock\RocketDock .exe
</pre>
 ------- Sigcheck -------

[-] 2009-10-10 . 2FECC3C5CBE8C8284A523BC4B40368CE . 2810880 . . [6.1.7600.16385] . . c:\windows\explorer.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeBridge"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask  .exe -atboottime" [X]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [N/A]
"Copy Handler"="" [N/A]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13781536]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5140960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ControlCenter.lnk - c:\program files\T-Com\T-Eumex 820 LAN V1.40\ControlCenter.exe [2007-2-9 221184]
Copy Handler.lnk - c:\program files\Copy Handler\ch.exe [2010-2-23 436224]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-03-10 911680]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-10 2480048]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-10 160288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]


--- Other Services/Drivers In Memory ---

*Deregistered* - gwebmwit
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\At100.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At101.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At102.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At103.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At104.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At105.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At106.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At107.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At108.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At109.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At110.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At111.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At112.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At113.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At114.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At115.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At116.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At117.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At118.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At119.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At120.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At121.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At122.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At123.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At124.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At125.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At126.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At127.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At128.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At129.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At130.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At131.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At132.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At133.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At134.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At135.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At136.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At137.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At138.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At139.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At140.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At141.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At142.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At143.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At144.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At25.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At26.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At27.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At28.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At29.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At30.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At31.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At32.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At33.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At34.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At35.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At36.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At37.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At38.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At39.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At40.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At41.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At42.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At43.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At44.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At45.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At46.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At47.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At48.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At49.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At50.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At51.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At52.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At53.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At54.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At55.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At56.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At57.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At58.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At59.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At60.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At61.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At62.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At63.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At64.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At65.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At66.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At67.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At68.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At69.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At70.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At71.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At72.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At73.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At74.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At75.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At76.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At77.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At78.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At79.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At80.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At81.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At82.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At83.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At84.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At85.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At86.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At87.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At88.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At89.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At90.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At91.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At92.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At93.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At94.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At95.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At96.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At97.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-06-30 c:\windows\Tasks\At98.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]

2010-07-01 c:\windows\Tasks\At99.job
- c:\programdata\Mj81B365.exe [2010-06-14 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\5fxc2l9v.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gwebmwit]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,7d,1b,4b,a1,92,25,40,80,0c,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,7d,1b,4b,a1,92,25,40,80,0c,bd,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5784)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Logitech\SetPointP\LU\LULnchr.exe
c:\program files\Logitech\SetPointP\LU\LogitechUpdate.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-07-01  17:34:59 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-01 15:34

Pre-Run: 13.976.797.184 bytes free
Post-Run: 13.920.387.072 bytes free

- - End Of File - - 36B07D326B3CB01D0F31758AA93BECAD

Code:

2010-07-01 15:33:33 . 2010-07-01 15:33:33              550 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-SRService.reg.dat
2010-07-01 15:33:33 . 2010-07-01 15:33:33              546 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmserver.reg.dat
2010-07-01 15:33:33 . 2010-07-01 15:33:33              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmadmin.reg.dat
2010-07-01 15:33:33 . 2010-07-01 15:33:33              550 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmload.sys.reg.dat
2010-07-01 15:33:33 . 2010-07-01 15:33:33              542 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmio.sys.reg.dat
2010-07-01 15:33:33 . 2010-07-01 15:33:33              550 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmboot.sys.reg.dat
2010-07-01 15:22:17 . 2010-08-18 12:57:56            4,203 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-07-01 15:03:46 . 2010-08-18 12:50:31              226 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2010-05-25 11:23:58 . 2010-05-25 11:27:26               11 ----a-w-  C:\Qoobox\Quarantine\C\Users\ebay\AppData\Roaming\02000000d63a2650922S.manifest.vir
2010-05-25 11:23:58 . 2010-05-25 11:27:26               11 ----a-w-  C:\Qoobox\Quarantine\C\Users\ebay\AppData\Roaming\02000000d63a2650922O.manifest.vir
2010-05-25 11:23:58 . 2010-05-25 11:27:26               13 ----a-w-  C:\Qoobox\Quarantine\C\Users\ebay\AppData\Roaming\02000000d63a2650922C.manifest.vir
2010-05-25 11:23:58 . 2010-05-25 11:27:26            3,321 ----a-w-  C:\Qoobox\Quarantine\C\Users\ebay\AppData\Roaming\02000000d63a2650922P.manifest.vir
2010-03-05 15:59:03 . 2009-05-18 22:00:00           57,344 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\startup.exe.vir
2010-02-17 12:05:28 . 2010-02-17 12:05:28                0 ----a-w-  C:\Qoobox\Quarantine\C\hb_1370.tmp.vir
2009-07-13 23:46:20 . 2009-07-14 01:19:10           32,832 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\Drivers\vdrvroot.sys.vir
2009-07-13 23:46:20 . 2010-07-01 15:10:56           32,832 ----a-w-  C:\Qoobox\Quarantine\C\Windows\system32\Drivers\vdrvroot.sys.vir_
2007-06-27 13:25:05 . 2007-06-27 13:25:07            5,632 ----a-w-  C:\Qoobox\Quarantine\C\Thumbs.db.vir

[Speedy]

Welches Antiviren Tool empfiehlst du mir denn? Ich dachte wenn ich aufpasse brauche ich keins, da liege ich scheinbar falsch.

falsch!

antivirenprogramme, freeware gibt es von comodo, avg, avast, rising, neu microsoft essentials, panda cloud und avira, wobei letzteres deine emails nicht überprüft
clam av und pc tools spielen hier keine rolle !

Start - Ausführen - Combofix /Uninstall - klicke "OK"

über software deinstallieren
c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VERSIO~2 .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\RocketDock\RocketDock .exe
C:\Program Files\Spyware Doctor
C:\Program Files\Messenger Plus Live

• start
• explorer
• mit der rechten maustaste auf lokaler datenträger --> hier eigenschaften auswählen
• bereinigen
• dateien von allen benutzern dieses computers
• karteikarte datenträgerbereinigung
  • papierkorb
  • temp. internetfiles
  • temp. dateien
• reiter weitere optionen
  • nicht mehr verwendete programme entfernen
  • systemwiederherstellungspunkte bis auf den letzten löschen

• wechsle auf die seite von bleepingcomputer, und lies dir die deutsche beschreibung des tools sorgfälltig durch.
• bzgl. wiederherstellungskonsole ! (für sp3 die sp2 verwenden)
• lade nun das tool combofix mit hilfe der links auf der seite von bleepingcomputer auf deinen desktop
• starte combofix und installiere die windows-systemwiederherstellungsconsole (sofern noch nicht vorhanden)
• schließe alle anwendungen
• nimm der rechner vom netz
• beende dein antivirenprogramm (den hintergrundwächter)
• starte das tool mit einem doppelklick auf die datei combofix.exe
• wenn sich das fenster geöffnet hat, bekommst du verschiedene hinweise zu lesen, es geht um die risiken bei der verwendung dieses tools, aufmerksam lesen! (daher mein tipp mit der sicherung deiner persönlichen daten)
• willst du das risiko nicht eingehen, dann beende das tool,
• willst du die reinigung durchziehen, dann starte es mit ja
• die überprüfung beginnt, lass den rechner ohne etwas zu tun laufen
• das tool erstellt ein logfile, das du unter c:\combofix.txt findest
  poste den inhalt
• Achtung: wenn du den scan gestartet hast, lass das tool arbeiten, das kann bis zu 15 minuten dauern, mach nichts anderes, sonst kann dein desktop unter umständen nur mehr blau bleiben.
• nach dem scannen und bereinigen, deine antivirensoftware aktivieren (hier kann es zu einer meldung kommen -->eicar testfile) und erst dann mit dem rechner wieder ins netz gehen

p.s. sollte die combofix.exe nicht gestartet werden können, dann in test2.com umbenennen.

erstelle ein aktuelles hjtscanlist-logfile mit der 2, inhalte posten.

• lade dir bobbi fleckmans regsearch auf deinen desktop
• entpacke das tool hier auf dem desktop
• starte es mit einem doppelklick auf die datei regsearch.exe
• gib im oberen der eingabefelder, in jede einzelne zeile, einen der nachfolgenden dateinamen ein.
  
  7j2Xir1l.dll
  Startup.exe
  VERSIO~2 .exe
  AdobeARM .exe
  CS4ServiceManager .exe
  GrooveMonitor .exe
  QTTask .exe
  RocketDock .exe
  wpkvfma.sys
  gwebmwit.sys
  gilt.zip --> wird wozu benötigt?
  Mj81B365.exe
  
• starte, wenn du alle namen eingegeben hast mit return die suche (kann etwas dauern -> bis 10 minuten)
• nun wird ein logfile erstellt, posten den inhalt. die code tags nicht vergessen!

Bitte die nachfolgenden dateien bei einem der hier angeführten multimalwarescanner überprüfen lassen, das komplette ergebnis hier im bb-code formatiert posten! so soll das aussehen!

• virustotal oder
• virscan.org, alternativ geht auch
• novirusthanks.org (hier kann man dateien direkt von der webseite zur überprüfung hochladen), oder
• jotti
• virus.org derzeit wird die seite gewartet, dauert mir aber schon zu lange
• viruschief nicht zu empfehlen, da keine aktualisierung der scanner und der vdf durchgeführt wird

dateien zu überprüfen!
c:\windows\explorer.exe

p.s. wir sind noch immer beim 1. rechner!

[totalegal]

Alle Schritte bewältigt. Hier sind die Logs:

Code:

ComboFix 10-08-31.02 - ebay 01.09.2010  12:53:56.3.2 - x86
Microsoft Windows 7 Alchemist Ultimate SE©   6.1.7600.0.1252.1.1033.18.2046.1450 [GMT 2:00]
Running from: c:\users\ebay\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected 
Restored copy from - c:\windows\ERDNT\cache\userinit.exe 

.
(((((((((((((((((((((((((   Files Created from 2010-08-01 to 2010-09-01  )))))))))))))))))))))))))))))))
.

2010-09-01 11:00 . 2010-09-01 11:00	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-01 11:00 . 2010-09-01 11:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-01 11:00 . 2010-09-01 11:00	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2010-09-01 06:48 . 2010-09-01 06:48	--------	d-----w-	c:\users\ebay\AppData\Local\Diagnostics
2010-08-31 12:21 . 2010-08-31 12:21	--------	d-----w-	c:\program files\Sophos
2010-08-26 12:05 . 2010-08-26 12:05	--------	d-----w-	c:\users\ebay\AppData\Roaming\BMSEV
2010-08-26 12:05 . 2010-08-26 12:05	--------	d-----w-	c:\programdata\BMSEV
2010-08-26 12:05 . 2010-08-26 12:05	--------	d-----w-	c:\program files\BMSEV
2010-08-18 10:45 . 2010-08-31 13:30	--------	d-----w-	c:\users\ebay\AppData\Local\VirtualStore
2010-08-11 12:40 . 2010-08-11 12:40	--------	d-----w-	c:\programdata\ALM
2010-08-11 11:59 . 2010-08-11 11:59	--------	d-----w-	c:\program files\Windows Installer Clean Up
2010-08-11 11:53 . 2010-08-11 11:53	--------	d-----w-	c:\users\ebay\AppData\Local\Threat Expert
2010-08-11 11:53 . 2010-08-11 11:53	--------	d-----w-	c:\users\ebay\Library
2010-08-11 11:53 . 2010-08-11 11:53	--------	d-----w-	c:\users\ebay\AppData\Roaming\com.adobe.ExMan

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 10:28 . 2010-02-18 15:34	--------	d-----w-	c:\program files\QuickTime
2010-09-01 10:25 . 2010-07-05 11:28	--------	d-----w-	c:\programdata\NOS
2010-09-01 10:25 . 2010-03-12 14:58	--------	d-----w-	c:\program files\Minefield
2010-09-01 10:15 . 2010-06-29 12:11	--------	d-----w-	c:\programdata\PC Tools
2010-09-01 10:10 . 2010-02-19 15:40	--------	d-----w-	c:\users\ebay\AppData\Roaming\FileZilla
2010-08-31 13:30 . 2010-08-31 13:30	388096	----a-r-	c:\users\ebay\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-31 13:30 . 2010-06-11 14:15	--------	d-----w-	c:\program files\trend micro
2010-08-27 12:44 . 2010-02-18 15:34	--------	d-----w-	c:\program files\Notepad++
2010-08-18 16:54 . 2010-02-23 15:36	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-08-18 13:11 . 2010-02-18 15:40	110584	----a-w-	c:\users\ebay\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 12:37 . 2009-10-09 18:28	--------	d-----w-	c:\program files\CCleaner
2010-08-18 12:29 . 2010-02-25 16:37	--------	d-----w-	c:\programdata\ABBYY
2010-08-11 12:42 . 2010-02-18 15:43	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-11 12:38 . 2010-02-18 16:02	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-08-11 11:59 . 2010-08-11 11:59	3584	----a-r-	c:\users\ebay\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-08-11 11:59 . 2010-06-29 13:15	--------	d-----w-	c:\program files\MSECache
2010-08-11 10:36 . 2010-03-30 12:00	--------	d-----w-	c:\users\ebay\AppData\Roaming\Skype
2010-08-11 06:00 . 2010-03-30 12:01	--------	d-----w-	c:\users\ebay\AppData\Roaming\skypePM
2010-08-04 13:52 . 2010-02-24 11:11	--------	d-----w-	c:\program files\JDownloader
2010-07-27 15:25 . 2010-07-27 15:25	--------	d-----w-	c:\programdata\New folder
2010-07-27 15:20 . 2010-07-27 15:20	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Winamp
2010-07-27 15:20 . 2010-07-27 15:20	--------	d-----w-	c:\users\Administrator\AppData\Roaming\streamripper
2010-07-27 15:10 . 2010-07-27 15:10	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Western Digital
2010-07-27 15:10 . 2010-07-27 15:10	110584	----a-w-	c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-27 15:09 . 2010-07-27 15:09	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Logitech
2010-07-20 14:43 . 2010-02-19 15:40	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-07-19 11:48 . 2010-07-19 11:47	--------	d-----w-	c:\program files\Microsoft
2010-07-19 11:47 . 2010-02-18 15:34	--------	d-----w-	c:\program files\Windows Live
2010-07-19 11:47 . 2010-07-19 11:47	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-07-19 11:45 . 2010-07-19 11:45	--------	d-----w-	c:\program files\Common Files\Windows Live
2010-07-08 11:28 . 2010-03-08 15:31	--------	d-----w-	c:\users\ebay\AppData\Roaming\ImgBurn
2010-07-05 11:28 . 2010-07-05 11:28	--------	d-----w-	c:\program files\NOS
2010-06-11 14:14 . 2010-06-11 14:14	824681	----a-w-	c:\programdata\Desktop\amc\RSIT.exe
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

	
Code:
	
<pre>
c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VERSIO~2 .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask  .exe
c:\program files\RocketDock\RocketDock .exe
</pre>
 ------- Sigcheck -------

[-] 2009-10-10 . 2FECC3C5CBE8C8284A523BC4B40368CE . 2810880 . . [6.1.7600.16385] . . c:\windows\explorer.exe

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copy Handler"="" [N/A]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5140960]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Copy Handler.lnk - c:\program files\Copy Handler\ch.exe [2010-2-23 436224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\60C3.tmp [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-03-10 911680]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-03-10 2480048]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-03-10 160288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]


--- Other Services/Drivers In Memory ---

*Deregistered* - gwebmwit

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ebay\AppData\Roaming\Mozilla\Firefox\Profiles\bn8wq7ja.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\60C3.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gwebmwit]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,7d,1b,4b,a1,92,25,40,80,0c,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0d,7d,1b,4b,a1,92,25,40,80,0c,bd,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4044)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\audiodev.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Acronis\TrueImageHome\tishell.dll
c:\program files\Acronis\TrueImageHome\timounter.dll
c:\program files\Notepad++\nppcm.dll
c:\program files\ABBYY FineReader 9.0\FRIntegration.dll
c:\program files\abbyy finereader 9.0\frintegration0.dll
c:\program files\abbyy finereader 9.0\frintegrationres.dll
d:\adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
c:\program files\7-Zip\7-zip.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\WmiApSrv.exe
d:\adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe
.
**************************************************************************
.
Completion time: 2010-09-01  13:09:18 - machine was rebooted
ComboFix-quarantined-files.txt  2010-09-01 11:09
ComboFix2.txt  2010-08-18 13:08

Pre-Run: 16.261.165.056 bytes free
Post-Run: 16.255.434.752 bytes free

- - End Of File - - C90FFBD7393E403C5A66B69FDFE54EDC

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

C:\Config.Msi 
C:\ProgramData 
C:\Program Files 
C:\ComboFix 
C:\Qoobox 
C:\ComboFix.txt 
C:\$RECYCLE.BIN 
C:\Windows 
C:\pagefile.sys 
C:\hiberfil.sys 
C:\System Volume Information 
C:\Programme 
C:\Users 
C:\log_fs.log 
C:\Boot 
C:\Program Files (x86) 
C:\rsit 
C:\rkill.log 
C:\Temp 
C:\found.000 
C:\EPSON 
C:\winx.ld 
C:\grldr 
C:\BOOTSECT.BAK 
C:\Recovery 
C:\Boot.ini.saved 
C:\w7ldr 
C:\Diskeeper 
C:\Boot.BAK 
C:\anzeigen 
C:\ntldr 
C:\.tdbd 
C:\Documents and Settings 
C:\PerfLogs 
C:\bootmgr 
C:\InstallHelper.log 
C:\config.sys 
C:\autoexec.bat 
C:\dell 
C:\product.php 
C:\Speicherkarte 
C:\multigoopt.xml 
C:\PANDA 
C:\MSOCache 
C:\Dokumente und Einstellungen 
C:\IO.SYS 
C:\MSDOS.SYS 
C:\bootfont.bin 
C:\NTDETECT.COM 
----------------------------------------

 
C:\Windows

C:\Windows\WindowsUpdate.log 
C:\Windows\system.ini 
C:\Windows\setupact.log 
C:\Windows\bootstat.dat 
C:\Windows\PFRO.log 
C:\Windows\setuperr.log 
C:\Windows\PEV.exe 
C:\Windows\nsreg.dat 
C:\Windows\pkeyconfig.xrm-ms 
C:\Windows\win.ini 
C:\Windows\gswin32.ini 
C:\Windows\MBR.exe 
C:\Windows\explorer.exe 
C:\Windows\oemlogo.bmp 
C:\Windows\FreeMem.exe 
C:\Windows\WindowsShell.Manifest 
C:\Windows\twain_32.dll 
C:\Windows\write.exe 
C:\Windows\winhlp32.exe 
C:\Windows\twunk_32.exe 
C:\Windows\regedit.exe 
C:\Windows\notepad.exe 
C:\Windows\hh.exe 
C:\Windows\HelpPane.exe 
C:\Windows\fveupdate.exe 
C:\Windows\bfsvc.exe 
C:\Windows\mib.bin 
C:\Windows\WLXPGSS.SCR 
C:\Windows\_default.pif 
C:\Windows\winhelp.exe 
C:\Windows\twunk_16.exe 
C:\Windows\twain.dll 
C:\Windows\WMSysPr9.prx 
C:\Windows\msdfmap.ini 
C:\Windows\Ultimate.xml 
C:\Windows\Starter.xml 
C:\Windows\NIRCMD.exe 
C:\Windows\AviSplitter.INI 
C:\Windows\SWSC.exe 
C:\Windows\SWXCACLS.exe 
C:\Windows\grep.exe 
C:\Windows\zip.exe 
C:\Windows\sed.exe 
C:\Windows\SWREG.exe 
----------------------------------------

 
C:\Windows\System

C:\Windows\System\OLESVR.DLL 
C:\Windows\System\WFWNET.DRV 
C:\Windows\System\COMMDLG.DLL 
C:\Windows\System\TIMER.DRV 
C:\Windows\System\MMSYSTEM.DLL 
C:\Windows\System\mmtask.tsk 
C:\Windows\System\mouse.drv 
C:\Windows\System\vga.drv 
C:\Windows\System\sound.drv 
C:\Windows\System\keyboard.drv 
C:\Windows\System\SHELL.DLL 
C:\Windows\System\system.drv 
C:\Windows\System\ver.dll 
C:\Windows\System\olecli.dll 
C:\Windows\System\lzexpand.dll 
C:\Windows\System\stdole.tlb 
C:\Windows\System\msvideo.dll 
C:\Windows\System\mciwave.drv 
C:\Windows\System\mciseq.drv 
C:\Windows\System\mciavi.drv 
C:\Windows\System\avifile.dll 
C:\Windows\System\avicap.dll 
----------------------------------------

 
C:\Windows\System32

C:\Windows\system32\drivers 
C:\Windows\system32\perfh009.dat 
C:\Windows\system32\perfc009.dat 
C:\Windows\system32\PerfStringBackup.INI 
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 
C:\Windows\system32\wdi 
C:\Windows\system32\appmgmt 
C:\Windows\system32\catroot 
C:\Windows\system32\NDF 
C:\Windows\system32\config 
C:\Windows\system32\FNTCACHE.DAT 
C:\Windows\system32\hjtscanlist.txt 
C:\Windows\system32\catroot2 
C:\Windows\system32\Tasks 
C:\Windows\system32\jupdate-1.6.0_20-b02.log 
C:\Windows\system32\javaws.exe 
C:\Windows\system32\java.exe 
C:\Windows\system32\deployJava1.dll 
C:\Windows\system32\ezsidmv.dat 
C:\Windows\system32\FxsTmp 
C:\Windows\system32\DriverStore 
C:\Windows\system32\AGEIA 
C:\Windows\system32\LogFiles 
C:\Windows\system32\CodeIntegrity 
C:\Windows\system32\license.rtf 
C:\Windows\system32\sysprep 
C:\Windows\system32\wbem 
C:\Windows\system32\restore 
C:\Windows\system32\javaw.exe 
C:\Windows\system32\Macromed 
C:\Windows\system32\acaptuser32.dll 
C:\Windows\system32\LMouFiltCoInst.dll 
C:\Windows\system32\LkmdfCoInst.dll 
C:\Windows\system32\spwizimg.dll 
C:\Windows\system32\imageres.dll 
C:\Windows\system32\shell32.dll 
C:\Windows\system32\Shellext 
C:\Windows\system32\Adobe 
C:\Windows\system32\ff_vfw.dll 
C:\Windows\system32\pthreadGC2.dll 
C:\Windows\system32\xactengine3_5.dll 
C:\Windows\system32\xaudio2_5.dll 
C:\Windows\system32\XAPOFX1_3.dll 
C:\Windows\system32\d3dx11_42.dll 
C:\Windows\system32\d3dx10_42.dll 
C:\Windows\system32\d3dcsx_42.dll 
C:\Windows\system32\d3dcompiler_42.dll 
C:\Windows\system32\d3dx9_42.dll 
C:\Windows\system32\MRT.exe 
C:\Windows\system32\AdobePDFUI.dll 
C:\Windows\system32\AdobePDF.dll 
C:\Windows\system32\ac3filter.acm 
C:\Windows\system32\uxtheme.dll 
C:\Windows\system32\themeui.dll 
C:\Windows\system32\themeservice.dll 
C:\Windows\system32\sirenacm.dll 
C:\Windows\system32\msvcr71.dll 
C:\Windows\system32\msvcp71.dll 
C:\Windows\system32\en-US 
C:\Windows\system32\Recovery 
C:\Windows\system32\umstartup.etl 
C:\Windows\system32\migwiz 
C:\Windows\system32\winrm 
C:\Windows\system32\Setup 
C:\Windows\system32\0409 
C:\Windows\system32\slmgr 
C:\Windows\system32\en 
C:\Windows\system32\WinBioPlugIns 
C:\Windows\system32\oobe 
C:\Windows\system32\migration 
C:\Windows\system32\Boot 
C:\Windows\system32\Dism 
C:\Windows\system32\WCN 
C:\Windows\system32\MUI 
C:\Windows\system32\Printing_Admin_Scripts 
C:\Windows\system32\com 
C:\Windows\system32\wfp 
C:\Windows\system32\WindowsPowerShell 
C:\Windows\system32\WinBioDatabase 
C:\Windows\system32\umstartup000.etl 
C:\Windows\system32\desktop.ini 
C:\Windows\system32\migwiz.lnk 
C:\Windows\system32\mapisvc.inf 
C:\Windows\system32\spool 
C:\Windows\system32\Microsoft 
C:\Windows\system32\zh-TW 
C:\Windows\system32\zh-HK 
C:\Windows\system32\zh-CN 
C:\Windows\system32\winevt 
C:\Windows\system32\uk-UA 
C:\Windows\system32\tr-TR 
C:\Windows\system32\th-TH 
C:\Windows\system32\sv-SE 
C:\Windows\system32\sr-Latn-CS 
C:\Windows\system32\sppui 
C:\Windows\system32\spp 
C:\Windows\system32\sl-SI 
C:\Windows\system32\sk-SK 
C:\Windows\system32\SMI 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

C:\Windows\Tasks\SA.DAT 
C:\Windows\Tasks\SCHEDLGU.TXT 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\ebay\AppData\Local\Temp

C:\Users\ebay\AppData\Local\Temp\adobetmp1290830606
C:\Users\ebay\AppData\Local\Temp\afl.log
C:\Users\ebay\AppData\Local\Temp\plugtmp
C:\Users\ebay\AppData\Local\Temp\{A9A71A55-3C8A-4DCD-8291-1F4B749627C9}aum_CS4installer_bgd.png
C:\Users\ebay\AppData\Local\Temp\{3095E614-711B-48D2-BAAF-0CA9D9968F68}adobe_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{490F274E-689A-4ECF-AC3E-322347ED7613}estk_install_pkg.ico
C:\Users\ebay\AppData\Local\Temp\{490F274E-689A-4ECF-AC3E-322347ED7613}estk_ribs_banner_win.png
C:\Users\ebay\AppData\Local\Temp\{A0087DD3-D18C-4351-8DE4-945F6875C4F9}ae_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{A0087DD3-D18C-4351-8DE4-945F6875C4F9}ae_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{94C6AEF4-BE0D-431B-B0A5-567E6B89E576}pb_pkg.ico
C:\Users\ebay\AppData\Local\Temp\{94C6AEF4-BE0D-431B-B0A5-567E6B89E576}pb_appicon_32px_win.png
C:\Users\ebay\AppData\Local\Temp\{94C6AEF4-BE0D-431B-B0A5-567E6B89E576}background.png
C:\Users\ebay\AppData\Local\Temp\{E9864DB2-4AC9-4BEC-BFD1-644C4276F901}vc_ribs.png
C:\Users\ebay\AppData\Local\Temp\{E9864DB2-4AC9-4BEC-BFD1-644C4276F901}VC_Uninstall_Icon.ico
C:\Users\ebay\AppData\Local\Temp\{D5AD1A24-F381-4D67-BA1C-A2661AEB06A5}sb_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{5AC26AE4-130C-4296-9BA8-563A99AE1946}application.sif
C:\Users\ebay\AppData\Local\Temp\{D5AD1A24-F381-4D67-BA1C-A2661AEB06A5}sb_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{5AC26AE4-130C-4296-9BA8-563A99AE1946}aul.xml
C:\Users\ebay\AppData\Local\Temp\{5AC26AE4-130C-4296-9BA8-563A99AE1946}sb_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{5AC26AE4-130C-4296-9BA8-563A99AE1946}sb_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{5AC26AE4-130C-4296-9BA8-563A99AE1946}sb_app_icon.png
C:\Users\ebay\AppData\Local\Temp\{0AEC3900-1F89-4649-9D10-B0469D5F6A0B}pr_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{0AEC3900-1F89-4649-9D10-B0469D5F6A0B}pr_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{957FF71A-BD6D-4313-9214-9CBBD718A785}pr_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{957FF71A-BD6D-4313-9214-9CBBD718A785}pr_app_icon.png
C:\Users\ebay\AppData\Local\Temp\{21EEB50A-C615-4B7B-928B-4262121A7C78}application.sif
C:\Users\ebay\AppData\Local\Temp\{957FF71A-BD6D-4313-9214-9CBBD718A785}pr_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{21EEB50A-C615-4B7B-928B-4262121A7C78}pr_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{21EEB50A-C615-4B7B-928B-4262121A7C78}pr_app_icon.png
C:\Users\ebay\AppData\Local\Temp\{21EEB50A-C615-4B7B-928B-4262121A7C78}pr_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{CFCD7AD2-150A-4194-BA98-4C59850A0F98}aul.xml
C:\Users\ebay\AppData\Local\Temp\{CFCD7AD2-150A-4194-BA98-4C59850A0F98}ps.png
C:\Users\ebay\AppData\Local\Temp\{D1EFC2E9-E67E-4533-B633-08985945EE66}ol pkg vista.ico
C:\Users\ebay\AppData\Local\Temp\{D1EFC2E9-E67E-4533-B633-08985945EE66}Application.sif
C:\Users\ebay\AppData\Local\Temp\{D1EFC2E9-E67E-4533-B633-08985945EE66}ol_ribs_32x32.png
C:\Users\ebay\AppData\Local\Temp\{D1EFC2E9-E67E-4533-B633-08985945EE66}ol_ribs_banner.png
C:\Users\ebay\AppData\Local\Temp\{A80B7019-16DF-42DB-BF83-B6B3452677A1}ProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{6743AE49-4594-4CAE-807C-27682446F498}ProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{E8CA713D-38A8-47A0-ACFB-39CA6A59CA1D}AME_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{E8CA713D-38A8-47A0-ACFB-39CA6A59CA1D}AMEProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{4D17754B-2C2C-4E95-89D0-AFD9383FBFA5}AME_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{4D17754B-2C2C-4E95-89D0-AFD9383FBFA5}AMEProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{A7D45FE4-7861-451E-BBAC-E29CCFF5EE3E}AMEProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{C4DA9059-2CCF-466E-AECC-C37CCA398349}AMEProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{DD829154-9968-43C5-9975-4A2CF9E87869}AME_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{DD829154-9968-43C5-9975-4A2CF9E87869}AMEProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{35304775-CB5F-101B-A142-83B5468C225C}producticon-release.png
C:\Users\ebay\AppData\Local\Temp\{35304775-CB5F-101B-A142-83B5468C225C}installer-release.ico
C:\Users\ebay\AppData\Local\Temp\{35304775-CB5F-101B-A142-83B5468C225C}background-release.png
C:\Users\ebay\AppData\Local\Temp\{35304775-CB5F-101B-A142-83B5468C225C}aul.xml
C:\Users\ebay\AppData\Local\Temp\{35304775-CB5F-101B-A142-83B5468C225C}application.sif
C:\Users\ebay\AppData\Local\Temp\{7F60FD0C-F2FF-433A-A91C-EC76152DEF05}ai_icon.png
C:\Users\ebay\AppData\Local\Temp\{7F60FD0C-F2FF-433A-A91C-EC76152DEF05}ai_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{7F60FD0C-F2FF-433A-A91C-EC76152DEF05}ai_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{7F60FD0C-F2FF-433A-A91C-EC76152DEF05}aul.xml
C:\Users\ebay\AppData\Local\Temp\{7F60FD0C-F2FF-433A-A91C-EC76152DEF05}application.sif
C:\Users\ebay\AppData\Local\Temp\{3C2CCCD6-CB9D-4288-8B3D-EF7AEC16C35B}fl.png
C:\Users\ebay\AppData\Local\Temp\{3C2CCCD6-CB9D-4288-8B3D-EF7AEC16C35B}Setup.ico
C:\Users\ebay\AppData\Local\Temp\{3C2CCCD6-CB9D-4288-8B3D-EF7AEC16C35B}application.sif
C:\Users\ebay\AppData\Local\Temp\{3C2CCCD6-CB9D-4288-8B3D-EF7AEC16C35B}background.png
C:\Users\ebay\AppData\Local\Temp\{3C2CCCD6-CB9D-4288-8B3D-EF7AEC16C35B}application.xml
C:\Users\ebay\AppData\Local\Temp\{869E3432-BDAC-4211-B1DC-EC211962EEFA}fw_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{869E3432-BDAC-4211-B1DC-EC211962EEFA}FWProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{869E3432-BDAC-4211-B1DC-EC211962EEFA}background.png
C:\Users\ebay\AppData\Local\Temp\{869E3432-BDAC-4211-B1DC-EC211962EEFA}aul.xml
C:\Users\ebay\AppData\Local\Temp\{0967604F-33E6-4C6B-934B-157C3AB4ED4C}Setup.ico
C:\Users\ebay\AppData\Local\Temp\{869E3432-BDAC-4211-B1DC-EC211962EEFA}application.sif
C:\Users\ebay\AppData\Local\Temp\{0967604F-33E6-4C6B-934B-157C3AB4ED4C}background.png
C:\Users\ebay\AppData\Local\Temp\{0967604F-33E6-4C6B-934B-157C3AB4ED4C}ProductWinIcon.png
C:\Users\ebay\AppData\Local\Temp\{575C8FA0-8180-4554-828A-1AD52446CAA1}en_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{575C8FA0-8180-4554-828A-1AD52446CAA1}en_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{27B54140-8302-4B5D-83DD-AEE4B18BC7A4}en_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{27B54140-8302-4B5D-83DD-AEE4B18BC7A4}en_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{27B54140-8302-4B5D-83DD-AEE4B18BC7A4}en_app_icon.png
C:\Users\ebay\AppData\Local\Temp\{3CD02B3D-9EEE-4786-95A8-73E7BA8558CA}drive_appicon.png
C:\Users\ebay\AppData\Local\Temp\{289C46A2-F2F7-4887-A8DA-5CB1AB65754D}Titan.ico
C:\Users\ebay\AppData\Local\Temp\{289C46A2-F2F7-4887-A8DA-5CB1AB65754D}background.png
C:\Users\ebay\AppData\Local\Temp\{289C46A2-F2F7-4887-A8DA-5CB1AB65754D}dw.png
C:\Users\ebay\AppData\Local\Temp\{289C46A2-F2F7-4887-A8DA-5CB1AB65754D}aul.xml
C:\Users\ebay\AppData\Local\Temp\{289C46A2-F2F7-4887-A8DA-5CB1AB65754D}application.sif
C:\Users\ebay\AppData\Local\Temp\{8AD0C0B9-B397-45FE-89A3-D42F95F6E9EF}ProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{36C8CA05-C98B-47F5-9CE8-FE09C4C7671C}ct_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{36C8CA05-C98B-47F5-9CE8-FE09C4C7671C}ProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{36C8CA05-C98B-47F5-9CE8-FE09C4C7671C}background.png
C:\Users\ebay\AppData\Local\Temp\{36C8CA05-C98B-47F5-9CE8-FE09C4C7671C}aul.xml
C:\Users\ebay\AppData\Local\Temp\{36C8CA05-C98B-47F5-9CE8-FE09C4C7671C}application.sif
C:\Users\ebay\AppData\Local\Temp\{7179A0A2-A781-4B59-AC19-CF26183E1F86}dva_ribs_banner_win.png
C:\Users\ebay\AppData\Local\Temp\{7179A0A2-A781-4B59-AC19-CF26183E1F86}ribs_dva_32px_win.png
C:\Users\ebay\AppData\Local\Temp\{7179A0A2-A781-4B59-AC19-CF26183E1F86}adobe_pkg.ico
C:\Users\ebay\AppData\Local\Temp\{14A5A29B-D252-4575-B40C-695B8D8B34D5}bridge.png
C:\Users\ebay\AppData\Local\Temp\{14A5A29B-D252-4575-B40C-695B8D8B34D5}bridge.ico
C:\Users\ebay\AppData\Local\Temp\{568E0A79-996C-4B04-B613-F06CBE7B320B}ae_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{568E0A79-996C-4B04-B613-F06CBE7B320B}ae_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{568E0A79-996C-4B04-B613-F06CBE7B320B}ae_app_icon.png
C:\Users\ebay\AppData\Local\Temp\{F706302E-1402-4D8D-8ABB-26B18ECAEFBB}application.sif
C:\Users\ebay\AppData\Local\Temp\{F706302E-1402-4D8D-8ABB-26B18ECAEFBB}aul.xml
C:\Users\ebay\AppData\Local\Temp\{F706302E-1402-4D8D-8ABB-26B18ECAEFBB}ae_app_icon.png
C:\Users\ebay\AppData\Local\Temp\{F706302E-1402-4D8D-8ABB-26B18ECAEFBB}ae_install_pkg_rev.ico
C:\Users\ebay\AppData\Local\Temp\{F706302E-1402-4D8D-8ABB-26B18ECAEFBB}ae_ribs_bgd.png
C:\Users\ebay\AppData\Local\Temp\{CBC8AB3C-85F0-4D16-8E01-95E0343EE383}ProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{5D195AB1-30AC-44F6-93FE-225CE5BBAB74}ProductIcon.png
C:\Users\ebay\AppData\Local\Temp\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}aul.xml
C:\Users\ebay\AppData\Local\Temp\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}application.sif
C:\Users\ebay\AppData\Local\Temp\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}master_install_pkg.ico
C:\Users\ebay\AppData\Local\Temp\{F2C8D5D1-2414-45CF-852A-22A0C98AA6B5}banner.png
C:\Users\ebay\AppData\Local\Temp\amt.log
C:\Users\ebay\AppData\Local\Temp\alm.log
C:\Users\ebay\AppData\Local\Temp\swtag.log
C:\Users\ebay\AppData\Local\Temp\Low
C:\Users\ebay\AppData\Local\Temp\Auft_0020608702_002_Werbeagentur Michael.PDF
C:\Users\ebay\AppData\Local\Temp\trk4A10.tmp
C:\Users\ebay\AppData\Local\Temp\MSI252f1.LOG
C:\Users\ebay\AppData\Local\Temp\nsp61FF.tmp
C:\Users\ebay\AppData\Local\Temp\MSI252f0.LOG
C:\Users\ebay\AppData\Local\Temp\application.sif
C:\Users\ebay\AppData\Local\Temp\adb3EDF.tmp
C:\Users\ebay\AppData\Local\Temp\ebay.bmp
C:\Users\ebay\AppData\Local\Temp\2010-03-12 Verkehrswertgutachten.pdf
C:\Users\ebay\AppData\Local\Temp\2010-08-26 AG w Zuschlagserteilung.pdf
C:\Users\ebay\AppData\Local\Temp\WT2378.tmp
C:\Users\ebay\AppData\Local\Temp\WT206B.tmp
C:\Users\ebay\AppData\Local\Temp\FXSAPIDebugLogFile.txt
C:\Users\ebay\AppData\Local\Temp\adobetmp1264530548
C:\Users\ebay\AppData\Local\Temp\adobetmp1264430548
C:\Users\ebay\AppData\Local\Temp\adobetmp1264330548
C:\Users\ebay\AppData\Local\Temp\adobetmp1264230548
C:\Users\ebay\AppData\Local\Temp\adobetmp1264130548
C:\Users\ebay\AppData\Local\Temp\adobetmp1264030548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263930548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263830548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263730548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263630548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263530548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263430548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263330548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263230548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263130548
C:\Users\ebay\AppData\Local\Temp\adobetmp1263030548
C:\Users\ebay\AppData\Local\Temp\adobetmp1262930548
C:\Users\ebay\AppData\Local\Temp\adobetmp1262830548
C:\Users\ebay\AppData\Local\Temp\adobetmp1262730544
C:\Users\ebay\AppData\Local\Temp\adobetmp1262630544
C:\Users\ebay\AppData\Local\Temp\adobetmp1262530544
C:\Users\ebay\AppData\Local\Temp\adobetmp1262430544
C:\Users\ebay\AppData\Local\Temp\adobetmp1262330544
C:\Users\ebay\AppData\Local\Temp\adobetmp1262230544
C:\Users\ebay\AppData\Local\Temp\adobetmp1262130544
C:\Users\ebay\AppData\Local\Temp\adobetmp1262030544
C:\Users\ebay\AppData\Local\Temp\adobetmp1261930544
C:\Users\ebay\AppData\Local\Temp\adobetmp1261830544
C:\Users\ebay\AppData\Local\Temp\adobetmp1261730544
C:\Users\ebay\AppData\Local\Temp\adobetmp1261630544
C:\Users\ebay\AppData\Local\Temp\adobetmp1261530544
C:\Users\ebay\AppData\Local\Temp\adobetmp1261430544
C:\Users\ebay\AppData\Local\Temp\adobetmp1264630548
C:\Users\ebay\AppData\Local\Temp\adobetmp1264730548
C:\Users\ebay\AppData\Local\Temp\adobetmp1276730567
C:\Users\ebay\AppData\Local\Temp\adobetmp1268030551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268130551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268230551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268330551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268430551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268530551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268630551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268730551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268830551
C:\Users\ebay\AppData\Local\Temp\adobetmp1268930551
C:\Users\ebay\AppData\Local\Temp\adobetmp1269030551
C:\Users\ebay\AppData\Local\Temp\adobetmp1269130554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269230554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269330554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269430554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269530554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269630554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269730554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269830554
C:\Users\ebay\AppData\Local\Temp\adobetmp1269930554
C:\Users\ebay\AppData\Local\Temp\adobetmp1270030554
C:\Users\ebay\AppData\Local\Temp\adobetmp1270130554
C:\Users\ebay\AppData\Local\Temp\adobetmp1270230554
C:\Users\ebay\AppData\Local\Temp\adobetmp1273130561
C:\Users\ebay\AppData\Local\Temp\adobetmp1273030561
C:\Users\ebay\AppData\Local\Temp\adobetmp1272930561
C:\Users\ebay\AppData\Local\Temp\adobetmp1272830561
C:\Users\ebay\AppData\Local\Temp\adobetmp1270330554
C:\Users\ebay\AppData\Local\Temp\adobetmp1272730561
C:\Users\ebay\AppData\Local\Temp\adobetmp1272630561
C:\Users\ebay\AppData\Local\Temp\adobetmp1272530557
C:\Users\ebay\AppData\Local\Temp\adobetmp1272430557
C:\Users\ebay\AppData\Local\Temp\adobetmp1276630567
C:\Users\ebay\AppData\Local\Temp\adobetmp1267830551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267730551
C:\Users\ebay\AppData\Local\Temp\adobetmp1272330557
C:\Users\ebay\AppData\Local\Temp\adobetmp1276530567
C:\Users\ebay\AppData\Local\Temp\adobetmp1272130557
C:\Users\ebay\AppData\Local\Temp\adobetmp1272030557
C:\Users\ebay\AppData\Local\Temp\adobetmp1271930557
C:\Users\ebay\AppData\Local\Temp\adobetmp1270430554
C:\Users\ebay\AppData\Local\Temp\adobetmp1270530554
C:\Users\ebay\AppData\Local\Temp\adobetmp1267630551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267530551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267430551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267330551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267230551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267130551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267030551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266930551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266830551
C:\Users\ebay\AppData\Local\Temp\adobetmp1270630554
C:\Users\ebay\AppData\Local\Temp\adobetmp1266730551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266630551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266530551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266430551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266330551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266230551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266130551
C:\Users\ebay\AppData\Local\Temp\adobetmp1266030551
C:\Users\ebay\AppData\Local\Temp\adobetmp1265930551
C:\Users\ebay\AppData\Local\Temp\adobetmp1267930551
C:\Users\ebay\AppData\Local\Temp\adobetmp1265830551
C:\Users\ebay\AppData\Local\Temp\adobetmp1265730551
C:\Users\ebay\AppData\Local\Temp\adobetmp1271830554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271730554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271630554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271530554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271430554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271330554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271230554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271130554
C:\Users\ebay\AppData\Local\Temp\adobetmp1271030554
C:\Users\ebay\AppData\Local\Temp\adobetmp1270930554
C:\Users\ebay\AppData\Local\Temp\adobetmp1276430567
C:\Users\ebay\AppData\Local\Temp\adobetmp1276330567
C:\Users\ebay\AppData\Local\Temp\adobetmp1276230567
C:\Users\ebay\AppData\Local\Temp\adobetmp1276130567
C:\Users\ebay\AppData\Local\Temp\adobetmp1276030567
C:\Users\ebay\AppData\Local\Temp\adobetmp1275930567
C:\Users\ebay\AppData\Local\Temp\adobetmp1275830567
C:\Users\ebay\AppData\Local\Temp\adobetmp1275730567
C:\Users\ebay\AppData\Local\Temp\adobetmp1275630567
C:\Users\ebay\AppData\Local\Temp\adobetmp1275530567
C:\Users\ebay\AppData\Local\Temp\adobetmp1275430567
C:\Users\ebay\AppData\Local\Temp\adobetmp1275330567
C:\Users\ebay\AppData\Local\Temp\adobetmp1270830554
C:\Users\ebay\AppData\Local\Temp\adobetmp1275230564
C:\Users\ebay\AppData\Local\Temp\adobetmp1275130564
C:\Users\ebay\AppData\Local\Temp\adobetmp1275030564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274930564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274830564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274730564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274630564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274530564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274430564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274330564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274230564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274130564
C:\Users\ebay\AppData\Local\Temp\adobetmp1274030561
C:\Users\ebay\AppData\Local\Temp\adobetmp1265630551
C:\Users\ebay\AppData\Local\Temp\adobetmp1273930561
C:\Users\ebay\AppData\Local\Temp\adobetmp1273830561
C:\Users\ebay\AppData\Local\Temp\adobetmp1273730561
C:\Users\ebay\AppData\Local\Temp\adobetmp1273630561
C:\Users\ebay\AppData\Local\Temp\adobetmp1273530561
C:\Users\ebay\AppData\Local\Temp\adobetmp1273430561
C:\Users\ebay\AppData\Local\Temp\adobetmp1273330561
C:\Users\ebay\AppData\Local\Temp\adobetmp1272230557
C:\Users\ebay\AppData\Local\Temp\adobetmp1273230561
C:\Users\ebay\AppData\Local\Temp\adobetmp1264830548
C:\Users\ebay\AppData\Local\Temp\adobetmp1264930548
C:\Users\ebay\AppData\Local\Temp\adobetmp1265030548
C:\Users\ebay\AppData\Local\Temp\adobetmp1265130548
C:\Users\ebay\AppData\Local\Temp\adobetmp1265230548
C:\Users\ebay\AppData\Local\Temp\adobetmp1270730554
C:\Users\ebay\AppData\Local\Temp\adobetmp1265330548
C:\Users\ebay\AppData\Local\Temp\adobetmp1265430548
C:\Users\ebay\AppData\Local\Temp\adobetmp1265530551
C:\Users\ebay\AppData\Local\Temp\adobetmp1281930584
C:\Users\ebay\AppData\Local\Temp\adobetmp1283130584
C:\Users\ebay\AppData\Local\Temp\adobetmp1283030584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282830584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282730584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282630584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282530584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282430584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282330584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282230584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282130584
C:\Users\ebay\AppData\Local\Temp\adobetmp1282030584
C:\Users\ebay\AppData\Local\Temp\adobetmp1281830584
C:\Users\ebay\AppData\Local\Temp\adobetmp1281730584
C:\Users\ebay\AppData\Local\Temp\adobetmp1281630584
C:\Users\ebay\AppData\Local\Temp\adobetmp1281530584
C:\Users\ebay\AppData\Local\Temp\adobetmp1281430584
C:\Users\ebay\AppData\Local\Temp\adobetmp1281330584
C:\Users\ebay\AppData\Local\Temp\adobetmp1281230580
C:\Users\ebay\AppData\Local\Temp\adobetmp1281130580
C:\Users\ebay\AppData\Local\Temp\adobetmp1281030580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280930580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280830580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280730580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280630580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280530580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280430580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280330580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280230580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280130580
C:\Users\ebay\AppData\Local\Temp\adobetmp1280030580
C:\Users\ebay\AppData\Local\Temp\adobetmp1279930580
C:\Users\ebay\AppData\Local\Temp\adobetmp1279830577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279730577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279630577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279530577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279430577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279330577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279230577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279130577
C:\Users\ebay\AppData\Local\Temp\adobetmp1279030577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278930577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278830577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278730577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278630577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278530577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278430577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278330577
C:\Users\ebay\AppData\Local\Temp\adobetmp1278230574
C:\Users\ebay\AppData\Local\Temp\adobetmp1278130574
C:\Users\ebay\AppData\Local\Temp\adobetmp1278030574
C:\Users\ebay\AppData\Local\Temp\adobetmp1277930570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277830570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277730570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277630570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277530570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277430570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277330570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277230570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277130570
C:\Users\ebay\AppData\Local\Temp\adobetmp1277030570
C:\Users\ebay\AppData\Local\Temp\adobetmp1276930570
C:\Users\ebay\AppData\Local\Temp\adobetmp1276830567
C:\Users\ebay\AppData\Local\Temp\adobetmp1282930584
C:\Users\ebay\AppData\Local\Temp\adobetmp1287030590
C:\Users\ebay\AppData\Local\Temp\adobetmp1283230584
C:\Users\ebay\AppData\Local\Temp\adobetmp1290730606
C:\Users\ebay\AppData\Local\Temp\adobetmp1290630603
C:\Users\ebay\AppData\Local\Temp\adobetmp1290530603
C:\Users\ebay\AppData\Local\Temp\adobetmp1290430603
C:\Users\ebay\AppData\Local\Temp\adobetmp1290330600
C:\Users\ebay\AppData\Local\Temp\adobetmp1290230600
C:\Users\ebay\AppData\Local\Temp\adobetmp1290130600
C:\Users\ebay\AppData\Local\Temp\adobetmp1290030600
C:\Users\ebay\AppData\Local\Temp\adobetmp1289930597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289830597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289730597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289630597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289530597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289430597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289330597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289230597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289130597
C:\Users\ebay\AppData\Local\Temp\adobetmp1289030597
C:\Users\ebay\AppData\Local\Temp\adobetmp1288930597
C:\Users\ebay\AppData\Local\Temp\adobetmp1288830597
C:\Users\ebay\AppData\Local\Temp\adobetmp1288730593
C:\Users\ebay\AppData\Local\Temp\adobetmp1288630593
C:\Users\ebay\AppData\Local\Temp\adobetmp1288530593
C:\Users\ebay\AppData\Local\Temp\adobetmp1288430593
C:\Users\ebay\AppData\Local\Temp\adobetmp1288330593
C:\Users\ebay\AppData\Local\Temp\adobetmp1288230593
C:\Users\ebay\AppData\Local\Temp\adobetmp1288130593
C:\Users\ebay\AppData\Local\Temp\adobetmp1288030593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287930593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287830593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287730593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287630593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287530593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287430593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287330593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287230593
C:\Users\ebay\AppData\Local\Temp\adobetmp1287130593
C:\Users\ebay\AppData\Local\Temp\adobetmp1286830590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286930590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286730590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286630590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286530590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286430590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286330590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286230590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286130590
C:\Users\ebay\AppData\Local\Temp\adobetmp1286030590
C:\Users\ebay\AppData\Local\Temp\adobetmp1285930590
C:\Users\ebay\AppData\Local\Temp\adobetmp1285830587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285730587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285630587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285530587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285430587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285330587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285230587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285130587
C:\Users\ebay\AppData\Local\Temp\adobetmp1285030587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284930587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284830587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284730587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284630587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284530587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284430587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284330587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284230587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284130587
C:\Users\ebay\AppData\Local\Temp\adobetmp1284030587
C:\Users\ebay\AppData\Local\Temp\adobetmp1283930587
C:\Users\ebay\AppData\Local\Temp\adobetmp1283830587
C:\Users\ebay\AppData\Local\Temp\adobetmp1283730587
C:\Users\ebay\AppData\Local\Temp\adobetmp1283630587
C:\Users\ebay\AppData\Local\Temp\adobetmp1283530584
C:\Users\ebay\AppData\Local\Temp\adobetmp1283430584
C:\Users\ebay\AppData\Local\Temp\adobetmp1283330584
C:\Users\ebay\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\ebay\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
----------------------------------------

 
C:\Program Files

C:\Program Files\Adobe 
C:\Program Files\Adobe Media Player 
C:\Program Files\Common Files 
C:\Program Files\QuickTime 
C:\Program Files\Minefield 
C:\Program Files\trend micro 
C:\Program Files\Sophos 
C:\Program Files\Notepad++ 
C:\Program Files\BMSEV 
C:\Program Files\Mozilla Thunderbird 
C:\Program Files\CCleaner 
C:\Program Files\Windows Installer Clean Up 
C:\Program Files\MSECache 
C:\Program Files\JDownloader 
C:\Program Files\Mozilla Firefox 
C:\Program Files\FileZilla FTP Client 
C:\Program Files\Microsoft 
C:\Program Files\Windows Live 
C:\Program Files\Windows Live SkyDrive 
C:\Program Files\NOS 
C:\Program Files\Defraggler 
C:\Program Files\RocketDock 
C:\Program Files\Java 
C:\Program Files\ABBYY FineReader 9.0 
C:\Program Files\IrfanView 
C:\Program Files\Malwarebytes' Anti-Malware 
C:\Program Files\Mythicsoft 
C:\Program Files\Streamripper 
C:\Program Files\Skype 
C:\Program Files\TeamViewer 
C:\Program Files\Acronis 
C:\Program Files\Logitech 
C:\Program Files\AGEIA Technologies 
C:\Program Files\HTML to Image Wizards 
C:\Program Files\FontLab 
C:\Program Files\Foxit Software 
C:\Program Files\Copy Handler 
C:\Program Files\FreeUndelete 
C:\Program Files\epson 
C:\Program Files\Western Digital 
C:\Program Files\7-Zip 
C:\Program Files\Winamp 
C:\Program Files\InstallShield Installation Information 
C:\Program Files\T-Com 
C:\Program Files\Microsoft Works 
C:\Program Files\MSBuild 
C:\Program Files\Microsoft Office 
C:\Program Files\Microsoft Visual Studio 
C:\Program Files\Microsoft.NET 
C:\Program Files\Microsoft Visual Studio 8 
C:\Program Files\Microsoft Silverlight 
C:\Program Files\Yamicsoft 
C:\Program Files\Win7codecs 
C:\Program Files\Microsoft SQL Server Compact Edition 
C:\Program Files\Internet Explorer 
C:\Program Files\UltraISO 
C:\Program Files\Utilities 
C:\Program Files\gs 
C:\Program Files\WinRAR 
C:\Program Files\ImgBurn 
C:\Program Files\Windows Media Player 
C:\Program Files\Universal Termsrv Patch 
C:\Program Files\Universal TCPIP Patcher 
C:\Program Files\Notepad2 
C:\Program Files\DVD Decrypter 
C:\Program Files\Logon Changer 
C:\Program Files\Reapers CPL Pack 
C:\Program Files\XnViewMP 
C:\Program Files\DVD Maker 
C:\Program Files\Microsoft Games 
C:\Program Files\Windows Journal 
C:\Program Files\Windows Sidebar 
C:\Program Files\Windows Mail 
C:\Program Files\Windows Photo Viewer 
C:\Program Files\Windows Defender 
C:\Program Files\Uninstall Information 
C:\Program Files\Windows Portable Devices 
C:\Program Files\Windows NT 
C:\Program Files\Reference Assemblies 
C:\Program Files\desktop.ini 
----------------------------------------

 
C:\ProgramData\.. 

ebay    
Administrator    
Default    
Public    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts


----------------------------------------



Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0         12 K
System                           4 Services                   0        220 K
smss.exe                       364 Services                   0        520 K
csrss.exe                      512 Services                   0      2.448 K
wininit.exe                    616 Services                   0      2.592 K
csrss.exe                      624 Console                    1     11.172 K
services.exe                   664 Services                   0     15.328 K
lsass.exe                      688 Services                   0      7.820 K
lsm.exe                        696 Services                   0      2.576 K
winlogon.exe                   828 Console                    1      3.624 K
svchost.exe                    856 Services                   0      5.808 K
nvvsvc.exe                     924 Services                   0      1.800 K
svchost.exe                    964 Services                   0      5.520 K
svchost.exe                   1040 Services                   0     12.840 K
svchost.exe                   1136 Services                   0     88.848 K
svchost.exe                   1172 Services                   0     22.504 K
svchost.exe                   1316 Services                   0     11.136 K
nvvsvc.exe                    1404 Console                    1      4.152 K
svchost.exe                   1468 Services                   0     11.604 K
spoolsv.exe                   1596 Services                   0      8.748 K
svchost.exe                   1628 Services                   0     11.608 K
NetworkLicenseServer.exe      1708 Services                   0      2.812 K
schedul2.exe                  1808 Services                   0      3.348 K
afcdpsrv.exe                  1832 Services                   0      3.264 K
schedhlp.exe                  1868 Console                    1      3.284 K
svchost.exe                   1932 Services                   0     11.628 K
svchost.exe                    428 Services                   0      5.296 K
TeamViewer_Service.exe         480 Services                   0      2.152 K
WDDMService.exe                504 Services                   0      5.556 K
WDSmartWareBackgroundServ      764 Services                   0      3.812 K
svchost.exe                   1164 Services                   0     22.960 K
taskhost.exe                  2324 Console                    1      6.972 K
dwm.exe                       2428 Console                    1     25.612 K
SetPoint.exe                  3204 Console                    1      8.188 K
TrueImageMonitor.exe          3220 Console                    1      3.912 K
sidebar.exe                   3352 Console                    1     27.840 K
KHALMNPR.exe                  3396 Console                    1      3.608 K
ch.exe                        3488 Console                    1      6.580 K
WmiPrvSE.exe                  2276 Services                   0      9.824 K
WmiPrvSE.exe                  2332 Services                   0      6.540 K
WmiPrvSE.exe                  3076 Services                   0      6.472 K
wmpnetwk.exe                  3624 Services                   0      8.328 K
explorer.exe                  4044 Console                    1     72.976 K
audiodg.exe                    692 Services                   0      9.792 K
thunderbird.exe                436 Console                    1     82.500 K
svchost.exe                   4060 Services                   0     10.360 K
svchost.exe                   1224 Services                   0      4.020 K
svchost.exe                   3108 Services                   0      2.960 K
msiexec.exe                   4516 Services                   0     22.912 K
winamp.exe                    5464 Console                    1    102.460 K
wstreamripper.exe             4188 Console                    1      4.388 K
notepad++.exe                 6072 Console                    1     16.912 K
dllhost.exe                   5680 Console                    1      4.528 K
Setup.exe                     1488 Console                    1    264.328 K
firefox.exe                   5296 Console                    1    105.304 K
plugin-container.exe          4664 Console                    1     16.228 K
cmd.exe                       5708 Console                    1      3.040 K
conhost.exe                   2836 Console                    1      4.608 K
dllhost.exe                   5672 Console                    1      3.928 K
tasklist.exe                  5712 Console                    1      4.056 K

 
***** Ende des Scans 01.09.2010 um 14:24:57,76 ***

Code:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 01.09.2010 14:33:25 for strings:
;  '7j2xir1l.dll'
;  'startup.exe'
;  'versio~2.exe'
;  'adobearm.exe'
;  'cs4servicemanager.exe'
;  'groovemonitor.exe'
;  'qttask.exe'
;  'wpkvfma.sys'
;  'rocketdock.exe'
;  'gwebmwit.sys'
;  'gilt.zip'
;  'mj81b365.exe'
; Strings excluded from search:
;  (None)
; Search in: 
; Registry Keys  Registry Values  Registry Data  
; HKEY_LOCAL_MACHINE  HKEY_USERS  


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76E2369A-75BA-41F9-8B9E-16059E5CF9A6}]
"AppName"="AdobeARM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8990FF84426BB0247808D306F670CBD1]
"1CF327F06067768468C6EC08DA92D2FA"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86]
"68AB67CA3301004F7716000000000040"="C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1BF16734F09DF24787B7AE363E01A86\68AB67CA3301004F7716000000000040]
"File"="adobearm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="\"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe\" -launchedbylogin"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
; Contents of value:
;   @@ 
"_startup.exe:D3DOGL_67207556"=hex:05,40,40,00
; Contents of value:
;      
"_startup.exe:D3DOGL_67207557"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6D5C1E11-3CC2-4A30-9710-49B504D8AC84}\0000]
; Contents of value:
;   @@ 
"_startup.exe:D3DOGL_67207556"=hex:05,40,40,00
; Contents of value:
;      
"_startup.exe:D3DOGL_67207557"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{6D5C1E11-3CC2-4A30-9710-49B504D8AC84}\0001]
; Contents of value:
;   @@ 
"_startup.exe:D3DOGL_67207556"=hex:05,40,40,00
; Contents of value:
;      
"_startup.exe:D3DOGL_67207557"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078674EE-9164-47B9-A77E-613160B03051}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe|Name=Adobe CSI CS4|"
"{DA8C240C-CBD5-4F85-B52E-ECE6A12CD95F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe|Name=Adobe CSI CS4|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
; Contents of value:
;   @@ 
"_startup.exe:D3DOGL_67207556"=hex:05,40,40,00
; Contents of value:
;      
"_startup.exe:D3DOGL_67207557"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A68CAA5D-EFCF-4DC7-8C91-6F6364D18A4A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe|Name=Adobe CSI CS4|"
"{A88ED460-5504-43B1-BCB1-A5367E3D71C6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe|Name=Adobe CSI CS4|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
; Contents of value:
;   @@ 
"_startup.exe:D3DOGL_67207556"=hex:05,40,40,00
; Contents of value:
;      
"_startup.exe:D3DOGL_67207557"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6D5C1E11-3CC2-4A30-9710-49B504D8AC84}\0000]
; Contents of value:
;   @@ 
"_startup.exe:D3DOGL_67207556"=hex:05,40,40,00
; Contents of value:
;      
"_startup.exe:D3DOGL_67207557"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{6D5C1E11-3CC2-4A30-9710-49B504D8AC84}\0001]
; Contents of value:
;   @@ 
"_startup.exe:D3DOGL_67207556"=hex:05,40,40,00
; Contents of value:
;      
"_startup.exe:D3DOGL_67207557"=hex:01,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078674EE-9164-47B9-A77E-613160B03051}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe|Name=Adobe CSI CS4|"
"{DA8C240C-CBD5-4F85-B52E-ECE6A12CD95F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe|Name=Adobe CSI CS4|"

; End Of The Log...

Code:

File name:
explorer.exe
Submission date:
2010-09-01 12:43:21 (UTC)
Current status:
queued (#6) queued (#6) analysing finished
Result:
0/ 43 (0.0%)
Antivirus results
AhnLab-V3 - 2010.09.01.01 - 2010.09.01 - -
AntiVir - 8.2.4.46 - 2010.09.01 - -
Antiy-AVL - 2.0.3.7 - 2010.09.01 - -
Authentium - 5.2.0.5 - 2010.09.01 - -
Avast - 4.8.1351.0 - 2010.09.01 - -
Avast5 - 5.0.594.0 - 2010.09.01 - -
AVG - 9.0.0.851 - 2010.09.01 - -
BitDefender - 7.2 - 2010.09.01 - -
CAT-QuickHeal - 11.00 - 2010.09.01 - -
ClamAV - 0.96.2.0-git - 2010.09.01 - -
Comodo - 5934 - 2010.09.01 - -
DrWeb - 5.0.2.03300 - 2010.09.01 - -
Emsisoft - 5.0.0.37 - 2010.09.01 - -
eSafe - 7.0.17.0 - 2010.08.30 - -
eTrust-Vet - 36.1.7830 - 2010.09.01 - -
F-Prot - 4.6.1.107 - 2010.09.01 - -
F-Secure - 9.0.15370.0 - 2010.09.01 - -
Fortinet - 4.1.143.0 - 2010.09.01 - -
GData - 21 - 2010.09.01 - -
Ikarus - T3.1.1.88.0 - 2010.09.01 - -
Jiangmin - 13.0.900 - 2010.08.30 - -
K7AntiVirus - 9.63.2406 - 2010.08.31 - -
Kaspersky - 7.0.0.125 - 2010.09.01 - -
McAfee - 5.400.0.1158 - 2010.09.01 - -
McAfee-GW-Edition - 2010.1B - 2010.09.01 - -
Microsoft - 1.6103 - 2010.09.01 - -
NOD32 - 5414 - 2010.09.01 - -
Norman - 6.05.11 - 2010.09.01 - -
nProtect - 2010-09-01.01 - 2010.09.01 - -
Panda - 10.0.2.7 - 2010.08.31 - -
PCTools - 7.0.3.5 - 2010.09.01 - -
Prevx - 3.0 - 2010.09.01 - -
Rising - 22.63.02.04 - 2010.09.01 - -
Sophos - 4.56.0 - 2010.09.01 - -
Sunbelt - 6820 - 2010.09.01 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.09.01 - -
Symantec - 20101.1.1.7 - 2010.09.01 - -
TheHacker - 6.5.2.1.360 - 2010.09.01 - -
TrendMicro - 9.120.0.1004 - 2010.09.01 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.09.01 - -
VBA32 - 3.12.14.0 - 2010.09.01 - -
ViRobot - 2010.8.31.4017 - 2010.09.01 - -
VirusBuster - 12.64.11.1 - 2010.08.31 - -
File info:
MD5: 2fecc3c5cbe8c8284a523bc4b40368ce
SHA1: ad530620110c24374cef706cb9894e30618ae9a8
SHA256: 9ce15a224fe2ced06de6f24bf1a8ddb0a52ae6315e0d97c009a163eab7768e9f
File size: 2810880 bytes
Scan date: 2010-09-01 12:43:21 (UTC)

[Speedy]

a) warum ist noch immer kein antivirenprogramm installiert, besser ein freies als gar keines!
b) software deinstallieren war nicht sehr erfolgreich, oder wurde nur widerwillig durchgeführt
c) das leeren der temp ordner ist eher ein fiasko --> C:\Users\ebay\AppData\Local\Temp\
d) bei regsearch die dateinamen genau so wie sie angeführt wurden suchen, dazu gehören auch die leertasten
e) die tags code und nicht quote verwenden, bitte korrigieren.

• lege folgenden ordner an c:\programm_download\ccleaner
• download die aktuelle version des ccleaners in diesen ordner
• erstelle bei windows me, xp oder vista einen neuen systemwiederherstellungspunkt
• installieren den ccleaner durch einen doppelklick auf die heruntergeladene datei (die yahoo toolbar musst du nicht mitinstallieren)
• starte nun den ccleaner und wähle unter options settings "german"
• bereinige nun damit dein system (alle am system vorhandenen temp. ordner und den prefetch ordner leeren, applications und registry bereinigen) (germanversion)
  (quick-tour und screenshots)
• wechsle im ccleaner nach extras -> programme deinstallieren -> als textdatei speichern -> poste auch dieses logfile (schreib dazu, wozu du jedes einzelne programm benötigst).

[totalegal]

Ein Antivirus Programm ist jetzt installiert.

Ordner angelegt, ccleaner geladen, Wiederherstellungspunkt gesetzt.

CCleaner installiert, System berenigt, keine Fehler mehr in der Registry.

Programme:

Code:

Scannen und auslesen von Texten -> ABBYY FineReader 9.0 Professional Edition		02.09.2010		
Wird von CS4 installiert aber nicht benötigt -> Acrobat.com		31.08.2010		
Backups -> Acronis*True*Image*Home		02.09.2010		
PDFs Lesen und in verschiedene Farbprofile konvertieren -> Adobe Acrobat 9 Pro Extended - English, Français, Deutsch	Adobe Systems	01.09.2010		9.3.0	
Wird von CS4 installiert wird aber nicht benötigt -> Adobe AIR		31.08.2010		
Verschiedene Aufgaben -> Adobe Creative Suite 4 Master Collection	Adobe Systems Incorporated	31.08.2010	2.899,8MB	4.0	
Flash Player -> Adobe Flash Player 10 ActiveX	Adobe Systems, Inc.	31.08.2010	1,96MB	10.0.2.54	
Flash Player Plugin -> Adobe Flash Player 10 Plugin	Adobe Systems, Inc.	31.08.2010	1,94MB	10.0.2.54	
Wird von CS4 installiert wird aber nicht benötigtAdobe Media Player		31.08.2010		
Antivirenprogramm -> avast! Free Antivirus	Alwil Software	01.09.2010		5.0.594.0
CCleaner -> CCleaner	Piriform	01.09.2010		2.35
keine Ahnung -> eReg		02.09.2010		
Wird für PDF Drucker benötigt -> Ghostscript 8.70		02.09.2010		
Keine Erklärung notwendig -> HiJackThis		31.08.2010		
Java -> Java(TM) 6 Update 20		31.08.2010		
Wird nicht benötigt? -> Microsoft Application Error Reporting		31.08.2010		
Wird nicht benötigt? -> Microsoft Choice Guard		31.08.2010		
Wird nicht benötigt? -> Microsoft Office Access MUI (German) 2007		31.08.2010		
Microsoft Office Enterprise 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office Excel MUI (German) 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office Groove MUI (German) 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office InfoPath MUI (German) 2007		31.08.2010		
Wird nicht benötigt? -> Microsoft Office Live Add-in 1.3		02.09.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office OneNote MUI (German) 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office Outlook MUI (German) 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office PowerPoint MUI (German) 2007		31.08.2010		
Rechtschreibungsdatenbank -> Microsoft Office Proof (English) 2007		31.08.2010		
Rechtschreibungsdatenbank -> Microsoft Office Proof (French) 2007		31.08.2010		
Rechtschreibungsdatenbank -> Microsoft Office Proof (German) 2007		31.08.2010		
Rechtschreibungsdatenbank -> Microsoft Office Proof (Italian) 2007		31.08.2010		
Rechtschreibungsdatenbank -> Microsoft Office Proofing (German) 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office Publisher MUI (German) 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office Shared MUI (German) 2007		31.08.2010		
Microsoft Office auf deutsch umstellen -> Microsoft Office Word MUI (German) 2007		31.08.2010		
Als PDF speichern in Office Anwendungen -> Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs		02.09.2010		
Silverlight -> Microsoft Silverlight		02.09.2010		
Wird nicht benötigt? -> Microsoft SQL Server 2005 Compact Edition [ENU]		02.09.2010		
Wird nicht benötigt? -> Microsoft Visual C++ 2005 Redistributable		31.08.2010		
Wird nicht benötigt? -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17		31.08.2010		
Wird nicht benötigt? -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	01.09.2010	0,58MB	9.0.30729.4148
Wird nicht benötigt? -> MSVCRT		31.08.2010		
Grafikkartentreiber -> NVIDIA PhysX		31.08.2010		
PDF Drucker -> PDFCreator 0.9.8		02.09.2010		
Von Skype installiert -> Skype Toolbars		02.09.2010		
Skype -> Skype™ 4.2		02.09.2010		
Verbindungssoftware für den Router -> T-Eumex 820 LAN V1.40		02.09.2010		
Wird nicht benötigt? -> Waves		31.08.2010		
Externe Festplatte, Verwaltungsprogramm -> WD SmartWare		02.09.2010		
Wird nicht benötigt? -> Win7codecs		02.09.2010		
Wird nicht benötigt? -> Windows Installer Clean Up		31.08.2010		
Wird nicht benötigt? -> Windows Live Call		31.08.2010		
Wird nicht benötigt? -> Windows Live Communications Platform		31.08.2010		
Wird nicht benötigt? -> Windows Live Essentials		31.08.2010		
Wird nicht benötigt? -> Windows Live Messenger		02.09.2010		
Wird nicht benötigt? -> Windows Live Movie Maker		31.08.2010		
Wird nicht benötigt? -> Windows Live Photo Gallery		02.09.2010		
Wird nicht benötigt? -> Windows Live Sign-in Assistant		02.09.2010		
Wird nicht benötigt? -> Windows Live Upload Tool		02.09.2010

Ich werde mal alles wo ich mir sicher bin deinstallieren und gleich nochmal posten.

Nach Bereinigung:

Code:

ABBYY FineReader 9.0 Professional Edition		02.09.2010		
Acronis True Image Home		02.09.2010		
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch	Adobe Systems	01.09.2010		9.3.0
Adobe Creative Suite 4 Master Collection	Adobe Systems Incorporated	31.08.2010	2.899,8MB	4.0
Adobe Flash Player 10 ActiveX	Adobe Systems, Inc.	31.08.2010	1,96MB	10.0.2.54
Adobe Flash Player 10 Plugin	Adobe Systems, Inc.	31.08.2010	1,94MB	10.0.2.54
avast! Free Antivirus	Alwil Software	01.09.2010		5.0.594.0
CCleaner	Piriform	01.09.2010		2.35
Ghostscript 8.70		02.09.2010		
HiJackThis		31.08.2010		
Java(TM) 6 Update 20		31.08.2010		
Microsoft Application Error Reporting		31.08.2010		
Microsoft Office Access MUI (German) 2007		31.08.2010		
Microsoft Office Enterprise 2007		31.08.2010		
Microsoft Office Excel MUI (German) 2007		31.08.2010		
Microsoft Office Groove MUI (German) 2007		31.08.2010		
Microsoft Office InfoPath MUI (German) 2007		31.08.2010		
Microsoft Office OneNote MUI (German) 2007		31.08.2010		
Microsoft Office Outlook MUI (German) 2007		31.08.2010		
Microsoft Office PowerPoint MUI (German) 2007		31.08.2010		
Microsoft Office Proof (English) 2007		31.08.2010		
Microsoft Office Proof (French) 2007		31.08.2010		
Microsoft Office Proof (German) 2007		31.08.2010		
Microsoft Office Proof (Italian) 2007		31.08.2010		
Microsoft Office Proofing (German) 2007		31.08.2010		
Microsoft Office Publisher MUI (German) 2007		31.08.2010		
Microsoft Office Shared MUI (German) 2007		31.08.2010		
Microsoft Office Word MUI (German) 2007		31.08.2010		
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs		02.09.2010		
Microsoft Silverlight		02.09.2010		
PDFCreator 0.9.8		02.09.2010		
Skype™ 4.2		02.09.2010		
T-Eumex 820 LAN V1.40		02.09.2010		
WD SmartWare		02.09.2010

Ich habe im CCleaner nochmal die temporären Dateinen bereinigt und der Internetexplorer hatte wieder 35 MB obwohl ich ihn nicht benutzt habe...

PS.: das lag daran dass ich Acrobat.com ausgeführt habe um zu sehen wozu es gut ist. Ich habe mal in die Details gesehen.