Malware lässt sich unter Kaspersky 2011 nicht löschen

roots · 11.02.2011, 00:27

Seit dem 29.01.2011 meldet mir mein Antivirenprogramm (KIS 2011): "Es wurde Malware gefunden" +++ 29.01.2011 19:52:53 Gefunden: Virus HEUR:Trojan.Win32.Generic Typ: E-Mail-Anhang Pfad: [From:"Facebook Service" <official.nr370@facebook.com>][Subject:Facebook support.Your new Password.NR41929][Time:2011/01/29 12:30:19]/Facebook_details_ID0041.zip/FacebookPassword/ Name: FacebookPassword.exe Gefährlichkeit: Hoch
Bin nicht bei facebook angemeldet, bekam aber am 29.01. von dort eine Mail, den Link hatte ich aber nicht geöffnet. Seit ca. 3-4 Wochen hab ich Probleme mit dem IE8, hängt sich öfters auf, was in den letzten Tagen immer schlimmer wurde, zuletzt öffnete er sich nicht mehr-gleiches Problem firefox. Mit Google-Chrome ist alles okay. Seit eben funktionieren IE8 und firefox wieder-wegen dem malwarebytes-Scan. Das Browser-Problem soll aber, wenn nicht mit der Malware zusammenhängend, sekundär bleiben.
Hatte bereits versucht den Virus HEUR:Trojan.Win32.Generic
In Quarantäne verschieben oder desinfizieren ist nicht möglich. Nach einigen Tipps hab ich nun folgendes getan:
Mit Malwarebytes den Quick-Scan und mit OTL einen Systemscan durchgeführt. Hier die Logdatein von Malwarebytes und OTL (OTL als gezippter Dateianhang hat bei mir leider nicht funktioniert):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5735

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

10.02.2011 22:33:44
mbam-log-2011-02-10 (22-33-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162112
Laufzeit: 29 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10.02.2011 20:52:14 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\jalm\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 154,06 Gb Free Space | 54,58% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 5,02 Gb Free Space | 31,77% Space Free | Partition Type: FAT32
Drive E: | 539,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JALM-PC | User Name: jalm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\jalm\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\jalm\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\RapidSolution\AudialsOne 4\VCDWriter\32\VCDAudioService.exe (RapidSolution Software AG)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\TrafficMonitor\TMPacketServiceInit.exe (Mirko Böer)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe (T-Mobile)
PRC - C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\jalm\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Virtual CDAudio Service) -- C:\Program Files\RapidSolution\AudialsOne 4\VCDWriter\32\VCDAudioService.exe (RapidSolution Software AG)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TMPService) -- C:\Programme\TrafficMonitor\TMPacketServiceInit.exe (Mirko Böer)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (TDslMgrService) -- C:\Program Files\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (rsvcdwdr) -- C:\Windows\System32\drivers\rsvcdwdr.sys (RapidSolution Software AG)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\URLSearchHook: {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Programme\CHIP.de\tbCHIP.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Programme\CHIP.de\tbCHIP.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://t-online.de"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {E4E6BF2A-1667-11DF-A01F-1F9655D89593}:4.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: YPlayer@yummy.net:1.0.0.5
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.03 02:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.28 10:26:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.03 02:48:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.28 10:26:51 | 000,000,000 | ---D | M]
 
[2010.11.07 00:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jalm\AppData\Roaming\mozilla\Extensions
[2010.11.07 00:32:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jalm\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.02.02 01:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jalm\AppData\Roaming\mozilla\Firefox\Profiles\h5vr9nmj.default\extensions
[2010.11.07 16:30:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jalm\AppData\Roaming\mozilla\Firefox\Profiles\h5vr9nmj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.12 23:42:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jalm\AppData\Roaming\mozilla\Firefox\Profiles\h5vr9nmj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.06 12:01:17 | 000,000,000 | ---D | M] (Simppull Toolbar) -- C:\Users\jalm\AppData\Roaming\mozilla\Firefox\Profiles\h5vr9nmj.default\extensions\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}
[2010.11.26 23:44:11 | 000,000,944 | ---- | M] () -- C:\Users\jalm\AppData\Roaming\Mozilla\Firefox\Profiles\h5vr9nmj.default\searchplugins\icqplugin.xml
[2011.02.02 01:33:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.09 00:58:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.24 23:39:07 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.07.24 23:39:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.12.14 23:47:38 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2009.11.20 00:59:15 | 000,000,000 | ---D | M] (Yummy CONDUIT Player) -- C:\Programme\Mozilla Firefox\extensions\YPlayer@yummy.net
[2009.01.09 00:58:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2010.07.24 23:39:07 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU
[2010.07.24 23:39:04 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2009.11.20 00:59:15 | 000,000,000 | ---D | M] (Yummy CONDUIT Player) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\YPLAYER@YUMMY.NET
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2008.03.15 14:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 19:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 15:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 16:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 12:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CHIP.de Toolbar) - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Programme\CHIP.de\tbCHIP.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (CHIP.de Toolbar) - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Programme\CHIP.de\tbCHIP.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (CHIP.de Toolbar) - {A8EC1669-14C8-4382-BB8D-C53F91648E0A} - C:\Programme\CHIP.de\tbCHIP.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [toolbar_eula_launcher] File not found
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\jalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\jalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\MZVKBD3.DLL) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010.06.16 23:45:50 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2001.09.06 19:33:48 | 000,000,062 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001.08.10 00:50:30 | 000,253,952 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.07.18 14:37:37 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
O33 - MountPoints2\{5fd1ac8e-9d70-11de-b57b-0022200295b9}\Shell - "" = AutoRun
O33 - MountPoints2\{5fd1ac8e-9d70-11de-b57b-0022200295b9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{607ee8df-d9d8-11dd-ac8d-bee1c3712833}\Shell - "" = AutoRun
O33 - MountPoints2\{607ee8df-d9d8-11dd-ac8d-bee1c3712833}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{75368dbc-d2c3-11dd-b87c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{75368dbc-d2c3-11dd-b87c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2001.08.10 00:50:30 | 000,253,952 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2001.08.10 00:50:30 | 000,253,952 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 14 Days ==========
 
[2011.02.09 00:27:36 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.09 00:27:35 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.09 00:27:33 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.09 00:27:20 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.09 00:27:20 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.09 00:27:20 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.02.09 00:27:19 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.09 00:27:19 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.09 00:27:19 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.09 00:27:19 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.09 00:27:18 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.09 00:27:18 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.09 00:27:17 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.09 00:27:17 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.09 00:27:17 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.09 00:27:16 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.09 00:27:16 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.09 00:27:15 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.09 00:27:15 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.09 00:27:14 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.09 00:27:14 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.09 00:27:13 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.09 00:27:13 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.09 00:27:13 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.09 00:27:13 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.09 00:27:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.09 00:27:08 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.09 00:27:06 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.09 00:26:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.09 00:26:41 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.09 00:26:41 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.09 00:26:41 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.09 00:26:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.09 00:26:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.09 00:26:40 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.09 00:26:40 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.09 00:26:40 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.09 00:26:40 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.09 00:26:40 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.09 00:26:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.09 00:26:40 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.09 00:26:40 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.09 00:26:40 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.09 00:26:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.09 00:26:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.09 00:26:22 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.09 00:26:21 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.08 22:51:32 | 000,000,000 | ---D | C] -- C:\Users\jalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.02.04 00:36:28 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.02.04 00:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.02.03 23:52:42 | 000,000,000 | ---D | C] -- C:\Users\jalm\Desktop\kasp
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\jalm\*.tmp files -> C:\Users\jalm\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2011.02.10 21:03:31 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.10 20:54:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3133644414-1376070004-1826763364-1000UA.job
[2011.02.10 20:28:39 | 000,082,120 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.02.10 20:28:39 | 000,082,120 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.02.10 20:28:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.10 20:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.10 19:56:56 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{89DD34C1-D4DD-4C63-8B7E-9C3A0C656863}.job
[2011.02.10 19:53:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 19:53:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 19:53:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.10 19:51:53 | 2414,145,536 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.09 22:54:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3133644414-1376070004-1826763364-1000Core.job
[2011.02.09 21:55:11 | 000,000,795 | ---- | M] () -- C:\Users\jalm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2011.02.09 21:54:23 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.09 21:54:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.09 21:54:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.09 21:54:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.09 21:47:37 | 000,318,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.08 22:51:36 | 000,002,078 | ---- | M] () -- C:\Users\jalm\Desktop\Google Chrome.lnk
[2011.02.08 22:11:47 | 000,001,356 | ---- | M] () -- C:\Users\jalm\AppData\Local\d3d9caps.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\jalm\*.tmp files -> C:\Users\jalm\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.08 22:51:36 | 000,002,078 | ---- | C] () -- C:\Users\jalm\Desktop\Google Chrome.lnk
[2011.02.08 22:49:50 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3133644414-1376070004-1826763364-1000UA.job
[2011.02.08 22:49:50 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3133644414-1376070004-1826763364-1000Core.job
[2011.02.08 22:31:19 | 2414,145,536 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.31 01:34:58 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.04.12 20:42:03 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.04.12 20:42:03 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\03B4CDF354.sys
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.09.17 17:59:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.13 17:13:26 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.05.13 17:13:26 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.03.08 04:00:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.24 01:02:56 | 000,352,648 | ---- | C] () -- C:\Windows\System32\SysCheck2.dll
[2009.01.03 01:58:10 | 000,001,356 | ---- | C] () -- C:\Users\jalm\AppData\Local\d3d9caps.dat
[2009.01.01 22:29:53 | 000,026,340 | ---- | C] () -- C:\Users\jalm\AppData\Roaming\UserTile.png
[2008.12.28 20:01:02 | 000,056,320 | ---- | C] () -- C:\Users\jalm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.22 12:27:43 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.10.20 04:29:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
< End of report >

--- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10.02.2011 20:52:14 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\jalm\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 154,06 Gb Free Space | 54,58% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 5,02 Gb Free Space | 31,77% Space Free | Partition Type: FAT32
Drive E: | 539,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JALM-PC | User Name: jalm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 14 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\jalm\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{534D7AB0-6711-41F2-845B-CE5094D6EF84}" = lport=139 | protocol=6 | dir=in | app=system | 
"{669C0DB3-BDB4-4FBA-A7C6-1BAECEAB21F7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7C20AB13-C93B-4538-BFED-A611AACBC94F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7D3DE0D3-A278-490A-8A68-4C3DC9850723}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8E28C42B-17AB-418D-8257-256202494F1C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9498B646-1FF5-4E86-956E-C2DCE081D9E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B18B351A-8D1B-4FAB-8DAA-0E5BC3E36D50}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BFD7413B-5DDB-47FD-9E7E-CF9A2C1E410F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DE5EF309-FD89-430D-86FE-74665E016841}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EC132EF8-83C6-448C-8B0B-10AAFF90B3F3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F775936F-9767-4166-973E-3FA401D66A04}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC84BE52-711F-4569-8CAE-BE21306E37C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035C1114-C68B-4B07-9992-A2DA8E557617}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{08E067A9-F44F-4797-AFE3-90D8CAD855B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0E839948-6FF7-4D59-80E7-40637496AE00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0E840B0C-CA3E-43F7-8DA0-3ABF7ABA8758}" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt2\dirt2_game.exe | 
"{148BE5F6-DA76-4929-A840-4A22A259D89C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{183838B8-0261-45E2-8C5B-2DFBDFE19011}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{2259FA55-6DAF-4FBE-A167-45FFEA6BD197}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{32291A54-22C9-452B-8436-831618D993E3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5CEA5F1F-09C7-4435-9274-7B40949F3C90}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{6A7FD852-4FF0-4840-B013-38A1EEB08DBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D559B95-F9BF-4B4D-917A-DABB51CF21E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{858DCDBF-2E5E-429A-BC54-338D901306BA}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{8B91E704-64CE-4F51-A74A-81D0FAFF2C16}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{905C20DC-BF4C-42AE-A7E1-CCBE277CA66B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{910C2739-360B-4B8B-962C-C065F1F9059F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{925170D4-1EA0-46BA-9F24-3D44F42FDCB3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9DDEE897-07DC-4907-A22A-771930379A8D}" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt2\dirt2_game.exe | 
"{A9120F0A-ABCD-4DE0-A308-3DB2D0FEB8DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AC5B9DA6-6345-4F00-B73F-E9D86F6125A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AC84BD6D-53A8-476F-BAD5-DD434B105E0E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{C488388D-90FD-45E6-B609-7CA68D0EAF27}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E44EE7B8-1BB6-49A6-B3CF-37F5F72C4220}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{2BC2C72F-C511-4E95-83D7-FD5182034A82}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{B40C25E7-419C-45A9-B8E1-C3B5344F9ABC}X:\program files\cyanide\cycling manager 3\cym2003.exe" = protocol=6 | dir=in | app=x:\program files\cyanide\cycling manager 3\cym2003.exe | 
"UDP Query User{9E270A03-850D-478D-8041-B996ADCE54D8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{B37483A9-586F-49D3-9543-D11AFF80CE06}X:\program files\cyanide\cycling manager 3\cym2003.exe" = protocol=17 | dir=in | app=x:\program files\cyanide\cycling manager 3\cym2003.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15A55108-72DD-4CC0-AB89-2B70196AC479}" = AudialsOne
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{EBBB1DEF-8878-4CB8-BC0D-1196B30E7527}" = ANNO 1503
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Audiograbber" = Audiograbber 1.83 SE 
"CHIP.de Toolbar" = CHIP.de Toolbar
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Netzmanager" = Netzmanager
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrafficMonitor" = TrafficMonitor 4.86
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2010 18:30:27 | Computer Name = jalm-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.12.2010 18:30:29 | Computer Name = jalm-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 29.12.2010 18:30:29 | Computer Name = jalm-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 30.12.2010 17:12:21 | Computer Name = jalm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.12.2010 08:57:10 | Computer Name = jalm-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.12.2010 12:10:17 | Computer Name = jalm-PC | Source = VSS | ID = 8194
Description = 
 
Error - 31.12.2010 12:32:26 | Computer Name = jalm-PC | Source = VSS | ID = 8194
Description = 
 
Error - 31.12.2010 12:34:06 | Computer Name = jalm-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 31.12.2010 12:35:22 | Computer Name = jalm-PC | Source = VSS | ID = 8194
Description = 
 
Error - 31.12.2010 12:35:46 | Computer Name = jalm-PC | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 28.12.2008 14:56:27 | Computer Name = jalm-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 17.01.2009 13:01:57 | Computer Name = jalm-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 17.01.2009 13:02:05 | Computer Name = jalm-PC | Source = ehRecvr | ID = 3
Description = 
 
Error - 22.04.2009 16:58:27 | Computer Name = jalm-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 01.02.2010 16:22:15 | Computer Name = jalm-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 02/01/2010 21:22:15
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 30.10.2010 16:08:44 | Computer Name = jalm-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 30.10.2010 17:04:26 | Computer Name = jalm-PC | Source = ehRecvr | ID = 4
Description = 
 
[ System Events ]
Error - 09.02.2011 16:12:08 | Computer Name = jalm-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.02.2011 16:12:17 | Computer Name = jalm-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.02.2011 16:48:05 | Computer Name = jalm-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 09.02.2011 16:48:32 | Computer Name = jalm-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.02.2011 14:53:03 | Computer Name = jalm-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Microsoft Office Document Image
Writer nicht unter dem Namen Microsoft Office Document Image Writer freigeben. 
Fehler: 2114. Der Drucker kann nicht von anderen Benutzern im Netzwerk verwendet
werden.
 
Error - 10.02.2011 14:53:05 | Computer Name = jalm-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 10.02.2011 14:53:45 | Computer Name = jalm-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 10.02.2011 14:54:42 | Computer Name = jalm-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.02.2011 14:54:42 | Computer Name = jalm-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 10.02.2011 14:54:42 | Computer Name = jalm-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

Für die Hilfe vielen Dank

kira · 11.02.2011, 08:05

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

[/list]

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

2.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

3.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ "Download"→ " Download from FileHippo.com"
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
Coverflow

roots · 21.02.2011, 02:30

[code]
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:08:26, on 21.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Users\jalm\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: CHIP.de Toolbar - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Program Files\CHIP.de\tbCHIP.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CHIP.de Toolbar - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Program Files\CHIP.de\tbCHIP.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: CHIP.de Toolbar - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Program Files\CHIP.de\tbCHIP.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\jalm\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-21-3133644414-1376070004-1826763364-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3133644414-1376070004-1826763364-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-3133644414-1376070004-1826763364-1000\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - HKUS\S-1-5-21-3133644414-1376070004-1826763364-1000\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User '?')
O4 - HKUS\S-1-5-21-3133644414-1376070004-1826763364-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-3133644414-1376070004-1826763364-1000\..\Run: [Google Update] "C:\Users\jalm\AppData\Local\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - S-1-5-21-3133644414-1376070004-1826763364-1000 Startup: DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (User '?')
O4 - S-1-5-21-3133644414-1376070004-1826763364-1000 Startup: Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (User '?')
O4 - S-1-5-21-3133644414-1376070004-1826763364-1000 Startup: DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (User '?')
O4 - S-1-5-21-3133644414-1376070004-1826763364-1000 Startup: Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe (User '?')
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - .DEFAULT User Startup: DSL-MANAGER.LNK = C:\Program Files\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe
O4 - Startup: Netzmanager.lnk = C:\Program Files\Netzmanager\netzmanager.exe
O4 - Global Startup: web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O4 - Global Startup: WEB'N'WALK MANAGER.LNK = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F601577A-DCC5-4A71-819A-37B3068B271B}: NameServer = 192.168.2.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\MZVKBD3.DLL,C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GtDetectSc - Option - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netzmanager Infrastruktur Informationssystem Dienst (Netzmanager Service) - Deutsche Telekom AG - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\DSL-Manager\DslMgrSvc.exe
O23 - Service: TrafficMonitor Packettreiber Initialisierung (TMPService) - Mirko Böer - C:\Program Files\TrafficMonitor\TMPacketServiceInit.exe
O23 - Service: Virtual CDAudio Service - RapidSolution Software AG - C:\Program Files\RapidSolution\AudialsOne 4\VCDWriter\32\VCDAudioService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15217 bytes

--- --- ---

Code:

ATTFilter

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  20.02.2011 23:07     C:\Program Files --------- 28672   
  20.02.2011 23:06     C:\System Volume Information --------- 32768   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  10.02.2011 21:03     C:\ProgramData --------- 20480   
  08.02.2011 22:31     C:\Windows --------- 32768   
  04.12.2010 15:31     C:\found.001 --------- 0   
  29.11.2010 23:16     C:\zzz --------- 4096   
  09.11.2010 12:07     C:\unzipper --------- 0   
  08.11.2010 11:20     C:\found.000 --------- 0   
  24.10.2010 14:21     C:\$RECYCLE.BIN --------- 0   
  02.05.2010 10:46     C:\InstallHelper.log --------- 142   
  21.11.2009 02:11     C:\Boot --------- 4096   
  20.11.2009 00:58     C:\Metaboli --------- 4096   
  20.11.2009 00:53     C:\Temp --------- 0   
  11.04.2009 07:36     C:\bootmgr --------- 333257   
  29.01.2009 02:45     C:\AAA --------- 0   
  25.12.2008 21:54     C:\Users --------- 4096   
  25.12.2008 21:53     C:\Programme --------- 0   
  25.12.2008 21:53     C:\Dokumente und Einstellungen --------- 0   
  22.10.2008 04:36     C:\MSDOS.SYS --------- 0   
  22.10.2008 04:36     C:\IO.SYS --------- 0   
  20.10.2008 13:37     C:\BOOTSECT.BAK --------- 8192   
  20.10.2008 06:41     C:\MSOCache --------- 0   
  02.11.2006 14:02     C:\Documents and Settings --------- 0   
  18.09.2006 22:43     C:\config.sys --------- 10   
  18.09.2006 22:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  20.02.2011 23:25     C:\Windows\WindowsUpdate.log --------- 1422759   
  20.02.2011 21:14     C:\Windows\bootstat.dat --------- 67584   
  01.02.2011 23:22     C:\Windows\setupact.log --------- 156937   
  18.12.2010 00:21     C:\Windows\DPINST.LOG --------- 25868   
  05.12.2010 21:33     C:\Windows\MEMORY.DMP --------- 468257649   
  05.12.2010 21:10     C:\Windows\PFRO.log --------- 291746   
  09.11.2010 12:14     C:\Windows\TrafficMonitor_Uninstall.in --------- 2711   
  09.11.2010 12:08     C:\Windows\TraffUn.EXE --------- 330344   
  31.10.2010 01:34     C:\Windows\Podcasts.INI --------- 118   
  10.06.2010 21:18     C:\Windows\ie8_main.log --------- 4109   
  25.11.2009 23:12     C:\Windows\msxml4-KB973688-deu.LOG --------- 295568   
  20.11.2009 01:00     C:\Windows\GPlrLanc.dat --------- 68   
  11.04.2009 07:27     C:\Windows\explorer.exe --------- 2926592   
  08.03.2009 12:41     C:\Windows\NeroDigital.ini --------- 69   
  08.01.2009 01:28     C:\Windows\DirectX.log --------- 115992   
  29.12.2008 00:53     C:\Windows\nsreg.dat --------- 0   
  28.12.2008 23:16     C:\Windows\eReg.dat --------- 477   
  27.12.2008 02:31     C:\Windows\msxml4-KB954430-deu.LOG --------- 292084   
  25.12.2008 21:38     C:\Windows\TSSysprep.log --------- 10543   
  25.12.2008 21:36     C:\Windows\DtcInstall.log --------- 7257   
  05.12.2008 00:19     C:\Windows\WLXPGSS.SCR --------- 308584   
  22.10.2008 05:15     C:\Windows\csup.txt --------- 12   
  20.10.2008 06:52     C:\Windows\msxml4-KB941833-deu.LOG --------- 262716   
  20.10.2008 06:52     C:\Windows\msxml4-KB936181-deu.LOG --------- 263396   
  20.10.2008 05:23     C:\Windows\KB893803v2.log --------- 558   
  20.10.2008 04:37     C:\Windows\DIFxAPI.dll --------- 319456   
  20.10.2008 04:36     C:\Windows\HideWin.exe --------- 319488   
  18.09.2008 18:00     C:\Windows\SkyTel.exe --------- 1833504   
  18.09.2008 18:00     C:\Windows\RtlUpd.exe --------- 1206816   
  18.09.2008 18:00     C:\Windows\RtHDVCpl.exe --------- 6294048   
  13.08.2008 12:19     C:\Windows\Updates.txt --------- 307   
  29.07.2008 14:42     C:\Windows\RtlExUpd.dll --------- 528384   
  20.03.2008 16:56     C:\Windows\UNRecode.exe --------- 972072   
  28.02.2008 17:38     C:\Windows\UNNeroMediaHome.exe --------- 972072   
  21.01.2008 03:43     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 03:24     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 03:24     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 03:24     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 03:24     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 03:23     C:\Windows\notepad.exe --------- 151040   
  14.11.2007 14:18     C:\Windows\USetup.iss --------- 553   
  21.03.2007 20:02     C:\Windows\UNNeroVision.exe --------- 972336   
  20.03.2007 20:22     C:\Windows\UNNeroBackItUp.exe --------- 972336   
  28.02.2007 15:41     C:\Windows\UNNeroShowTime.exe --------- 972336   
  02.11.2006 14:04     C:\Windows\win.ini --------- 144   
  02.11.2006 13:52     C:\Windows\setuperr.log --------- 0   
  02.11.2006 13:47     C:\Windows\SETUPAPI.LOG --------- 94   
  02.11.2006 13:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 13:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 13:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 13:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 13:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 12:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 22:46     C:\Windows\system.ini --------- 219   
  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   
  07.04.2006 12:29     C:\Windows\corelpf.lrs --------- 29798   
  15.09.2005 13:35     C:\Windows\UNNeroMediaHome.cfg --------- 50   
  30.08.2005 20:37     C:\Windows\UNNeroVision.cfg --------- 50   
  30.08.2005 20:37     C:\Windows\UNNeroShowTime.cfg --------- 50   
  30.08.2005 20:36     C:\Windows\UNRecode.cfg --------- 50   
  30.08.2005 20:33     C:\Windows\UNNeroBackItUp.cfg --------- 50   
  04.02.2004 10:01     C:\Windows\metaboli.ico --------- 2238   
  11.12.2002 19:11     C:\Windows\WMPrfFra.prx --------- 37916   
  11.12.2002 19:11     C:\Windows\WMPrfIta.prx --------- 35680   
  11.12.2002 19:11     C:\Windows\WMPrfEsp.prx --------- 35590   
  23.06.2000 11:46     C:\Windows\WMPrfDeu.prx --------- 33820   
  25.06.1999 08:56     C:\Windows\Unwise.exe --------- 127184   
----------------------------------------

 
C:\Windows\System

 06.05.2008 16:41      C:\Windows\System\DriveIcon.dll --------- 6416928 
 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 
 30.06.2004 15:24      C:\Windows\System\MyMulti.ico --------- 5430 
----------------------------------------

 
C:\Windows\System32

 20.02.2011 23:39     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3616  
 20.02.2011 23:39     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3616  
 20.02.2011 14:23     C:\Windows\system32\catroot2 --------- 4096  
 11.02.2011 01:28     C:\Windows\system32\catroot --------- 4096  
 10.02.2011 21:03     C:\Windows\system32\drivers --------- 65536  
 09.02.2011 21:54     C:\Windows\system32\perfh009.dat --------- 595996  
 09.02.2011 21:54     C:\Windows\system32\perfc009.dat --------- 104070  
 09.02.2011 21:54     C:\Windows\system32\perfh007.dat --------- 628742  
 09.02.2011 21:54     C:\Windows\system32\perfc007.dat --------- 126454  
 09.02.2011 21:54     C:\Windows\system32\PerfStringBackup.INI --------- 1445310  
 09.02.2011 21:49     C:\Windows\system32\WDI --------- 8192  
 09.02.2011 21:47     C:\Windows\system32\FNTCACHE.DAT --------- 318312  
 09.02.2011 21:42     C:\Windows\system32\migration --------- 0  
 08.02.2011 22:49     C:\Windows\system32\Tasks --------- 4096  
 08.02.2011 22:31     C:\Windows\system32\wbem --------- 65536  
 08.02.2011 22:30     C:\Windows\system32\config --------- 12288  
 08.02.2011 22:30     C:\Windows\system32\spool --------- 4096  
 08.02.2011 22:30     C:\Windows\system32\Msdtc --------- 4096  
 04.02.2011 17:34     C:\Windows\system32\mrt.exe --------- 37443528  
 21.01.2011 17:35     C:\Windows\system32\shlwapi.dll --------- 353280  
 21.01.2011 17:35     C:\Windows\system32\shell32.dll --------- 11586048  
 20.01.2011 17:08     C:\Windows\system32\dxgi.dll --------- 478720  
 20.01.2011 17:08     C:\Windows\system32\d3d10core.dll --------- 189952  
 20.01.2011 17:08     C:\Windows\system32\d3d10_1core.dll --------- 219648  
 20.01.2011 17:08     C:\Windows\system32\d3d10_1.dll --------- 160768  
 20.01.2011 17:08     C:\Windows\system32\d3d10.dll --------- 1029120  
 20.01.2011 17:07     C:\Windows\system32\cdd.dll --------- 37376  
 20.01.2011 17:07     C:\Windows\system32\winspool.drv --------- 258048  
 20.01.2011 17:07     C:\Windows\system32\stobject.dll --------- 586240  
 20.01.2011 17:07     C:\Windows\system32\shdocvw.dll --------- 1075712  
 20.01.2011 17:06     C:\Windows\system32\mf.dll --------- 2873344  
 20.01.2011 17:06     C:\Windows\system32\printfilterpipelineprxy.dll --------- 26112  
 20.01.2011 17:04     C:\Windows\system32\mfps.dll --------- 98816  
 20.01.2011 17:04     C:\Windows\system32\mfplat.dll --------- 209920  
 20.01.2011 15:28     C:\Windows\system32\xpsservices.dll --------- 1554432  
 20.01.2011 15:27     C:\Windows\system32\XpsPrint.dll --------- 876032  
 20.01.2011 15:26     C:\Windows\system32\printfilterpipelinesvc.exe --------- 667648  
 20.01.2011 15:25     C:\Windows\system32\OpcServices.dll --------- 847360  
 20.01.2011 15:24     C:\Windows\system32\XpsGdiConverter.dll --------- 288768  
 20.01.2011 15:24     C:\Windows\system32\XpsRasterService.dll --------- 135680  
 20.01.2011 15:15     C:\Windows\system32\MFH264Dec.dll --------- 979456  
 20.01.2011 15:14     C:\Windows\system32\MFHEAACdec.dll --------- 357376  
 20.01.2011 15:14     C:\Windows\system32\mfmp4src.dll --------- 302592  
 20.01.2011 15:14     C:\Windows\system32\mfreadwrite.dll --------- 261632  
 20.01.2011 15:12     C:\Windows\system32\d3d10warp.dll --------- 1172480  
 20.01.2011 15:11     C:\Windows\system32\d3d10level9.dll --------- 486400  
 20.01.2011 14:47     C:\Windows\system32\d2d1.dll --------- 683008  
 20.01.2011 14:44     C:\Windows\system32\DWrite.dll --------- 1068544  
 20.01.2011 14:44     C:\Windows\system32\FntCache.dll --------- 797184  
 08.01.2011 09:47     C:\Windows\system32\atmlib.dll --------- 34304  
 08.01.2011 07:28     C:\Windows\system32\atmfd.dll --------- 292352  
 03.01.2011 02:50     C:\Windows\system32\mapisvc.inf --------- 629  
 31.12.2010 17:35     C:\Windows\system32\xlive --------- 0  
 31.12.2010 17:34     C:\Windows\system32\wrap_oal.dll --------- 445016  
 31.12.2010 17:34     C:\Windows\system32\OpenAL32.dll --------- 109144  
 31.12.2010 14:57     C:\Windows\system32\win32k.sys --------- 2039808  
 28.12.2010 16:55     C:\Windows\system32\odbc32.dll --------- 413696  
 18.12.2010 07:27     C:\Windows\system32\wininet.dll --------- 916480  
 18.12.2010 07:26     C:\Windows\system32\urlmon.dll --------- 1210880  
 18.12.2010 07:25     C:\Windows\system32\occache.dll --------- 206848  
 18.12.2010 07:23     C:\Windows\system32\mstime.dll --------- 611840  
 18.12.2010 07:23     C:\Windows\system32\mshtml.dll --------- 5961216  
 18.12.2010 07:23     C:\Windows\system32\mshtmled.dll --------- 66560  
 18.12.2010 07:23     C:\Windows\system32\msfeeds.dll --------- 602112  
 18.12.2010 07:23     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 18.12.2010 07:22     C:\Windows\system32\licmgr10.dll --------- 43520  
 18.12.2010 07:22     C:\Windows\system32\jsproxy.dll --------- 25600  
 18.12.2010 07:22     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 18.12.2010 07:22     C:\Windows\system32\ieui.dll --------- 164352  
 18.12.2010 07:22     C:\Windows\system32\iesysprep.dll --------- 109056  
 18.12.2010 07:22     C:\Windows\system32\iesetup.dll --------- 71680  
 18.12.2010 07:22     C:\Windows\system32\iertutil.dll --------- 1991680  
 18.12.2010 07:22     C:\Windows\system32\iernonce.dll --------- 55808  
 18.12.2010 07:22     C:\Windows\system32\iepeers.dll --------- 184320  
 18.12.2010 07:22     C:\Windows\system32\ieframe.dll --------- 11080704  
 18.12.2010 07:22     C:\Windows\system32\iedkcs32.dll --------- 387584  
 18.12.2010 06:25     C:\Windows\system32\html.iec --------- 385024  
 18.12.2010 05:48     C:\Windows\system32\ieUnatt.exe --------- 133632  
 18.12.2010 05:48     C:\Windows\system32\ie4uinit.exe --------- 173568  
 18.12.2010 05:47     C:\Windows\system32\msfeedssync.exe --------- 13312  
 18.12.2010 05:47     C:\Windows\system32\mshtml.tlb --------- 1638912  
 18.12.2010 00:21     C:\Windows\system32\DRVSTORE --------- 0  
 16.12.2010 01:51     C:\Windows\system32\de-DE --------- 196608  
 16.12.2010 01:51     C:\Windows\system32\en-US --------- 262144  
 14.12.2010 15:49     C:\Windows\system32\sdclt.exe --------- 1169408  
 29.11.2010 17:38     C:\Windows\system32\QuickTime.qts --------- 69632  
 29.11.2010 17:38     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  
 04.11.2010 19:56     C:\Windows\system32\wmicmiplugin.dll --------- 345600  
 04.11.2010 19:55     C:\Windows\system32\taskschd.dll --------- 352768  
 04.11.2010 19:55     C:\Windows\system32\taskcomp.dll --------- 270336  
 04.11.2010 19:55     C:\Windows\system32\schedsvc.dll --------- 601600  
 04.11.2010 17:34     C:\Windows\system32\taskeng.exe --------- 171520  
 28.10.2010 14:20     C:\Windows\system32\tzres.dll --------- 2048  
 19.10.2010 10:41     C:\Windows\system32\MpSigStub.exe --------- 222080  
 18.10.2010 14:37     C:\Windows\system32\consent.exe --------- 81920  
 15.10.2010 15:08     C:\Windows\system32\ntkrnlpa.exe --------- 3602320  
 15.10.2010 15:08     C:\Windows\system32\ntoskrnl.exe --------- 3550096  
 15.10.2010 14:48     C:\Windows\system32\ntdll.dll --------- 1205080  
 14.10.2010 01:36     C:\Windows\system32\xlive.dll --------- 15451288  
 14.10.2010 01:36     C:\Windows\system32\xlivefnt.dll --------- 13642904  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 20.02.2011 23:54     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133644414-1376070004-1826763364-1000UA.job --------- 1114  
 20.02.2011 23:28     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
 20.02.2011 22:54     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133644414-1376070004-1826763364-1000Core.job --------- 1062  
 20.02.2011 22:28     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 20.02.2011 21:14     C:\Windows\Tasks\SA.DAT --------- 6  
 20.02.2011 15:11     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32566  
 12.02.2011 23:22     C:\Windows\Tasks\User_Feed_Synchronization-{89DD34C1-D4DD-4C63-8B7E-9C3A0C656863}.job --------- 416  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\jalm\AppData\Local\Temp

 20.02.2011 23:59     C:\Users\jalm\AppData\Local\Temp\Low --------- 327680  
 20.02.2011 23:59     C:\Users\jalm\AppData\Local\Temp\Temp1_hjtscanlist.zip --------- 0  
 20.02.2011 23:50     C:\Users\jalm\AppData\Local\Temp\~DF2490.tmp --------- 28672  
 20.02.2011 23:46     C:\Users\jalm\AppData\Local\Temp\jalm.bmp --------- 31832  
 20.02.2011 23:26     C:\Users\jalm\AppData\Local\Temp\~DF8867.tmp --------- 114688  
 20.02.2011 23:20     C:\Users\jalm\AppData\Local\Temp\Gast.bmp --------- 49208  
 20.02.2011 23:20     C:\Users\jalm\AppData\Local\Temp\Konto_2.bmp --------- 31832  
 20.02.2011 23:11     C:\Users\jalm\AppData\Local\Temp\~DF3532.tmp --------- 20480  
 20.02.2011 22:54     C:\Users\jalm\AppData\Local\Temp\~DF3D27.tmp --------- 24576  
 20.02.2011 21:18     C:\Users\jalm\AppData\Local\Temp\AdobeARM.log --------- 263966  
 20.02.2011 21:17     C:\Users\jalm\AppData\Local\Temp\~DF530D.tmp --------- 512  
 20.02.2011 21:17     C:\Users\jalm\AppData\Local\Temp\~DF52B9.tmp --------- 16384  
 20.02.2011 21:17     C:\Users\jalm\AppData\Local\Temp\~DF50D4.tmp --------- 512  
 20.02.2011 21:17     C:\Users\jalm\AppData\Local\Temp\~DF5068.tmp --------- 32768  
 20.02.2011 21:17     C:\Users\jalm\AppData\Local\Temp\~DF3789.tmp --------- 16384  
 20.02.2011 21:15     C:\Users\jalm\AppData\Local\Temp\~DF393A.tmp --------- 311350  
 20.02.2011 21:15     C:\Users\jalm\AppData\Local\Temp\WPDNSE --------- 0  
 20.02.2011 21:14     C:\Users\jalm\AppData\Local\Temp\~DF14DA.tmp --------- 16384  
 20.02.2011 21:14     C:\Users\jalm\AppData\Local\Temp\ArmUI.ini --------- 142194  
 20.02.2011 14:23     C:\Users\jalm\AppData\Local\Temp\~DF5C44.tmp --------- 311350  
 20.02.2011 14:23     C:\Users\jalm\AppData\Local\Temp\~DFD210.tmp --------- 16384  
 19.02.2011 23:48     C:\Users\jalm\AppData\Local\Temp\~ef7194.tmp --------- 53248  
 19.02.2011 23:22     C:\Users\jalm\AppData\Local\Temp\~DFC915.tmp --------- 311350  
 19.02.2011 23:22     C:\Users\jalm\AppData\Local\Temp\~DF1B77.tmp --------- 16384  
 19.02.2011 23:11     C:\Users\jalm\AppData\Local\Temp\~DF1D71.tmp --------- 16384  
 19.02.2011 23:10     C:\Users\jalm\AppData\Local\Temp\GURBF58.tmp --------- 0  
 17.02.2011 20:52     C:\Users\jalm\AppData\Local\Temp\~DF21EB.tmp --------- 311350  
 17.02.2011 20:51     C:\Users\jalm\AppData\Local\Temp\~DF8140.tmp --------- 16384  
 16.02.2011 22:59     C:\Users\jalm\AppData\Local\Temp\AAXB525.tmp --------- 30184  
 16.02.2011 22:55     C:\Users\jalm\AppData\Local\Temp\AAXD35E.tmp --------- 30184  
 16.02.2011 22:06     C:\Users\jalm\AppData\Local\Temp\AAX54AD.tmp --------- 30184  
 16.02.2011 21:18     C:\Users\jalm\AppData\Local\Temp\~DFFF98.tmp --------- 311350  
 16.02.2011 21:18     C:\Users\jalm\AppData\Local\Temp\~DFC941.tmp --------- 16384  
 15.02.2011 23:03     C:\Users\jalm\AppData\Local\Temp\npsE3B5.tmp --------- 530666  
 15.02.2011 22:56     C:\Users\jalm\AppData\Local\Temp\nps965F.tmp --------- 1270476  
 15.02.2011 22:53     C:\Users\jalm\AppData\Local\Temp\nps1F1D.tmp --------- 1407257  
 15.02.2011 22:53     C:\Users\jalm\AppData\Local\Temp\AAXAC5D.tmp --------- 30184  
 15.02.2011 22:50     C:\Users\jalm\AppData\Local\Temp\nps410A.tmp --------- 3206  
 15.02.2011 22:50     C:\Users\jalm\AppData\Local\Temp\nps3B3F.tmp --------- 1860874  
 15.02.2011 22:50     C:\Users\jalm\AppData\Local\Temp\nps2712.tmp --------- 42574  
 15.02.2011 22:50     C:\Users\jalm\AppData\Local\Temp\nps257C.tmp --------- 96304  
 15.02.2011 22:50     C:\Users\jalm\AppData\Local\Temp\nps10C3.tmp --------- 89940  
 15.02.2011 22:50     C:\Users\jalm\AppData\Local\Temp\npsF0F2.tmp --------- 15346  
 15.02.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~DFF3C6.tmp --------- 311350  
 15.02.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~DF9EAF.tmp --------- 16384  
 15.02.2011 22:37     C:\Users\jalm\AppData\Local\Temp\mp19446.cct --------- 1270476  
 15.02.2011 22:37     C:\Users\jalm\AppData\Local\Temp\npsF788.tmp --------- 1270476  
 15.02.2011 22:37     C:\Users\jalm\AppData\Local\Temp\tmp822AE.FOT --------- 1409  
 15.02.2011 22:37     C:\Users\jalm\AppData\Local\Temp\AAXA208.tmp --------- 30184  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\etilqs_z53olKBZ7kQLetSg3Oxi --------- 0  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\tmpCA3CC.FOT --------- 1409  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\AAXC3AA.tmp --------- 31492  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mpb05416.xml --------- 8532  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\tmpB41CC.FOT --------- 1409  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\AAXC139.tmp --------- 32372  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mp8505.cct --------- 3206  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\npsBFA2.tmp --------- 3206  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mp18643.dcr --------- 1860874  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\npsBDED.tmp --------- 1860874  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mpb05416.cct --------- 42574  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\npsB3DE.tmp --------- 42574  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mp20035.dcr --------- 96304  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\npsB2F3.tmp --------- 96304  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mpb05416.w32 --------- 46762  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mpb05416.jpg --------- 4843  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mpb05416.dcr --------- 89940  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\nps9C08.tmp --------- 89940  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\mpa05416 --------- 15346  
 15.02.2011 22:35     C:\Users\jalm\AppData\Local\Temp\nps93EC.tmp --------- 15346  
 15.02.2011 22:33     C:\Users\jalm\AppData\Local\Temp\temp0003 --------- 182  
 15.02.2011 22:33     C:\Users\jalm\AppData\Local\Temp\temp0002 --------- 238  
 15.02.2011 22:33     C:\Users\jalm\AppData\Local\Temp\temp0001 --------- 156  
 15.02.2011 22:33     C:\Users\jalm\AppData\Local\Temp\temp0000 --------- 136  
 15.02.2011 22:23     C:\Users\jalm\AppData\Local\Temp\~DF77B4.tmp --------- 311350  
 15.02.2011 22:22     C:\Users\jalm\AppData\Local\Temp\~DF65F.tmp --------- 16384  
 15.02.2011 10:35     C:\Users\jalm\AppData\Local\Temp\~DF6442.tmp --------- 311350  
 15.02.2011 10:34     C:\Users\jalm\AppData\Local\Temp\~DFBCFB.tmp --------- 16384  
 14.02.2011 23:45     C:\Users\jalm\AppData\Local\Temp\~DFCBEC.tmp --------- 311350  
 14.02.2011 23:44     C:\Users\jalm\AppData\Local\Temp\~DF2D8.tmp --------- 16384  
 14.02.2011 23:42     C:\Users\jalm\AppData\Local\Temp\etilqs_SurwdnJxiNmX46peNjcg --------- 0  
 14.02.2011 23:36     C:\Users\jalm\AppData\Local\Temp\etilqs_xjQac0muqVi5ZVV73zga --------- 0  
 14.02.2011 23:34     C:\Users\jalm\AppData\Local\Temp\flaD194.tmp --------- 416059  
 14.02.2011 23:20     C:\Users\jalm\AppData\Local\Temp\~DF361A.tmp --------- 311350  
 14.02.2011 23:20     C:\Users\jalm\AppData\Local\Temp\~DF5F68.tmp --------- 16384  
 13.02.2011 21:24     C:\Users\jalm\AppData\Local\Temp\~DF8EA9.tmp --------- 311350  
 13.02.2011 21:22     C:\Users\jalm\AppData\Local\Temp\~DF5DD3.tmp --------- 16384  
 13.02.2011 00:37     C:\Users\jalm\AppData\Local\Temp\chrome_2133 --------- 0  
 13.02.2011 00:37     C:\Users\jalm\AppData\Local\Temp\chrome_installer.log --------- 0  
 12.02.2011 23:55     C:\Users\jalm\AppData\Local\Temp\CR_A498.tmp --------- 0  
 12.02.2011 23:24     C:\Users\jalm\AppData\Local\Temp\~DF330A.tmp --------- 311350  
 12.02.2011 23:23     C:\Users\jalm\AppData\Local\Temp\~DF70F1.tmp --------- 16384  
 11.02.2011 18:45     C:\Users\jalm\AppData\Local\Temp\~DF1DE7.tmp --------- 311350  
 11.02.2011 18:44     C:\Users\jalm\AppData\Local\Temp\~DF76D1.tmp --------- 16384  
 11.02.2011 18:42     C:\Users\jalm\AppData\Local\Temp\etilqs_1dVFxNeQCqju8GLfjjYX --------- 0  
 11.02.2011 18:41     C:\Users\jalm\AppData\Local\Temp\~DFF24B.tmp --------- 0  
 11.02.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF74A3.tmp --------- 512  
 11.02.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF749C.tmp --------- 16384  
 11.02.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF73B5.tmp --------- 512  
 11.02.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF73AE.tmp --------- 32768  
 11.02.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF8ABF.tmp --------- 16384  
 11.02.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF6971.tmp --------- 0  
 11.02.2011 18:38     C:\Users\jalm\AppData\Local\Temp\~DFBD3.tmp --------- 311350  
 11.02.2011 18:38     C:\Users\jalm\AppData\Local\Temp\~DF21D1.tmp --------- 16384  
 10.02.2011 19:54     C:\Users\jalm\AppData\Local\Temp\~DFE434.tmp --------- 311350  
 10.02.2011 19:53     C:\Users\jalm\AppData\Local\Temp\~DF2F7A.tmp --------- 16384  
 09.02.2011 21:52     C:\Users\jalm\AppData\Local\Temp\dslmupdate.ini --------- 40  
 09.02.2011 21:51     C:\Users\jalm\AppData\Local\Temp\~DF84E3.tmp --------- 311350  
 09.02.2011 21:51     C:\Users\jalm\AppData\Local\Temp\~DF2FA6.tmp --------- 16384  
 09.02.2011 21:11     C:\Users\jalm\AppData\Local\Temp\~DFC8DE.tmp --------- 311350  
 09.02.2011 21:10     C:\Users\jalm\AppData\Local\Temp\~DF22D7.tmp --------- 16384  
 09.02.2011 21:08     C:\Users\jalm\AppData\Local\Temp\~DFA409.tmp --------- 16384  
 08.02.2011 22:49     C:\Users\jalm\AppData\Local\Temp\{7E7D307D-A9B1-4F77-BBC3-364D9C8C6E47} --------- 28672  
 08.02.2011 22:34     C:\Users\jalm\AppData\Local\Temp\~DF9114.tmp --------- 311350  
 08.02.2011 22:34     C:\Users\jalm\AppData\Local\Temp\~DFE7B1.tmp --------- 16384  
 08.02.2011 22:30     C:\Users\jalm\AppData\Local\Temp\{90A455A7-0FC8-4508-B7FA-8F135B8F041A} --------- 0  
 08.02.2011 22:17     C:\Users\jalm\AppData\Local\Temp\CabD44E.tmp --------- 30273  
 08.02.2011 22:17     C:\Users\jalm\AppData\Local\Temp\TarD587.tmp --------- 0  
 08.02.2011 22:16     C:\Users\jalm\AppData\Local\Temp\~DFC12C.tmp --------- 16384  
 08.02.2011 21:51     C:\Users\jalm\AppData\Local\Temp\~DFC3AD.tmp --------- 311350  
 08.02.2011 21:51     C:\Users\jalm\AppData\Local\Temp\~DF2968.tmp --------- 16384  
 08.02.2011 21:40     C:\Users\jalm\AppData\Local\Temp\~DFCE4A.tmp --------- 311350  
 08.02.2011 21:40     C:\Users\jalm\AppData\Local\Temp\~DFC5F4.tmp --------- 16384  
 08.02.2011 21:36     C:\Users\jalm\AppData\Local\Temp\~DFCAEE.tmp --------- 311350  
 08.02.2011 21:35     C:\Users\jalm\AppData\Local\Temp\~DF6B71.tmp --------- 16384  
 08.02.2011 21:31     C:\Users\jalm\AppData\Local\Temp\~DFC06D.tmp --------- 311350  
 08.02.2011 21:30     C:\Users\jalm\AppData\Local\Temp\~DF25D1.tmp --------- 16384  
 08.02.2011 21:20     C:\Users\jalm\AppData\Local\Temp\newmsg-3 --------- 233  
 08.02.2011 21:13     C:\Users\jalm\AppData\Local\Temp\~DF83E9.tmp --------- 16384  
 08.02.2011 21:13     C:\Users\jalm\AppData\Local\Temp\~DF83FF.tmp --------- 512  
 08.02.2011 21:13     C:\Users\jalm\AppData\Local\Temp\~DF108.tmp --------- 0  
 08.02.2011 21:13     C:\Users\jalm\AppData\Local\Temp\~DF80FF.tmp --------- 0  
 08.02.2011 21:12     C:\Users\jalm\AppData\Local\Temp\~DF840F.tmp --------- 16384  
 08.02.2011 21:00     C:\Users\jalm\AppData\Local\Temp\~DFFC05.tmp --------- 32768  
 08.02.2011 21:00     C:\Users\jalm\AppData\Local\Temp\~DFFC16.tmp --------- 512  
 08.02.2011 21:00     C:\Users\jalm\AppData\Local\Temp\~DF64B1.tmp --------- 0  
 08.02.2011 20:51     C:\Users\jalm\AppData\Local\Temp\~DF988D.tmp --------- 311350  
 08.02.2011 20:51     C:\Users\jalm\AppData\Local\Temp\~DF1197.tmp --------- 16384  
 07.02.2011 20:56     C:\Users\jalm\AppData\Local\Temp\~DF125B.tmp --------- 311350  
 07.02.2011 20:56     C:\Users\jalm\AppData\Local\Temp\~DF6E2B.tmp --------- 16384  
 07.02.2011 20:51     C:\Users\jalm\AppData\Local\Temp\~DFC3CE.tmp --------- 16384  
 07.02.2011 20:51     C:\Users\jalm\AppData\Local\Temp\~DFDC0F.tmp --------- 512  
 07.02.2011 20:50     C:\Users\jalm\AppData\Local\Temp\~DF7F4C.tmp --------- 311350  
 07.02.2011 20:50     C:\Users\jalm\AppData\Local\Temp\~DFB992.tmp --------- 16384  
 06.02.2011 22:58     C:\Users\jalm\AppData\Local\Temp\~DF3736.tmp --------- 311350  
 06.02.2011 22:56     C:\Users\jalm\AppData\Local\Temp\~DF56B6.tmp --------- 16384  
 06.02.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DF1135.tmp --------- 512  
 06.02.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DF112D.tmp --------- 16384  
 06.02.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DF1069.tmp --------- 512  
 06.02.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DF102A.tmp --------- 32768  
 06.02.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DFDB78.tmp --------- 16384  
 06.02.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DFCEA6.tmp --------- 16384  
 06.02.2011 22:42     C:\Users\jalm\AppData\Local\Temp\~DFE7E5.tmp --------- 311350  
 06.02.2011 22:42     C:\Users\jalm\AppData\Local\Temp\~DF174E.tmp --------- 16384  
 05.02.2011 00:49     C:\Users\jalm\AppData\Local\Temp\~DF474C.tmp --------- 311350  
 05.02.2011 00:47     C:\Users\jalm\AppData\Local\Temp\~DFCC09.tmp --------- 16384  
 05.02.2011 00:37     C:\Users\jalm\AppData\Local\Temp\~DFB457.tmp --------- 311350  
 05.02.2011 00:37     C:\Users\jalm\AppData\Local\Temp\~DF2CC1.tmp --------- 16384  
 04.02.2011 05:50     C:\Users\jalm\AppData\Local\Temp\_avast_ --------- 0  
 04.02.2011 00:37     C:\Users\jalm\AppData\Local\Temp\dd_vcredistUI4890.txt --------- 11710  
 04.02.2011 00:37     C:\Users\jalm\AppData\Local\Temp\dd_vcredistMSI4890.txt --------- 394432  
 03.02.2011 22:04     C:\Users\jalm\AppData\Local\Temp\~DFEB21.tmp --------- 311350  
 03.02.2011 22:04     C:\Users\jalm\AppData\Local\Temp\~DFA021.tmp --------- 16384  
 01.02.2011 23:25     C:\Users\jalm\AppData\Local\Temp\wmplog03.sqm --------- 1406  
 01.02.2011 23:23     C:\Users\jalm\AppData\Local\Temp\adl_flash.log --------- 21829  
 01.02.2011 23:13     C:\Users\jalm\AppData\Local\Temp\wmplog02.sqm --------- 1726  
 01.02.2011 23:01     C:\Users\jalm\AppData\Local\Temp\wmplog01.sqm --------- 1462  
 01.02.2011 22:49     C:\Users\jalm\AppData\Local\Temp\~DF15E0.tmp --------- 311350  
 01.02.2011 22:49     C:\Users\jalm\AppData\Local\Temp\~DFB936.tmp --------- 16384  
 01.02.2011 01:00     C:\Users\jalm\AppData\Local\Temp\FlM2z2mL.txt.part --------- 2810880  
 01.02.2011 00:59     C:\Users\jalm\AppData\Local\Temp\nsmail-1.txt --------- 2810880  
 31.01.2011 23:25     C:\Users\jalm\AppData\Local\Temp\~DF6CF.tmp --------- 311350  
 31.01.2011 23:25     C:\Users\jalm\AppData\Local\Temp\~DFFB77.tmp --------- 16384  
 30.01.2011 17:12     C:\Users\jalm\AppData\Local\Temp\~DF5A40.tmp --------- 311350  
 30.01.2011 17:11     C:\Users\jalm\AppData\Local\Temp\~DF2F2E.tmp --------- 16384  
 30.01.2011 17:09     C:\Users\jalm\AppData\Local\Temp\~DF3C13.tmp --------- 16384  
 30.01.2011 16:47     C:\Users\jalm\AppData\Local\Temp\~DF992D.tmp --------- 0  
 30.01.2011 16:08     C:\Users\jalm\AppData\Local\Temp\~DFEE73.tmp --------- 16384  
 30.01.2011 15:57     C:\Users\jalm\AppData\Local\Temp\~DF4033.tmp --------- 0  
 30.01.2011 15:54     C:\Users\jalm\AppData\Local\Temp\~DF6D47.tmp --------- 16384  
 30.01.2011 12:36     C:\Users\jalm\AppData\Local\Temp\~DF73EC.tmp --------- 28672  
 30.01.2011 12:30     C:\Users\jalm\AppData\Local\Temp\~DFD564.tmp --------- 512  
 30.01.2011 12:30     C:\Users\jalm\AppData\Local\Temp\~DFD546.tmp --------- 16384  
 30.01.2011 12:30     C:\Users\jalm\AppData\Local\Temp\~DFD449.tmp --------- 512  
 30.01.2011 12:30     C:\Users\jalm\AppData\Local\Temp\~DFD441.tmp --------- 32768  
 30.01.2011 12:29     C:\Users\jalm\AppData\Local\Temp\~DFE0B6.tmp --------- 0  
 30.01.2011 11:57     C:\Users\jalm\AppData\Local\Temp\~DF5376.tmp --------- 311350  
 30.01.2011 11:56     C:\Users\jalm\AppData\Local\Temp\~DF7C0C.tmp --------- 16384  
 29.01.2011 22:54     C:\Users\jalm\AppData\Local\Temp\~btD0B3.tmp --------- 5509  
 29.01.2011 22:54     C:\Users\jalm\AppData\Local\Temp\~ttD0B2.tmp --------- 6700  
 29.01.2011 22:54     C:\Users\jalm\AppData\Local\Temp\~fmD0B1.tmp --------- 7349  
 29.01.2011 22:54     C:\Users\jalm\AppData\Local\Temp\~ftD0B0.tmp --------- 35296  
 29.01.2011 22:54     C:\Users\jalm\AppData\Local\Temp\~hmD09F.tmp --------- 34920  
 29.01.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~fmF91.tmp --------- 4445  
 29.01.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~ftF90.tmp --------- 9050  
 29.01.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~hmF7F.tmp --------- 34920  
 29.01.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~fm207.tmp --------- 4445  
 29.01.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~ft1F6.tmp --------- 9050  
 29.01.2011 22:46     C:\Users\jalm\AppData\Local\Temp\~hm1F5.tmp --------- 34920  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~bt96D3.tmp --------- 5509  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~tt96D2.tmp --------- 6700  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~fm96D1.tmp --------- 7793  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~ft96C1.tmp --------- 33146  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~hm96C0.tmp --------- 34920  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~fm68DC.tmp --------- 24044  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~ft68DB.tmp --------- 43528  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~hm68DA.tmp --------- 34920  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~bt2EB6.tmp --------- 5509  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~tt2EB5.tmp --------- 6700  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~fm2EA5.tmp --------- 4577  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~ft2E84.tmp --------- 10595  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~hm2E83.tmp --------- 34920  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~btA50.tmp --------- 5509  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~ttA4F.tmp --------- 6700  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~fmA3E.tmp --------- 30568  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~ftA3D.tmp --------- 79414  
 29.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~hmA3C.tmp --------- 34920  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~fmCBE4.tmp --------- 24044  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~ftCBE3.tmp --------- 43528  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~hmCBA4.tmp --------- 34920  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~bt4526.tmp --------- 5509  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~tt4525.tmp --------- 6700  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~fm4514.tmp --------- 7793  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~ft4503.tmp --------- 33146  
 29.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~hm44F3.tmp --------- 34920  
 29.01.2011 22:36     C:\Users\jalm\AppData\Local\Temp\~DF2AFE.tmp --------- 311350  
 29.01.2011 17:42     C:\Users\jalm\AppData\Local\Temp\~DFA283.tmp --------- 311350  
 29.01.2011 17:41     C:\Users\jalm\AppData\Local\Temp\~DFD1A1.tmp --------- 16384  
 29.01.2011 12:05     C:\Users\jalm\AppData\Local\Temp\~DF7BDA.tmp --------- 311350  
 29.01.2011 12:04     C:\Users\jalm\AppData\Local\Temp\~DFAC24.tmp --------- 16384  
 28.01.2011 22:49     C:\Users\jalm\AppData\Local\Temp\~DFE638.tmp --------- 311350  
 28.01.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DFCAC1.tmp --------- 16384  
 28.01.2011 22:34     C:\Users\jalm\AppData\Local\Temp\~DFF330.tmp --------- 16384  
 28.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFE436.tmp --------- 512  
 28.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFE42F.tmp --------- 16384  
 28.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFE3A0.tmp --------- 512  
 28.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFE399.tmp --------- 32768  
 28.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DF34CE.tmp --------- 16384  
 28.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DF2759.tmp --------- 0  
 28.01.2011 10:30     C:\Users\jalm\AppData\Local\Temp\{2b7bdadb-ec8c-4c54-b5dd-ce45a016d3a7} --------- 0  
 28.01.2011 10:02     C:\Users\jalm\AppData\Local\Temp\~DFEA39.tmp --------- 311350  
 28.01.2011 10:00     C:\Users\jalm\AppData\Local\Temp\~DF4AD5.tmp --------- 16384  
 27.01.2011 22:55     C:\Users\jalm\AppData\Local\Temp\~DF8C02.tmp --------- 311350  
 27.01.2011 22:54     C:\Users\jalm\AppData\Local\Temp\~DFD530.tmp --------- 16384  
 27.01.2011 10:37     C:\Users\jalm\AppData\Local\Temp\~DFE232.tmp --------- 311350  
 27.01.2011 10:36     C:\Users\jalm\AppData\Local\Temp\~DF62C5.tmp --------- 16384  
 27.01.2011 00:23     C:\Users\jalm\AppData\Local\Temp\~DF2B86.tmp --------- 311350  
 27.01.2011 00:22     C:\Users\jalm\AppData\Local\Temp\~DF152D.tmp --------- 16384  
 26.01.2011 22:15     C:\Users\jalm\AppData\Local\Temp\~DFD915.tmp --------- 311350  
 26.01.2011 22:15     C:\Users\jalm\AppData\Local\Temp\~DF974E.tmp --------- 16384  
 26.01.2011 22:11     C:\Users\jalm\AppData\Local\Temp\~DFE651.tmp --------- 512  
 26.01.2011 22:11     C:\Users\jalm\AppData\Local\Temp\~DFE64A.tmp --------- 16384  
 26.01.2011 22:11     C:\Users\jalm\AppData\Local\Temp\~DFE355.tmp --------- 32768  
 26.01.2011 22:11     C:\Users\jalm\AppData\Local\Temp\~DFE35C.tmp --------- 512  
 26.01.2011 22:11     C:\Users\jalm\AppData\Local\Temp\~DFEB27.tmp --------- 0  
 26.01.2011 22:11     C:\Users\jalm\AppData\Local\Temp\~DFDA5B.tmp --------- 0  
 26.01.2011 22:09     C:\Users\jalm\AppData\Local\Temp\~DF466B.tmp --------- 311350  
 26.01.2011 22:09     C:\Users\jalm\AppData\Local\Temp\~DF852B.tmp --------- 16384  
 26.01.2011 10:00     C:\Users\jalm\AppData\Local\Temp\~DF13AE.tmp --------- 311350  
 26.01.2011 10:00     C:\Users\jalm\AppData\Local\Temp\~DFEDDC.tmp --------- 16384  
 25.01.2011 22:26     C:\Users\jalm\AppData\Local\Temp\~DFEE89.tmp --------- 311350  
 25.01.2011 22:26     C:\Users\jalm\AppData\Local\Temp\~DF7D6.tmp --------- 16384  
 25.01.2011 22:21     C:\Users\jalm\AppData\Local\Temp\~DFAD6E.tmp --------- 0  
 25.01.2011 22:20     C:\Users\jalm\AppData\Local\Temp\~DF6FD0.tmp --------- 0  
 25.01.2011 22:16     C:\Users\jalm\AppData\Local\Temp\~DFD593.tmp --------- 16384  
 25.01.2011 22:16     C:\Users\jalm\AppData\Local\Temp\~DF8409.tmp --------- 28672  
 25.01.2011 22:15     C:\Users\jalm\AppData\Local\Temp\~DF1D22.tmp --------- 16384  
 25.01.2011 22:08     C:\Users\jalm\AppData\Local\Temp\~DF2FC7.tmp --------- 512  
 25.01.2011 22:08     C:\Users\jalm\AppData\Local\Temp\~DF2FBF.tmp --------- 16384  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DF16B.tmp --------- 512  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DF103.tmp --------- 16384  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DFFF62.tmp --------- 512  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DFFF67.tmp --------- 512  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DFFF4A.tmp --------- 32768  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DFFF41.tmp --------- 32768  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DF4ADC.tmp --------- 28672  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DF48F3.tmp --------- 24576  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DF2E74.tmp --------- 16384  
 25.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DFFF60.tmp --------- 16384  
 25.01.2011 22:05     C:\Users\jalm\AppData\Local\Temp\~DF49E3.tmp --------- 311350  
 25.01.2011 22:04     C:\Users\jalm\AppData\Local\Temp\~DF2078.tmp --------- 16384  
 24.01.2011 22:25     C:\Users\jalm\AppData\Local\Temp\~DF8443.tmp --------- 311350  
 24.01.2011 22:24     C:\Users\jalm\AppData\Local\Temp\~DFB0B5.tmp --------- 16384  
 24.01.2011 22:22     C:\Users\jalm\AppData\Local\Temp\~DF2C9B.tmp --------- 0  
 24.01.2011 22:20     C:\Users\jalm\AppData\Local\Temp\~DFADD8.tmp --------- 16384  
 24.01.2011 22:19     C:\Users\jalm\AppData\Local\Temp\~DF483D.tmp --------- 512  
 24.01.2011 22:19     C:\Users\jalm\AppData\Local\Temp\~DF47FE.tmp --------- 16384  
 24.01.2011 22:07     C:\Users\jalm\AppData\Local\Temp\~DF4A5A.tmp --------- 512  
 24.01.2011 22:07     C:\Users\jalm\AppData\Local\Temp\~DF4A52.tmp --------- 622592  
 24.01.2011 22:07     C:\Users\jalm\AppData\Local\Temp\~DF4711.tmp --------- 512  
 24.01.2011 22:07     C:\Users\jalm\AppData\Local\Temp\~DF4709.tmp --------- 32768  
 24.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DF5CA2.tmp --------- 16384  
 24.01.2011 22:06     C:\Users\jalm\AppData\Local\Temp\~DF5BEC.tmp --------- 0  
 24.01.2011 22:05     C:\Users\jalm\AppData\Local\Temp\~DFD25D.tmp --------- 0  
 24.01.2011 22:04     C:\Users\jalm\AppData\Local\Temp\~DF680.tmp --------- 16384  
 24.01.2011 22:03     C:\Users\jalm\AppData\Local\Temp\~DF7073.tmp --------- 311350  
 24.01.2011 22:02     C:\Users\jalm\AppData\Local\Temp\~DF4D66.tmp --------- 16384  
 23.01.2011 17:09     C:\Users\jalm\AppData\Local\Temp\~DF6D37.tmp --------- 311350  
 23.01.2011 17:08     C:\Users\jalm\AppData\Local\Temp\~DFF8CE.tmp --------- 16384  
 22.01.2011 19:50     C:\Users\jalm\AppData\Local\Temp\~DF2012.tmp --------- 311350  
 22.01.2011 19:50     C:\Users\jalm\AppData\Local\Temp\~DFC961.tmp --------- 16384  
 22.01.2011 19:48     C:\Users\jalm\AppData\Local\Temp\~DF30E7.tmp --------- 16384  
 22.01.2011 19:41     C:\Users\jalm\AppData\Local\Temp\~DF880B.tmp --------- 16384  
 22.01.2011 19:32     C:\Users\jalm\AppData\Local\Temp\~DFE6F1.tmp --------- 16384  
 22.01.2011 19:31     C:\Users\jalm\AppData\Local\Temp\~DF33C.tmp --------- 512  
 22.01.2011 19:31     C:\Users\jalm\AppData\Local\Temp\~DF321.tmp --------- 16384  
 22.01.2011 19:31     C:\Users\jalm\AppData\Local\Temp\~DF220.tmp --------- 512  
 22.01.2011 19:31     C:\Users\jalm\AppData\Local\Temp\~DF219.tmp --------- 32768  
 22.01.2011 19:30     C:\Users\jalm\AppData\Local\Temp\~DFAEB6.tmp --------- 0  
 22.01.2011 19:27     C:\Users\jalm\AppData\Local\Temp\~DF770A.tmp --------- 311350  
 22.01.2011 19:26     C:\Users\jalm\AppData\Local\Temp\~DF48F7.tmp --------- 16384  
 21.01.2011 22:49     C:\Users\jalm\AppData\Local\Temp\~DF2720.tmp --------- 311350  
 21.01.2011 22:48     C:\Users\jalm\AppData\Local\Temp\~DF9DB9.tmp --------- 16384  
 21.01.2011 03:25     C:\Users\jalm\AppData\Local\Temp\wmplog00.sqm --------- 1658  
 21.01.2011 03:08     C:\Users\jalm\AppData\Local\Temp\nsmail.ppt --------- 1882624  
 20.01.2011 22:45     C:\Users\jalm\AppData\Local\Temp\~DF9B43.tmp --------- 311350  
 20.01.2011 22:44     C:\Users\jalm\AppData\Local\Temp\~DFADD.tmp --------- 16384  
 19.01.2011 20:48     C:\Users\jalm\AppData\Local\Temp\~DFCE5A.tmp --------- 311350  
 19.01.2011 20:48     C:\Users\jalm\AppData\Local\Temp\~DFCAAB.tmp --------- 16384  
 19.01.2011 20:43     C:\Users\jalm\AppData\Local\Temp\~DF36A.tmp --------- 311350  
 19.01.2011 20:43     C:\Users\jalm\AppData\Local\Temp\~DFBF93.tmp --------- 16384  
 18.01.2011 21:59     C:\Users\jalm\AppData\Local\Temp\~DFF386.tmp --------- 311350  
 18.01.2011 21:58     C:\Users\jalm\AppData\Local\Temp\~DFFEE0.tmp --------- 16384  
 17.01.2011 22:58     C:\Users\jalm\AppData\Local\Temp\~DFAC6A.tmp --------- 311350  
 17.01.2011 22:57     C:\Users\jalm\AppData\Local\Temp\~DFF6D4.tmp --------- 16384  
 17.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFBC39.tmp --------- 512  
 17.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFBC32.tmp --------- 16384  
 17.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFBBAC.tmp --------- 512  
 17.01.2011 22:31     C:\Users\jalm\AppData\Local\Temp\~DFBBA5.tmp --------- 32768  
 17.01.2011 22:30     C:\Users\jalm\AppData\Local\Temp\~DF9868.tmp --------- 28672  
 17.01.2011 22:30     C:\Users\jalm\AppData\Local\Temp\~DF5D74.tmp --------- 16384  
 17.01.2011 22:30     C:\Users\jalm\AppData\Local\Temp\~DF24F9.tmp --------- 311350  
 17.01.2011 22:29     C:\Users\jalm\AppData\Local\Temp\~DFB66F.tmp --------- 16384  
 17.01.2011 09:20     C:\Users\jalm\AppData\Local\Temp\~DF8D9A.tmp --------- 311350  
 17.01.2011 09:20     C:\Users\jalm\AppData\Local\Temp\~DFFB13.tmp --------- 16384  
 16.01.2011 22:24     C:\Users\jalm\AppData\Local\Temp\336BUsFT.JPG.part --------- 2108454  
 16.01.2011 22:12     C:\Users\jalm\AppData\Local\Temp\moz_mapi --------- 0  
 16.01.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF8EA.tmp --------- 311350  
 16.01.2011 18:39     C:\Users\jalm\AppData\Local\Temp\~DF4AE3.tmp --------- 16384  
 16.01.2011 13:06     C:\Users\jalm\AppData\Local\Temp\~DF957F.tmp --------- 311350  
 16.01.2011 13:06     C:\Users\jalm\AppData\Local\Temp\~DF1543.tmp --------- 16384  
 15.01.2011 21:07     C:\Users\jalm\AppData\Local\Temp\DWD9DB9.tmp --------- 0  
 15.01.2011 21:06     C:\Users\jalm\AppData\Local\Temp\DWD44D1.tmp --------- 0  
 15.01.2011 18:01     C:\Users\jalm\AppData\Local\Temp\~DFEF3A.tmp --------- 311350  
 15.01.2011 17:41     C:\Users\jalm\AppData\Local\Temp\~DF3F2D.tmp --------- 311350  
 15.01.2011 17:40     C:\Users\jalm\AppData\Local\Temp\~DFE823.tmp --------- 16384  
 14.01.2011 22:57     C:\Users\jalm\AppData\Local\Temp\~DFC5A5.tmp --------- 311350  
 14.01.2011 22:39     C:\Users\jalm\AppData\Local\Temp\~DFA0BE.tmp --------- 311350  
 14.01.2011 19:08     C:\Users\jalm\AppData\Local\Temp\~DF31B3.tmp --------- 311350  
 14.01.2011 19:07     C:\Users\jalm\AppData\Local\Temp\~DFD8B3.tmp --------- 16384  
 14.01.2011 19:04     C:\Users\jalm\AppData\Local\Temp\~PID182.tmp --------- 57344000  
 14.01.2011 19:04     C:\Users\jalm\AppData\Local\Temp\~PICD4B.tmp --------- 655360  
 14.01.2011 19:04     C:\Users\jalm\AppData\Local\Temp\~PICD3B.tmp --------- 57344000  
 14.01.2011 19:03     C:\Users\jalm\AppData\Local\Temp\~PI7D18.tmp --------- 57344000  
 14.01.2011 19:03     C:\Users\jalm\AppData\Local\Temp\~PI616B.tmp --------- 57344000  
 14.01.2011 19:03     C:\Users\jalm\AppData\Local\Temp\~PI5DC1.tmp --------- 57344000  
 14.01.2011 19:02     C:\Users\jalm\AppData\Local\Temp\~PIA2A5.tmp --------- 57344000  
 14.01.2011 18:59     C:\Users\jalm\AppData\Local\Temp\~PI89D9.tmp --------- 655360  
 14.01.2011 18:59     C:\Users\jalm\AppData\Local\Temp\~PI3ADD.tmp --------- 57344000  
 14.01.2011 18:59     C:\Users\jalm\AppData\Local\Temp\~PI35DC.tmp --------- 57344000  
 14.01.2011 18:59     C:\Users\jalm\AppData\Local\Temp\~PI30BC.tmp --------- 57344000  
 14.01.2011 18:59     C:\Users\jalm\AppData\Local\Temp\~PI103D.tmp --------- 57344000  
 14.01.2011 18:57     C:\Users\jalm\AppData\Local\Temp\~PI3318.tmp --------- 655360  
 14.01.2011 18:56     C:\Users\jalm\AppData\Local\Temp\~PI3AD.tmp --------- 57344000  
 14.01.2011 18:56     C:\Users\jalm\AppData\Local\Temp\~PI42.tmp --------- 655360  
 14.01.2011 18:56     C:\Users\jalm\AppData\Local\Temp\~PI31.tmp --------- 57344000  
 14.01.2011 18:55     C:\Users\jalm\AppData\Local\Temp\~PI8B97.tmp --------- 57344000  
 14.01.2011 18:55     C:\Users\jalm\AppData\Local\Temp\~PI741F.tmp --------- 57344000  
 14.01.2011 18:55     C:\Users\jalm\AppData\Local\Temp\~PI6F9B.tmp --------- 57344000  
 14.01.2011 18:54     C:\Users\jalm\AppData\Local\Temp\~PI1075.tmp --------- 655360  
 14.01.2011 18:51     C:\Users\jalm\AppData\Local\Temp\~DFEE8F.tmp --------- 311350  
 14.01.2011 18:50     C:\Users\jalm\AppData\Local\Temp\~DFA3DA.tmp --------- 16384  
 14.01.2011 15:12     C:\Users\jalm\AppData\Local\Temp\~DFF998.tmp --------- 311350  
 14.01.2011 14:17     C:\Users\jalm\AppData\Local\Temp\~DFA76D.tmp --------- 311350  
 14.01.2011 14:17     C:\Users\jalm\AppData\Local\Temp\~DFC1D3.tmp --------- 16384  
 14.01.2011 14:01     C:\Users\jalm\AppData\Local\Temp\~DFAEF9.tmp --------- 0  
 14.01.2011 13:59     C:\Users\jalm\AppData\Local\Temp\~DFEF20.tmp --------- 0  
 14.01.2011 13:39     C:\Users\jalm\AppData\Local\Temp\~DFC0B.tmp --------- 16384  
 14.01.2011 13:28     C:\Users\jalm\AppData\Local\Temp\~DF40DA.tmp --------- 512  
 14.01.2011 13:28     C:\Users\jalm\AppData\Local\Temp\~DF3A6D.tmp --------- 16384  
 14.01.2011 13:28     C:\Users\jalm\AppData\Local\Temp\~DF32ED.tmp --------- 512  
 14.01.2011 13:28     C:\Users\jalm\AppData\Local\Temp\~DF327F.tmp --------- 32768  
 14.01.2011 13:27     C:\Users\jalm\AppData\Local\Temp\~DF6803.tmp --------- 16384  
 14.01.2011 08:40     C:\Users\jalm\AppData\Local\Temp\~DF42A.tmp --------- 311350  
 14.01.2011 08:39     C:\Users\jalm\AppData\Local\Temp\~DFAF3A.tmp --------- 16384  
 14.01.2011 01:15     C:\Users\jalm\AppData\Local\Temp\~DFA938.tmp --------- 311350  
 14.01.2011 01:14     C:\Users\jalm\AppData\Local\Temp\~DF3D4E.tmp --------- 16384  
 13.01.2011 21:06     C:\Users\jalm\AppData\Local\Temp\~DF8CA2.tmp --------- 311350  
 13.01.2011 21:05     C:\Users\jalm\AppData\Local\Temp\~DF6CB6.tmp --------- 16384  
 13.01.2011 19:31     C:\Users\jalm\AppData\Local\Temp\~DF18E2.tmp --------- 16384  
 13.01.2011 19:04     C:\Users\jalm\AppData\Local\Temp\~DFF0CC.tmp --------- 16384  
 13.01.2011 18:44     C:\Users\jalm\AppData\Local\Temp\~DFA095.tmp --------- 16384  
 13.01.2011 18:38     C:\Users\jalm\AppData\Local\Temp\~DF4F4D.tmp --------- 512  
 13.01.2011 18:38     C:\Users\jalm\AppData\Local\Temp\~DF4F40.tmp --------- 16384  
 13.01.2011 18:38     C:\Users\jalm\AppData\Local\Temp\~DF4EBB.tmp --------- 512  
 13.01.2011 18:38     C:\Users\jalm\AppData\Local\Temp\~DF4EA1.tmp --------- 32768  
 13.01.2011 18:38     C:\Users\jalm\AppData\Local\Temp\~DF91E2.tmp --------- 0  
 13.01.2011 17:30     C:\Users\jalm\AppData\Local\Temp\wmsetup.log --------- 17390  
 13.01.2011 17:29     C:\Users\jalm\AppData\Local\Temp\~DFBF7F.tmp --------- 311350  
 13.01.2011 17:28     C:\Users\jalm\AppData\Local\Temp\~DFE158.tmp --------- 16384  
 12.01.2011 21:02     C:\Users\jalm\AppData\Local\Temp\~DFBF4A.tmp --------- 311350  
 12.01.2011 21:02     C:\Users\jalm\AppData\Local\Temp\~DFA1A7.tmp --------- 16384  
 12.01.2011 11:59     C:\Users\jalm\AppData\Local\Temp\~DF9B4E.tmp --------- 311350  
 12.01.2011 11:59     C:\Users\jalm\AppData\Local\Temp\~DFE210.tmp --------- 16384  
 12.01.2011 11:22     C:\Users\jalm\AppData\Local\Temp\~DFC890.tmp --------- 311350  
 12.01.2011 11:21     C:\Users\jalm\AppData\Local\Temp\~DF3794.tmp --------- 16384  
 11.01.2011 22:23     C:\Users\jalm\AppData\Local\Temp\~DFFDD6.tmp --------- 311350  
 11.01.2011 22:22     C:\Users\jalm\AppData\Local\Temp\~DF1CD7.tmp --------- 16384  
 11.01.2011 22:21     C:\Users\jalm\AppData\Local\Temp\~DF4A61.tmp --------- 16384  
 11.01.2011 22:11     C:\Users\jalm\AppData\Local\Temp\~DF1CFC.tmp --------- 0  
 11.01.2011 22:09     C:\Users\jalm\AppData\Local\Temp\~DFCCD2.tmp --------- 512  
 11.01.2011 22:09     C:\Users\jalm\AppData\Local\Temp\~DFCCC9.tmp --------- 16384  
 11.01.2011 22:09     C:\Users\jalm\AppData\Local\Temp\~DF2D0F.tmp --------- 16384  
 11.01.2011 22:04     C:\Users\jalm\AppData\Local\Temp\~DF1584.tmp --------- 16384  
 11.01.2011 22:04     C:\Users\jalm\AppData\Local\Temp\~DF9C39.tmp --------- 16384  
 11.01.2011 22:03     C:\Users\jalm\AppData\Local\Temp\~DF1D34.tmp --------- 512  
 11.01.2011 22:03     C:\Users\jalm\AppData\Local\Temp\~DF1CF7.tmp --------- 32768  
 11.01.2011 22:03     C:\Users\jalm\AppData\Local\Temp\~DF333C.tmp --------- 16384  
 11.01.2011 22:02     C:\Users\jalm\AppData\Local\Temp\~DF819.tmp --------- 311350  
 11.01.2011 22:01     C:\Users\jalm\AppData\Local\Temp\~DF30D.tmp --------- 16384  
 11.01.2011 12:16     C:\Users\jalm\AppData\Local\Temp\~DFBFD3.tmp --------- 311350  
 11.01.2011 12:15     C:\Users\jalm\AppData\Local\Temp\~DF13A5.tmp --------- 16384  
 10.01.2011 20:53     C:\Users\jalm\AppData\Local\Temp\~DF395C.tmp --------- 311350  
 10.01.2011 20:52     C:\Users\jalm\AppData\Local\Temp\~DF9E66.tmp --------- 16384  
 10.01.2011 01:24     C:\Users\jalm\AppData\Local\Temp\~DF3C90.tmp --------- 311350  
 10.01.2011 01:24     C:\Users\jalm\AppData\Local\Temp\~DF3A2F.tmp --------- 16384  
 04.01.2011 05:15     C:\Users\jalm\AppData\Local\Temp\~DF8327.tmp --------- 16384  
 04.01.2011 05:15     C:\Users\jalm\AppData\Local\Temp\~DF4CA3.tmp --------- 311350  
 03.01.2011 17:39     C:\Users\jalm\AppData\Local\Temp\~DF77C4.tmp --------- 442368  
 03.01.2011 17:14     C:\Users\jalm\AppData\Local\Temp\~DF65C6.tmp --------- 311350  
 03.01.2011 10:33     C:\Users\jalm\AppData\Local\Temp\~DF85DD.tmp --------- 311350  
 03.01.2011 10:32     C:\Users\jalm\AppData\Local\Temp\~DF1B22.tmp --------- 16384  
 03.01.2011 09:27     C:\Users\jalm\AppData\Local\Temp\etilqs_rCsALPxB9MRJs0O6Vy9w-journal --------- 0  
 03.01.2011 09:27     C:\Users\jalm\AppData\Local\Temp\etilqs_rCsALPxB9MRJs0O6Vy9w --------- 0  
 03.01.2011 09:24     C:\Users\jalm\AppData\Local\Temp\~DFD2E5.tmp --------- 311350  
 03.01.2011 09:23     C:\Users\jalm\AppData\Local\Temp\~DF81DA.tmp --------- 16384  
 03.01.2011 04:16     C:\Users\jalm\AppData\Local\Temp\~DF1E08.tmp --------- 147456  
 03.01.2011 03:11     C:\Users\jalm\AppData\Local\Temp\QTInstallCode.log --------- 49619  
 03.01.2011 03:06     C:\Users\jalm\AppData\Local\Temp\SetupAdmin1184.log --------- 84  
 03.01.2011 02:53     C:\Users\jalm\AppData\Local\Temp\MSI442ad.LOG --------- 10786  
 03.01.2011 02:48     C:\Users\jalm\AppData\Local\Temp\qtplugin.log --------- 4716  
 02.01.2011 10:14     C:\Users\jalm\AppData\Local\Temp\~DFBC6D.tmp --------- 311350  
 02.01.2011 10:11     C:\Users\jalm\AppData\Local\Temp\~DF7D5C.tmp --------- 0  
 02.01.2011 10:10     C:\Users\jalm\AppData\Local\Temp\~DF9D0F.tmp --------- 16384  
 02.01.2011 10:10     C:\Users\jalm\AppData\Local\Temp\~DFAA74.tmp --------- 0  
 02.01.2011 10:08     C:\Users\jalm\AppData\Local\Temp\~DF5F91.tmp --------- 512  
 02.01.2011 10:08     C:\Users\jalm\AppData\Local\Temp\~DF5F8A.tmp --------- 16384  
 02.01.2011 10:06     C:\Users\jalm\AppData\Local\Temp\~DFEED2.tmp --------- 512  
 02.01.2011 10:06     C:\Users\jalm\AppData\Local\Temp\~DFEEC3.tmp --------- 32768  
 02.01.2011 10:06     C:\Users\jalm\AppData\Local\Temp\~DFB81.tmp --------- 16384  
 02.01.2011 10:06     C:\Users\jalm\AppData\Local\Temp\~DF9E04.tmp --------- 311350  
 02.01.2011 10:05     C:\Users\jalm\AppData\Local\Temp\~DF2459.tmp --------- 0  
 01.01.2011 23:32     C:\Users\jalm\AppData\Local\Temp\~DFAAF1.tmp --------- 311350  
 01.01.2011 23:31     C:\Users\jalm\AppData\Local\Temp\~DF52FE.tmp --------- 16384  
 01.01.2011 23:29     C:\Users\jalm\AppData\Local\Temp\~DF112E.tmp --------- 16384  
 01.01.2011 23:26     C:\Users\jalm\AppData\Local\Temp\~DFE29F.tmp --------- 16384  
 01.01.2011 18:53     C:\Users\jalm\AppData\Local\Temp\~DF53CD.tmp --------- 24576  
 01.01.2011 17:21     C:\Users\jalm\AppData\Local\Temp\~DF1019.tmp --------- 512  
 01.01.2011 17:21     C:\Users\jalm\AppData\Local\Temp\~DF1012.tmp --------- 16384  
 01.01.2011 17:21     C:\Users\jalm\AppData\Local\Temp\~DFF8C.tmp --------- 512  
 01.01.2011 17:21     C:\Users\jalm\AppData\Local\Temp\~DFF84.tmp --------- 32768  
 01.01.2011 17:06     C:\Users\jalm\AppData\Local\Temp\~DF5938.tmp --------- 512  
 01.01.2011 17:06     C:\Users\jalm\AppData\Local\Temp\~DF5884.tmp --------- 606208  
 01.01.2011 17:04     C:\Users\jalm\AppData\Local\Temp\~DFC313.tmp --------- 16384  
 01.01.2011 17:04     C:\Users\jalm\AppData\Local\Temp\~DF7C21.tmp --------- 311350  
 01.01.2011 17:03     C:\Users\jalm\AppData\Local\Temp\~DF7432.tmp --------- 16384  
 31.12.2010 20:49     C:\Users\jalm\AppData\Local\Temp\drm_dyndata_7400009.dll --------- 204800  
 31.12.2010 20:42     C:\Users\jalm\AppData\Local\Temp\~DFD786.tmp --------- 311350  
 31.12.2010 20:41     C:\Users\jalm\AppData\Local\Temp\~DFA2C7.tmp --------- 16384  
 31.12.2010 17:44     C:\Users\jalm\AppData\Local\Temp\~DFDC20.tmp --------- 0  
 31.12.2010 17:42     C:\Users\jalm\AppData\Local\Temp\~DF44C.tmp --------- 512  
 31.12.2010 17:42     C:\Users\jalm\AppData\Local\Temp\~DF440.tmp --------- 16384  
 31.12.2010 17:42     C:\Users\jalm\AppData\Local\Temp\~DF3CB.tmp --------- 512  
 31.12.2010 17:42     C:\Users\jalm\AppData\Local\Temp\~DF3B5.tmp --------- 32768  
 31.12.2010 17:42     C:\Users\jalm\AppData\Local\Temp\~DF8407.tmp --------- 16384  
 31.12.2010 17:42     C:\Users\jalm\AppData\Local\Temp\~DF7C6C.tmp --------- 16384  
 31.12.2010 17:37     C:\Users\jalm\AppData\Local\Temp\{F2FD9ED7-78CF-41C9-ADD5-AE152CA795E9} --------- 4096  
 31.12.2010 16:30     C:\Users\jalm\AppData\Local\Temp\AmazonMP3AlbumArt.png --------- 8066  
 31.12.2010 16:30     C:\Users\jalm\AppData\Local\Temp\AmazonMP3Logo.png --------- 1689  
 31.12.2010 13:57     C:\Users\jalm\AppData\Local\Temp\~DFF453.tmp --------- 311350  
 30.12.2010 22:12     C:\Users\jalm\AppData\Local\Temp\~DF9FB9.tmp --------- 311350  
 30.12.2010 22:11     C:\Users\jalm\AppData\Local\Temp\~DFFE98.tmp --------- 16384  
 29.12.2010 23:29     C:\Users\jalm\AppData\Local\Temp\~DFD2C2.tmp --------- 311350  
 29.12.2010 23:28     C:\Users\jalm\AppData\Local\Temp\~DF1B99.tmp --------- 16384  
 29.12.2010 12:09     C:\Users\jalm\AppData\Local\Temp\~DFE2F9.tmp --------- 512  
 29.12.2010 12:09     C:\Users\jalm\AppData\Local\Temp\~DFE2F1.tmp --------- 16384  
 29.12.2010 12:09     C:\Users\jalm\AppData\Local\Temp\~DFE29A.tmp --------- 512  
 29.12.2010 12:09     C:\Users\jalm\AppData\Local\Temp\~DFE082.tmp --------- 32768  
 29.12.2010 12:09     C:\Users\jalm\AppData\Local\Temp\~DFBC30.tmp --------- 16384  
 29.12.2010 12:09     C:\Users\jalm\AppData\Local\Temp\~DFABE1.tmp --------- 16384  
 29.12.2010 12:07     C:\Users\jalm\AppData\Local\Temp\~DFE1A1.tmp --------- 311350  
 29.12.2010 12:06     C:\Users\jalm\AppData\Local\Temp\~DF3667.tmp --------- 16384  
 28.12.2010 22:42     C:\Users\jalm\AppData\Local\Temp\~DF82F.tmp --------- 311350  
 28.12.2010 22:41     C:\Users\jalm\AppData\Local\Temp\~DF44A5.tmp --------- 16384  
 28.12.2010 22:16     C:\Users\jalm\AppData\Local\Temp\~DFE233.tmp --------- 16384  
 28.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DF3C6E.tmp --------- 512  
 28.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DF3C53.tmp --------- 16384  
 28.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DF3B78.tmp --------- 512  
 28.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DF3B71.tmp --------- 32768  
 28.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DF785D.tmp --------- 16384  
 28.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DF65B9.tmp --------- 0  
 28.12.2010 20:30     C:\Users\jalm\AppData\Local\Temp\~DFF9EB.tmp --------- 311350  
 28.12.2010 20:29     C:\Users\jalm\AppData\Local\Temp\~DFDEB5.tmp --------- 16384  
 28.12.2010 17:29     C:\Users\jalm\AppData\Local\Temp\~DFB19C.tmp --------- 311350  
 28.12.2010 17:28     C:\Users\jalm\AppData\Local\Temp\~DF33C0.tmp --------- 16384  
 28.12.2010 10:56     C:\Users\jalm\AppData\Local\Temp\~DF72A5.tmp --------- 311350  
 28.12.2010 10:56     C:\Users\jalm\AppData\Local\Temp\~DF7919.tmp --------- 16384  
 27.12.2010 16:32     C:\Users\jalm\AppData\Local\Temp\~DF16E7.tmp --------- 311350  
 27.12.2010 16:31     C:\Users\jalm\AppData\Local\Temp\~DF9A38.tmp --------- 16384  
 27.12.2010 12:33     C:\Users\jalm\AppData\Local\Temp\~DFE586.tmp --------- 311350  
 27.12.2010 12:33     C:\Users\jalm\AppData\Local\Temp\~DF1419.tmp --------- 16384  
 26.12.2010 23:42     C:\Users\jalm\AppData\Local\Temp\~DFD634.tmp --------- 311350  
 26.12.2010 23:41     C:\Users\jalm\AppData\Local\Temp\~DFD43E.tmp --------- 16384  
 26.12.2010 23:38     C:\Users\jalm\AppData\Local\Temp\~DF6C06.tmp --------- 0  
 26.12.2010 23:38     C:\Users\jalm\AppData\Local\Temp\~DFF234.tmp --------- 20480  
 26.12.2010 23:37     C:\Users\jalm\AppData\Local\Temp\~DF2ACC.tmp --------- 16384  
 26.12.2010 23:31     C:\Users\jalm\AppData\Local\Temp\~DFEB0F.tmp --------- 16384  
 26.12.2010 23:19     C:\Users\jalm\AppData\Local\Temp\~DF6EF1.tmp --------- 512  
 26.12.2010 23:19     C:\Users\jalm\AppData\Local\Temp\~DF6ED3.tmp --------- 16384  
 26.12.2010 19:57     C:\Users\jalm\AppData\Local\Temp\~DF68A4.tmp --------- 16384  
 26.12.2010 19:57     C:\Users\jalm\AppData\Local\Temp\~DFD77A.tmp --------- 512  
 26.12.2010 19:57     C:\Users\jalm\AppData\Local\Temp\~DFD773.tmp --------- 32768  
 26.12.2010 19:57     C:\Users\jalm\AppData\Local\Temp\~DF43CF.tmp --------- 16384  
 26.12.2010 19:55     C:\Users\jalm\AppData\Local\Temp\~DF1F6C.tmp --------- 311350  
 26.12.2010 19:54     C:\Users\jalm\AppData\Local\Temp\~DF9B05.tmp --------- 16384  
 26.12.2010 11:25     C:\Users\jalm\AppData\Local\Temp\~DF203C.tmp --------- 311350  
 26.12.2010 11:24     C:\Users\jalm\AppData\Local\Temp\~DF4D2F.tmp --------- 16384  
 26.12.2010 11:13     C:\Users\jalm\AppData\Local\Temp\~DF930F.tmp --------- 0  
 26.12.2010 11:13     C:\Users\jalm\AppData\Local\Temp\~DF158C.tmp --------- 0  
 26.12.2010 11:13     C:\Users\jalm\AppData\Local\Temp\~DF37AD.tmp --------- 512  
 26.12.2010 11:13     C:\Users\jalm\AppData\Local\Temp\~DF37A6.tmp --------- 16384  
 26.12.2010 11:11     C:\Users\jalm\AppData\Local\Temp\~DFAA73.tmp --------- 512  
 26.12.2010 11:11     C:\Users\jalm\AppData\Local\Temp\~DFAA6C.tmp --------- 32768  
 26.12.2010 11:11     C:\Users\jalm\AppData\Local\Temp\~DF5FD1.tmp --------- 16384  
 26.12.2010 11:11     C:\Users\jalm\AppData\Local\Temp\~DF128E.tmp --------- 16384  
 26.12.2010 11:10     C:\Users\jalm\AppData\Local\Temp\~DF5D4D.tmp --------- 311350  
 26.12.2010 11:10     C:\Users\jalm\AppData\Local\Temp\~DFA33C.tmp --------- 16384  
 25.12.2010 12:11     C:\Users\jalm\AppData\Local\Temp\~DF7D2.tmp --------- 311350  
 25.12.2010 12:11     C:\Users\jalm\AppData\Local\Temp\~DF1B33.tmp --------- 16384  
 25.12.2010 11:46     C:\Users\jalm\AppData\Local\Temp\~DFCAD1.tmp --------- 16384  
 25.12.2010 11:43     C:\Users\jalm\AppData\Local\Temp\~DFA5D1.tmp --------- 512  
 25.12.2010 11:43     C:\Users\jalm\AppData\Local\Temp\~DFA5CA.tmp --------- 16384  
 25.12.2010 11:43     C:\Users\jalm\AppData\Local\Temp\~DFA56E.tmp --------- 512  
 25.12.2010 11:43     C:\Users\jalm\AppData\Local\Temp\~DFA567.tmp --------- 32768  
 25.12.2010 11:43     C:\Users\jalm\AppData\Local\Temp\~DFBD2E.tmp --------- 16384  
 25.12.2010 11:33     C:\Users\jalm\AppData\Local\Temp\~DF1B4F.tmp --------- 311350  
 25.12.2010 11:33     C:\Users\jalm\AppData\Local\Temp\~DF2903.tmp --------- 16384  
 25.12.2010 01:50     C:\Users\jalm\AppData\Local\Temp\~DF9A0F.tmp --------- 311350  
 25.12.2010 01:50     C:\Users\jalm\AppData\Local\Temp\~DF7258.tmp --------- 16384  
 24.12.2010 00:06     C:\Users\jalm\AppData\Local\Temp\~DFF7D9.tmp --------- 311350  
 24.12.2010 00:06     C:\Users\jalm\AppData\Local\Temp\~DF63B3.tmp --------- 16384  
 24.12.2010 00:04     C:\Users\jalm\AppData\Local\Temp\~DF9565.tmp --------- 0  
 24.12.2010 00:04     C:\Users\jalm\AppData\Local\Temp\~DF1024.tmp --------- 0  
 24.12.2010 00:04     C:\Users\jalm\AppData\Local\Temp\etilqs_zIz1n3S4GHyyH1Y --------- 3088  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFC538.tmp --------- 512  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFC51B.tmp --------- 16384  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFC4B5.tmp --------- 512  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFC4A1.tmp --------- 32768  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFA461.tmp --------- 512  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFA451.tmp --------- 16384  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFA3B6.tmp --------- 512  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFA393.tmp --------- 32768  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFAA19.tmp --------- 0  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DF939B.tmp --------- 0  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DF6B4A.tmp --------- 0  
 24.12.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DF53BA.tmp --------- 0  
 23.12.2010 23:39     C:\Users\jalm\AppData\Local\Temp\~DFA4A.tmp --------- 311350  
 23.12.2010 23:38     C:\Users\jalm\AppData\Local\Temp\~DF309.tmp --------- 16384  
 23.12.2010 01:18     C:\Users\jalm\AppData\Local\Temp\~DFE1.tmp --------- 311350  
 23.12.2010 01:18     C:\Users\jalm\AppData\Local\Temp\~DF59F7.tmp --------- 16384  
 23.12.2010 00:19     C:\Users\jalm\AppData\Local\Temp\~DF9071.tmp --------- 16384  
 23.12.2010 00:05     C:\Users\jalm\AppData\Local\Temp\~DF8FD4.tmp --------- 32768  
 22.12.2010 23:58     C:\Users\jalm\AppData\Local\Temp\~DF28E5.tmp --------- 512  
 22.12.2010 23:58     C:\Users\jalm\AppData\Local\Temp\~DF28D8.tmp --------- 16384  
 22.12.2010 23:58     C:\Users\jalm\AppData\Local\Temp\~DF284A.tmp --------- 512  
 22.12.2010 23:58     C:\Users\jalm\AppData\Local\Temp\~DF27F2.tmp --------- 32768  
 22.12.2010 23:58     C:\Users\jalm\AppData\Local\Temp\~DF83D7.tmp --------- 0  
 22.12.2010 23:54     C:\Users\jalm\AppData\Local\Temp\~DFDD0.tmp --------- 311350  
 22.12.2010 23:53     C:\Users\jalm\AppData\Local\Temp\~DFFFBB.tmp --------- 16384  
 22.12.2010 08:57     C:\Users\jalm\AppData\Local\Temp\~DF6FBF.tmp --------- 311350  
 22.12.2010 08:56     C:\Users\jalm\AppData\Local\Temp\~DF2A3E.tmp --------- 16384  
 22.12.2010 00:28     C:\Users\jalm\AppData\Local\Temp\~DF1A40.tmp --------- 311350  
 22.12.2010 00:27     C:\Users\jalm\AppData\Local\Temp\~DF39D6.tmp --------- 16384  
 21.12.2010 23:40     C:\Users\jalm\AppData\Local\Temp\~DF60DB.tmp --------- 0  
 21.12.2010 23:34     C:\Users\jalm\AppData\Local\Temp\~DFC0.tmp --------- 16384  
 21.12.2010 23:31     C:\Users\jalm\AppData\Local\Temp\~DF19FB.tmp --------- 512  
 21.12.2010 23:31     C:\Users\jalm\AppData\Local\Temp\~DF19F4.tmp --------- 16384  
 21.12.2010 23:31     C:\Users\jalm\AppData\Local\Temp\~DF1979.tmp --------- 512  
 21.12.2010 23:31     C:\Users\jalm\AppData\Local\Temp\~DF1971.tmp --------- 32768  
 21.12.2010 23:31     C:\Users\jalm\AppData\Local\Temp\~DFEFC2.tmp --------- 16384  
 21.12.2010 23:31     C:\Users\jalm\AppData\Local\Temp\~DFE12B.tmp --------- 16384  
 21.12.2010 23:21     C:\Users\jalm\AppData\Local\Temp\~DF5DBA.tmp --------- 311350  
 21.12.2010 23:21     C:\Users\jalm\AppData\Local\Temp\~DF2075.tmp --------- 16384  
 21.12.2010 00:01     C:\Users\jalm\AppData\Local\Temp\~DF78AA.tmp --------- 311350  
 21.12.2010 00:01     C:\Users\jalm\AppData\Local\Temp\~DF495C.tmp --------- 16384  
 20.12.2010 11:37     C:\Users\jalm\AppData\Local\Temp\~DFDB0B.tmp --------- 311350  
 20.12.2010 11:36     C:\Users\jalm\AppData\Local\Temp\~DFDF2C.tmp --------- 16384  
 20.12.2010 11:34     C:\Users\jalm\AppData\Local\Temp\~DF5F50.tmp --------- 0  
 20.12.2010 11:33     C:\Users\jalm\AppData\Local\Temp\~DF4AB7.tmp --------- 16384  
 20.12.2010 11:33     C:\Users\jalm\AppData\Local\Temp\~DFB7C4.tmp --------- 16384  
 20.12.2010 11:32     C:\Users\jalm\AppData\Local\Temp\~DF5A3.tmp --------- 512  
 20.12.2010 11:32     C:\Users\jalm\AppData\Local\Temp\~DF58C.tmp --------- 16384  
 20.12.2010 11:32     C:\Users\jalm\AppData\Local\Temp\~DF4EA.tmp --------- 512  
 20.12.2010 11:32     C:\Users\jalm\AppData\Local\Temp\~DF4D5.tmp --------- 32768  
 20.12.2010 11:32     C:\Users\jalm\AppData\Local\Temp\~DFF710.tmp --------- 16384  
 20.12.2010 11:32     C:\Users\jalm\AppData\Local\Temp\~DF27C.tmp --------- 16384  
 20.12.2010 11:32     C:\Users\jalm\AppData\Local\Temp\~DFE9D9.tmp --------- 0  
 20.12.2010 11:11     C:\Users\jalm\AppData\Local\Temp\~DFED88.tmp --------- 311350  
 20.12.2010 11:10     C:\Users\jalm\AppData\Local\Temp\~DF3409.tmp --------- 16384  
 20.12.2010 01:48     C:\Users\jalm\AppData\Local\Temp\~DFC504.tmp --------- 311350  
 20.12.2010 01:48     C:\Users\jalm\AppData\Local\Temp\~DF41D0.tmp --------- 16384  
 19.12.2010 22:25     C:\Users\jalm\AppData\Local\Temp\~DF4BD6.tmp --------- 16384  
 19.12.2010 22:25     C:\Users\jalm\AppData\Local\Temp\~DFE857.tmp --------- 311350  
 19.12.2010 20:33     C:\Users\jalm\AppData\Local\Temp\~DFF888.tmp --------- 16384  
 19.12.2010 20:22     C:\Users\jalm\AppData\Local\Temp\~DFFADF.tmp --------- 20480  
 19.12.2010 20:17     C:\Users\jalm\AppData\Local\Temp\~DFC96B.tmp --------- 512  
 19.12.2010 20:17     C:\Users\jalm\AppData\Local\Temp\~DFC953.tmp --------- 16384  
 19.12.2010 20:17     C:\Users\jalm\AppData\Local\Temp\~DFC83F.tmp --------- 512  
 19.12.2010 20:17     C:\Users\jalm\AppData\Local\Temp\~DFC835.tmp --------- 32768  
 19.12.2010 20:17     C:\Users\jalm\AppData\Local\Temp\~DFCE69.tmp --------- 16384  
 19.12.2010 20:15     C:\Users\jalm\AppData\Local\Temp\~DFF030.tmp --------- 311350  
 19.12.2010 20:15     C:\Users\jalm\AppData\Local\Temp\~DF5A5F.tmp --------- 16384  
 18.12.2010 11:37     C:\Users\jalm\AppData\Local\Temp\RapidSolution --------- 4096  
 18.12.2010 11:31     C:\Users\jalm\AppData\Local\Temp\AE5D78C2-025A-4696-88A8-692D1DE35F04.jpeg --------- 7059  
 18.12.2010 11:31     C:\Users\jalm\AppData\Local\Temp\E1CF0DAD-3E70-4CD8-A423-CCB6FB9D7C01.jpeg --------- 9010  
 18.12.2010 11:31     C:\Users\jalm\AppData\Local\Temp\F59509BF-9612-41D4-95C3-F3D1E9120101.jpeg --------- 20122  
 18.12.2010 11:31     C:\Users\jalm\AppData\Local\Temp\051CAEBB-28A1-473A-9BF7-0E57EED64A55.jpeg --------- 55685  
 18.12.2010 11:31     C:\Users\jalm\AppData\Local\Temp\40EC2E60-4204-4585-8CE0-503C9AC6A7B5.jpeg --------- 12211  
 18.12.2010 11:31     C:\Users\jalm\AppData\Local\Temp\trkA12F.tmp --------- 0  
 18.12.2010 10:33     C:\Users\jalm\AppData\Local\Temp\~DF22A4.tmp --------- 311350  
 18.12.2010 10:33     C:\Users\jalm\AppData\Local\Temp\~DFED31.tmp --------- 16384  
 18.12.2010 00:19     C:\Users\jalm\AppData\Local\Temp\NclRegPermissions(2).log --------- 7978  
 18.12.2010 00:08     C:\Users\jalm\AppData\Local\Temp\{daecd796-697c-4bd6-9248-ce83ed2da6dc} --------- 0  
 18.12.2010 00:00     C:\Users\jalm\AppData\Local\Temp\~DFDFAF.tmp --------- 311350  
 17.12.2010 23:59     C:\Users\jalm\AppData\Local\Temp\~DFA39E.tmp --------- 16384  
 17.12.2010 23:50     C:\Users\jalm\AppData\Local\Temp\NSU_c40d5577abb64fa112dba0 --------- 0  
 17.12.2010 23:50     C:\Users\jalm\AppData\Local\Temp\~DFC420.tmp --------- 16384  
 17.12.2010 23:42     C:\Users\jalm\AppData\Local\Temp\NclRegPermissions(1).log --------- 3588  
 17.12.2010 22:49     C:\Users\jalm\AppData\Local\Temp\~DF3FF.tmp --------- 311350  
 17.12.2010 22:47     C:\Users\jalm\AppData\Local\Temp\~DF6C87.tmp --------- 16384  
 17.12.2010 22:43     C:\Users\jalm\AppData\Local\Temp\~DF87F4.tmp --------- 16384  
 17.12.2010 22:36     C:\Users\jalm\AppData\Local\Temp\~DFB62F.tmp --------- 16384  
 17.12.2010 22:32     C:\Users\jalm\AppData\Local\Temp\~DF32FC.tmp --------- 16384  
 17.12.2010 22:26     C:\Users\jalm\AppData\Local\Temp\~DF7242.tmp --------- 512  
 17.12.2010 22:26     C:\Users\jalm\AppData\Local\Temp\~DF7228.tmp --------- 16384  
 17.12.2010 22:25     C:\Users\jalm\AppData\Local\Temp\~DF51AE.tmp --------- 512  
 17.12.2010 22:25     C:\Users\jalm\AppData\Local\Temp\~DF51A2.tmp --------- 606208  
 17.12.2010 22:23     C:\Users\jalm\AppData\Local\Temp\~DFB4A2.tmp --------- 512  
 17.12.2010 22:23     C:\Users\jalm\AppData\Local\Temp\~DFB49B.tmp --------- 32768  
 17.12.2010 22:22     C:\Users\jalm\AppData\Local\Temp\~DF257D.tmp --------- 24576  
 17.12.2010 22:22     C:\Users\jalm\AppData\Local\Temp\~DFB8B.tmp --------- 16384  
 17.12.2010 22:22     C:\Users\jalm\AppData\Local\Temp\~DFAA4D.tmp --------- 311350  
 17.12.2010 22:21     C:\Users\jalm\AppData\Local\Temp\~DF73CE.tmp --------- 16384  
 17.12.2010 13:36     C:\Users\jalm\AppData\Local\Temp\~DFC9CB.tmp --------- 311350  
 17.12.2010 13:35     C:\Users\jalm\AppData\Local\Temp\~DFFF02.tmp --------- 16384  
 17.12.2010 13:31     C:\Users\jalm\AppData\Local\Temp\~DFCBF0.tmp --------- 311350  
 17.12.2010 13:31     C:\Users\jalm\AppData\Local\Temp\~DFBECD.tmp --------- 16384  
 17.12.2010 10:01     C:\Users\jalm\AppData\Local\Temp\~DF7E40.tmp --------- 311350  
 17.12.2010 10:00     C:\Users\jalm\AppData\Local\Temp\~DFC6E8.tmp --------- 16384  
 16.12.2010 21:27     C:\Users\jalm\AppData\Local\Temp\~DFE3E4.tmp --------- 311350  
 16.12.2010 21:26     C:\Users\jalm\AppData\Local\Temp\~DF45B9.tmp --------- 16384  
 16.12.2010 21:23     C:\Users\jalm\AppData\Local\Temp\~DF737C.tmp --------- 0  
 16.12.2010 21:15     C:\Users\jalm\AppData\Local\Temp\~DF19C2.tmp --------- 16384  
 16.12.2010 21:07     C:\Users\jalm\AppData\Local\Temp\~DF9AF9.tmp --------- 311350  
 16.12.2010 21:07     C:\Users\jalm\AppData\Local\Temp\~DF7756.tmp --------- 16384  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFCBA0.tmp --------- 512  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFCB76.tmp --------- 622592  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFCB3B.tmp --------- 512  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFCAE5.tmp --------- 622592  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DF6346.tmp --------- 16384  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DF636D.tmp --------- 512  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DF62E2.tmp --------- 512  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DF62DB.tmp --------- 32768  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFE309.tmp --------- 512  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFE302.tmp --------- 16384  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFE12F.tmp --------- 32768  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFE13E.tmp --------- 512  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DF5C4.tmp --------- 0  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFECF5.tmp --------- 16384  
 16.12.2010 21:06     C:\Users\jalm\AppData\Local\Temp\~DFA751.tmp --------- 0  
 15.12.2010 21:30     C:\Users\jalm\AppData\Local\Temp\~DF5E14.tmp --------- 311350  
 15.12.2010 21:29     C:\Users\jalm\AppData\Local\Temp\~DF24D9.tmp --------- 16384  
 15.12.2010 18:59     C:\Users\jalm\AppData\Local\Temp\~DF6B35.tmp --------- 16384  
 15.12.2010 18:59     C:\Users\jalm\AppData\Local\Temp\~DF2C39.tmp --------- 20480  
 15.12.2010 18:57     C:\Users\jalm\AppData\Local\Temp\~DF3F97.tmp --------- 512  
 15.12.2010 18:57     C:\Users\jalm\AppData\Local\Temp\~DF3F8C.tmp --------- 16384  
 15.12.2010 18:57     C:\Users\jalm\AppData\Local\Temp\~DF3E1E.tmp --------- 512  
 15.12.2010 18:57     C:\Users\jalm\AppData\Local\Temp\~DF3E08.tmp --------- 32768  
 15.12.2010 18:57     C:\Users\jalm\AppData\Local\Temp\~DF10CB.tmp --------- 16384  
 15.12.2010 18:51     C:\Users\jalm\AppData\Local\Temp\~DFC41E.tmp --------- 311350  
 15.12.2010 18:50     C:\Users\jalm\AppData\Local\Temp\~DF815D.tmp --------- 16384  
 14.12.2010 21:05     C:\Users\jalm\AppData\Local\Temp\~DFDF3B.tmp --------- 311350  
 14.12.2010 21:04     C:\Users\jalm\AppData\Local\Temp\~DF8FC1.tmp --------- 16384  
 14.12.2010 21:03     C:\Users\jalm\AppData\Local\Temp\~DF33C2.tmp --------- 0  
 14.12.2010 21:01     C:\Users\jalm\AppData\Local\Temp\~DFA430.tmp --------- 512  
 14.12.2010 21:01     C:\Users\jalm\AppData\Local\Temp\~DFA427.tmp --------- 16384  
 14.12.2010 21:01     C:\Users\jalm\AppData\Local\Temp\~DFA3A0.tmp --------- 512  
 14.12.2010 21:01     C:\Users\jalm\AppData\Local\Temp\~DFA342.tmp --------- 32768  
 14.12.2010 21:01     C:\Users\jalm\AppData\Local\Temp\~DFB3A3.tmp --------- 16384  
 14.12.2010 21:01     C:\Users\jalm\AppData\Local\Temp\~DFA549.tmp --------- 0  
 14.12.2010 20:52     C:\Users\jalm\AppData\Local\Temp\~DF705C.tmp --------- 311350  
 14.12.2010 20:51     C:\Users\jalm\AppData\Local\Temp\~DFF288.tmp --------- 16384  
 14.12.2010 12:02     C:\Users\jalm\AppData\Local\Temp\~DFC7C7.tmp --------- 311350  
 14.12.2010 12:01     C:\Users\jalm\AppData\Local\Temp\~DFFD9.tmp --------- 16384  
 13.12.2010 14:42     C:\Users\jalm\AppData\Local\Temp\~DFB674.tmp --------- 311350  
 13.12.2010 14:41     C:\Users\jalm\AppData\Local\Temp\~DF510C.tmp --------- 16384  
 12.12.2010 22:22     C:\Users\jalm\AppData\Local\Temp\~DF2A0E.tmp --------- 311350  
 12.12.2010 22:22     C:\Users\jalm\AppData\Local\Temp\~DFD11B.tmp --------- 16384  
 12.12.2010 22:15     C:\Users\jalm\AppData\Local\Temp\~DF3985.tmp --------- 16384  
 12.12.2010 21:57     C:\Users\jalm\AppData\Local\Temp\~DF3CFB.tmp --------- 16384  
 12.12.2010 21:56     C:\Users\jalm\AppData\Local\Temp\~DF5B56.tmp --------- 16384  
 12.12.2010 21:55     C:\Users\jalm\AppData\Local\Temp\~DF25A8.tmp --------- 0  
 12.12.2010 21:54     C:\Users\jalm\AppData\Local\Temp\~DFDD3A.tmp --------- 16384  
 12.12.2010 21:54     C:\Users\jalm\AppData\Local\Temp\~DFCEB5.tmp --------- 512  
 12.12.2010 21:54     C:\Users\jalm\AppData\Local\Temp\~DFCEA7.tmp --------- 16384  
 12.12.2010 21:54     C:\Users\jalm\AppData\Local\Temp\~DFCE50.tmp --------- 512  
 12.12.2010 21:54     C:\Users\jalm\AppData\Local\Temp\~DFCE49.tmp --------- 32768  
 12.12.2010 21:53     C:\Users\jalm\AppData\Local\Temp\~DFB966.tmp --------- 16384  
 12.12.2010 21:52     C:\Users\jalm\AppData\Local\Temp\~DFA75B.tmp --------- 311350  
 12.12.2010 21:52     C:\Users\jalm\AppData\Local\Temp\~DF3D0B.tmp --------- 16384  
 11.12.2010 23:58     C:\Users\jalm\AppData\Local\Temp\~DF4ECA.tmp --------- 311350  
 11.12.2010 23:57     C:\Users\jalm\AppData\Local\Temp\~DF7BC3.tmp --------- 16384  
 11.12.2010 23:42     C:\Users\jalm\AppData\Local\Temp\~DFF04F.tmp --------- 311350  
 11.12.2010 23:42     C:\Users\jalm\AppData\Local\Temp\~DF7B8B.tmp --------- 16384  
 11.12.2010 01:29     C:\Users\jalm\AppData\Local\Temp\~DFA31C.tmp --------- 16384  
 10.12.2010 22:47     C:\Users\jalm\AppData\Local\Temp\~DFDD38.tmp --------- 311350  
 10.12.2010 22:46     C:\Users\jalm\AppData\Local\Temp\~DFE1DD.tmp --------- 16384  
 09.12.2010 22:32     C:\Users\jalm\AppData\Local\Temp\~DFD3C0.tmp --------- 311350  
 09.12.2010 22:31     C:\Users\jalm\AppData\Local\Temp\~DFFC2B.tmp --------- 16384  
 09.12.2010 22:29     C:\Users\jalm\AppData\Local\Temp\~DF4798.tmp --------- 0  
 09.12.2010 22:29     C:\Users\jalm\AppData\Local\Temp\~DFD8D4.tmp --------- 16384  
 09.12.2010 22:27     C:\Users\jalm\AppData\Local\Temp\~DF865C.tmp --------- 16384  
 09.12.2010 22:10     C:\Users\jalm\AppData\Local\Temp\~DFDE6C.tmp --------- 512  
 09.12.2010 22:10     C:\Users\jalm\AppData\Local\Temp\~DFDE65.tmp --------- 16384  
 09.12.2010 22:10     C:\Users\jalm\AppData\Local\Temp\~DF9DB6.tmp --------- 0  
 09.12.2010 22:08     C:\Users\jalm\AppData\Local\Temp\~DF4846.tmp --------- 512  
 09.12.2010 22:08     C:\Users\jalm\AppData\Local\Temp\~DF483F.tmp --------- 32768  
 09.12.2010 22:08     C:\Users\jalm\AppData\Local\Temp\~DFB7DE.tmp --------- 16384  
 09.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DF37DE.tmp --------- 311350  
 09.12.2010 22:06     C:\Users\jalm\AppData\Local\Temp\~DFA2CB.tmp --------- 16384  
 08.12.2010 22:03     C:\Users\jalm\AppData\Local\Temp\~DFD2A6.tmp --------- 311350  
 08.12.2010 22:02     C:\Users\jalm\AppData\Local\Temp\~DF1F08.tmp --------- 16384  
 07.12.2010 23:30     C:\Users\jalm\AppData\Local\Temp\newmsg-2 --------- 305  
 07.12.2010 22:42     C:\Users\jalm\AppData\Local\Temp\~DF2A6D.tmp --------- 311350  
 07.12.2010 22:41     C:\Users\jalm\AppData\Local\Temp\~DFC98D.tmp --------- 16384  
 06.12.2010 22:29     C:\Users\jalm\AppData\Local\Temp\~DF6772.tmp --------- 311350  
 06.12.2010 22:25     C:\Users\jalm\AppData\Local\Temp\~DFBC2C.tmp --------- 16384  
 06.12.2010 22:20     C:\Users\jalm\AppData\Local\Temp\~DF9D4.tmp --------- 16384  
 06.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DFD011.tmp --------- 512  
 06.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DFCFF6.tmp --------- 16384  
 06.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DFCF59.tmp --------- 512  
 06.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DFCEDE.tmp --------- 32768  
 06.12.2010 22:07     C:\Users\jalm\AppData\Local\Temp\~DFFD89.tmp --------- 0  
 06.12.2010 21:51     C:\Users\jalm\AppData\Local\Temp\~DFD9D3.tmp --------- 311350  
 06.12.2010 21:51     C:\Users\jalm\AppData\Local\Temp\~DFFB0D.tmp --------- 16384  
 06.12.2010 01:05     C:\Users\jalm\AppData\Local\Temp\114121850812723223.tmp --------- 107  
 05.12.2010 21:34     C:\Users\jalm\AppData\Local\Temp\~DFE87E.tmp --------- 311350  
 05.12.2010 21:34     C:\Users\jalm\AppData\Local\Temp\~DF4BE2.tmp --------- 16384  
 05.12.2010 21:29     C:\Users\jalm\AppData\Local\Temp\~DF4B92.tmp --------- 0  
 05.12.2010 21:29     C:\Users\jalm\AppData\Local\Temp\~DF890.tmp --------- 16384  
 05.12.2010 21:25     C:\Users\jalm\AppData\Local\Temp\~DF4422.tmp --------- 0  
 05.12.2010 21:15     C:\Users\jalm\AppData\Local\Temp\~DF3A6A.tmp --------- 512  
 05.12.2010 21:15     C:\Users\jalm\AppData\Local\Temp\~DF3A59.tmp --------- 16384  
 05.12.2010 21:13     C:\Users\jalm\AppData\Local\Temp\~DF7C65.tmp --------- 512  
 05.12.2010 21:13     C:\Users\jalm\AppData\Local\Temp\~DF7C5E.tmp --------- 32768  
 05.12.2010 21:12     C:\Users\jalm\AppData\Local\Temp\~DF81B2.tmp --------- 311350  
 05.12.2010 21:12     C:\Users\jalm\AppData\Local\Temp\~DF8F2A.tmp --------- 16384  
 05.12.2010 21:11     C:\Users\jalm\AppData\Local\Temp\~DF1FF9.tmp --------- 16384  
 04.12.2010 15:35     C:\Users\jalm\AppData\Local\Temp\~DF49EA.tmp --------- 311350  
 04.12.2010 15:35     C:\Users\jalm\AppData\Local\Temp\~DF58B1.tmp --------- 16384  
 03.12.2010 23:29     C:\Users\jalm\AppData\Local\Temp\~DFB80D.tmp --------- 311350  
 03.12.2010 23:28     C:\Users\jalm\AppData\Local\Temp\~DFF814.tmp --------- 16384  
 01.12.2010 22:00     C:\Users\jalm\AppData\Local\Temp\~DF829C.tmp --------- 311350  
 01.12.2010 21:59     C:\Users\jalm\AppData\Local\Temp\~DF3598.tmp --------- 16384  
 01.12.2010 21:48     C:\Users\jalm\AppData\Local\Temp\~DF3A4C.tmp --------- 16384  
 01.12.2010 21:46     C:\Users\jalm\AppData\Local\Temp\~DFCD3.tmp --------- 512  
 01.12.2010 21:46     C:\Users\jalm\AppData\Local\Temp\~DFCBF.tmp --------- 16384  
 01.12.2010 21:46     C:\Users\jalm\AppData\Local\Temp\~DFA04.tmp --------- 512  
 01.12.2010 21:46     C:\Users\jalm\AppData\Local\Temp\~DF9EF.tmp --------- 32768  
 01.12.2010 21:45     C:\Users\jalm\AppData\Local\Temp\~DF2C8A.tmp --------- 16384  
 01.12.2010 21:44     C:\Users\jalm\AppData\Local\Temp\~DFBA13.tmp --------- 311350  
 01.12.2010 21:44     C:\Users\jalm\AppData\Local\Temp\~DFEBF5.tmp --------- 16384  
 01.12.2010 17:25     C:\Users\jalm\AppData\Local\Temp\~DFDBD.tmp --------- 311350  
 01.12.2010 17:24     C:\Users\jalm\AppData\Local\Temp\~DF1FB5.tmp --------- 16384  
 01.12.2010 17:10     C:\Users\jalm\AppData\Local\Temp\~DFACF5.tmp --------- 16384  
 01.12.2010 17:04     C:\Users\jalm\AppData\Local\Temp\~DF9C7B.tmp --------- 512  
 01.12.2010 17:04     C:\Users\jalm\AppData\Local\Temp\~DF9C44.tmp --------- 16384  
 01.12.2010 17:04     C:\Users\jalm\AppData\Local\Temp\~DF9BDA.tmp --------- 512  
 01.12.2010 17:04     C:\Users\jalm\AppData\Local\Temp\~DF9B9E.tmp --------- 32768  
 01.12.2010 17:03     C:\Users\jalm\AppData\Local\Temp\~DF8B2E.tmp --------- 16384  
 01.12.2010 16:55     C:\Users\jalm\AppData\Local\Temp\~DF3A4E.tmp --------- 311350  
 01.12.2010 16:55     C:\Users\jalm\AppData\Local\Temp\~DF374A.tmp --------- 16384  
 29.11.2010 23:59     C:\Users\jalm\AppData\Local\Temp\3FE35621-0C8B-4793-BC2F-974556F3BFC4.jpeg --------- 5799  
 29.11.2010 23:59     C:\Users\jalm\AppData\Local\Temp\461B359A-B91F-49A7-B45F-7D605DADD6AE.jpeg --------- 19011  
 29.11.2010 23:59     C:\Users\jalm\AppData\Local\Temp\238DA0FE-2830-484A-A521-FD2694A49434.jpeg --------- 47983  
 29.11.2010 23:59     C:\Users\jalm\AppData\Local\Temp\CEAB88E7-DB9C-450F-B09A-DBAE4B582816.jpeg --------- 24002  
 29.11.2010 23:59     C:\Users\jalm\AppData\Local\Temp\9ABB6B07-62EA-41B5-B726-01400B42BE8E.jpeg --------- 17728  
 29.11.2010 23:59     C:\Users\jalm\AppData\Local\Temp\DA7B868E-505C-4AAE-90B7-A7188CF7F80E.jpeg --------- 11910  
 29.11.2010 23:59     C:\Users\jalm\AppData\Local\Temp\trk4EFD.tmp --------- 0  
 29.11.2010 23:04     C:\Users\jalm\AppData\Local\Temp\~DFE75A.tmp --------- 311350  
 29.11.2010 23:04     C:\Users\jalm\AppData\Local\Temp\~DF8BF3.tmp --------- 311350  
 29.11.2010 23:03     C:\Users\jalm\AppData\Local\Temp\audio9775974.wav --------- 0  
 29.11.2010 22:57     C:\Users\jalm\AppData\Local\Temp\audio9435564.wav --------- 0  
 29.11.2010 22:45     C:\Users\jalm\AppData\Local\Temp\audio8696868.wav --------- 0  
 29.11.2010 22:22     C:\Users\jalm\AppData\Local\Temp\nscopy-6.tmp --------- 55764283  
 29.11.2010 22:22     C:\Users\jalm\AppData\Local\Temp\nsemail.eml --------- 55764034  
 29.11.2010 22:22     C:\Users\jalm\AppData\Local\Temp\nsmail-47.tmp --------- 133  
 29.11.2010 22:22     C:\Users\jalm\AppData\Local\Temp\nsemail.html --------- 404  
 29.11.2010 22:16     C:\Users\jalm\AppData\Local\Temp\nsmail-46.tmp --------- 0  
 29.11.2010 22:08     C:\Users\jalm\AppData\Local\Temp\~DF46C7.tmp --------- 229376  
 29.11.2010 22:04     C:\Users\jalm\AppData\Local\Temp\audio6255000.wav --------- 0  
 29.11.2010 21:28     C:\Users\jalm\AppData\Local\Temp\~DFF84C.tmp --------- 311350  
 29.11.2010 21:27     C:\Users\jalm\AppData\Local\Temp\~DF5A0C.tmp --------- 311350  
 29.11.2010 21:27     C:\Users\jalm\AppData\Local\Temp\~DFFDC5.tmp --------- 311350  
 29.11.2010 20:22     C:\Users\jalm\AppData\Local\Temp\~DF2BFF.tmp --------- 311350  
 29.11.2010 19:22     C:\Users\jalm\AppData\Local\Temp\~DF39D8.tmp --------- 16384  
 29.11.2010 19:19     C:\Users\jalm\AppData\Local\Temp\~DF41CD.tmp --------- 0  
 29.11.2010 19:15     C:\Users\jalm\AppData\Local\Temp\~DF10FA.tmp --------- 512  
 29.11.2010 19:15     C:\Users\jalm\AppData\Local\Temp\~DF10F3.tmp --------- 16384  
 29.11.2010 19:15     C:\Users\jalm\AppData\Local\Temp\~DF1091.tmp --------- 512  
 29.11.2010 19:15     C:\Users\jalm\AppData\Local\Temp\~DF108A.tmp --------- 32768  
 29.11.2010 19:15     C:\Users\jalm\AppData\Local\Temp\~DF2B02.tmp --------- 16384  
 29.11.2010 18:58     C:\Users\jalm\AppData\Local\Temp\~DF12AD.tmp --------- 311350  
 29.11.2010 18:57     C:\Users\jalm\AppData\Local\Temp\~DF6DC.tmp --------- 16384  
 28.11.2010 19:59     C:\Users\jalm\AppData\Local\Temp\~DF5817.tmp --------- 311350  
 28.11.2010 19:59     C:\Users\jalm\AppData\Local\Temp\~DFA077.tmp --------- 16384  
 28.11.2010 12:46     C:\Users\jalm\AppData\Local\Temp\~DFF39.tmp --------- 311350  
 28.11.2010 12:45     C:\Users\jalm\AppData\Local\Temp\~DF4B6D.tmp --------- 16384  
 28.11.2010 12:43     C:\Users\jalm\AppData\Local\Temp\~DFA2B.tmp --------- 0  
 28.11.2010 12:43     C:\Users\jalm\AppData\Local\Temp\~DF488B.tmp --------- 16384  
 28.11.2010 12:36     C:\Users\jalm\AppData\Local\Temp\~DF6E82.tmp --------- 16384  
 28.11.2010 12:32     C:\Users\jalm\AppData\Local\Temp\~DFC57D.tmp --------- 0  
 28.11.2010 12:25     C:\Users\jalm\AppData\Local\Temp\~DFC4E.tmp --------- 0  
 28.11.2010 12:23     C:\Users\jalm\AppData\Local\Temp\~DF6F67.tmp --------- 512  
 28.11.2010 12:23     C:\Users\jalm\AppData\Local\Temp\~DF6F5F.tmp --------- 16384  
 28.11.2010 12:23     C:\Users\jalm\AppData\Local\Temp\~DF7415.tmp --------- 0  
 28.11.2010 12:22     C:\Users\jalm\AppData\Local\Temp\~DF2B8A.tmp --------- 512  
 28.11.2010 12:22     C:\Users\jalm\AppData\Local\Temp\~DF2B83.tmp --------- 32768  
 28.11.2010 12:22     C:\Users\jalm\AppData\Local\Temp\~DF63D2.tmp --------- 0  
 28.11.2010 12:21     C:\Users\jalm\AppData\Local\Temp\~DF4F48.tmp --------- 311350  
 28.11.2010 12:20     C:\Users\jalm\AppData\Local\Temp\~DF5655.tmp --------- 16384  
 28.11.2010 00:36     C:\Users\jalm\AppData\Local\Temp\~DF39B4.tmp --------- 311350  
 28.11.2010 00:35     C:\Users\jalm\AppData\Local\Temp\~DFD3CD.tmp --------- 16384  
 28.11.2010 00:32     C:\Users\jalm\AppData\Local\Temp\~DF82EF.tmp --------- 0  
 28.11.2010 00:22     C:\Users\jalm\AppData\Local\Temp\~DFF867.tmp --------- 16384  
 27.11.2010 23:45     C:\Users\jalm\AppData\Local\Temp\~DF2D3D.tmp --------- 512  
 27.11.2010 23:45     C:\Users\jalm\AppData\Local\Temp\~DF2D17.tmp --------- 16384  
 27.11.2010 23:43     C:\Users\jalm\AppData\Local\Temp\~DFAD12.tmp --------- 512  
 27.11.2010 23:43     C:\Users\jalm\AppData\Local\Temp\~DFAD0B.tmp --------- 589824  
 27.11.2010 23:42     C:\Users\jalm\AppData\Local\Temp\~DF4EB4.tmp --------- 512  
 27.11.2010 23:42     C:\Users\jalm\AppData\Local\Temp\~DF4EAD.tmp --------- 32768  
 27.11.2010 23:42     C:\Users\jalm\AppData\Local\Temp\~DFDDCF.tmp --------- 16384  
 27.11.2010 23:41     C:\Users\jalm\AppData\Local\Temp\~DFAF70.tmp --------- 311350  
 27.11.2010 23:40     C:\Users\jalm\AppData\Local\Temp\~DF917C.tmp --------- 16384  
 27.11.2010 18:53     C:\Users\jalm\AppData\Local\Temp\~DFB10E.tmp --------- 311350  
 27.11.2010 18:52     C:\Users\jalm\AppData\Local\Temp\~DF7B3F.tmp --------- 16384  
 27.11.2010 00:35     C:\Users\jalm\AppData\Local\Temp\~DFE03E.tmp --------- 512  
 27.11.2010 00:35     C:\Users\jalm\AppData\Local\Temp\~DFDFF9.tmp --------- 16384  
 27.11.2010 00:35     C:\Users\jalm\AppData\Local\Temp\~DFDE92.tmp --------- 512  
 27.11.2010 00:35     C:\Users\jalm\AppData\Local\Temp\~DFDE86.tmp --------- 32768  
 27.11.2010 00:35     C:\Users\jalm\AppData\Local\Temp\~DFF5FF.tmp --------- 0  
 27.11.2010 00:35     C:\Users\jalm\AppData\Local\Temp\~DFE965.tmp --------- 0  
 26.11.2010 23:30     C:\Users\jalm\AppData\Local\Temp\~DF6CE8.tmp --------- 311350  
 26.11.2010 23:29     C:\Users\jalm\AppData\Local\Temp\~DF8517.tmp --------- 16384  
 26.11.2010 23:16     C:\Users\jalm\AppData\Local\Temp\~DFFA61.tmp --------- 16384  
 26.11.2010 23:13     C:\Users\jalm\AppData\Local\Temp\~DFB2C6.tmp --------- 512  
 26.11.2010 23:13     C:\Users\jalm\AppData\Local\Temp\~DFAE71.tmp --------- 16384  
 26.11.2010 23:13     C:\Users\jalm\AppData\Local\Temp\~DFAE12.tmp --------- 512  
 26.11.2010 23:13     C:\Users\jalm\AppData\Local\Temp\~DFAE09.tmp --------- 32768  
 26.11.2010 23:13     C:\Users\jalm\AppData\Local\Temp\~DFDC12.tmp --------- 16384  
 26.11.2010 23:13     C:\Users\jalm\AppData\Local\Temp\~DFCF4D.tmp --------- 0  
 26.11.2010 22:52     C:\Users\jalm\AppData\Local\Temp\~DFE969.tmp --------- 311350  
 26.11.2010 22:51     C:\Users\jalm\AppData\Local\Temp\~DF81F4.tmp --------- 16384  
 25.11.2010 22:38     C:\Users\jalm\AppData\Local\Temp\~DF227.tmp --------- 311350  
 25.11.2010 22:37     C:\Users\jalm\AppData\Local\Temp\~DF5C65.tmp --------- 16384  
 25.11.2010 10:49     C:\Users\jalm\AppData\Local\Temp\~DFE6E5.tmp --------- 311350  
 25.11.2010 10:48     C:\Users\jalm\AppData\Local\Temp\~DF3AB0.tmp --------- 16384  
 25.11.2010 10:45     C:\Users\jalm\AppData\Local\Temp\~DFD485.tmp --------- 28672  
 25.11.2010 10:44     C:\Users\jalm\AppData\Local\Temp\~DF4F1F.tmp --------- 512  
 25.11.2010 10:44     C:\Users\jalm\AppData\Local\Temp\~DF4EA9.tmp --------- 589824  
 25.11.2010 10:44     C:\Users\jalm\AppData\Local\Temp\~DF4EC1.tmp --------- 512  
 25.11.2010 10:44     C:\Users\jalm\AppData\Local\Temp\~DF4E03.tmp --------- 16384  
 25.11.2010 10:44     C:\Users\jalm\AppData\Local\Temp\~DF4A86.tmp --------- 512  
 25.11.2010 10:44     C:\Users\jalm\AppData\Local\Temp\~DF483C.tmp --------- 32768  
 25.11.2010 10:40     C:\Users\jalm\AppData\Local\Temp\~DF32CE.tmp --------- 0  
 25.11.2010 10:40     C:\Users\jalm\AppData\Local\Temp\~DFB83F.tmp --------- 311350  
 25.11.2010 10:39     C:\Users\jalm\AppData\Local\Temp\~DF67D.tmp --------- 16384  
 24.11.2010 21:32     C:\Users\jalm\AppData\Local\Temp\~DF9541.tmp --------- 311350  
 24.11.2010 21:31     C:\Users\jalm\AppData\Local\Temp\~DFA628.tmp --------- 16384  
 24.11.2010 01:16     C:\Users\jalm\AppData\Local\Temp\1309378.od --------- 134  
 24.11.2010 01:16     C:\Users\jalm\AppData\Local\Temp\CVRFA74.tmp.cvr --------- 0  
 24.11.2010 00:56     C:\Users\jalm\AppData\Local\Temp\~DFD4D8.tmp --------- 311350  
 24.11.2010 00:55     C:\Users\jalm\AppData\Local\Temp\~DFF637.tmp --------- 16384  
 23.11.2010 00:39     C:\Users\jalm\AppData\Local\Temp\~DF54DF.tmp --------- 0  
 23.11.2010 00:26     C:\Users\jalm\AppData\Local\Temp\~DFBDBC.tmp --------- 16384  
 23.11.2010 00:10     C:\Users\jalm\AppData\Local\Temp\~DF538C.tmp --------- 512  
 23.11.2010 00:10     C:\Users\jalm\AppData\Local\Temp\~DF5385.tmp --------- 16384  
 23.11.2010 00:10     C:\Users\jalm\AppData\Local\Temp\~DF5321.tmp --------- 512  
 23.11.2010 00:10     C:\Users\jalm\AppData\Local\Temp\~DF531A.tmp --------- 32768  
 23.11.2010 00:09     C:\Users\jalm\AppData\Local\Temp\~DF96AF.tmp --------- 16384  
 23.11.2010 00:08     C:\Users\jalm\AppData\Local\Temp\~DFE25D.tmp --------- 311350  
 23.11.2010 00:07     C:\Users\jalm\AppData\Local\Temp\~DF9FAF.tmp --------- 16384  
 22.11.2010 09:13     C:\Users\jalm\AppData\Local\Temp\~DFD5CE.tmp --------- 311350  
 22.11.2010 09:13     C:\Users\jalm\AppData\Local\Temp\~DFEBE2.tmp --------- 16384  
 21.11.2010 22:15     C:\Users\jalm\AppData\Local\Temp\~DFCD8B.tmp --------- 311350  
 21.11.2010 22:14     C:\Users\jalm\AppData\Local\Temp\~DF26C2.tmp --------- 16384  
 21.11.2010 17:24     C:\Users\jalm\AppData\Local\Temp\bUVjvtgD.jpg.part --------- 953612  
 21.11.2010 17:23     C:\Users\jalm\AppData\Local\Temp\uhIOkoV1.jpg.part --------- 1037257  
 21.11.2010 16:54     C:\Users\jalm\AppData\Local\Temp\~DFCA7B.tmp --------- 311350  
 21.11.2010 16:54     C:\Users\jalm\AppData\Local\Temp\~DFE1E8.tmp --------- 16384  
 20.11.2010 21:59     C:\Users\jalm\AppData\Local\Temp\~DF2136.tmp --------- 311350  
 20.11.2010 21:58     C:\Users\jalm\AppData\Local\Temp\~DFF881.tmp --------- 16384  
 20.11.2010 16:02     C:\Users\jalm\AppData\Local\Temp\~DFD8B.tmp --------- 311350  
 20.11.2010 16:01     C:\Users\jalm\AppData\Local\Temp\~DFBFDA.tmp --------- 16384  
 18.11.2010 16:02     C:\Users\jalm\AppData\Local\Temp\~DFA5F4.tmp --------- 311350  
 18.11.2010 16:01     C:\Users\jalm\AppData\Local\Temp\~DF5932.tmp --------- 16384  
 17.11.2010 23:52     C:\Users\jalm\AppData\Local\Temp\~DFC0BB.tmp --------- 311350  
 17.11.2010 23:51     C:\Users\jalm\AppData\Local\Temp\~DFF933.tmp --------- 16384  
 17.11.2010 23:19     C:\Users\jalm\AppData\Local\Temp\~DF1F18.tmp --------- 0  
 17.11.2010 23:19     C:\Users\jalm\AppData\Local\Temp\etilqs_VIf6hKoYZjZ9yN9 --------- 3088  
 17.11.2010 23:18     C:\Users\jalm\AppData\Local\Temp\Brief.pdf --------- 45209  
 17.11.2010 23:16     C:\Users\jalm\AppData\Local\Temp\~DFF860.tmp --------- 16384  
 17.11.2010 22:51     C:\Users\jalm\AppData\Local\Temp\~DF3B2A.tmp --------- 512  
 17.11.2010 22:51     C:\Users\jalm\AppData\Local\Temp\~DF3B0F.tmp --------- 16384  
 17.11.2010 22:51     C:\Users\jalm\AppData\Local\Temp\~DF3948.tmp --------- 512  
 17.11.2010 22:51     C:\Users\jalm\AppData\Local\Temp\~DF38E2.tmp --------- 32768  
 17.11.2010 22:48     C:\Users\jalm\AppData\Local\Temp\~DF1C5F.tmp --------- 16384  
 17.11.2010 22:48     C:\Users\jalm\AppData\Local\Temp\~DF17E3.tmp --------- 0  
 17.11.2010 22:48     C:\Users\jalm\AppData\Local\Temp\~DF8C89.tmp --------- 0  
 17.11.2010 22:48     C:\Users\jalm\AppData\Local\Temp\~DFEE80.tmp --------- 311350  
 17.11.2010 22:47     C:\Users\jalm\AppData\Local\Temp\~DFF423.tmp --------- 311350  
 17.11.2010 22:47     C:\Users\jalm\AppData\Local\Temp\~DF9FB1.tmp --------- 16384  
 17.11.2010 00:12     C:\Users\jalm\AppData\Local\Temp\~DFBD6.tmp --------- 311350  
 17.11.2010 00:12     C:\Users\jalm\AppData\Local\Temp\~DFD390.tmp --------- 16384  
 17.11.2010 00:03     C:\Users\jalm\AppData\Local\Temp\~DFB591.tmp --------- 16384  
 17.11.2010 00:00     C:\Users\jalm\AppData\Local\Temp\~DF942F.tmp --------- 512  
 17.11.2010 00:00     C:\Users\jalm\AppData\Local\Temp\~DF9418.tmp --------- 16384  
 16.11.2010 23:35     C:\Users\jalm\AppData\Local\Temp\~DFDCB9.tmp --------- 16384  
 16.11.2010 23:33     C:\Users\jalm\AppData\Local\Temp\~DFB200.tmp --------- 16384  
 16.11.2010 23:18     C:\Users\jalm\AppData\Local\Temp\~DF4B09.tmp --------- 512  
 16.11.2010 23:18     C:\Users\jalm\AppData\Local\Temp\~DF4AFD.tmp --------- 32768  
 16.11.2010 23:18     C:\Users\jalm\AppData\Local\Temp\~DF8FE8.tmp --------- 16384  
 16.11.2010 23:18     C:\Users\jalm\AppData\Local\Temp\~DFC944.tmp --------- 311350  
 16.11.2010 23:17     C:\Users\jalm\AppData\Local\Temp\~DF8133.tmp --------- 16384  
 16.11.2010 00:08     C:\Users\jalm\AppData\Local\Temp\~DF360.tmp --------- 311350  
 16.11.2010 00:07     C:\Users\jalm\AppData\Local\Temp\~DF3112.tmp --------- 16384  
 16.11.2010 00:04     C:\Users\jalm\AppData\Local\Temp\~DF2FEA.tmp --------- 16384  
 15.11.2010 23:50     C:\Users\jalm\AppData\Local\Temp\~DF734E.tmp --------- 16384  
 15.11.2010 23:49     C:\Users\jalm\AppData\Local\Temp\~DFB53D.tmp --------- 0  
 15.11.2010 23:37     C:\Users\jalm\AppData\Local\Temp\~DFF9F9.tmp --------- 512  
 15.11.2010 23:37     C:\Users\jalm\AppData\Local\Temp\~DFF9F1.tmp --------- 16384  
 15.11.2010 23:37     C:\Users\jalm\AppData\Local\Temp\~DFF994.tmp --------- 512  
 15.11.2010 23:37     C:\Users\jalm\AppData\Local\Temp\~DFF98D.tmp --------- 32768  
 15.11.2010 23:37     C:\Users\jalm\AppData\Local\Temp\~DF278E.tmp --------- 16384  
 15.11.2010 23:37     C:\Users\jalm\AppData\Local\Temp\~DF16CD.tmp --------- 0  
 15.11.2010 23:35     C:\Users\jalm\AppData\Local\Temp\~DF1C58.tmp --------- 311350  
 15.11.2010 23:34     C:\Users\jalm\AppData\Local\Temp\~DFB336.tmp --------- 16384  
 14.11.2010 22:41     C:\Users\jalm\AppData\Local\Temp\~DF2B42.tmp --------- 311350  
 14.11.2010 22:40     C:\Users\jalm\AppData\Local\Temp\~DFE502.tmp --------- 16384  
 14.11.2010 00:00     C:\Users\jalm\AppData\Local\Temp\~DFFE2.tmp --------- 311350  
 14.11.2010 00:00     C:\Users\jalm\AppData\Local\Temp\~DFF986.tmp --------- 16384  
 13.11.2010 00:31     C:\Users\jalm\AppData\Local\Temp\~DFF792.tmp --------- 311350  
 13.11.2010 00:30     C:\Users\jalm\AppData\Local\Temp\~DFBA57.tmp --------- 16384  
 11.11.2010 23:02     C:\Users\jalm\AppData\Local\Temp\~DFDA28.tmp --------- 311350  
 11.11.2010 23:01     C:\Users\jalm\AppData\Local\Temp\~DF9F09.tmp --------- 16384  
 10.11.2010 23:33     C:\Users\jalm\AppData\Local\Temp\~DF95E8.tmp --------- 311350  
 10.11.2010 23:32     C:\Users\jalm\AppData\Local\Temp\~DF43D5.tmp --------- 16384  
 10.11.2010 00:05     C:\Users\jalm\AppData\Local\Temp\~DF4B02.tmp --------- 311350  
 09.11.2010 23:54     C:\Users\jalm\AppData\Local\Temp\~DF1898.tmp --------- 311350  
 09.11.2010 23:53     C:\Users\jalm\AppData\Local\Temp\~DF423A.tmp --------- 16384  
 09.11.2010 23:01     C:\Users\jalm\AppData\Local\Temp\~DFBB96.tmp --------- 16384  
 09.11.2010 22:42     C:\Users\jalm\AppData\Local\Temp\~DFE325.tmp --------- 16384  
 09.11.2010 22:38     C:\Users\jalm\AppData\Local\Temp\~DF8040.tmp --------- 0  
 09.11.2010 18:48     C:\Users\jalm\AppData\Local\Temp\~DF3C21.tmp --------- 0  
 09.11.2010 18:38     C:\Users\jalm\AppData\Local\Temp\~DF326D.tmp --------- 0  
 09.11.2010 18:28     C:\Users\jalm\AppData\Local\Temp\~DF7D7.tmp --------- 0  
 09.11.2010 18:19     C:\Users\jalm\AppData\Local\Temp\~DFEF67.tmp --------- 16384  
 09.11.2010 18:01     C:\Users\jalm\AppData\Local\Temp\~DFA83C.tmp --------- 512  
 09.11.2010 18:01     C:\Users\jalm\AppData\Local\Temp\~DFA80C.tmp --------- 16384  
 09.11.2010 18:01     C:\Users\jalm\AppData\Local\Temp\~DFA791.tmp --------- 512  
 09.11.2010 18:01     C:\Users\jalm\AppData\Local\Temp\~DFA783.tmp --------- 32768  
 09.11.2010 18:01     C:\Users\jalm\AppData\Local\Temp\~DFE274.tmp --------- 0  
 09.11.2010 16:52     C:\Users\jalm\AppData\Local\Temp\~DF5CD8.tmp --------- 311350  
 09.11.2010 16:52     C:\Users\jalm\AppData\Local\Temp\~DFA355.tmp --------- 16384  
 09.11.2010 12:20     C:\Users\jalm\AppData\Local\Temp\Temp1_trafficmsw.zip --------- 0  
 09.11.2010 12:07     C:\Users\jalm\AppData\Local\Temp\97CSGg8s.TuG --------- 0  
 09.11.2010 11:37     C:\Users\jalm\AppData\Local\Temp\~DFE115.tmp --------- 311350  
 09.11.2010 11:10     C:\Users\jalm\AppData\Local\Temp\~DF999C.tmp --------- 311350  
 09.11.2010 11:10     C:\Users\jalm\AppData\Local\Temp\~DF9736.tmp --------- 16384  
 08.11.2010 22:42     C:\Users\jalm\AppData\Local\Temp\~DFD61D.tmp --------- 311350  
 08.11.2010 20:59     C:\Users\jalm\AppData\Local\Temp\~DFD417.tmp --------- 311350  
 08.11.2010 20:58     C:\Users\jalm\AppData\Local\Temp\~DFEAC6.tmp --------- 16384  
 08.11.2010 11:24     C:\Users\jalm\AppData\Local\Temp\~DF64C0.tmp --------- 311350  
 08.11.2010 11:24     C:\Users\jalm\AppData\Local\Temp\~DF5035.tmp --------- 16384  
 07.11.2010 20:36     C:\Users\jalm\AppData\Local\Temp\~DF3E10.tmp --------- 311350  
 07.11.2010 20:36     C:\Users\jalm\AppData\Local\Temp\~DF98CB.tmp --------- 16384  
 07.11.2010 18:43     C:\Users\jalm\AppData\Local\Temp\~DF8A7E.tmp --------- 28672  
 07.11.2010 18:41     C:\Users\jalm\AppData\Local\Temp\~DF4468.tmp --------- 512  
 07.11.2010 18:41     C:\Users\jalm\AppData\Local\Temp\~DF4449.tmp --------- 16384  
 07.11.2010 18:41     C:\Users\jalm\AppData\Local\Temp\~DF4306.tmp --------- 512  
 07.11.2010 18:41     C:\Users\jalm\AppData\Local\Temp\~DF42EC.tmp --------- 32768  
----------------------------------------

 
C:\Program Files

 20.02.2011 23:07     C:\Program Files\Trend Micro --------- 0  
 10.02.2011 21:49     C:\Program Files\7-Zip --------- 4096  
 10.02.2011 21:03     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 09.02.2011 21:42     C:\Program Files\Windows Mail --------- 4096  
 09.02.2011 21:42     C:\Program Files\Internet Explorer --------- 4096  
 08.02.2011 22:30     C:\Program Files\InstallShield Installation Information --------- 8192  
 08.02.2011 22:30     C:\Program Files\HomeCinema --------- 4096  
 08.02.2011 22:30     C:\Program Files\DSL-Manager --------- 4096  
 08.02.2011 22:30     C:\Program Files\Common Files --------- 4096  
 04.02.2011 00:36     C:\Program Files\AVAST Software --------- 0  
 28.01.2011 10:29     C:\Program Files\Metaboli Player --------- 0  
 11.01.2011 12:14     C:\Program Files\Microsoft Silverlight --------- 4096  
 03.01.2011 03:15     C:\Program Files\iTunes --------- 8192  
 03.01.2011 03:14     C:\Program Files\iPod --------- 0  
 03.01.2011 02:48     C:\Program Files\QuickTime --------- 4096  
 02.01.2011 03:03     C:\Program Files\Microsoft Games for Windows - LIVE --------- 0  
 31.12.2010 17:36     C:\Program Files\BRS --------- 4096  
 31.12.2010 17:34     C:\Program Files\OpenAL --------- 0  
 31.12.2010 17:11     C:\Program Files\Codemasters --------- 0  
 27.12.2010 02:42     C:\Program Files\Zylom Games --------- 0  
 18.12.2010 00:21     C:\Program Files\DIFX --------- 0  
 18.12.2010 00:19     C:\Program Files\PC Connectivity Solution --------- 12288  
 18.12.2010 00:18     C:\Program Files\Nokia --------- 0  
 16.12.2010 01:55     C:\Program Files\Microsoft Works --------- 24576  
 14.12.2010 23:47     C:\Program Files\Audiograbber --------- 4096  
 13.12.2010 21:20     C:\Program Files\Mozilla Thunderbird --------- 28672  
 04.12.2010 15:40     C:\Program Files\Adobe --------- 0  
 09.11.2010 12:14     C:\Program Files\TrafficMonitor --------- 4096  
 09.11.2010 11:48     C:\Program Files\Netzmanager --------- 12288  
 05.11.2010 00:17     C:\Program Files\ANNO 1503 --------- 12288  
 31.10.2010 01:00     C:\Program Files\PixiePack Codec Pack --------- 0  
 31.10.2010 01:00     C:\Program Files\RapidSolution --------- 0  
 24.10.2010 01:01     C:\Program Files\CHIP.de --------- 4096  
 24.10.2010 01:01     C:\Program Files\Conduit --------- 0  
 24.10.2010 01:00     C:\Program Files\ConduitEngine --------- 4096  
 23.10.2010 23:37     C:\Program Files\simppulltoolbar --------- 0  
 23.10.2010 23:36     C:\Program Files\FinalMediaPlayer --------- 0  
 23.10.2010 23:34     C:\Program Files\Winferno --------- 0  
 23.10.2010 23:34     C:\Program Files\PriceGong --------- 0  
 23.10.2010 23:10     C:\Program Files\FreemakeVideoDownloader --------- 0  
 17.10.2010 00:32     C:\Program Files\Bonjour --------- 4096  
 17.10.2010 00:26     C:\Program Files\Safari --------- 4096  
 15.10.2010 14:45     C:\Program Files\Windows Media Player --------- 4096  
 11.10.2010 01:25     C:\Program Files\Chat Republic Games --------- 0  
 14.08.2010 00:09     C:\Program Files\Movie Maker --------- 4096  
 24.07.2010 23:37     C:\Program Files\Kaspersky Lab --------- 0  
 24.07.2010 23:06     C:\Program Files\Amazon --------- 0  
 12.07.2010 01:26     C:\Program Files\Google --------- 4096  
 27.06.2010 10:35     C:\Program Files\Microsoft.NET --------- 0  
 10.06.2010 21:22     C:\Program Files\Microsoft --------- 0  
 07.06.2010 00:22     C:\Program Files\ICQ6Toolbar --------- 4096  
 02.05.2010 10:45     C:\Program Files\eBay --------- 0  
 28.12.2009 23:20     C:\Program Files\ICQ6.5 --------- 16384  
 12.12.2009 23:42     C:\Program Files\Yahoo --------- 4096  
 02.12.2009 21:18     C:\Program Files\Mozilla Firefox --------- 8192  
 23.11.2009 23:55     C:\Program Files\Skype --------- 0  
 22.11.2009 21:55     C:\Program Files\Windows Portable Devices --------- 0  
 21.11.2009 02:02     C:\Program Files\Windows Calendar --------- 0  
 21.11.2009 02:02     C:\Program Files\Windows Sidebar --------- 4096  
 21.11.2009 02:02     C:\Program Files\Windows Collaboration --------- 4096  
 21.11.2009 02:02     C:\Program Files\Windows Journal --------- 4096  
 21.11.2009 02:02     C:\Program Files\Windows Photo Gallery --------- 4096  
 21.11.2009 02:02     C:\Program Files\Windows Defender --------- 4096  
 15.11.2009 01:16     C:\Program Files\DivX --------- 8192  
 29.09.2009 21:09     C:\Program Files\Apple Software Update --------- 4096  
 08.01.2009 01:30     C:\Program Files\Windows Live --------- 4096  
 08.01.2009 01:22     C:\Program Files\Windows Live SkyDrive --------- 0  
 04.01.2009 00:37     C:\Program Files\T-Mobile --------- 0  
 28.12.2008 23:17     C:\Program Files\EACOM --------- 0  
 28.12.2008 23:12     C:\Program Files\EA SPORTS --------- 0  
 25.12.2008 21:53     C:\Program Files\Windows NT --------- 4096  
 25.12.2008 21:53     C:\Program Files\Gemeinsame Dateien --------- 0  
 22.10.2008 07:02     C:\Program Files\Windows Live Toolbar --------- 0  
 22.10.2008 06:18     C:\Program Files\CyberLink --------- 0  
 22.10.2008 04:40     C:\Program Files\X10 Hardware --------- 0  
 20.10.2008 06:58     C:\Program Files\Dolby --------- 0  
 20.10.2008 06:52     C:\Program Files\MSXML 4.0 --------- 0  
 20.10.2008 06:51     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 0  
 20.10.2008 06:43     C:\Program Files\Microsoft Office --------- 4096  
 20.10.2008 06:22     C:\Program Files\Nero --------- 0  
 20.10.2008 06:15     C:\Program Files\Microsoft SQL Server Compact Edition --------- 0  
 20.10.2008 06:08     C:\Program Files\Java --------- 4096  
 20.10.2008 06:08     C:\Program Files\MEDIONmail --------- 4096  
 20.10.2008 05:35     C:\Program Files\Corel --------- 0  
 20.10.2008 04:40     C:\Program Files\Synaptics --------- 0  
 20.10.2008 04:37     C:\Program Files\Realtek --------- 0  
 21.01.2008 03:43     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 13:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 13:37     C:\Program Files\MSBuild --------- 0  
 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

jalm    
Public    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        32.536 K
smss.exe                       488 Services                   0           592 K
csrss.exe                      620 Services                   0         4.964 K
wininit.exe                    668 Services                   0         2.984 K
csrss.exe                      676 Console                    1         9.192 K
services.exe                   724 Services                   0         4.552 K
lsass.exe                      740 Services                   0         7.880 K
lsm.exe                        748 Services                   0         3.136 K
svchost.exe                    908 Services                   0         5.968 K
nvvsvc.exe                     968 Services                   0         2.580 K
svchost.exe                   1008 Services                   0         6.200 K
svchost.exe                   1068 Services                   0        27.924 K
svchost.exe                   1116 Services                   0         9.024 K
svchost.exe                   1156 Services                   0        69.652 K
svchost.exe                   1200 Services                   0        26.416 K
winlogon.exe                  1272 Console                    1         4.296 K
audiodg.exe                   1340 Services                   0        13.748 K
svchost.exe                   1360 Services                   0         3.912 K
SLsvc.exe                     1388 Services                   0        10.468 K
svchost.exe                   1444 Services                   0        11.428 K
rundll32.exe                  1744 Console                    1         6.184 K
spoolsv.exe                   1968 Services                   0         7.200 K
svchost.exe                   2028 Services                   0        12.152 K
dwm.exe                         12 Console                    1        54.848 K
explorer.exe                   896 Console                    1        64.916 K
taskeng.exe                    744 Services                   0         5.000 K
taskeng.exe                   1624 Console                    1         9.716 K
MSASCui.exe                   2256 Console                    1         6.440 K
RtHDVCpl.exe                  2280 Console                    1         5.104 K
SynTPEnh.exe                  2368 Console                    1         5.492 K
AppleMobileDeviceService.     2416 Services                   0         3.964 K
PDVDServ.exe                  2484 Console                    1         4.476 K
avp.exe                       2544 Services                   0        42.504 K
GoogleDesktop.exe             2604 Console                    1         8.148 K
rundll32.exe                  2684 Console                    1         4.192 K
avp.exe                       2708 Console                    1         5.636 K
mDNSResponder.exe             2716 Services                   0         3.576 K
AdobeARM.exe                  2736 Console                    1         6.884 K
iTunesHelper.exe              2776 Console                    1         6.296 K
sidebar.exe                   2784 Console                    1         8.228 K
svchost.exe                   2796 Services                   0        17.020 K
GtDetectSc.exe                2860 Services                   0         2.924 K
ehtray.exe                    2876 Console                    1         1.964 K
ICQ Service.exe               3032 Services                   0         3.316 K
ISUSPM.exe                    3132 Console                    1         4.920 K
msnmsgr.exe                   3144 Console                    1         3.536 K
wmpnscfg.exe                  3168 Console                    1         4.376 K
web'n'walk Manager.exe        3304 Console                    1         5.448 K
DslMgr.exe                    3312 Console                    1         5.944 K
netzmanager.exe               3328 Console                    1        61.492 K
NBService.exe                 3508 Services                   0         4.468 K
Netzmanager_Service.exe       3760 Services                   0        71.616 K
IoctlSvc.exe                  3820 Services                   0         2.308 K
svchost.exe                   3844 Services                   0         3.348 K
PSIService.exe                3880 Services                   0         2.904 K
RichVideo.exe                 3948 Services                   0         2.968 K
svchost.exe                   3988 Services                   0         4.232 K
TMPacketServiceInit.exe       4016 Services                   0         2.992 K
VCDAudioService.exe            772 Services                   0         2.564 K
ehmsas.exe                    2036 Console                    1         3.056 K
svchost.exe                   2448 Services                   0         3.268 K
WLIDSVC.EXE                   2396 Services                   0         7.180 K
SearchIndexer.exe              576 Services                   0        14.220 K
X10nets.exe                   1024 Services                   0         4.268 K
YahooAUService.exe            2104 Services                   0         8.508 K
WmiPrvSE.exe                  2632 Services                   0         9.468 K
WLIDSVCM.EXE                  2624 Services                   0         2.192 K
wmpnetwk.exe                   916 Services                   0        10.676 K
ehsched.exe                   4328 Services                   0         3.120 K
NMIndexingService.exe         4452 Services                   0         3.880 K
iPodService.exe               4668 Services                   0         3.872 K
DslMgrSvc.exe                 4984 Services                   0         6.120 K
ehrecvr.exe                   5608 Services                   0         7.128 K
SynTPHelper.exe               5500 Console                    1         3.280 K
Ymsgr_tray.exe                5348 Console                    1         5.168 K
PresentationFontCache.exe     2424 Services                   0         6.996 K
svchost.exe                   5728 Services                   0         2.852 K
iexplore.exe                  5460 Console                    1        40.576 K
iexplore.exe                  4468 Console                    1       112.400 K
conime.exe                    4680 Console                    1         4.052 K
klwtblfs.exe                  2928 Console                    1         5.460 K
FlashUtil10d.exe              3644 Console                    1         5.632 K
iexplore.exe                  7048 Console                    1        71.000 K
HiJackThis.exe                7860 Console                    1        13.032 K
notepad.exe                    244 Console                    1         5.700 K
cmd.exe                       7304 Console                    1         3.432 K
tasklist.exe                  8068 Console                    1         4.820 K

 
***** Ende des Scans 21.02.2011 um  0:01:54,05 ***

roots · 21.02.2011, 02:42

Hier noch die Textdatei vom CCleaner, hat im letzten Post nicht reingepasst.

Code:

ATTFilter

7-Zip 9.11 beta		09.02.2011	3,34MB	
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	24.12.2008	14,0MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	12.12.2009		10.0.42.34
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	05.11.2010		10.1.102.64
Adobe Reader 9.2 - Deutsch	Adobe Systems Incorporated	03.12.2010	161,6MB	9.2.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	17.10.2010	17,0MB	11.5.8.612
Amazon MP3-Downloader 1.0.9		23.07.2010	2,56MB	
ANNO 1503		03.11.2010	1.537MB	
Apple Application Support	Apple Inc.	02.01.2011	52,7MB	1.4.1
Apple Mobile Device Support	Apple Inc.	02.01.2011	21,7MB	3.3.0.69
Apple Software Update	Apple Inc.	28.09.2009	2,16MB	2.1.1.116
Audials TV	RapidSolution Software AG	30.10.2010	2,07MB	1.3.10803.300
AudialsOne	RapidSolution Software AG	30.10.2010	356MB	4.2.13600.0
Audiograbber 1.83 SE	Audiograbber	14.12.2010		1.83 SE 
Bonjour	Apple Inc.	16.10.2010	0,76MB	2.0.3.0
CCleaner	Piriform	20.02.2011	3,48MB	3.03
CHIP.de Toolbar	CHIP.de	23.10.2010	3,96MB	6.2.2.4
Compatibility Pack für 2007 Office System	Microsoft Corporation	10.11.2010	124,3MB	12.0.6425.1000
Conduit Engine	Conduit Ltd.	23.10.2010	3,82MB	
Corel MediaOne	Corel Corporation	19.10.2008	165,7MB	2.00.0000
CorelDRAW Essential Edition 3	Corel Corporation	19.10.2008	227MB	
CyberLink MediaShow	CyberLink Corp.	21.10.2008	308MB	4.1.2019
CyberLink PhotoNow	CyberLink Corp.	21.10.2008	19,5MB	1.1.5203
CyberLink PowerDirector	CyberLink Corp.	21.10.2008	414MB	7.0.2209a
CyberLink PowerDVD	PowerDVDCorp.	24.12.2008	88,3MB	7.0.3118.0
CyberLink PowerProducer	CyberLink Corp.	21.10.2008	296MB	5.0815
CyberLink YouCam	CyberLink Corp.	21.10.2008	72,8MB	2.0.2521
DiRT2	Codemasters	30.12.2010	10.436MB	1.00.0000
DivX Codec	DivX, Inc.	14.11.2009	1,57MB	6.9.1
DivX Converter	DivX, Inc.	14.11.2009	45,3MB	7.1.0
DivX Player	DivX, Inc.	14.11.2009	8,43MB	7.2.0
DivX Plus DirectShow Filters	DivX, Inc.	14.11.2009	1,58MB	
DivX Web Player	DivX,Inc.	14.11.2009	2,83MB	1.5.0
Dolby Control Center	Dolby	19.10.2008	75,5MB	1.1.0601
DSL-Manager		08.11.2010	2,43MB	
EA.com Matchup		27.12.2008	2,44MB	
EA.com Update		27.12.2008	2,43MB	
Google Chrome	Google Inc.	07.02.2011	335MB	9.0.597.98
Google Desktop	Google	05.08.2010	17,4MB	5.9.1005.12335
Google Toolbar for Internet Explorer	Google Inc.	12.07.2010	16,6MB	
HiJackThis	Trend Micro	20.02.2011	0,36MB	1.0.0
ICQ Toolbar	ICQ	08.01.2009		3.0.0
ICQ6.5	ICQ	08.01.2009	47,8MB	6.5
iTunes	Apple Inc.	02.01.2011	144,8MB	10.1.1.4
Java(TM) 6 Update 7	Sun Microsystems, Inc.	19.10.2008	136,2MB	1.6.0.70
Kaspersky Internet Security 2011	Kaspersky Lab	23.07.2010	61,8MB	11.0.1.400
MakeDisc	CyberLink Corp.	24.12.2008	102,3MB	3.0.2601
Malwarebytes' Anti-Malware	Malwarebytes Corporation	09.02.2011	4,80MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	14.08.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	09.08.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.06.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	26.06.2010	24,5MB	4.0.30319
Microsoft Games for Windows - LIVE	Microsoft Corporation	01.01.2011	6,01MB	3.4.54.0
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	01.01.2011	31,3MB	3.4.18.0
Microsoft Office Home and Student 2007	Microsoft Corporation	30.11.2009	300MB	12.0.6425.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	09.06.2010	0,49MB	2.0.4024.1
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	10.11.2010	51,0MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	09.01.2011	11,9MB	4.0.51204.0
Microsoft SQL Server 2005 Compact Edition [DEU]	Microsoft Corporation	19.10.2008	0,32MB	3.1.0000
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	19.10.2008	1,74MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	02.08.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	30.12.2010	2,38MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	31.10.2010	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	30.10.2010	0,58MB	9.0.30729
Microsoft Works	Microsoft Corporation	15.12.2010	378MB	9.7.0621
MobileMe Control Panel	Apple Inc.	02.01.2011	12,0MB	3.1.5.0
Mozilla Firefox (3.0.5)	Mozilla	02.01.2009	27,8MB	3.0.5 (de)
Mozilla Thunderbird (3.1.7)	Mozilla	12.12.2010	37,7MB	3.1.7 (de)
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	19.10.2008	1,28MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	19.10.2008	1,28MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	26.12.2008	1,29MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,35MB	4.20.9876.0
Nero 8 Essentials	Nero AG	19.10.2008	1.938MB	8.3.124
Netzmanager	Deutsche Telekom AG	08.11.2010	12,8MB	1.045
NHL 2002		27.12.2008	345MB	
Nokia Connectivity Cable Driver	Nokia	16.12.2010	3,22MB	7.1.31.0
Nokia Software Updater	Nokia Corporation	17.12.2010	45,4MB	02.06.006.44298
NVIDIA Drivers		20.11.2009		
OpenAL		30.12.2010	0,77MB	
PC Connectivity Solution	Nokia	17.12.2010	12,9MB	10.42.0.0
PixiePack Codec Pack	None	30.10.2010	16,8MB	1.1.1200.0
QuickStores-Toolbar 1.2.0	AB-Tools.com	13.12.2010	0,98MB	1.2.0
QuickTime	Apple Inc.	02.01.2011	73,7MB	7.69.80.9
Rapture3D 2.3.22 Game	Blue Ripple Sound	30.12.2010	9,56MB	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	19.10.2008	23,7MB	6.0.1.5704
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	19.10.2008	6,58MB	3.0.1.3
Safari	Apple Inc.	16.10.2010	41,3MB	5.33.18.5
Skype Toolbars	Skype Technologies S.A.	28.04.2010	6,12MB	1.0.4051
Skype™ 4.2	Skype Technologies S.A.	27.04.2010	31,1MB	4.2.158
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	03.12.2010	29,7MB	9.0.0
Synaptics Pointing Device Driver	Synaptics	19.10.2008	13,7MB	10.2.2.0
TrafficMonitor 4.86		08.11.2010	6,67MB	
Turbo Lister 2	eBay Inc.	01.05.2010	77,5MB	2.00.0000
web'n'walk Manager	Option NV	03.01.2009	2,43MB	2.5.0.68
Windows Live Essentials	Microsoft Corporation	07.01.2009	136,5MB	14.0.8050.1202
Windows Live ID-Anmelde-Assistent	Microsoft Corporation	09.06.2010	4,69MB	6.500.3165.0
Windows Live Sync	Microsoft Corporation	07.01.2009	2,80MB	14.0.8050.1202
Windows Live-Uploadtool	Microsoft Corporation	07.01.2009	0,22MB	14.0.8014.1029
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)	Nokia	17.12.2010		08/22/2008 7.0.0.0
X10 Hardware(TM)		24.12.2008	28,00KB	
Yahoo! Messenger	Yahoo! Inc.	11.12.2009	31,9MB	
Yahoo! Software Update		11.12.2009	0,68MB	
Yahoo! Toolbar		11.12.2009	37,2MB	
Zylom Games Player Plugin	Zylom Games	26.12.2010	0,49MB

kira · 22.02.2011, 06:56

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

R3 - URLSearchHook: (no name) - - (no file)

3.

Zitat:

**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.

alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
gib in der Suchleiste unter dem Windows Start Button folgendes ein:

Code:

ATTFilter

 %temp%

Inhalt markieren und löschen:
- anschließend den Papierkorb leeren

4.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

roots · 24.02.2011, 00:21

Habe bisher nur den Suchlauf mit Malwarebytes nochmal veranlasst, allerdings "Keine bösartigen Objekte gefunden". Weitere Infos, wie angefordert, folgen noch.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5850

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

23.02.2011 15:34:59
mbam-log-2011-02-23 (15-34-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 369414
Laufzeit: 5 Stunde(n), 11 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

kira · 24.02.2011, 09:18

Ok, mache weiter, wie beschrieben

roots · 26.02.2011, 22:37

Hab nun soweit alles erledigt, hier das Logfile von HijackThis.

[code]
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:30:47, on 26.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\jalm\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CHIP.de Toolbar - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Program Files\CHIP.de\tbCHIP.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: CHIP.de Toolbar - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Program Files\CHIP.de\tbCHIP.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - .DEFAULT User Startup: DSL-Manager.lnk = C:\Program Files\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Global Startup: web'n'walk Manager.lnk = C:\Program Files\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F601577A-DCC5-4A71-819A-37B3068B271B}: NameServer = 192.168.2.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\MZVKBD3.DLL,C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GtDetectSc - Option - C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netzmanager Infrastruktur Informationssystem Dienst (Netzmanager Service) - Deutsche Telekom AG - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Program Files\DSL-Manager\DslMgrSvc.exe
O23 - Service: TrafficMonitor Packettreiber Initialisierung (TMPService) - Mirko Böer - C:\Program Files\TrafficMonitor\TMPacketServiceInit.exe
O23 - Service: Virtual CDAudio Service - RapidSolution Software AG - C:\Program Files\RapidSolution\AudialsOne 4\VCDWriter\32\VCDAudioService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11575 bytes

--- --- ---

kira · 27.02.2011, 09:16

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)

► Empfehlungen/Vorschläge:
2.
BHO`s & Toolbars (im Logfile HijackThis 02 u. 03 aufgelistet):
Immer mehr Programme bringen eine Toolbar mit.(wie z.B. Google, Yaho,Messenger, Winamp, ICQ usw). Manche Zustimmung der User installiert, manche wieder ohne Wissen des Benutzers

Viele davon sehr fehleranfällig und fressen eine Menge an Systemressourcen. Zur funktionstüchtigen Installation der jeweiligen Software ist Toolbar aber nicht notwendig, zudem die meisten modernen Browser mit vielen zusätzlichen Funktionen ausgestattet sind. Ausserdem die dazugehörigen Programme, funktionieren auch ohne...
Man kann sie deinstallieren oder mit HJT fixen: alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O2 - BHO: CHIP.de Toolbar - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Program Files\CHIP.de\tbCHIP.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: CHIP.de Toolbar - {a8ec1669-14c8-4382-bb8d-c53f91648e0a} - C:\Program Files\CHIP.de\tbCHIP.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)

3.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

4.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

** Systemzustand stabil? noch Probleme?

Malware lässt sich unter Kaspersky 2011 nicht löschen

Plagegeister aller Art und deren Bekämpfung: Malware lässt sich unter Kaspersky 2011 nicht löschen