virus-seite? google suche wird zu einem werbe paradies...

Fi3t3 · 17.04.2011, 12:18

Die Überschrift spricht schon alles in einem Satz aus. Als ich gestern auf der Suche nach dem Programm Express Rip war, (von NCH Software und natürlich die Testversion) kam eine Werbeanzeige, die ich versehentlich angeklickt hatte weil sie mir entgegengesprungen ist. Urplötzlich sah ich den Setupdownload. Als ich das startete verschwand die Datei und avast schlug Alarm, was mich nicht sehr wunderte. Danach ist das Windows Sicherheitszenter ausgegangen und es wurde mir als Problemmeldung angezeigt. Da ich nicht so ein Vollidiot bin wusste ich, dass der Trojaner sich direkt im AppData Ordner verstecken würde, was er auch getan hat. Weil ich einen Wutanfall bekommen habe war der Trojaner schneller gelöscht als er sich ausbreiten konnte

. Und wer jetzt denkt das wars, DAS HÄTTEST DU WOHL GERN

: Denn ab jetzt passiert das immer wieder: Wenn ich eine Seite google und anklicke (Beispiel als ich TrojanerBoard gegoogelt habe), dann öffnet sich ein Link, der heisst:"www.goingonearth.com/search.php?q=trojanerboard&n=1303039480", also mit meiner Suche und dann werde ich zu einer Werbeanzeige geleitet die sofort von 3 Schutz-add-ons (WOT, avast WebRep, Computerbild Abzockschutz) blockiert wird. Und das passiert STÄNDIG

. Malwarebytes Scans haben nichts ergeben.. das muss endlich ein Ende haben

Wer kennt sich mit sowas aus? Ich mache auch OTL Scans, falls nötig. Danke im Vorraus

EDIT: ... www.mywot.com/en/forum/8429-goingonearth-com-stay-away

kira · 17.04.2011, 21:44

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

Zitat:

Malware versucht die Arbeit mit dem Computer zu erschweren: z.B. wenn Du auf von mir angegebenen Link klickst, kann es sein, dass du dann automatisch auf eine gefälschte Seite weitergeleitet wirst.
In diesem Fall bitte möglichst sofortige Rückmeldung!

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

4.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

5.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

6.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

7.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

Fi3t3 · 18.04.2011, 00:55

Also als allererstes Mal : Danke für die Hilfe... nun die befolgten Anweisungen:

1. Hier die Log-File von GMER

Code:

ATTFilter

GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 01:06:11
Windows 6.1.7600  
Running: h75gbzf5.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001bdc002e32 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001bdc002e32@001b5934560e             0xE6 0x40 0x4B 0x23 ...
Reg  HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001bdc002e32@5492bebde6fe             0x9F 0x66 0xBF 0x96 ...
Reg  HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001bdc002e32@0009dd5089c0             0x4C 0x65 0x03 0xC3 ...
Reg  HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001bdc002e32@58170c59393c             0x9F 0x2F 0x7E 0x23 ...
Reg  HKLM\SYSTEM\CurrentControlSet@5                                                                  1107
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002e32                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002e32@001b5934560e         0xE6 0x40 0x4B 0x23 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002e32@5492bebde6fe         0x9F 0x66 0xBF 0x96 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002e32@0009dd5089c0         0x4C 0x65 0x03 0xC3 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bdc002e32@58170c59393c         0x9F 0x2F 0x7E 0x23 ...

---- EOF - GMER 1.0.15 ----

2. Muss ich ehrlich sagen ich hab die Anweisungen befolgt aber die CMD schließt sich zu schnell, als dass ich lesen kann oder überhaupt etwas eingeben könnte. Shit happens.

3. Malwarebytes Scans habe ich heute 2 mal gemacht, es wurde nur eine Datei gefunden, sprich flh.exe, also der Trojaner bzw. Dropper. Den habe ich bereits aus meinem AppData-Ordner entfernt, man kann die Datei nochmal in der HijackThisScanList sehen.

4. HijackThis-Log:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:22:40, on 18.04.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\FIETE\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.137.72:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (file missing)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\FIETE\AppData\Roaming\UUSoQLdiE9hE.exe,
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (file missing)
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [0ESKOMO9JO] C:\Users\FIETE\AppData\Local\Temp\Flh.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B3C37CD-C72C-4B53-8F21-1F816160E80F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CF8EFA5-1173-414E-9BEC-5D86B7AA82AF}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B3C37CD-C72C-4B53-8F21-1F816160E80F}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14540 bytes

5. Da ich zum Glück ein wenig Erfahrung in Sachen kleinere Viren habe, wusste ich wo sich ein Trojaner als erstes verstecken würde, also weiss ich wie man den AppData Ordner usw sichtbar macht (Organisieren => Ordner-& Suchoptionen)

6. HJTScanlist:

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

  18.04.2011 01:21     C:\mbr.log --------- 0   
  18.04.2011 00:26     C:\bd_logs --------- 0   
       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  17.04.2011 17:39     C:\TDSSKiller.2.4.21.0_17.04.2011_17.33.43_log.txt --------- 139832   
  17.04.2011 14:26     C:\System Volume Information --------- 32768   
  17.04.2011 13:33     C:\Program Files (x86) --------- 49152   
  16.04.2011 21:48     C:\Windows --------- 40960   
  16.04.2011 15:57     C:\Config.Msi --------- 0   
  16.04.2011 15:56     C:\ProgramData --------- 20480   
  15.04.2011 16:01     C:\Half-Life 2 --------- 0   
  26.03.2011 22:26     C:\Program Files --------- 8192   
  14.03.2011 17:12     C:\CPQSYSTEM --------- 0   
  08.03.2011 15:10     C:\Fraps --------- 4096   
  04.01.2011 01:25     C:\Users --------- 4096   
  14.10.2010 11:28     C:\Games --------- 0   
  17.08.2010 17:17     C:\Downloads --------- 0   
  12.02.2010 17:59     C:\Temp --------- 0   
  12.02.2010 01:15     C:\G-Force_JMC.dll --------- 231936   
  20.01.2010 21:53     C:\Samplisizer --------- 4096   
  08.01.2010 11:59     C:\$RECYCLE.BIN --------- 4096   
  06.01.2010 18:23     C:\Intel --------- 0   
  29.12.2009 17:10     C:\Programme --------- 0   
  29.12.2009 17:10     C:\Dokumente und Einstellungen --------- 0   
  25.11.2009 05:20     C:\RHDSetup.log --------- 2942   
  07.10.2009 11:30     C:\SWSTAMP.TXT --------- 123   
  08.09.2009 10:25     C:\MSOCache --------- 0   
  08.09.2009 10:25     C:\1033 --------- 0   
  08.09.2009 10:23     C:\Works --------- 0   
  14.07.2009 07:08     C:\Documents and Settings --------- 0   
  14.07.2009 05:20     C:\PerfLogs --------- 0   
----------------------------------------

 
C:\Windows

  18.04.2011 00:14     C:\Windows\setupact.log --------- 39983   
  18.04.2011 00:14     C:\Windows\bootstat.dat --------- 67584   
  18.04.2011 01:26     C:\Windows\WindowsUpdate.log --------- 1352009   
  16.04.2011 21:32     C:\Windows\PFRO.log --------- 1077408   
  07.04.2011 19:39     C:\Windows\Setup1.exe --------- 249856   
  07.04.2011 19:39     C:\Windows\ST6UNST.EXE --------- 73216   
  04.04.2011 13:58     C:\Windows\msxml4-KB973688-enu.LOG --------- 283886   
  04.04.2011 13:57     C:\Windows\msxml4-KB954430-enu.LOG --------- 287088   
  01.04.2011 22:46     C:\Windows\msvcr100d.dll --------- 1467200   
  01.04.2011 22:46     C:\Windows\msvcp100d.dll --------- 631616   
  01.04.2011 17:50     C:\Windows\libcurld.dll --------- 346112   
  17.03.2011 22:44     C:\Windows\DirectX.log --------- 211176   
  03.03.2011 20:25     C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini --------- 268   
  28.02.2011 22:58     C:\Windows\PTrainer2.ini --------- 59   
  23.02.2011 17:04     C:\Windows\avastSS.scr --------- 40648   
  24.12.2010 00:07     C:\Windows\_MSRSTRT.EXE --------- 2560   
  18.12.2010 22:36     C:\Windows\MEMORY.DMP --------- 456989763   
  18.12.2010 13:47     C:\Windows\Menu.INI --------- 32   
  12.12.2010 17:52     C:\Windows\thug2.ini --------- 307   
  26.11.2010 17:45     C:\Windows\galaxy.ini --------- 112   
  18.11.2010 15:01     C:\Windows\system.ini --------- 276   
  10.11.2010 03:28     C:\Windows\WLXPGSS.SCR --------- 301936   
  05.08.2010 13:28     C:\Windows\d3dx.dat --------- 4096   
  23.07.2010 18:30     C:\Windows\SIERRA.INI --------- 232   
  10.07.2010 13:12     C:\Windows\setuperr.log --------- 0   
  04.05.2010 17:27     C:\Windows\whopper.c3 --------- 762   
  04.05.2010 17:27     C:\Windows\whopper.c1 --------- 762   
  03.05.2010 15:33     C:\Windows\whopper.swf --------- 1348871   
  12.04.2010 18:29     C:\Windows\whopper.ico --------- 9662   
  18.03.2010 10:36     C:\Windows\msvcp100.dll --------- 607568   
  29.12.2009 23:38     C:\Windows\FSX_Screensaver.scr --------- 1396544   
  31.10.2009 08:34     C:\Windows\explorer.exe --------- 2870272   
  07.10.2009 11:30     C:\Windows\csup.txt --------- 10   
  08.09.2009 10:30     C:\Windows\ÿ—& --------- 20   
  08.09.2009 10:21     C:\Windows\win.ini --------- 435   
  18.08.2009 17:16     C:\Windows\RtlExUpd.dll --------- 831488   
  05.08.2009 12:04     C:\Windows\oemlogo.bmp --------- 43254   
  14.07.2009 06:54     C:\Windows\WindowsShell.Manifest --------- 749   
  14.07.2009 03:39     C:\Windows\write.exe --------- 10240   
  14.07.2009 03:39     C:\Windows\splwow64.exe --------- 61952   
  14.07.2009 03:39     C:\Windows\regedit.exe --------- 427008   
  14.07.2009 03:39     C:\Windows\notepad.exe --------- 193536   
  14.07.2009 03:39     C:\Windows\hh.exe --------- 16896   
  14.07.2009 03:39     C:\Windows\HelpPane.exe --------- 733696   
  14.07.2009 03:39     C:\Windows\fveupdate.exe --------- 15360   
  14.07.2009 03:38     C:\Windows\bfsvc.exe --------- 71168   
  14.07.2009 03:16     C:\Windows\twain_32.dll --------- 51200   
  14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
  14.07.2009 01:06     C:\Windows\mib.bin --------- 43131   
  10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
  10.06.2009 22:52     C:\Windows\WMSysPr9.prx --------- 316640   
  10.06.2009 22:36     C:\Windows\msdfmap.ini --------- 1405   
  10.06.2009 22:31     C:\Windows\Ultimate.xml --------- 51867   
  10.06.2009 22:31     C:\Windows\Starter.xml --------- 48201   
  10.06.2009 22:30     C:\Windows\HomePremium.xml --------- 48265   
  20.02.2008 17:50     C:\Windows\whopper.scr --------- 903680   
  20.02.2008 17:49     C:\Windows\whopper.exe --------- 495104   
  04.11.2006 22:42     C:\Windows\whopper.bmp --------- 161078   
  24.10.2006 18:06     C:\Windows\whopper.c4 --------- 639   
  08.10.2006 20:33     C:\Windows\whopper.ini --------- 0   
  21.10.1998 18:43     C:\Windows\IsUn0407.exe --------- 328704   
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 18.04.2011 01:07     C:\Windows\system32\mbr.exe --------- 89088  
 18.04.2011 00:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 20320  
 18.04.2011 00:21     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 20320  
 18.04.2011 00:19     C:\Windows\system32\perfh009.dat --------- 651882  
 18.04.2011 00:19     C:\Windows\system32\perfc009.dat --------- 120814  
 18.04.2011 00:19     C:\Windows\system32\perfh007.dat --------- 696604  
 18.04.2011 00:19     C:\Windows\system32\perfc007.dat --------- 147868  
 18.04.2011 00:19     C:\Windows\system32\PerfStringBackup.INI --------- 1611396  
 18.04.2011 00:14     C:\Windows\system32\FNTCACHE.DAT --------- 367760  
 17.04.2011 22:20     C:\Windows\system32\config --------- 32768  
 17.04.2011 17:33     C:\Windows\system32\drivers --------- 65536  
 17.04.2011 13:33     C:\Windows\system32\Tasks --------- 40960  
 15.04.2011 18:13     C:\Windows\system32\migration --------- 0  
 15.04.2011 18:13     C:\Windows\system32\Boot --------- 0  
 15.04.2011 15:13     C:\Windows\system32\catroot2 --------- 20480  
 14.04.2011 22:38     C:\Windows\system32\catroot --------- 4096  
 14.04.2011 22:31     C:\Windows\system32\MRT.exe --------- 41455560  
 26.03.2011 22:15     C:\Windows\system32\DriverStore --------- 4096  
 20.03.2011 21:04     C:\Windows\system32\NDF --------- 0  
 11.03.2011 19:22     C:\Windows\system32\IO --------- 0  
 11.03.2011 08:19     C:\Windows\system32\mfc42u.dll --------- 1359872  
 11.03.2011 08:19     C:\Windows\system32\mfc42.dll --------- 1395712  
 08.03.2011 08:14     C:\Windows\system32\inetcomm.dll --------- 976896  
 03.03.2011 08:17     C:\Windows\system32\dnsrslvr.dll --------- 182272  
 03.03.2011 08:17     C:\Windows\system32\dnsapi.dll --------- 356352  
 03.03.2011 08:14     C:\Windows\system32\dnscacheugc.exe --------- 30208  
 03.03.2011 05:58     C:\Windows\system32\win32k.sys --------- 3133440  
 01.03.2011 09:49     C:\Windows\system32\frapsv64.dll --------- 84992  
 24.02.2011 08:30     C:\Windows\system32\XpsGdiConverter.dll --------- 476160  
 24.02.2011 08:29     C:\Windows\system32\wininet.dll --------- 1197056  
 24.02.2011 08:28     C:\Windows\system32\urlmon.dll --------- 1499136  
 24.02.2011 08:25     C:\Windows\system32\mstime.dll --------- 1026560  
 24.02.2011 08:25     C:\Windows\system32\mshtmled.dll --------- 97280  
 24.02.2011 08:25     C:\Windows\system32\mshtml.dll --------- 9311744  
 24.02.2011 08:25     C:\Windows\system32\msfeedsbs.dll --------- 82944  
 24.02.2011 08:25     C:\Windows\system32\msfeeds.dll --------- 703488  
 24.02.2011 08:24     C:\Windows\system32\licmgr10.dll --------- 57856  
 24.02.2011 08:24     C:\Windows\system32\jsproxy.dll --------- 64512  
 24.02.2011 08:24     C:\Windows\system32\ieui.dll --------- 247808  
 24.02.2011 08:24     C:\Windows\system32\iertutil.dll --------- 2447872  
 24.02.2011 08:24     C:\Windows\system32\iepeers.dll --------- 256000  
 24.02.2011 08:24     C:\Windows\system32\ieframe.dll --------- 12369408  
 24.02.2011 08:24     C:\Windows\system32\iedkcs32.dll --------- 445952  
 24.02.2011 08:21     C:\Windows\system32\msfeedssync.exe --------- 12288  
 24.02.2011 07:05     C:\Windows\system32\html.iec --------- 482816  
 24.02.2011 06:24     C:\Windows\system32\mshtml.tlb --------- 1638912  
 23.02.2011 17:04     C:\Windows\system32\aswBoot.exe --------- 238968  
 19.02.2011 08:37     C:\Windows\system32\FntCache.dll --------- 1135104  
 19.02.2011 08:37     C:\Windows\system32\DWrite.dll --------- 1540608  
 19.02.2011 08:36     C:\Windows\system32\d2d1.dll --------- 902656  
 19.02.2011 08:36     C:\Windows\system32\atmlib.dll --------- 46080  
 19.02.2011 06:13     C:\Windows\system32\atmfd.dll --------- 367104  
 18.02.2011 08:37     C:\Windows\system32\vbscript.dll --------- 612352  
 18.02.2011 08:36     C:\Windows\system32\jscript.dll --------- 852480  
 14.02.2011 23:19     C:\Windows\system32\LogFiles --------- 4096  
 12.02.2011 08:14     C:\Windows\system32\FXSCOVER.exe --------- 267776  
 05.02.2011 14:41     C:\Windows\system32\winresume.efi --------- 556928  
 05.02.2011 14:41     C:\Windows\system32\winload.efi --------- 640896  
 05.02.2011 14:41     C:\Windows\system32\kd1394.dll --------- 19328  
 05.02.2011 14:41     C:\Windows\system32\kdusb.dll --------- 20352  
 05.02.2011 14:41     C:\Windows\system32\kdcom.dll --------- 17792  
 05.02.2011 14:39     C:\Windows\system32\winload.exe --------- 603976  
 05.02.2011 14:39     C:\Windows\system32\winresume.exe --------- 518160  
 02.02.2011 19:11     C:\Windows\system32\MpSigStub.exe --------- 270720  
 30.01.2011 20:20     C:\Windows\system32\apphelpd.dll --------- 51200  
 26.01.2011 08:31     C:\Windows\system32\cdd.dll --------- 144384  
 11.01.2011 18:51     C:\Windows\system32\appmgmt --------- 0  
 07.01.2011 10:07     C:\Windows\system32\XpsPrint.dll --------- 662528  
 28.12.2010 13:28     C:\Windows\system32\DRVSTORE --------- 0  
 23.12.2010 08:07     C:\Windows\system32\sbe.dll --------- 1118720  
 23.12.2010 08:07     C:\Windows\system32\EncDec.dll --------- 723968  
 23.12.2010 08:07     C:\Windows\system32\CPFilters.dll --------- 961024  
 23.12.2010 08:02     C:\Windows\system32\mpg2splt.ax --------- 259072  
 21.12.2010 20:22     C:\Windows\system32\wfp --------- 0  
 21.12.2010 20:22     C:\Windows\system32\wbem --------- 65536  
 21.12.2010 08:16     C:\Windows\system32\wscsvc.dll --------- 97280  
 21.12.2010 08:16     C:\Windows\system32\wscapi.dll --------- 62976  
 21.12.2010 08:16     C:\Windows\system32\winsrv.dll --------- 214016  
 21.12.2010 08:16     C:\Windows\system32\winhttp.dll --------- 442880  
 21.12.2010 08:16     C:\Windows\system32\WebClnt.dll --------- 258048  
 21.12.2010 08:15     C:\Windows\system32\upnp.dll --------- 264192  
 21.12.2010 08:15     C:\Windows\system32\slwga.dll --------- 15360  
 21.12.2010 08:13     C:\Windows\system32\msxml3.dll --------- 1880576  
 21.12.2010 08:13     C:\Windows\system32\msxml6.dll --------- 2003968  
 21.12.2010 08:10     C:\Windows\system32\davclnt.dll --------- 100864  
 18.12.2010 13:43     C:\Windows\system32\de-DE --------- 327680  
 18.12.2010 08:12     C:\Windows\system32\mstscax.dll --------- 3138048  
 18.12.2010 08:11     C:\Windows\system32\kerberos.dll --------- 714752  
 18.12.2010 08:08     C:\Windows\system32\mstsc.exe --------- 1097216  
 11.11.2010 23:10     C:\Windows\system32\en-US --------- 4096  
 02.11.2010 07:18     C:\Windows\system32\XpsRasterService.dll --------- 229888  
 02.11.2010 07:18     C:\Windows\system32\wmicmiplugin.dll --------- 524288  
 02.11.2010 07:17     C:\Windows\system32\taskcomp.dll --------- 473600  
 02.11.2010 07:17     C:\Windows\system32\taskschd.dll --------- 1169408  
 02.11.2010 07:16     C:\Windows\system32\schedsvc.dll --------- 1114624  
 02.11.2010 07:12     C:\Windows\system32\d3d10warp.dll --------- 1837568  
 02.11.2010 07:12     C:\Windows\system32\d3d10_1core.dll --------- 320512  
 02.11.2010 07:12     C:\Windows\system32\d3d10_1.dll --------- 197120  
 02.11.2010 07:10     C:\Windows\system32\taskeng.exe --------- 464384  
 02.11.2010 07:10     C:\Windows\system32\schtasks.exe --------- 285696  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 18.04.2011 01:26     C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job --------- 286  
 18.04.2011 01:06     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1108  
 18.04.2011 00:15     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1104  
 18.04.2011 00:14     C:\Windows\Tasks\Yxrr.job --------- 296  
 18.04.2011 00:14     C:\Windows\Tasks\SA.DAT --------- 6  
 08.03.2011 15:48     C:\Windows\Tasks\wavepadShakeIcon.job --------- 294  
 25.02.2011 17:02     C:\Windows\Tasks\wavepadDowngrade.job --------- 294  
 18.12.2010 22:36     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32628  
 13.11.2010 00:54     C:\Windows\Tasks\expressripShakeIcon.job --------- 306  
 10.11.2010 17:00     C:\Windows\Tasks\expressripSevenDays.job --------- 306  
 30.06.2010 20:50     C:\Windows\Tasks\switchDowngrade.job --------- 290  
 22.06.2010 20:50     C:\Windows\Tasks\switchShakeIcon.job --------- 290  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\FIETE\AppData\Local\Temp

 18.04.2011 01:26     C:\Users\FIETE\AppData\Local\Temp\Rar$DR02.131 --------- 0  
 18.04.2011 01:22     C:\Users\FIETE\AppData\Local\Temp\{69033110-a23d-4285-9d5e-b833905edda5} --------- 0  
 18.04.2011 00:26     C:\Users\FIETE\AppData\Local\Temp\_avast_ --------- 0  
 18.04.2011 00:25     C:\Users\FIETE\AppData\Local\Temp\ugddykow.sys --------- 100480  
 18.04.2011 00:15     C:\Users\FIETE\AppData\Local\Temp\WPDNSE --------- 0  
 17.04.2011 22:04     C:\Users\FIETE\AppData\Local\Temp\bitdefender-rescue-cd.iso --------- 380106752  
 17.04.2011 17:45     C:\Users\FIETE\AppData\Local\Temp\wmplog10.sqm --------- 1828  
 17.04.2011 17:37     C:\Users\FIETE\AppData\Local\Temp\msdt --------- 0  
 17.04.2011 17:36     C:\Users\FIETE\AppData\Local\Temp\PCWCEC9.xml --------- 724  
 17.04.2011 17:36     C:\Users\FIETE\AppData\Local\Temp\PCWCEC9.tmp --------- 0  
 17.04.2011 17:32     C:\Users\FIETE\AppData\Local\Temp\Low --------- 8192  
 17.04.2011 17:32     C:\Users\FIETE\AppData\Local\Temp\AVGDownloadManager --------- 4096  
 17.04.2011 17:32     C:\Users\FIETE\AppData\Local\Temp\a2temp --------- 0  
 17.04.2011 17:32     C:\Users\FIETE\AppData\Local\Temp\MessengerCache --------- 8192  
 17.04.2011 17:25     C:\Users\FIETE\AppData\Local\Temp\wmplog09.sqm --------- 1920  
 17.04.2011 13:24     C:\Users\FIETE\AppData\Local\Temp\wmplog08.sqm --------- 1828  
 17.04.2011 13:22     C:\Users\FIETE\AppData\Local\Temp\wmplog07.sqm --------- 1828  
 17.04.2011 12:50     C:\Users\FIETE\AppData\Local\Temp\wmplog06.sqm --------- 1796  
 17.04.2011 12:46     C:\Users\FIETE\AppData\Local\Temp\wmplog05.sqm --------- 1896  
 17.04.2011 12:10     C:\Users\FIETE\AppData\Local\Temp\wmplog04.sqm --------- 1796  
 17.04.2011 11:56     C:\Users\FIETE\AppData\Local\Temp\wmplog03.sqm --------- 1808  
 17.04.2011 11:52     C:\Users\FIETE\AppData\Local\Temp\~DF32DE090430F8E4D2.TMP --------- 32768  
 17.04.2011 11:51     C:\Users\FIETE\AppData\Local\Temp\~DF6720F21C81FDE012.TMP --------- 32768  
 17.04.2011 11:22     C:\Users\FIETE\AppData\Local\Temp\v3init2.log --------- 1255991  
 17.04.2011 10:26     C:\Users\FIETE\AppData\Local\Temp\maintenance.ini --------- 87  
 17.04.2011 02:17     C:\Users\FIETE\AppData\Local\Temp\wmplog02.sqm --------- 1896  
 17.04.2011 01:48     C:\Users\FIETE\AppData\Local\Temp\wmplog01.sqm --------- 1896  
 17.04.2011 01:48     C:\Users\FIETE\AppData\Local\Temp\wmplog00.sqm --------- 1928  
 16.04.2011 22:00     C:\Users\FIETE\AppData\Local\Temp\DMI1831.tmp --------- 0  
 16.04.2011 21:35     C:\Users\FIETE\AppData\Local\Temp\amline_data.xml --------- 39194  
 16.04.2011 21:35     C:\Users\FIETE\AppData\Local\Temp\amline_settings.xml --------- 2039  
 15.04.2011 23:40     C:\Users\FIETE\AppData\Local\Temp\delete.ini --------- 0  
 15.04.2011 18:17     C:\Users\FIETE\AppData\Local\Temp\MsnMsgr_Watson.txt --------- 65535  
 15.04.2011 17:40     C:\Users\FIETE\AppData\Local\Temp\wmsetup.log --------- 11809  
 14.04.2011 22:22     C:\Users\FIETE\AppData\Local\Temp\sfamcc00001.dll --------- 192512  
 14.04.2011 07:14     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20110414071420998).log --------- 17656  
 14.04.2011 07:14     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20110414071410998).log --------- 3726  
 12.04.2011 18:51     C:\Users\FIETE\AppData\Local\Temp\CFG7B81.tmp --------- 123  
 12.04.2011 18:51     C:\Users\FIETE\AppData\Local\Temp\CFGD14E.tmp --------- 123  
 12.04.2011 18:49     C:\Users\FIETE\AppData\Local\Temp\VSD5A2C.tmp --------- 0  
 12.04.2011 18:46     C:\Users\FIETE\AppData\Local\Temp\drm_dyndata_7380007.dll --------- 204800  
 11.04.2011 20:00     C:\Users\FIETE\AppData\Local\Temp\jusched.log --------- 147755  
 11.04.2011 20:00     C:\Users\FIETE\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 3766  
 11.04.2011 20:00     C:\Users\FIETE\AppData\Local\Temp\AUCHECK_CORE.txt --------- 12382  
 10.04.2011 17:02     C:\Users\FIETE\AppData\Local\Temp\sv687.tmp --------- 28663  
 10.04.2011 16:01     C:\Users\FIETE\AppData\Local\Temp\gm_ttt_78752 --------- 0  
 09.04.2011 00:06     C:\Users\FIETE\AppData\Local\Temp\tmp_grafx.jpg --------- 24072  
 08.04.2011 17:07     C:\Users\FIETE\AppData\Local\Temp\xprt4ad9.ico --------- 4286  
 07.04.2011 20:45     C:\Users\FIETE\AppData\Local\Temp\xprt7864.ico --------- 4286  
 07.04.2011 20:45     C:\Users\FIETE\AppData\Local\Temp\xprt0465.ico --------- 4286  
 07.04.2011 20:43     C:\Users\FIETE\AppData\Local\Temp\~DFBB7DB161D71DD379.TMP --------- 16384  
 07.04.2011 20:42     C:\Users\FIETE\AppData\Local\Temp\~DF3C0D71312A53865B.TMP --------- 16384  
 03.04.2011 21:28     C:\Users\FIETE\AppData\Local\Temp\d04d3b7112f043a4ba2d4dbc5ea59b84.exe --------- 1001749  
 03.04.2011 21:28     C:\Users\FIETE\AppData\Local\Temp\0ac956f58fc44d809b569f2339bfff9e.exe --------- 1001749  
 02.04.2011 18:11     C:\Users\FIETE\AppData\Local\Temp\VideoPadCache --------- 12288  
 02.04.2011 18:04     C:\Users\FIETE\AppData\Local\Temp\~DF95154C92D081ECD8.TMP --------- 16384  
 02.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\wlsB844.tmp --------- 63  
 02.04.2011 17:24     C:\Users\FIETE\AppData\Local\Temp\~DFB0E07682D8C57D1E.TMP --------- 16384  
 02.04.2011 17:01     C:\Users\FIETE\AppData\Local\Temp\_MgxSetupLog.txt --------- 73256  
 02.04.2011 16:59     C:\Users\FIETE\AppData\Local\Temp\_MgxSetupMsiLog.txt --------- 3802636  
 01.04.2011 23:34     C:\Users\FIETE\AppData\Local\Temp\005A8E5.tmp --------- 0  
 01.04.2011 14:54     C:\Users\FIETE\AppData\Local\Temp\~DF9EBED01F3E01AC27.TMP --------- 16384  
 01.04.2011 14:44     C:\Users\FIETE\AppData\Local\Temp\xprt08b7.ico --------- 4286  
 01.04.2011 14:42     C:\Users\FIETE\AppData\Local\Temp\~DF724D48D34614DFC2.TMP --------- 16384  
 01.04.2011 14:42     C:\Users\FIETE\AppData\Local\Temp\xprt1034.ico --------- 4286  
 31.03.2011 22:56     C:\Users\FIETE\AppData\Local\Temp\~DF885F833221F75075.TMP --------- 16384  
 31.03.2011 22:48     C:\Users\FIETE\AppData\Local\Temp\~DFFF4DE110F5C9BCF6.TMP --------- 16384  
 31.03.2011 21:22     C:\Users\FIETE\AppData\Local\Temp\sva98.tmp --------- 28663  
 31.03.2011 21:18     C:\Users\FIETE\AppData\Local\Temp\svn8m.tmp --------- 28663  
 30.03.2011 21:29     C:\Users\FIETE\AppData\Local\Temp\IpAdrSet.log --------- 136417  
 30.03.2011 17:31     C:\Users\FIETE\AppData\Local\Temp\1b3c3rr9.bmp --------- 18666  
 30.03.2011 16:41     C:\Users\FIETE\AppData\Local\Temp\~DFB1A4FFBEAC64B926.TMP --------- 16384  
 30.03.2011 16:40     C:\Users\FIETE\AppData\Local\Temp\~DFC222B2FEB982A3F3.TMP --------- 16384  
 30.03.2011 16:39     C:\Users\FIETE\AppData\Local\Temp\~DF8B5F120707895D97.TMP --------- 16384  
 29.03.2011 22:16     C:\Users\FIETE\AppData\Local\Temp\~DFDB310056EF6AA5AB.TMP --------- 114688  
 29.03.2011 22:15     C:\Users\FIETE\AppData\Local\Temp\1587.rra --------- 81920  
 29.03.2011 22:15     C:\Users\FIETE\AppData\Local\Temp\{AF2EA54E-8607-4741-AFB7-A3A9838783F6} --------- 4096  
 29.03.2011 22:15     C:\Users\FIETE\AppData\Local\Temp\{EB98EAE1-35F8-469B-9F8A-2D51B5518664} --------- 0  
 29.03.2011 22:13     C:\Users\FIETE\AppData\Local\Temp\BlacklistedPartnerIds.xml --------- 150  
 29.03.2011 22:10     C:\Users\FIETE\AppData\Local\Temp\6A3C.dir --------- 0  
 29.03.2011 22:10     C:\Users\FIETE\AppData\Local\Temp\6A3C.tmp --------- 0  
 29.03.2011 18:01     C:\Users\FIETE\AppData\Local\Temp\PCW7E14.xml --------- 800  
 29.03.2011 18:01     C:\Users\FIETE\AppData\Local\Temp\PCW7E14.tmp --------- 0  
 29.03.2011 18:01     C:\Users\FIETE\AppData\Local\Temp\MINDSTORMSNXT_7.1.5_FIETE_cur.txt --------- 136  
 29.03.2011 18:01     C:\Users\FIETE\AppData\Local\Temp\lvtl13318900.rsc --------- 32  
 28.03.2011 18:20     C:\Users\FIETE\AppData\Local\Temp\_ISTMP2.DIR --------- 0  
 28.03.2011 17:57     C:\Users\FIETE\AppData\Local\Temp\uttCA54.tmp --------- 2508  
 28.03.2011 17:57     C:\Users\FIETE\AppData\Local\Temp\uttCA54.tmp.old --------- 0  
 28.03.2011 16:53     C:\Users\FIETE\AppData\Local\Temp\PdnSetupShim.log --------- 923  
 28.03.2011 15:19     C:\Users\FIETE\AppData\Local\Temp\PdnMsiInstall.log --------- 378  
 28.03.2011 15:19     C:\Users\FIETE\AppData\Local\Temp\PdnSetupNgenInstall.log --------- 12843  
 28.03.2011 15:19     C:\Users\FIETE\AppData\Local\Temp\CFG32F3.tmp --------- 158  
 28.03.2011 15:18     C:\Users\FIETE\AppData\Local\Temp\CFGD605.tmp --------- 158  
 28.03.2011 15:17     C:\Users\FIETE\AppData\Local\Temp\tmpD3D3.tmp --------- 0  
 27.03.2011 23:36     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20110327233616618).log --------- 17653  
 27.03.2011 23:36     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20110327233606618).log --------- 3717  
 27.03.2011 23:27     C:\Users\FIETE\AppData\Local\Temp\tmpF120.tmp.bat --------- 173  
 27.03.2011 23:27     C:\Users\FIETE\AppData\Local\Temp\tmpEEEE.tmp.bat --------- 173  
 27.03.2011 23:27     C:\Users\FIETE\AppData\Local\Temp\tmpE924.tmp.bat --------- 173  
 27.03.2011 23:27     C:\Users\FIETE\AppData\Local\Temp\tmpE7CD.tmp.bat --------- 173  
 27.03.2011 11:16     C:\Users\FIETE\AppData\Local\Temp\xprt4fa5.ico --------- 4286  
 26.03.2011 22:19     C:\Users\FIETE\AppData\Local\Temp\uis467D.tmp --------- 0  
 25.03.2011 15:10     C:\Users\FIETE\AppData\Local\Temp\chrome_installer.log --------- 0  
 23.03.2011 18:27     C:\Users\FIETE\AppData\Local\Temp\etilqs_6xieslWFa6VLdnlXqjLa --------- 29696  
 23.03.2011 18:27     C:\Users\FIETE\AppData\Local\Temp\etilqs_KZmlMnid5dpbkUuVXk7i --------- 7736  
 22.03.2011 19:56     C:\Users\FIETE\AppData\Local\Temp\PCW68C5.xml --------- 714  
 22.03.2011 19:56     C:\Users\FIETE\AppData\Local\Temp\PCW68C5.tmp --------- 0  
 22.03.2011 19:04     C:\Users\FIETE\AppData\Local\Temp\PCWC1DB.xml --------- 714  
 22.03.2011 19:04     C:\Users\FIETE\AppData\Local\Temp\PCWC1DB.tmp --------- 0  
 20.03.2011 20:05     C:\Users\FIETE\AppData\Local\Temp\~DFE60969486277C3B3.TMP --------- 114688  
 20.03.2011 20:05     C:\Users\FIETE\AppData\Local\Temp\U3Launcher.log --------- 11146  
 20.03.2011 18:15     C:\Users\FIETE\AppData\Local\Temp\WER41C.tmp.WERInternalMetadata.xml --------- 3014  
 19.03.2011 11:43     C:\Users\FIETE\AppData\Local\Temp\btdna.exe --------- 323392  
 19.03.2011 11:43     C:\Users\FIETE\AppData\Local\Temp\licensepage.ini --------- 667  
 19.03.2011 11:43     C:\Users\FIETE\AppData\Local\Temp\finishpage.ini --------- 166  
 18.03.2011 21:04     C:\Users\FIETE\AppData\Local\Temp\DMI1FB6.tmp --------- 0  
 17.03.2011 18:54     C:\Users\FIETE\AppData\Local\Temp\CornelCheatAdress.dll --------- 648758  
 16.03.2011 22:26     C:\Users\FIETE\AppData\Local\Temp\~DF478AD03436FD504E.TMP --------- 16384  
 16.03.2011 19:55     C:\Users\FIETE\AppData\Local\Temp\sv2dp.tmp --------- 28663  
 15.03.2011 22:50     C:\Users\FIETE\AppData\Local\Temp\svhk6.tmp --------- 28663  
 15.03.2011 20:44     C:\Users\FIETE\AppData\Local\Temp\xprt0f40.ico --------- 4286  
 15.03.2011 15:14     C:\Users\FIETE\AppData\Local\Temp\xprt1e8d.ico --------- 4286  
 14.03.2011 20:29     C:\Users\FIETE\AppData\Local\Temp\OutofProcReport280931082.txt --------- 1634  
 14.03.2011 17:49     C:\Users\FIETE\AppData\Local\Temp\Ultra$ISO --------- 0  
 14.03.2011 00:35     C:\Users\FIETE\AppData\Local\Temp\PCWD6C0.xml --------- 764  
 14.03.2011 00:35     C:\Users\FIETE\AppData\Local\Temp\PCWD6C0.tmp --------- 0  
 11.03.2011 23:10     C:\Users\FIETE\AppData\Local\Temp\plugtmp-36 --------- 4096  
 11.03.2011 19:33     C:\Users\FIETE\AppData\Local\Temp\~DFD806154EDD759EA0.TMP --------- 16384  
 11.03.2011 19:32     C:\Users\FIETE\AppData\Local\Temp\~DFE8C443DB69A9A7BC.TMP --------- 16384  
 11.03.2011 19:30     C:\Users\FIETE\AppData\Local\Temp\~DFDAC86A7BD5359C5E.TMP --------- 16384  
 11.03.2011 19:28     C:\Users\FIETE\AppData\Local\Temp\tmp38FF.tmp --------- 16288  
 11.03.2011 19:28     C:\Users\FIETE\AppData\Local\Temp\~DF9C4EC1733D6120D5.TMP --------- 16384  
 11.03.2011 19:19     C:\Users\FIETE\AppData\Local\Temp\CFGFAB8.tmp --------- 123  
 11.03.2011 19:12     C:\Users\FIETE\AppData\Local\Temp\CFG81A2.tmp --------- 123  
 11.03.2011 19:11     C:\Users\FIETE\AppData\Local\Temp\CFGFE7F.tmp --------- 123  
 11.03.2011 19:11     C:\Users\FIETE\AppData\Local\Temp\VSDF931.tmp --------- 0  
 09.03.2011 15:33     C:\Users\FIETE\AppData\Local\Temp\sfqe2sjw.bmp --------- 10054  
 08.03.2011 01:29     C:\Users\FIETE\AppData\Local\Temp\MSI8f863.LOG --------- 544  
 08.03.2011 01:29     C:\Users\FIETE\AppData\Local\Temp\PMBUninst.log --------- 10642  
 08.03.2011 01:21     C:\Users\FIETE\AppData\Local\Temp\~DF8F530781E016D8E7.TMP --------- 16384  
 07.03.2011 23:54     C:\Users\FIETE\AppData\Local\Temp\~DF70BE99072BCE5743.TMP --------- 16384  
 07.03.2011 23:50     C:\Users\FIETE\AppData\Local\Temp\57C5.dir --------- 0  
 07.03.2011 23:50     C:\Users\FIETE\AppData\Local\Temp\57C5.tmp --------- 0  
 07.03.2011 17:24     C:\Users\FIETE\AppData\Local\Temp\JAUReg.log --------- 640  
 07.03.2011 17:24     C:\Users\FIETE\AppData\Local\Temp\java_install_reg.log --------- 7724  
 07.03.2011 17:23     C:\Users\FIETE\AppData\Local\Temp\java_install_sp.log --------- 6187  
 07.03.2011 17:22     C:\Users\FIETE\AppData\Local\Temp\jinstall.cfg --------- 1275  
 06.03.2011 14:09     C:\Users\FIETE\AppData\Local\Temp\TC40075800A.temp --------- 4096  
 06.03.2011 00:42     C:\Users\FIETE\AppData\Local\Temp\~DFA01BB21D81DB9CDE.TMP --------- 245760  
 06.03.2011 00:21     C:\Users\FIETE\AppData\Local\Temp\Skype.msi --------- 18307072  
 03.03.2011 20:25     C:\Users\FIETE\AppData\Local\Temp\MSId97f1.LOG --------- 324  
 03.03.2011 18:00     C:\Users\FIETE\AppData\Local\Temp\xprt42ac.ico --------- 4286  
 03.03.2011 08:41     C:\Users\FIETE\AppData\Local\Temp\SkypeSetup.exe --------- 20327304  
 01.03.2011 20:27     C:\Users\FIETE\AppData\Local\Temp\CFGEFB9.tmp --------- 158  
 01.03.2011 20:26     C:\Users\FIETE\AppData\Local\Temp\CFG703D.tmp --------- 158  
 01.03.2011 20:25     C:\Users\FIETE\AppData\Local\Temp\tmp296E.tmp --------- 0  
 28.02.2011 18:56     C:\Users\FIETE\AppData\Local\Temp\TFR1914.tmp --------- 28670  
 28.02.2011 18:55     C:\Users\FIETE\AppData\Local\Temp\sim5C69.tmp --------- 0  
 28.02.2011 18:54     C:\Users\FIETE\AppData\Local\Temp\bar0104.cab --------- 78875  
 28.02.2011 18:54     C:\Users\FIETE\AppData\Local\Temp\default.cab --------- 14357  
 28.02.2011 18:54     C:\Users\FIETE\AppData\Local\Temp\bar0118.cab --------- 101696  
 28.02.2011 18:53     C:\Users\FIETE\AppData\Local\Temp\wls3EA9.tmp --------- 71631  
 28.02.2011 18:53     C:\Users\FIETE\AppData\Local\Temp\wls3B2F.tmp --------- 63  
 28.02.2011 15:35     C:\Users\FIETE\AppData\Local\Temp\xprt57ba.ico --------- 4286  
 28.02.2011 01:03     C:\Users\FIETE\AppData\Local\Temp\D9AD40FD.TMP --------- 160  
 26.02.2011 11:17     C:\Users\FIETE\AppData\Local\Temp\CornelSkin.png --------- 80912  
 26.02.2011 10:32     C:\Users\FIETE\AppData\Local\Temp\ToxicSYS [TSYS] Public --------- 4096  
 25.02.2011 17:30     C:\Users\FIETE\AppData\Local\Temp\Energy.jpg --------- 111435  
 24.02.2011 20:12     C:\Users\FIETE\AppData\Local\Temp\Pifou --------- 745336  
 23.02.2011 19:44     C:\Users\FIETE\AppData\Local\Temp\IM_errorlog.txt --------- 125170  
 23.02.2011 19:43     C:\Users\FIETE\AppData\Local\Temp\IM_Items.txt --------- 91  
 23.02.2011 19:42     C:\Users\FIETE\AppData\Local\Temp\36800047.exe --------- 329216  
 22.02.2011 17:00     C:\Users\FIETE\AppData\Local\Temp\~DF7B54DD17531C4CFA.TMP --------- 16384  
 21.02.2011 15:48     C:\Users\FIETE\AppData\Local\Temp\~DFB7F287FBF0505FDF.TMP --------- 32768  
 20.02.2011 21:03     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI275B.txt --------- 78218  
 20.02.2011 21:03     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistMSI275B.txt --------- 407568  
 20.02.2011 21:02     C:\Users\FIETE\AppData\Local\Temp\akamaiclient --------- 0  
 20.02.2011 17:29     C:\Users\FIETE\AppData\Local\Temp\PCW2160.xml --------- 704  
 20.02.2011 17:29     C:\Users\FIETE\AppData\Local\Temp\PCW2160.tmp --------- 0  
 20.02.2011 13:47     C:\Users\FIETE\AppData\Local\Temp\pdoC690.tmp --------- 0  
 20.02.2011 13:46     C:\Users\FIETE\AppData\Local\Temp\PMBInst.exe.log --------- 67312  
 20.02.2011 13:46     C:\Users\FIETE\AppData\Local\Temp\installer.lock --------- 0  
 19.02.2011 00:04     C:\Users\FIETE\AppData\Local\Temp\~DFE834D8D13FFC6235.TMP --------- 16384  
 18.02.2011 21:02     C:\Users\FIETE\AppData\Local\Temp\xprt3b88.ico --------- 4286  
 18.02.2011 21:02     C:\Users\FIETE\AppData\Local\Temp\xprt6466.ico --------- 4286  
 18.02.2011 19:35     C:\Users\FIETE\AppData\Local\Temp\PCW4CB0.xml --------- 754  
 18.02.2011 19:35     C:\Users\FIETE\AppData\Local\Temp\PCW4CB0.tmp --------- 0  
 17.02.2011 17:36     C:\Users\FIETE\AppData\Local\Temp\isFC9E.tmp --------- 0  
 17.02.2011 17:36     C:\Users\FIETE\AppData\Local\Temp\isF9EE.tmp --------- 0  
 17.02.2011 17:36     C:\Users\FIETE\AppData\Local\Temp\._msigeplugin60 --------- 4096  
 17.02.2011 17:33     C:\Users\FIETE\AppData\Local\Temp\{8C32AB8A-225D-4A69-B2F9-655C85CFDE78} --------- 24576  
 17.02.2011 17:33     C:\Users\FIETE\AppData\Local\Temp\{7760E74F-E8A6-48EB-A985-36AF760F0B14} --------- 24576  
 16.02.2011 22:09     C:\Users\FIETE\AppData\Local\Temp\Basstest- Test Bass Skills.wmv --------- 88004902  
 16.02.2011 21:52     C:\Users\FIETE\AppData\Local\Temp\wls4CF7.tmp --------- 63  
 16.02.2011 21:25     C:\Users\FIETE\AppData\Local\Temp\~DFCF58460A2F31C240.TMP --------- 16384  
 16.02.2011 21:06     C:\Users\FIETE\AppData\Local\Temp\~DF25FE98397C1A6263.TMP --------- 16384  
 16.02.2011 21:06     C:\Users\FIETE\AppData\Local\Temp\insetup.exe --------- 445016  
 16.02.2011 20:57     C:\Users\FIETE\AppData\Local\Temp\~DFC95AAF521A716E4A.TMP --------- 16384  
 16.02.2011 18:42     C:\Users\FIETE\AppData\Local\Temp\xprt12e5.ico --------- 4286  
 15.02.2011 17:09     C:\Users\FIETE\AppData\Local\Temp\~DF2A7344D45F86F8FA.TMP --------- 16384  
 15.02.2011 17:00     C:\Users\FIETE\AppData\Local\Temp\tmpE4A3.tmp --------- 16288  
 15.02.2011 17:00     C:\Users\FIETE\AppData\Local\Temp\~DFB698D692EC3876D4.TMP --------- 16384  
 14.02.2011 23:30     C:\Users\FIETE\AppData\Local\Temp\{2A33BC23-85BE-48F2-8832-03D068B697DA} --------- 0  
 14.02.2011 23:22     C:\Users\FIETE\AppData\Local\Temp\dd_netfx20UI3D3C.txt --------- 11792  
 14.02.2011 19:17     C:\Users\FIETE\AppData\Local\Temp\DMID8C9.tmp --------- 0  
 14.02.2011 15:48     C:\Users\FIETE\AppData\Local\Temp\burnsetup.exe --------- 537664  
 14.02.2011 15:48     C:\Users\FIETE\AppData\Local\Temp\~DF9442F66748F8B652.TMP --------- 32768  
 14.02.2011 15:34     C:\Users\FIETE\AppData\Local\Temp\~DF414A610200AD6681.TMP --------- 32768  
 14.02.2011 15:21     C:\Users\FIETE\AppData\Local\Temp\~DFC4896BAF13FB65EA.TMP --------- 32768  
 14.02.2011 15:20     C:\Users\FIETE\AppData\Local\Temp\~DF81B9DA84CCD2651F.TMP --------- 32768  
 14.02.2011 15:19     C:\Users\FIETE\AppData\Local\Temp\MSIe49fd.LOG --------- 288  
 14.02.2011 15:07     C:\Users\FIETE\AppData\Local\Temp\MSI34165.LOG --------- 288  
 14.02.2011 00:41     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(201102132341261BF8).log --------- 17655  
 14.02.2011 00:41     C:\Users\FIETE\AppData\Local\Temp\SetupExe(201102132341231BF8).log --------- 3721  
 13.02.2011 22:11     C:\Users\FIETE\AppData\Local\Temp\7BB5.dir --------- 0  
 13.02.2011 22:11     C:\Users\FIETE\AppData\Local\Temp\7BB5.tmp --------- 0  
 13.02.2011 14:25     C:\Users\FIETE\AppData\Local\Temp\OutofProcReport230623.txt --------- 1634  
 13.02.2011 10:06     C:\Users\FIETE\AppData\Local\Temp\Cornel.bmp --------- 143414  
 12.02.2011 14:23     C:\Users\FIETE\AppData\Local\Temp\utt2CBA.tmp --------- 2541  
 12.02.2011 14:23     C:\Users\FIETE\AppData\Local\Temp\utt2CBA.tmp.old --------- 0  
 11.02.2011 16:54     C:\Users\FIETE\AppData\Local\Temp\~DF47B39625BD166FEF.TMP --------- 32768  
 10.02.2011 02:48     C:\Users\FIETE\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe --------- 885536  
 08.02.2011 19:25     C:\Users\FIETE\AppData\Local\Temp\svcmh.tmp --------- 28663  
 08.02.2011 16:43     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(201102081543501D18).log --------- 17658  
 08.02.2011 16:43     C:\Users\FIETE\AppData\Local\Temp\SetupExe(201102081543481D18).log --------- 3730  
 07.02.2011 19:28     C:\Users\FIETE\AppData\Local\Temp\sv89g.tmp --------- 28663  
 07.02.2011 19:20     C:\Users\FIETE\AppData\Local\Temp\OutofProcReport2066060174.txt --------- 1634  
 07.02.2011 15:38     C:\Users\FIETE\AppData\Local\Temp\CH.dll --------- 3072  
 07.02.2011 14:31     C:\Users\FIETE\AppData\Local\Temp\xprt1a8b.ico --------- 4286  
 06.02.2011 20:46     C:\Users\FIETE\AppData\Local\Temp\~DF5A63A6B6E139582A.TMP --------- 16384  
 05.02.2011 13:21     C:\Users\FIETE\AppData\Local\Temp\AdobeARM.log --------- 774394  
 05.02.2011 13:21     C:\Users\FIETE\AppData\Local\Temp\Dinar Bot v 1.0 by player23454.exe --------- 301163  
 04.02.2011 18:15     C:\Users\FIETE\AppData\Local\Temp\xprt329d.ico --------- 4286  
 04.02.2011 18:13     C:\Users\FIETE\AppData\Local\Temp\xprt0b80.ico --------- 4286  
 04.02.2011 18:12     C:\Users\FIETE\AppData\Local\Temp\xprt5edb.ico --------- 4286  
 04.02.2011 18:04     C:\Users\FIETE\AppData\Local\Temp\xprt40c4.ico --------- 4286  
 04.02.2011 08:11     C:\Users\FIETE\AppData\Local\Temp\sv9oj.tmp --------- 28663  
 02.02.2011 22:40     C:\Users\FIETE\AppData\Local\Temp\hstRcd.item --------- 238  
 02.02.2011 22:32     C:\Users\FIETE\AppData\Local\Temp\Sothink SWF Decompiler --------- 0  
 02.02.2011 22:21     C:\Users\FIETE\AppData\Local\Temp\xprt1740.ico --------- 4286  
 02.02.2011 22:01     C:\Users\FIETE\AppData\Local\Temp\RealPlayer.exe --------- 602464  
 02.02.2011 18:03     C:\Users\FIETE\AppData\Local\Temp\QTInstallCode.log --------- 34670  
 02.02.2011 18:01     C:\Users\FIETE\AppData\Local\Temp\SetupAdmin1B78.log --------- 84  
 02.02.2011 17:38     C:\Users\FIETE\AppData\Local\Temp\www5148.tmp --------- 164  
 31.01.2011 08:15     C:\Users\FIETE\AppData\Local\Temp\sv285.tmp --------- 28663  
 29.01.2011 17:53     C:\Users\FIETE\AppData\Local\Temp\OCS --------- 0  
 29.01.2011 14:34     C:\Users\FIETE\AppData\Local\Temp\PCW2C99.xml --------- 768  
 29.01.2011 14:34     C:\Users\FIETE\AppData\Local\Temp\PCW2C99.tmp --------- 0  
 23.01.2011 21:28     C:\Users\FIETE\AppData\Local\Temp\PCW7D9B.xml --------- 724  
 23.01.2011 21:28     C:\Users\FIETE\AppData\Local\Temp\PCW7D9B.tmp --------- 0  
 23.01.2011 19:34     C:\Users\FIETE\AppData\Local\Temp\modACC6.tmp --------- 222  
 23.01.2011 19:34     C:\Users\FIETE\AppData\Local\Temp\modA43B.tmp --------- 5  
 21.01.2011 17:12     C:\Users\FIETE\AppData\Local\Temp\svcaj.tmp --------- 28663  
 21.01.2011 17:11     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(201101211610091368).log --------- 17657  
 21.01.2011 17:10     C:\Users\FIETE\AppData\Local\Temp\SetupExe(201101211610071368).log --------- 3727  
 17.01.2011 20:18     C:\Users\FIETE\AppData\Local\Temp\HPDeviceSetupTimeSizeLog.txt --------- 346  
 17.01.2011 20:18     C:\Users\FIETE\AppData\Local\Temp\HP --------- 0  
 17.01.2011 20:17     C:\Users\FIETE\AppData\Local\Temp\HPSoftwareTimeSizeLog.txt --------- 400  
 17.01.2011 17:20     C:\Users\FIETE\AppData\Local\Temp\svf0d.tmp --------- 28663  
 15.01.2011 14:23     C:\Users\FIETE\AppData\Local\Temp\{} --------- 4096  
 11.01.2011 17:58     C:\Users\FIETE\AppData\Local\Temp\~DF3004B6D1C268F8F1.TMP --------- 16384  
 11.01.2011 17:57     C:\Users\FIETE\AppData\Local\Temp\~DFA8AADE5038417A96.TMP --------- 16384  
 10.01.2011 19:17     C:\Users\FIETE\AppData\Local\Temp\Cornel.ico --------- 135094  
 10.01.2011 19:17     C:\Users\FIETE\AppData\Local\Temp\Cornel.jpg --------- 30865  
 10.01.2011 19:17     C:\Users\FIETE\AppData\Local\Temp\Cornel.dll --------- 745336  
 06.01.2011 13:29     C:\Users\FIETE\AppData\Local\Temp\PCWD8DF.xml --------- 768  
 06.01.2011 13:29     C:\Users\FIETE\AppData\Local\Temp\PCWD8DF.tmp --------- 0  
 05.01.2011 15:39     C:\Users\FIETE\AppData\Local\Temp\~rnsetup --------- 98304  
 02.01.2011 00:04     C:\Users\FIETE\AppData\Local\Temp\FIETE.bmp --------- 31832  
 29.12.2010 17:58     C:\Users\FIETE\AppData\Local\Temp\SetupAdmin15A8.log --------- 86  
 29.12.2010 17:55     C:\Users\FIETE\AppData\Local\Temp\qtplugin.log --------- 4228  
 28.12.2010 15:09     C:\Users\FIETE\AppData\Local\Temp\~DF1FFAF3441FD118FA.TMP --------- 81920  
 28.12.2010 15:05     C:\Users\FIETE\AppData\Local\Temp\SCCLog.txt --------- 2614  
 28.12.2010 14:57     C:\Users\FIETE\AppData\Local\Temp\xprt40a0.ico --------- 4286  
 28.12.2010 13:24     C:\Users\FIETE\AppData\Local\Temp\TFRE4E4.tmp --------- 3356  
 28.12.2010 13:24     C:\Users\FIETE\AppData\Local\Temp\BingBarInstallerLogs --------- 0  
 27.12.2010 03:04     C:\Users\FIETE\AppData\Local\Temp\bsTempPath --------- 0  
 26.12.2010 13:40     C:\Users\FIETE\AppData\Local\Temp\temp0001 --------- 240  
 26.12.2010 13:40     C:\Users\FIETE\AppData\Local\Temp\temp0000 --------- 136  
 26.12.2010 13:35     C:\Users\FIETE\AppData\Local\Temp\AAX33E5.tmp --------- 38856  
 25.12.2010 22:02     C:\Users\FIETE\AppData\Local\Temp\SPW129E.tmp --------- 4096  
 25.12.2010 00:04     C:\Users\FIETE\AppData\Local\Temp\PCW9FF1.xml --------- 768  
 25.12.2010 00:04     C:\Users\FIETE\AppData\Local\Temp\PCW9FF1.tmp --------- 0  
 23.12.2010 15:38     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistMSI2CD0.txt --------- 370510  
 23.12.2010 15:38     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI2CD0.txt --------- 16438  
 23.12.2010 15:37     C:\Users\FIETE\AppData\Local\Temp\MpCmdRun.log --------- 3422  
 23.12.2010 15:01     C:\Users\FIETE\AppData\Local\Temp\miaACC4.tmp --------- 0  
 23.12.2010 13:21     C:\Users\FIETE\AppData\Local\Temp\~DF7AF580C4D4FA68A9.TMP --------- 65536  
 23.12.2010 02:40     C:\Users\FIETE\AppData\Local\Temp\ehCatalina.log --------- 0  
 23.12.2010 01:45     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI2EEE.txt --------- 11386  
 23.12.2010 01:45     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistMSI2EEE.txt --------- 348462  
 22.12.2010 18:56     C:\Users\FIETE\AppData\Local\Temp\Gast.bmp --------- 49208  
 22.12.2010 16:20     C:\Users\FIETE\AppData\Local\Temp\BrotherSoft_Extreme.exe --------- 2485072  
 22.12.2010 15:25     C:\Users\FIETE\AppData\Local\Temp\pdo1D9F.tmp --------- 0  
 21.12.2010 21:35     C:\Users\FIETE\AppData\Local\Temp\7zO119D.tmp --------- 0  
 21.12.2010 19:50     C:\Users\FIETE\AppData\Local\Temp\xprt4ccf.ico --------- 4286  
 21.12.2010 19:02     C:\Users\FIETE\AppData\Local\Temp\tmp~00009.tmp --------- 0  
 21.12.2010 17:05     C:\Users\FIETE\AppData\Local\Temp\tmp~00008.tmp --------- 0  
 21.12.2010 17:02     C:\Users\FIETE\AppData\Local\Temp\tmp~00007.tmp --------- 0  
 21.12.2010 13:00     C:\Users\FIETE\AppData\Local\Temp\svl5g.tmp --------- 28663  
 19.12.2010 22:21     C:\Users\FIETE\AppData\Local\Temp\tmp~00006.tmp --------- 0  
 19.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\tmp~00005.tmp --------- 0  
 19.12.2010 22:12     C:\Users\FIETE\AppData\Local\Temp\tmp~00004.tmp --------- 0  
 19.12.2010 22:11     C:\Users\FIETE\AppData\Local\Temp\tmp~00003.tmp --------- 0  
 19.12.2010 22:07     C:\Users\FIETE\AppData\Local\Temp\tmp~00002.tmp --------- 0  
 19.12.2010 22:07     C:\Users\FIETE\AppData\Local\Temp\tmp~00001.tmp --------- 0  
 19.12.2010 22:06     C:\Users\FIETE\AppData\Local\Temp\tmp~00000.tmp --------- 0  
 19.12.2010 15:16     C:\Users\FIETE\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 745  
 19.12.2010 14:51     C:\Users\FIETE\AppData\Local\Temp\tmp567A.tmp --------- 0  
 19.12.2010 14:40     C:\Users\FIETE\AppData\Local\Temp\nsg4952.tmp --------- 0  
 19.12.2010 14:25     C:\Users\FIETE\AppData\Local\Temp\plugtmp-24 --------- 0  
 19.12.2010 14:13     C:\Users\FIETE\AppData\Local\Temp\plugtmp-23 --------- 0  
 19.12.2010 07:01     C:\Users\FIETE\AppData\Local\Temp\B9310C8E.TMP --------- 122  
 18.12.2010 23:29     C:\Users\FIETE\AppData\Local\Temp\6C7068FB.TMP --------- 120  
 18.12.2010 13:48     C:\Users\FIETE\AppData\Local\Temp\de_software.ini --------- 3584  
 18.12.2010 13:47     C:\Users\FIETE\AppData\Local\Temp\de_mediarecovery.ini --------- 3328  
 18.12.2010 13:47     C:\Users\FIETE\AppData\Local\Temp\de_radiotracker.ini --------- 3072  
 18.12.2010 13:47     C:\Users\FIETE\AppData\Local\Temp\deutsch.ini --------- 3072  
 18.12.2010 13:20     C:\Users\FIETE\AppData\Local\Temp\5odthada.bmp --------- 134374  
 18.12.2010 00:23     C:\Users\FIETE\AppData\Local\Temp\pdo937B.tmp --------- 0  
 17.12.2010 23:52     C:\Users\FIETE\AppData\Local\Temp\PCWB57B.xml --------- 716  
 17.12.2010 23:52     C:\Users\FIETE\AppData\Local\Temp\PCWB57B.tmp --------- 0  
 17.12.2010 23:52     C:\Users\FIETE\AppData\Local\Temp\PCW6337.xml --------- 716  
 17.12.2010 23:52     C:\Users\FIETE\AppData\Local\Temp\PCW6337.tmp --------- 0  
 17.12.2010 23:48     C:\Users\FIETE\AppData\Local\Temp\PCWA314.xml --------- 716  
 17.12.2010 23:48     C:\Users\FIETE\AppData\Local\Temp\PCWA314.tmp --------- 0  
 17.12.2010 23:43     C:\Users\FIETE\AppData\Local\Temp\PCW8B31.xml --------- 716  
 17.12.2010 23:43     C:\Users\FIETE\AppData\Local\Temp\PCW8B31.tmp --------- 0  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt1444.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt5bd4.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt421a.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt75a3.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt77cb.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt2d26.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt0364.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt0f9d.ico --------- 4286  
 17.12.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\xprt0d18.ico --------- 4286  
 17.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\xprt1473.ico --------- 4286  
 17.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\xprt3cd5.ico --------- 4286  
 17.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\xprt7dc7.ico --------- 4286  
 17.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\xprt0f2b.ico --------- 4286  
 17.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\xprt2ad2.ico --------- 4286  
 17.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\xprt1d60.ico --------- 4286  
 17.12.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\xprt2462.ico --------- 4286  
 17.12.2010 22:18     C:\Users\FIETE\AppData\Local\Temp\xprt2de2.ico --------- 4286  
 17.12.2010 22:09     C:\Users\FIETE\AppData\Local\Temp\xprt1db4.ico --------- 4286  
 17.12.2010 22:08     C:\Users\FIETE\AppData\Local\Temp\xprt264e.ico --------- 4286  
 17.12.2010 21:26     C:\Users\FIETE\AppData\Local\Temp\WERF959.tmp.resp.erc.xml --------- 0  
 17.12.2010 20:55     C:\Users\FIETE\AppData\Local\Temp\xprt6afa.ico --------- 4286  
 17.12.2010 20:51     C:\Users\FIETE\AppData\Local\Temp\~DFA3F710D318BF1CCE.TMP --------- 32768  
 17.12.2010 19:06     C:\Users\FIETE\AppData\Local\Temp\PCW14C9.xml --------- 706  
 17.12.2010 19:06     C:\Users\FIETE\AppData\Local\Temp\PCW14C9.tmp --------- 0  
 17.12.2010 19:06     C:\Users\FIETE\AppData\Local\Temp\PCW77C0.xml --------- 706  
 17.12.2010 19:06     C:\Users\FIETE\AppData\Local\Temp\PCW77C0.tmp --------- 0  
 17.12.2010 18:42     C:\Users\FIETE\AppData\Local\Temp\pdo75DC.tmp --------- 0  
 17.12.2010 16:38     C:\Users\FIETE\AppData\Local\Temp\pdo8BFA.tmp --------- 0  
 17.12.2010 16:26     C:\Users\FIETE\AppData\Local\Temp\pdo8FFF.tmp --------- 0  
 17.12.2010 16:24     C:\Users\FIETE\AppData\Local\Temp\pdoBFD4.tmp --------- 0  
 17.12.2010 16:15     C:\Users\FIETE\AppData\Local\Temp\nspE189.tmp --------- 0  
 17.12.2010 15:34     C:\Users\FIETE\AppData\Local\Temp\pdoE52E.tmp --------- 0  
 16.12.2010 17:48     C:\Users\FIETE\AppData\Local\Temp\PCWE9E6.xml --------- 738  
 16.12.2010 17:48     C:\Users\FIETE\AppData\Local\Temp\PCWE9E6.tmp --------- 0  
 14.12.2010 18:15     C:\Users\FIETE\AppData\Local\Temp\~DF3B7660C2CE7F7C31.TMP --------- 32768  
 12.12.2010 22:47     C:\Users\FIETE\AppData\Local\Temp\~e5.0001 --------- 59964  
 12.12.2010 22:32     C:\Users\FIETE\AppData\Local\Temp\PCW863B.xml --------- 742  
 12.12.2010 22:32     C:\Users\FIETE\AppData\Local\Temp\PCW863B.tmp --------- 0  
 12.12.2010 21:36     C:\Users\FIETE\AppData\Local\Temp\~B0D2.tmp --------- 0  
 09.12.2010 13:52     C:\Users\FIETE\AppData\Local\Temp\GLF3CF.tmp.ConduitEngineSetup.exe --------- 157536  
 08.12.2010 18:42     C:\Users\FIETE\AppData\Local\Temp\Cab482.tmp --------- 30273  
 08.12.2010 18:42     C:\Users\FIETE\AppData\Local\Temp\Tar483.tmp --------- 0  
 05.12.2010 21:25     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(2010120520253012BC).log --------- 17807  
 05.12.2010 21:25     C:\Users\FIETE\AppData\Local\Temp\SetupExe(2010120520252912BC).log --------- 3718  
 05.12.2010 20:54     C:\Users\FIETE\AppData\Local\Temp\~DF00CED6D26FA04220.TMP --------- 65536  
 05.12.2010 11:06     C:\Users\FIETE\AppData\Local\Temp\~DF5246CF515429D692.TMP --------- 32768  
 30.11.2010 17:57     C:\Users\FIETE\AppData\Local\Temp\E220AutoRunLog.tmp --------- 26511  
 30.11.2010 17:55     C:\Users\FIETE\AppData\Local\Temp\UTPSDLL --------- 4096  
 29.11.2010 22:20     C:\Users\FIETE\AppData\Local\Temp\StructuredQuery.log --------- 10456  
 29.11.2010 21:06     C:\Users\FIETE\AppData\Local\Temp\SYMEVENT.LOG --------- 9907  
 29.11.2010 15:14     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI4754.txt --------- 13282  
 29.11.2010 15:14     C:\Users\FIETE\AppData\Local\Temp\de_nis2010.ini --------- 3072  
 29.11.2010 15:12     C:\Users\FIETE\AppData\Local\Temp\O&O MediaRecovery --------- 4096  
 29.11.2010 15:11     C:\Users\FIETE\AppData\Local\Temp\de_filemini.ini --------- 3072  
 25.11.2010 00:01     C:\Users\FIETE\AppData\Local\Temp\xprt1c52.ico --------- 4286  
 24.11.2010 23:51     C:\Users\FIETE\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe --------- 884512  
 22.11.2010 15:11     C:\Users\FIETE\AppData\Local\Temp\xprt66ab.ico --------- 4286  
 22.11.2010 14:51     C:\Users\FIETE\AppData\Local\Temp\xprt485d.ico --------- 4286  
 21.11.2010 22:08     C:\Users\FIETE\AppData\Local\Temp\xprt17ca.ico --------- 4286  
 21.11.2010 22:08     C:\Users\FIETE\AppData\Local\Temp\xprt1dcf.ico --------- 4286  
 21.11.2010 22:08     C:\Users\FIETE\AppData\Local\Temp\xprt0872.ico --------- 4286  
 21.11.2010 15:41     C:\Users\FIETE\AppData\Local\Temp\~DF250622F22E4E1F6C.TMP --------- 2310144  
 21.11.2010 15:39     C:\Users\FIETE\AppData\Local\Temp\~DFB537D0E022D99B4D.TMP --------- 2441216  
 21.11.2010 15:30     C:\Users\FIETE\AppData\Local\Temp\tmpDE71.tmp --------- 16288  
 21.11.2010 15:30     C:\Users\FIETE\AppData\Local\Temp\~DFEC35D3B0C1C71EB0.TMP --------- 16384  
 21.11.2010 15:28     C:\Users\FIETE\AppData\Local\Temp\screen2exe.scv --------- 4233271  
 20.11.2010 20:44     C:\Users\FIETE\AppData\Local\Temp\5wtm6qk8.dll --------- 8192  
 20.11.2010 20:44     C:\Users\FIETE\AppData\Local\Temp\5wtm6qk8.out --------- 1031  
 20.11.2010 20:44     C:\Users\FIETE\AppData\Local\Temp\5wtm6qk8.err --------- 0  
 20.11.2010 20:44     C:\Users\FIETE\AppData\Local\Temp\5wtm6qk8.0.cs --------- 11734  
 20.11.2010 20:44     C:\Users\FIETE\AppData\Local\Temp\5wtm6qk8.tmp --------- 0  
 20.11.2010 20:44     C:\Users\FIETE\AppData\Local\Temp\5wtm6qk8.cmdline --------- 426  
 20.11.2010 18:24     C:\Users\FIETE\AppData\Local\Temp\CFG23ED.tmp --------- 158  
 20.11.2010 18:23     C:\Users\FIETE\AppData\Local\Temp\CFG9D50.tmp --------- 158  
 20.11.2010 17:39     C:\Users\FIETE\AppData\Local\Temp\Paint.NET.3.5.6.Install.exe --------- 3706384  
 20.11.2010 17:38     C:\Users\FIETE\AppData\Local\Temp\tmp7DAF.tmp --------- 0  
 19.11.2010 00:54     C:\Users\FIETE\AppData\Local\Temp\WER6D6D.tmp.WERInternalMetadata.xml --------- 3020  
 17.11.2010 19:49     C:\Users\FIETE\AppData\Local\Temp\{FF612E69-65C1-4A39-9801-9838A788A859} --------- 4096  
 17.11.2010 18:05     C:\Users\FIETE\AppData\Local\Temp\SetupAdminA20.log --------- 86  
 17.11.2010 17:30     C:\Users\FIETE\AppData\Local\Temp\~DFEC4C214F75C26662.TMP --------- 32768  
 16.11.2010 23:19     C:\Users\FIETE\AppData\Local\Temp\sv857.tmp --------- 28663  
 16.11.2010 23:17     C:\Users\FIETE\AppData\Local\Temp\sv13b.tmp --------- 28663  
 16.11.2010 19:15     C:\Users\FIETE\AppData\Local\Temp\pdo1F3.tmp --------- 0  
 16.11.2010 18:03     C:\Users\FIETE\AppData\Local\Temp\{AEC53583-B8A1-49E9-A28B-55E7C61243F1} --------- 4096  
 16.11.2010 17:59     C:\Users\FIETE\AppData\Local\Temp\~DF942E57F7D9595A83.TMP --------- 98304  
 16.11.2010 17:59     C:\Users\FIETE\AppData\Local\Temp\{F3DC59D0-2064-42EF-AD56-BE6B1E33BA61} --------- 4096  
 16.11.2010 17:59     C:\Users\FIETE\AppData\Local\Temp\{DE95A766-1656-4241-B84E-C762AA551140} --------- 0  
 16.11.2010 17:59     C:\Users\FIETE\AppData\Local\Temp\02b673270b0b50a8d44ad649a71454c1.exe --------- 13542560  
 12.11.2010 20:33     C:\Users\FIETE\AppData\Local\Temp\Yahoo.xml --------- 863  
 11.11.2010 23:02     C:\Users\FIETE\AppData\Local\Temp\tmp93C7.tmp --------- 0  
 11.11.2010 22:55     C:\Users\FIETE\AppData\Local\Temp\dd_dotNetFx40_Full_x86_x64-1_decompression_log.txt --------- 1346  
 11.11.2010 22:55     C:\Users\FIETE\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20101111_215124905.html --------- 679256  
 11.11.2010 22:55     C:\Users\FIETE\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20101111_215124905-MSI_netfx_Extended_x64.msi.txt --------- 4030796  
 11.11.2010 22:55     C:\Users\FIETE\AppData\Local\Temp\ASPNETSetup_00003.log --------- 3432  
 11.11.2010 22:55     C:\Users\FIETE\AppData\Local\Temp\ASPNETSetup_00002.log --------- 5166  
 11.11.2010 22:55     C:\Users\FIETE\AppData\Local\Temp\RGIC3E7.tmp --------- 10668  
 11.11.2010 22:55     C:\Users\FIETE\AppData\Local\Temp\RGIC3E7.tmp-tmp --------- 9234  
 11.11.2010 22:54     C:\Users\FIETE\AppData\Local\Temp\dd_wcf_CA_smci_20101111_205457_343.txt --------- 4702  
 11.11.2010 22:54     C:\Users\FIETE\AppData\Local\Temp\dd_wcf_CA_smci_20101111_205455_191.txt --------- 6888  
 11.11.2010 22:54     C:\Users\FIETE\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20101111_215124905-MSI_netfx_Core_x64.msi.txt --------- 7513794  
 10.11.2010 19:17     C:\Users\FIETE\AppData\Local\Temp\MINDSTORMSNXT_7.1.5_FIETE_log.txt --------- 136  
 10.11.2010 17:01     C:\Users\FIETE\AppData\Local\Temp\~DF74D6F6BBA2AD9EAB.TMP --------- 32768  
 10.11.2010 00:57     C:\Users\FIETE\AppData\Local\Temp\~DF5B5CAAC3C9923E7C.TMP --------- 32768  
 10.11.2010 00:57     C:\Users\FIETE\AppData\Local\Temp\ripsetup.exe --------- 401056  
 10.11.2010 00:54     C:\Users\FIETE\AppData\Local\Temp\~DF5828A5951CDC5C45.TMP --------- 32768  
 10.11.2010 00:54     C:\Users\FIETE\AppData\Local\Temp\~DFAE75575943C86115.TMP --------- 32768  
 06.11.2010 17:56     C:\Users\FIETE\AppData\Local\Temp\DMIF6E3.tmp --------- 0  
 06.11.2010 17:35     C:\Users\FIETE\AppData\Local\Temp\PCW9EC5.xml --------- 756  
 06.11.2010 17:35     C:\Users\FIETE\AppData\Local\Temp\PCW9EC5.tmp --------- 0  
 06.11.2010 11:47     C:\Users\FIETE\AppData\Local\Temp\PCWDA87.xml --------- 720  
 06.11.2010 11:47     C:\Users\FIETE\AppData\Local\Temp\PCWDA87.tmp --------- 0  
 06.11.2010 10:40     C:\Users\FIETE\AppData\Local\Temp\PCW1BF8.xml --------- 720  
 06.11.2010 10:40     C:\Users\FIETE\AppData\Local\Temp\PCW1BF8.tmp --------- 0  
 05.11.2010 16:56     C:\Users\FIETE\AppData\Local\Temp\PCW3E77.xml --------- 712  
 05.11.2010 16:56     C:\Users\FIETE\AppData\Local\Temp\PCW3E77.tmp --------- 0  
 04.11.2010 22:31     C:\Users\FIETE\AppData\Local\Temp\PCW8BBC.xml --------- 710  
 04.11.2010 22:31     C:\Users\FIETE\AppData\Local\Temp\PCW8BBC.tmp --------- 0  
 04.11.2010 18:12     C:\Users\FIETE\AppData\Local\Temp\SetupAdminF70.log --------- 85  
 04.11.2010 18:08     C:\Users\FIETE\AppData\Local\Temp\MSI7ab0f.LOG --------- 1528  
 04.11.2010 11:57     C:\Users\FIETE\AppData\Local\Temp\FFSetupSoftonic260.exe --------- 36895984  
 15.10.2010 23:50     C:\Users\FIETE\AppData\Local\Temp\5633.tmp --------- 0  
 15.10.2010 20:09     C:\Users\FIETE\AppData\Local\Temp\~DF96E46035A56AE9A7.TMP --------- 16384  
 08.10.2010 19:57     C:\Users\FIETE\AppData\Local\Temp\tmp48C9.tmp --------- 0  
 08.10.2010 19:42     C:\Users\FIETE\AppData\Local\Temp\svk8j.tmp --------- 28663  
 08.10.2010 19:39     C:\Users\FIETE\AppData\Local\Temp\svl3i.tmp --------- 28663  
 08.10.2010 19:38     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(201010081938381138).log --------- 17656  
 08.10.2010 19:38     C:\Users\FIETE\AppData\Local\Temp\SetupExe(201010081938371138).log --------- 3724  
 08.10.2010 10:42     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(201010081042448C0).log --------- 17654  
 08.10.2010 10:42     C:\Users\FIETE\AppData\Local\Temp\SetupExe(201010081042438C0).log --------- 3720  
 08.10.2010 10:39     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(201010081038491264).log --------- 5155  
 08.10.2010 10:38     C:\Users\FIETE\AppData\Local\Temp\SetupExe(201010081038481264).log --------- 3721  
 08.10.2010 08:46     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20101008084644132C).log --------- 17655  
 08.10.2010 08:46     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20101008084643132C).log --------- 3721  
 07.10.2010 15:39     C:\Users\FIETE\AppData\Local\Temp\plugtmp-14 --------- 4096  
 06.10.2010 14:21     C:\Users\FIETE\AppData\Local\Temp\SearchWithGoogleUpdate.exe --------- 426552  
 04.10.2010 20:32     C:\Users\FIETE\AppData\Local\Temp\AAX84D9.tmp --------- 42524  
 04.10.2010 20:14     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20101004201433103C).log --------- 17657  
 04.10.2010 20:14     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20101004201432103C).log --------- 3727  
 04.10.2010 20:00     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20101004200009DE8).log --------- 17656  
 04.10.2010 20:00     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20101004200009DE8).log --------- 3726  
 04.10.2010 15:29     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(2010100415285515E8).log --------- 17657  
 04.10.2010 15:28     C:\Users\FIETE\AppData\Local\Temp\SetupExe(2010100415285315E8).log --------- 3727  
 02.10.2010 16:37     C:\Users\FIETE\AppData\Local\Temp\xprt0151.ico --------- 4286  
 23.09.2010 22:18     C:\Users\FIETE\AppData\Local\Temp\xprt3d20.ico --------- 4286  
 23.09.2010 22:18     C:\Users\FIETE\AppData\Local\Temp\xprt412c.ico --------- 4286  
 23.09.2010 16:27     C:\Users\FIETE\AppData\Local\Temp\pdo26B5.tmp --------- 0  
 21.09.2010 23:53     C:\Users\FIETE\AppData\Local\Temp\ztnmjf3j.out --------- 546  
 21.09.2010 23:53     C:\Users\FIETE\AppData\Local\Temp\ztnmjf3j.err --------- 0  
 21.09.2010 23:53     C:\Users\FIETE\AppData\Local\Temp\ztnmjf3j.cmdline --------- 426  
 21.09.2010 23:53     C:\Users\FIETE\AppData\Local\Temp\ztnmjf3j.tmp --------- 0  
 21.09.2010 23:53     C:\Users\FIETE\AppData\Local\Temp\ztnmjf3j.0.cs --------- 11734  
 21.09.2010 23:53     C:\Users\FIETE\AppData\Local\Temp\ztnmjf3j.dll --------- 0  
 20.09.2010 14:29     C:\Users\FIETE\AppData\Local\Temp\xprt0ef2.ico --------- 4286  
 19.09.2010 22:45     C:\Users\FIETE\AppData\Local\Temp\~DF2F1E253A1C64ED13.TMP --------- 16384  
 19.09.2010 10:51     C:\Users\FIETE\AppData\Local\Temp\xprt52c6.ico --------- 4286  
 16.09.2010 23:17     C:\Users\FIETE\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe --------- 875296  
 14.09.2010 14:45     C:\Users\FIETE\AppData\Local\Temp\PerX Injector.rar --------- 206918  
 13.09.2010 18:08     C:\Users\FIETE\AppData\Local\Temp\DMI143B.tmp --------- 0  
 09.09.2010 14:12     C:\Users\FIETE\AppData\Local\Temp\cpes_clean_log_20100909141239.log --------- 1735  
 09.09.2010 14:12     C:\Users\FIETE\AppData\Local\Temp\ucaevents.log --------- 1309584  
 09.09.2010 14:12     C:\Users\FIETE\AppData\Local\Temp\MSI97ac.LOG --------- 186392  
 09.09.2010 14:10     C:\Users\FIETE\AppData\Local\Temp\MSI9471.LOG --------- 640468  
 09.09.2010 14:10     C:\Users\FIETE\AppData\Local\Temp\kl-cleanapi-2010-09-09-14-10-42.log --------- 863  
 09.09.2010 14:10     C:\Users\FIETE\AppData\Local\Temp\kl-cleanapi-2010-09-09-14-10-13.log --------- 373  
 09.09.2010 14:10     C:\Users\FIETE\AppData\Local\Temp\kl-cleanapi-2010-09-09-14-09-28.log --------- 370  
 09.09.2010 14:07     C:\Users\FIETE\AppData\Local\Temp\cpes_clean_log_20100909140712.log --------- 16889  
 09.09.2010 14:05     C:\Users\FIETE\AppData\Local\Temp\kl-install-2010-09-09-14-03-13.log --------- 489416  
 09.09.2010 14:05     C:\Users\FIETE\AppData\Local\Temp\kl-cleanapi-2010-09-09-14-05-41.log --------- 373  
 09.09.2010 14:05     C:\Users\FIETE\AppData\Local\Temp\kl-cleanapi-2010-09-09-14-04-50.log --------- 443  
 09.09.2010 14:03     C:\Users\FIETE\AppData\Local\Temp\kl-setup-2010-09-09-14-03-13.log --------- 9488  
 09.09.2010 14:03     C:\Users\FIETE\AppData\Local\Temp\tmpB2AC.tmp --------- 0  
 09.09.2010 13:48     C:\Users\FIETE\AppData\Local\Temp\~DFCF097D8759F084DE.TMP --------- 65536  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\GLGC3A4.tmp --------- 8627  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\090810205625 --------- 4096  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\GLF199C.tmp --------- 0  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\GLFF402.tmp --------- 0  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\GLFEF21.tmp --------- 0  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\GLFEDA9.tmp --------- 0  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\GLFECAF.tmp --------- 0  
 08.09.2010 21:07     C:\Users\FIETE\AppData\Local\Temp\GLFA0DF.tmp --------- 0  
 08.09.2010 20:56     C:\Users\FIETE\AppData\Local\Temp\GLFD298.tmp --------- 0  
 08.09.2010 20:56     C:\Users\FIETE\AppData\Local\Temp\GLFD297.tmp --------- 0  
 08.09.2010 20:56     C:\Users\FIETE\AppData\Local\Temp\GLFD277.tmp --------- 0  
 08.09.2010 20:56     C:\Users\FIETE\AppData\Local\Temp\GLHBF7D.tmp --------- 33792  
 08.09.2010 20:56     C:\Users\FIETE\AppData\Local\Temp\GLCBF2E.tmp --------- 165376  
 08.09.2010 19:55     C:\Users\FIETE\AppData\Local\Temp\xprt05a7.ico --------- 4286  
 08.09.2010 17:12     C:\Users\FIETE\AppData\Local\Temp\SetupAdmin1238.log --------- 84  
 07.09.2010 19:12     C:\Users\FIETE\AppData\Local\Temp\modA5F2.tmp --------- 222  
 07.09.2010 19:12     C:\Users\FIETE\AppData\Local\Temp\~DF8AC401DCD39E9261.TMP --------- 147456  
 07.09.2010 19:12     C:\Users\FIETE\AppData\Local\Temp\mod384E.tmp --------- 5  
 07.09.2010 17:38     C:\Users\FIETE\AppData\Local\Temp\xprt5285.ico --------- 4286  
 06.09.2010 23:15     C:\Users\FIETE\AppData\Local\Temp\xprt7be6.ico --------- 4286  
 06.09.2010 23:12     C:\Users\FIETE\AppData\Local\Temp\setup~1 --------- 0  
 06.09.2010 23:01     C:\Users\FIETE\AppData\Local\Temp\~DF1F1192EC78625B34.TMP --------- 81920  
 06.09.2010 22:59     C:\Users\FIETE\AppData\Local\Temp\7zO11CE.tmp --------- 0  
 06.09.2010 20:24     C:\Users\FIETE\AppData\Local\Temp\apymm1wx.bmp --------- 1364022  
 05.09.2010 12:30     C:\Users\FIETE\AppData\Local\Temp\DMI8E5A.tmp --------- 0  
 05.09.2010 12:25     C:\Users\FIETE\AppData\Local\Temp\svgo2.tmp --------- 28663  
 05.09.2010 12:24     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20100905122429E88).log --------- 17654  
 05.09.2010 12:24     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20100905122428E88).log --------- 3720  
 04.09.2010 23:03     C:\Users\FIETE\AppData\Local\Temp\~DFD3BB1B89F245ECD2.TMP --------- 16384  
 04.09.2010 22:56     C:\Users\FIETE\AppData\Local\Temp\~DF5F2C2C05BDECB52B.TMP --------- 16384  
 03.09.2010 22:19     C:\Users\FIETE\AppData\Local\Temp\sv1a4.tmp --------- 28663  
 03.09.2010 22:18     C:\Users\FIETE\AppData\Local\Temp\svb1e.tmp --------- 28663  
 03.09.2010 22:16     C:\Users\FIETE\AppData\Local\Temp\PCW653D.xml --------- 764  
 03.09.2010 22:16     C:\Users\FIETE\AppData\Local\Temp\PCW653D.tmp --------- 0  
 03.09.2010 22:16     C:\Users\FIETE\AppData\Local\Temp\~DFD8752BF565CAB2E4.TMP --------- 32768  
 03.09.2010 16:15     C:\Users\FIETE\AppData\Local\Temp\DMI5457.tmp --------- 0  
 03.09.2010 15:05     C:\Users\FIETE\AppData\Local\Temp\~DFEECCADD31A6A4B0D.TMP --------- 65536  
 03.09.2010 15:01     C:\Users\FIETE\AppData\Local\Temp\TMP-OFKGL_3.9.2010 --------- 355  
 02.09.2010 22:53     C:\Users\FIETE\AppData\Local\Temp\TMP-OFKGL_2.9.2010 --------- 36433  
 02.09.2010 22:07     C:\Users\FIETE\AppData\Local\Temp\36983913231492577.tmp --------- 210225  
 02.09.2010 22:07     C:\Users\FIETE\AppData\Local\Temp\415303181931492530.tmp --------- 2740  
 02.09.2010 14:59     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistMSI604C.txt --------- 399080  
 02.09.2010 14:59     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI604C.txt --------- 11182  
 02.09.2010 14:59     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI5F9F.txt --------- 11622  
 02.09.2010 14:59     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistMSI5F9F.txt --------- 405070  
 02.09.2010 14:28     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20100902142804944).log --------- 17654  
 02.09.2010 14:28     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20100902142803944).log --------- 3720  
 01.09.2010 16:02     C:\Users\FIETE\AppData\Local\Temp\DMIC1F7.tmp --------- 0  
 27.08.2010 22:52     C:\Users\FIETE\AppData\Local\Temp\V71zTZXd.pls.part --------- 0  
 26.08.2010 21:59     C:\Users\FIETE\AppData\Local\Temp\415303181930438556.tmp --------- 2740  
 26.08.2010 17:33     C:\Users\FIETE\AppData\Local\Temp\415303181914508436.tmp --------- 2741  
 25.08.2010 23:58     C:\Users\FIETE\AppData\Local\Temp\TFR304C.tmp --------- 28671  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRC97B.tmp --------- 67994  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRAC7F.tmp --------- 20560  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRAC7E.tmp --------- 71682  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRAC49.tmp --------- 10225  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRAC36.tmp --------- 35574  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRAC24.tmp --------- 56657  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRAC01.tmp --------- 32204  
 25.08.2010 23:47     C:\Users\FIETE\AppData\Local\Temp\TFRABF0.tmp --------- 40950  
 25.08.2010 23:46     C:\Users\FIETE\AppData\Local\Temp\TFRD04D.tmp --------- 23427  
 25.08.2010 23:45     C:\Users\FIETE\AppData\Local\Temp\TFR2155.tmp --------- 59218  
 25.08.2010 23:45     C:\Users\FIETE\AppData\Local\Temp\TFREFD6.tmp --------- 46660  
 25.08.2010 23:44     C:\Users\FIETE\AppData\Local\Temp\TFR8210.tmp --------- 156060  
 25.08.2010 23:44     C:\Users\FIETE\AppData\Local\Temp\TFR81DD.tmp --------- 152556  
 25.08.2010 23:44     C:\Users\FIETE\AppData\Local\Temp\TFR81CC.tmp --------- 154565  
 25.08.2010 22:53     C:\Users\FIETE\AppData\Local\Temp\7zOA116.tmp --------- 0  
 25.08.2010 18:15     C:\Users\FIETE\AppData\Local\Temp\41530318198647431.tmp --------- 2740  
 24.08.2010 17:23     C:\Users\FIETE\AppData\Local\Temp\415303181914791421.tmp --------- 2741  
 23.08.2010 22:37     C:\Users\FIETE\AppData\Local\Temp\plugtmp-3 --------- 4096  
 23.08.2010 20:22     C:\Users\FIETE\AppData\Local\Temp\DMI6F7B.tmp --------- 0  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFRBAFE.tmp --------- 28671  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFRBAED.tmp --------- 36182  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7B28.tmp --------- 23427  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7B17.tmp --------- 67994  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7B15.tmp --------- 21122  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7B05.tmp --------- 27777  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7B04.tmp --------- 67560  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7AE3.tmp --------- 59218  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7AB0.tmp --------- 46660  
 23.08.2010 15:46     C:\Users\FIETE\AppData\Local\Temp\TFR7A51.tmp --------- 46021  
 22.08.2010 20:59     C:\Users\FIETE\AppData\Local\Temp\Tool-Store-Log.txt --------- 3646  
 22.08.2010 02:24     C:\Users\FIETE\AppData\Local\Temp\WERC537.tmp.resp.erc.xml --------- 0  
 22.08.2010 00:08     C:\Users\FIETE\AppData\Local\Temp\0822000800000aa41ws59jnb6e --------- 0  
 22.08.2010 00:07     C:\Users\FIETE\AppData\Local\Temp\0822000700000aa4oieilvhvy6 --------- 0  
 22.08.2010 00:07     C:\Users\FIETE\AppData\Local\Temp\0822000700000aa4bgn5e8l8cx --------- 0  
 22.08.2010 00:06     C:\Users\FIETE\AppData\Local\Temp\0822000600000aa41li2xfhk89 --------- 0  
 22.08.2010 00:06     C:\Users\FIETE\AppData\Local\Temp\0822000600000aa4491oijek3v --------- 0  
 22.08.2010 00:05     C:\Users\FIETE\AppData\Local\Temp\0822000500000aa4p21ehvws7h --------- 0  
 22.08.2010 00:05     C:\Users\FIETE\AppData\Local\Temp\0822000500000aa4dcu1wbzq2d --------- 0  
 22.08.2010 00:05     C:\Users\FIETE\AppData\Local\Temp\0822000500000aa48l3b0158fl --------- 0  
 21.08.2010 23:33     C:\Users\FIETE\AppData\Local\Temp\4153031819114231716.tmp --------- 2740  
 21.08.2010 19:33     C:\Users\FIETE\AppData\Local\Temp\415303181999831155.tmp --------- 2741  
 21.08.2010 15:33     C:\Users\FIETE\AppData\Local\Temp\415303181985430765.tmp --------- 2740  
 21.08.2010 11:32     C:\Users\FIETE\AppData\Local\Temp\415303181971029111.tmp --------- 2740  
 21.08.2010 10:10     C:\Users\FIETE\AppData\Local\Temp\nsx4F2F.tmp --------- 0  
 21.08.2010 07:32     C:\Users\FIETE\AppData\Local\Temp\415303181956627380.tmp --------- 2740  
 21.08.2010 03:32     C:\Users\FIETE\AppData\Local\Temp\415303181942224884.tmp --------- 2740  
 20.08.2010 23:32     C:\Users\FIETE\AppData\Local\Temp\415303181927818581.tmp --------- 2741  
 20.08.2010 23:02     C:\Users\FIETE\AppData\Local\Temp\pdo78DE.tmp --------- 0  
 20.08.2010 23:01     C:\Users\FIETE\AppData\Local\Temp\swt-win32-3349.dll --------- 135168  
 20.08.2010 19:32     C:\Users\FIETE\AppData\Local\Temp\415303181913417209.tmp --------- 2740  
 20.08.2010 16:39     C:\Users\FIETE\AppData\Local\Temp\dd_dotNetFx40_Full_x86_x64_decompression_log.txt --------- 1316  
 20.08.2010 16:35     C:\Users\FIETE\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20100820_163254665.html --------- 692932  
 20.08.2010 16:35     C:\Users\FIETE\AppData\Local\Temp\Microsoft .NET Framework 4 Setup_20100820_163254665-MSI_netfx_Extended_x64.msi.txt --------- 3483926  
 20.08.2010 16:35     C:\Users\FIETE\AppData\Local\Temp\dd_SetupUtility.txt --------- 660  
 20.08.2010 16:34     C:\Users\FIETE\AppData\Local\Temp\ASPNETSetup_00001.log --------- 3432  
 20.08.2010 16:34     C:\Users\FIETE\AppData\Local\Temp\ASPNETSetup_00000.log --------- 4716  
 20.08.2010 16:34     C:\Users\FIETE\AppData\Local\Temp\RGI5BBB.tmp --------- 10668  
 20.08.2010 16:34     C:\Users\FIETE\AppData\Local\Temp\RGI5BBB.tmp-tmp --------- 9234  
 20.08.2010 16:33     C:\Users\FIETE\AppData\Local\Temp\dd_wcf_CA_smci_20100820_143348_534.txt --------- 4702  
 20.08.2010 16:33     C:\Users\FIETE\AppData\Local\Temp\dd_wcf_CA_smci_20100820_143343_465.txt --------- 6880  
 20.08.2010 15:55     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI1354.txt --------- 14374  
 20.08.2010 15:55     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistMSI1354.txt --------- 485660  
 20.08.2010 15:31     C:\Users\FIETE\AppData\Local\Temp\xprt59ae.ico --------- 4286  
 19.08.2010 22:58     C:\Users\FIETE\AppData\Local\Temp\PCWA99E.xml --------- 786  
 19.08.2010 22:58     C:\Users\FIETE\AppData\Local\Temp\PCWA99E.tmp --------- 0  
 19.08.2010 21:14     C:\Users\FIETE\AppData\Local\Temp\415303181918816559.tmp --------- 2740  
 19.08.2010 16:05     C:\Users\FIETE\AppData\Local\Temp\4153031819291425.tmp --------- 2740  
 18.08.2010 17:13     C:\Users\FIETE\AppData\Local\Temp\SetupAdminF6C.log --------- 85  
 18.08.2010 16:04     C:\Users\FIETE\AppData\Local\Temp\4153031819652895.tmp --------- 2740  
 17.08.2010 22:50     C:\Users\FIETE\AppData\Local\Temp\divCC72.tmp --------- 0  
 17.08.2010 22:46     C:\Users\FIETE\AppData\Local\Temp\{C8A655AA-DC25-488E-A40E-C2BE3934E9BD}.tmp --------- 100  
 17.08.2010 22:39     C:\Users\FIETE\AppData\Local\Temp\xprt5e06.ico --------- 4286  
 17.08.2010 19:45     C:\Users\FIETE\AppData\Local\Temp\xprt042f.ico --------- 4286  
 17.08.2010 18:40     C:\Users\FIETE\AppData\Local\Temp\xprt392b.ico --------- 4286  
 17.08.2010 18:22     C:\Users\FIETE\AppData\Local\Temp\xprt19c5.ico --------- 4286  
 17.08.2010 17:17     C:\Users\FIETE\AppData\Local\Temp\LastScan.txt --------- 38004  
 17.08.2010 17:16     C:\Users\FIETE\AppData\Local\Temp\restart.a2s --------- 491  
 17.08.2010 16:20     C:\Users\FIETE\AppData\Local\Temp\{CF54D28B-F66C-4971-990C-6EA893EA9909}.tmp --------- 100  
 17.08.2010 13:25     C:\Users\FIETE\AppData\Local\Temp\4153031819340347.tmp --------- 2742  
 17.08.2010 13:21     C:\Users\FIETE\AppData\Local\Temp\div3E6.tmp --------- 0  
 17.08.2010 12:13     C:\Users\FIETE\AppData\Local\Temp\FFSetupSoftonic250.exe --------- 37584120  
 16.08.2010 17:38     C:\Users\FIETE\AppData\Local\Temp\415303181940141412.tmp --------- 2744  
 16.08.2010 14:38     C:\Users\FIETE\AppData\Local\Temp\~DFF0729D76C0F38811.TMP --------- 16384  
 16.08.2010 06:30     C:\Users\FIETE\AppData\Local\Temp\divF620.tmp --------- 0  
 15.08.2010 12:09     C:\Users\FIETE\AppData\Local\Temp\divF16F.tmp --------- 0  
 14.08.2010 18:54     C:\Users\FIETE\AppData\Local\Temp\div95E8.tmp --------- 0  
 14.08.2010 08:38     C:\Users\FIETE\AppData\Local\Temp\41530318191031790.tmp --------- 2744  
 14.08.2010 08:22     C:\Users\FIETE\AppData\Local\Temp\div8C.tmp --------- 0  
 13.08.2010 11:36     C:\Users\FIETE\AppData\Local\Temp\4153031819626500.tmp --------- 2744  
 13.08.2010 11:27     C:\Users\FIETE\AppData\Local\Temp\div8C85.tmp --------- 0  
 12.08.2010 22:25     C:\Users\FIETE\AppData\Local\Temp\divD7D7.tmp --------- 0  
 12.08.2010 18:46     C:\Users\FIETE\AppData\Local\Temp\divC503.tmp --------- 0  
 12.08.2010 14:25     C:\Users\FIETE\AppData\Local\Temp\xprt5d89.ico --------- 4286  
 12.08.2010 10:44     C:\Users\FIETE\AppData\Local\Temp\4153031819163847912.tmp --------- 2744  
 11.08.2010 23:46     C:\Users\FIETE\AppData\Local\Temp\PCW7F14.xml --------- 810  
 11.08.2010 23:46     C:\Users\FIETE\AppData\Local\Temp\PCW7F14.tmp --------- 0  
 11.08.2010 09:26     C:\Users\FIETE\AppData\Local\Temp\415303181972781127.tmp --------- 2744  
 10.08.2010 23:30     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20100810233038468).log --------- 17655  
 10.08.2010 23:30     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20100810233037468).log --------- 3723  
 10.08.2010 23:26     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20100810232643F4C).log --------- 17655  
 10.08.2010 23:26     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20100810232643F4C).log --------- 3723  
 10.08.2010 23:21     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(20100810232136F9C).log --------- 17655  
 10.08.2010 23:21     C:\Users\FIETE\AppData\Local\Temp\SetupExe(20100810232136F9C).log --------- 3723  
 10.08.2010 23:20     C:\Users\FIETE\AppData\Local\Temp\UserInfoSetup(201008102320241364).log --------- 17656  
 10.08.2010 23:20     C:\Users\FIETE\AppData\Local\Temp\SetupExe(201008102320231364).log --------- 3724  
 10.08.2010 19:13     C:\Users\FIETE\AppData\Local\Temp\GWoTDrbb.mp3.part --------- 0  
 10.08.2010 19:09     C:\Users\FIETE\AppData\Local\Temp\5gAADUe+.htm.part --------- 0  
 10.08.2010 19:09     C:\Users\FIETE\AppData\Local\Temp\yP7vBJfx.htm.part --------- 0  
 10.08.2010 13:48     C:\Users\FIETE\AppData\Local\Temp\41530318192081443.tmp --------- 2743  
 10.08.2010 13:14     C:\Users\FIETE\AppData\Local\Temp\divECE.tmp --------- 0  
 10.08.2010 11:38     C:\Users\FIETE\AppData\Local\Temp\divF381.tmp --------- 0  
 10.08.2010 01:01     C:\Users\FIETE\AppData\Local\Temp\div314C.tmp --------- 0  
 09.08.2010 11:09     C:\Users\FIETE\AppData\Local\Temp\divD316.tmp --------- 0  
 08.08.2010 23:15     C:\Users\FIETE\AppData\Local\Temp\{67E2EBB8-3BC2-4A97-8276-8081028DE0A3} --------- 4096  
 08.08.2010 23:15     C:\Users\FIETE\AppData\Local\Temp\513e.rra --------- 262144  
 08.08.2010 23:15     C:\Users\FIETE\AppData\Local\Temp\41530318191109884.tmp --------- 2742  
 08.08.2010 22:57     C:\Users\FIETE\AppData\Local\Temp\divC4C4.tmp --------- 0  
 08.08.2010 12:42     C:\Users\FIETE\AppData\Local\Temp\divC8CA.tmp --------- 0  
 07.08.2010 17:38     C:\Users\FIETE\AppData\Local\Temp\divC34E.tmp --------- 0  
 07.08.2010 10:18     C:\Users\FIETE\AppData\Local\Temp\divE510.tmp --------- 0  
 06.08.2010 17:03     C:\Users\FIETE\AppData\Local\Temp\TC00214900D.temp --------- 4096  
 06.08.2010 17:02     C:\Users\FIETE\AppData\Local\Temp\7zOCFF2.tmp --------- 0  
 06.08.2010 14:39     C:\Users\FIETE\AppData\Local\Temp\415303181915176058.tmp --------- 2743  
 06.08.2010 10:31     C:\Users\FIETE\AppData\Local\Temp\4153031819300301.tmp --------- 2742  
 06.08.2010 10:31     C:\Users\FIETE\AppData\Local\Temp\369839132300317.tmp --------- 210225  
 06.08.2010 10:27     C:\Users\FIETE\AppData\Local\Temp\divCF11.tmp --------- 0  
 05.08.2010 23:40     C:\Users\FIETE\AppData\Local\Temp\xtraz_log.txt --------- 21576  
 05.08.2010 22:21     C:\Users\FIETE\AppData\Local\Temp\vdsdk.sys --------- 23576  
 05.08.2010 16:30     C:\Users\FIETE\AppData\Local\Temp\4153031819268992.tmp --------- 2742  
 05.08.2010 16:30     C:\Users\FIETE\AppData\Local\Temp\369839132269008.tmp --------- 210225  
 05.08.2010 16:27     C:\Users\FIETE\AppData\Local\Temp\divEE82.tmp --------- 0  
 05.08.2010 13:47     C:\Users\FIETE\AppData\Local\Temp\__SkypeDialog_Cache --------- 40960  
 05.08.2010 10:11     C:\Users\FIETE\AppData\Local\Temp\geColladaModelCacheLock --------- 0  
 05.08.2010 10:11     C:\Users\FIETE\AppData\Local\Temp\geIconCacheLock --------- 0  
 05.08.2010 02:14     C:\Users\FIETE\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe --------- 875296  
 04.08.2010 18:37     C:\Users\FIETE\AppData\Local\Temp\415303181929484594.tmp --------- 2742  
 04.08.2010 10:30     C:\Users\FIETE\AppData\Local\Temp\4153031819262409.tmp --------- 2742  
 04.08.2010 10:27     C:\Users\FIETE\AppData\Local\Temp\divB46.tmp --------- 0  
 03.08.2010 21:02     C:\Users\FIETE\AppData\Local\Temp\415303181928587370.tmp --------- 2742  
 03.08.2010 13:07     C:\Users\FIETE\AppData\Local\Temp\div52E.tmp --------- 0  
 02.08.2010 19:56     C:\Users\FIETE\AppData\Local\Temp\div4E0.tmp --------- 0  
 01.08.2010 12:44     C:\Users\FIETE\AppData\Local\Temp\divBD74.tmp --------- 0  
 31.07.2010 18:05     C:\Users\FIETE\AppData\Local\Temp\divBE9D.tmp --------- 0  
 31.07.2010 11:47     C:\Users\FIETE\AppData\Local\Temp\Cookies --------- 0  
 31.07.2010 11:47     C:\Users\FIETE\AppData\Local\Temp\div7158.tmp --------- 0  
 30.07.2010 12:18     C:\Users\FIETE\AppData\Local\Temp\divA6D9.tmp --------- 0  
 30.07.2010 12:18     C:\Users\FIETE\AppData\Local\Temp\History --------- 0  
 30.07.2010 12:18     C:\Users\FIETE\AppData\Local\Temp\Temporary Internet Files --------- 0  
 29.07.2010 22:21     C:\Users\FIETE\AppData\Local\Temp\div8B12.tmp --------- 0  
 29.07.2010 19:35     C:\Users\FIETE\AppData\Local\Temp\divAEE4.tmp --------- 0  
 29.07.2010 07:11     C:\Users\FIETE\AppData\Local\Temp\divCA9E.tmp --------- 0  
 28.07.2010 11:20     C:\Users\FIETE\AppData\Local\Temp\div1110.tmp --------- 0  
 27.07.2010 12:27     C:\Users\FIETE\AppData\Local\Temp\config.model.xml --------- 4539  
 27.07.2010 10:12     C:\Users\FIETE\AppData\Local\Temp\div5B87.tmp --------- 0  
 26.07.2010 09:54     C:\Users\FIETE\AppData\Local\Temp\divD142.tmp --------- 0  
 25.07.2010 21:46     C:\Users\FIETE\AppData\Local\Temp\divB9FB.tmp --------- 0  
 25.07.2010 11:41     C:\Users\FIETE\AppData\Local\Temp\divCDC9.tmp --------- 0  
 25.07.2010 10:41     C:\Users\FIETE\AppData\Local\Temp\divCB97.tmp --------- 0  
 24.07.2010 19:24     C:\Users\FIETE\AppData\Local\Temp\divCC81.tmp --------- 0  
 24.07.2010 16:43     C:\Users\FIETE\AppData\Local\Temp\41530318197462229.tmp --------- 2744  
 24.07.2010 14:40     C:\Users\FIETE\AppData\Local\Temp\divE86A.tmp --------- 0  
 24.07.2010 12:19     C:\Users\FIETE\AppData\Local\Temp\415303181942940538.tmp --------- 2744  
 24.07.2010 12:03     C:\Users\FIETE\AppData\Local\Temp\remotejoy.zip --------- 2051811  
 24.07.2010 00:24     C:\Users\FIETE\AppData\Local\Temp\div33A.tmp --------- 0  
 23.07.2010 23:50     C:\Users\FIETE\AppData\Local\Temp\RemoteJoy_Vuze.rar --------- 1521449  
 23.07.2010 22:51     C:\Users\FIETE\AppData\Local\Temp\div35CE.tmp --------- 0  
 23.07.2010 21:49     C:\Users\FIETE\AppData\Local\Temp\415303181920319348.tmp --------- 2744  
 23.07.2010 18:30     C:\Users\FIETE\AppData\Local\Temp\_ISTMP1.DIR --------- 0  
 23.07.2010 16:12     C:\Users\FIETE\AppData\Local\Temp\div144A.tmp --------- 0  
 23.07.2010 15:43     C:\Users\FIETE\AppData\Local\Temp\jar_cache312183332891812134.tmp --------- 8000  
 23.07.2010 14:40     C:\Users\FIETE\AppData\Local\Temp\divD69F.tmp --------- 0  
 14.07.2010 16:34     C:\Users\FIETE\AppData\Local\Temp\FFSetupSoftonic245.exe --------- 36277875  
 11.07.2010 12:41     C:\Users\FIETE\AppData\Local\Temp\divB5B7.tmp --------- 0  
 10.07.2010 23:05     C:\Users\FIETE\AppData\Local\Temp\{CC79D9AF-19DB-4B74-B484-573DFC3B9B1D}.tmp --------- 100  
 10.07.2010 13:13     C:\Users\FIETE\AppData\Local\Temp\div319A.tmp --------- 0  
 10.07.2010 13:04     C:\Users\FIETE\AppData\Local\Temp\41530318198445862.tmp --------- 2743  
 10.07.2010 10:44     C:\Users\FIETE\AppData\Local\Temp\div3C82.tmp --------- 0  
 09.07.2010 14:11     C:\Users\FIETE\AppData\Local\Temp\415303181916212403.tmp --------- 2742  
 03.07.2010 13:47     C:\Users\FIETE\AppData\Local\Temp\langs.model.xml --------- 91492  
 28.06.2010 13:09     C:\Users\FIETE\AppData\Local\Temp\zauninst.exe --------- 220160  
 28.06.2010 12:59     C:\Users\FIETE\AppData\Local\Temp\vsinit.dll --------- 228864  
 28.06.2010 12:59     C:\Users\FIETE\AppData\Local\Temp\vsutil.dll --------- 713728  
 05.05.2010 21:38     C:\Users\FIETE\AppData\Local\Temp\xmlUpdater.exe --------- 118784  
 16.04.2010 09:49     C:\Users\FIETE\AppData\Local\Temp\DPCS --------- 745336  
 26.03.2010 21:53     C:\Users\FIETE\AppData\Local\Temp\bietassistent-1.2.11.msi --------- 3025920  
 25.03.2010 16:46     C:\Users\FIETE\AppData\Local\Temp\SysConfig.dat --------- 1431  
 21.02.2010 12:45     C:\Users\FIETE\AppData\Local\Temp\stylers.model.xml --------- 95613  
 21.01.2010 20:29     C:\Users\FIETE\AppData\Local\Temp\uninst.exe --------- 188420  
 29.12.2009 17:13     C:\Users\FIETE\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
 24.08.2009 12:43     C:\Users\FIETE\AppData\Local\Temp\DataCard_Setup64.exe --------- 206336  
 24.05.2009 12:22     C:\Users\FIETE\AppData\Local\Temp\stylesLexerModel.xml --------- 244  
 25.04.2009 01:39     C:\Users\FIETE\AppData\Local\Temp\configModel.xml --------- 193  
 25.04.2009 01:39     C:\Users\FIETE\AppData\Local\Temp\langsModel.xml --------- 191  
 25.04.2009 01:39     C:\Users\FIETE\AppData\Local\Temp\stylesGlobalModel.xml --------- 192  
 25.04.2009 01:38     C:\Users\FIETE\AppData\Local\Temp\stylers_remove.xml --------- 821  
 11.03.2009 19:35     C:\Users\FIETE\AppData\Local\Temp\sfextra.dll --------- 55296  
 22.02.2008 07:16     C:\Users\FIETE\AppData\Local\Temp\ResetDevice.exe --------- 7168  
 23.10.2007 15:35     C:\Users\FIETE\AppData\Local\Temp\n1setup.exe --------- 699288  
 17.10.2006 03:38     C:\Users\FIETE\AppData\Local\Temp\AutoRun.exe --------- 569344  
 13.10.2006 05:05     C:\Users\FIETE\AppData\Local\Temp\EAInstall.dll --------- 720896  
 13.10.2006 05:05     C:\Users\FIETE\AppData\Local\Temp\AutoRunGUI.dll --------- 528384  
 08.09.2004 19:15     C:\Users\FIETE\AppData\Local\Temp\cabex.dll --------- 81920  
 03.12.2002 01:33     C:\Users\FIETE\AppData\Local\Temp\SET6BAD.tmp --------- 107512  
 02.12.2002 15:33     C:\Users\FIETE\AppData\Local\Temp\Set5896.tmp --------- 107512  
 26.07.2002 17:02     C:\Users\FIETE\AppData\Local\Temp\GLFC3B4.tmp --------- 10752  
 21.01.1999 15:40     C:\Users\FIETE\AppData\Local\Temp\GLF22B8.tmp --------- 9728  
 21.01.1999 15:40     C:\Users\FIETE\AppData\Local\Temp\GLF8D81.tmp --------- 9728  
----------------------------------------

 
C:\Program Files

 16.04.2011 23:06     C:\Program Files\WinRAR --------- 4096  
 15.04.2011 18:13     C:\Program Files\Internet Explorer --------- 4096  
 28.03.2011 18:20     C:\Program Files\Microsoft Office --------- 0  
 28.03.2011 15:19     C:\Program Files\Paint.NET --------- 16384  
 26.03.2011 22:15     C:\Program Files\Common Files --------- 4096  
 03.03.2011 20:23     C:\Program Files\TeamSpeak 3 Client --------- 0  
 02.02.2011 18:06     C:\Program Files\iTunes --------- 0  
 02.02.2011 18:05     C:\Program Files\iPod --------- 0  
 29.01.2011 17:54     C:\Program Files\icPlus --------- 0  
 17.01.2011 20:15     C:\Program Files\HP --------- 0  
 28.12.2010 15:16     C:\Program Files\Windows Live --------- 0  
 18.12.2010 13:43     C:\Program Files\Windows Mail --------- 0  
 29.11.2010 15:13     C:\Program Files\OO Software --------- 0  
 04.11.2010 17:57     C:\Program Files\Microsoft IntelliPoint --------- 8192  
 13.10.2010 12:57     C:\Program Files\Windows Media Player --------- 4096  
 15.05.2010 23:41     C:\Program Files\DivX --------- 0  
 02.02.2010 15:45     C:\Program Files\Alwil Software --------- 0  
 29.12.2009 17:10     C:\Program Files\Windows NT --------- 4096  
 29.12.2009 17:10     C:\Program Files\Gemeinsame Dateien --------- 0  
 25.11.2009 05:28     C:\Program Files\TOSHIBA --------- 4096  
 25.11.2009 05:25     C:\Program Files\Synaptics --------- 0  
 25.11.2009 05:20     C:\Program Files\Realtek --------- 0  
 08.09.2009 10:18     C:\Program Files\Microsoft Games --------- 0  
 08.09.2009 10:13     C:\Program Files\Skype-Launcher --------- 0  
 08.09.2009 10:11     C:\Program Files\Google --------- 0  
 08.09.2009 09:56     C:\Program Files\PlayReady --------- 0  
 14.07.2009 20:18     C:\Program Files\Windows Journal --------- 0  
 14.07.2009 20:18     C:\Program Files\DVD Maker --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Sidebar --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Photo Viewer --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Defender --------- 4096  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:32     C:\Program Files\Windows Portable Devices --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

FIETE    
Public    
AppData    
Default    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 adserver.71i.de
127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 atwola.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0           312 K
smss.exe                       300 Services                   0         1.204 K
csrss.exe                      440 Services                   0         7.276 K
wininit.exe                    504 Services                   0         5.164 K
csrss.exe                      516 Console                    1        10.936 K
services.exe                   560 Services                   0        10.228 K
lsass.exe                      588 Services                   0        14.168 K
lsm.exe                        596 Services                   0         4.980 K
winlogon.exe                   636 Console                    1         7.804 K
svchost.exe                    720 Services                   0        10.012 K
svchost.exe                    816 Services                   0         9.232 K
svchost.exe                    876 Services                   0        27.220 K
svchost.exe                    944 Services                   0       116.228 K
svchost.exe                    976 Services                   0        45.644 K
svchost.exe                    500 Services                   0        17.380 K
svchost.exe                   1068 Services                   0        24.788 K
svchost.exe                   1176 Services                   0        22.168 K
AvastSvc.exe                  1284 Services                   0        32.504 K
taskeng.exe                   1636 Services                   0         5.848 K
spoolsv.exe                   1644 Services                   0        18.064 K
rundll32.exe                  1760 Services                   0           528 K
rundll32.exe                  1768 Services                   0         2.208 K
FABS.exe                      1868 Services                   0         5.708 K
ICQ Service.exe               1932 Services                   0         7.188 K
svchost.exe                   2000 Services                   0         9.248 K
TeamViewer_Service.exe        1404 Services                   0         4.176 K
TeamViewer_Service.exe        1252 Services                   0        10.296 K
TemproSvc.exe                 1224 Services                   0        21.224 K
TODDSrv.exe                   1984 Services                   0         5.320 K
TosCoSrv.exe                  2052 Services                   0         5.244 K
TecoService.exe               2128 Services                   0         5.736 K
WLIDSVC.EXE                   2196 Services                   0        16.328 K
WLIDSVCM.EXE                  2352 Services                   0         3.824 K
alg.exe                       2512 Services                   0         5.432 K
svchost.exe                   2700 Services                   0        18.012 K
svchost.exe                   2824 Services                   0         6.096 K
dwm.exe                       3040 Console                    1        31.812 K
explorer.exe                  1016 Console                    1       102.948 K
TPwrMain.exe                  3356 Console                    1         8.960 K
RAVCpl64.exe                  3368 Console                    1        10.808 K
SynTPEnh.exe                  3380 Console                    1        12.660 K
GoogleToolbarNotifier.exe     3832 Console                    1         2.324 K
SearchIndexer.exe             4044 Services                   0        39.348 K
wmpnetwk.exe                   476 Services                   0        15.124 K
svchost.exe                   4264 Services                   0        15.604 K
dllhost.exe                   4800 Services                   0         7.592 K
AvastUI.exe                   4976 Console                    1         5.300 K
CFIWmxSvcs64.exe              3352 Services                   0         3.952 K
CFProcSRVC.exe                2732 Services                   0         7.600 K
CFSvcs.exe                    2660 Services                   0         1.256 K
svchost.exe                   4116 Services                   0         4.676 K
taskhost.exe                  3688 Console                    1         6.512 K
firefox.exe                   4076 Console                    1       130.500 K
taskeng.exe                   3448 Console                    1         6.512 K
WinRAR.exe                    2612 Console                    1        16.840 K
cmd.exe                       4720 Console                    1         4.236 K
conhost.exe                   4128 Console                    1         5.856 K
SearchProtocolHost.exe        1232 Services                   0         9.172 K
SearchFilterHost.exe          1272 Services                   0         7.172 K
dllhost.exe                   3964 Console                    1         6.336 K
tasklist.exe                  2172 Console                    1         6.084 K
WmiPrvSE.exe                  3872 Services                   0         6.700 K

 
***** Ende des Scans 18.04.2011 um  1:28:18,59 ***

7. Und so kam das nächste Problem:

Das kommt ständig und auch bei CCleaner. Warum auch immer. Leider hab ich keine Ahnung wie das weggeht, wobei ich schon einiges ausgetestet habe.

Ich hoffe, ich habe alles richtig gemacht und hoffe, dass es nicht zu einem gezwungenen Recovery kommen muss.

Zusatz: Am Besten schaust du in der HJTScanfile nach der Datei die ich dir genannt hatte, also den Trojaner.
MfG Fi3t3

kira · 18.04.2011, 08:08

Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

-> Ergebnisse von Kaspersky C:\TDSSKiller und Malwarebytes bitte posten! Wenn Du mehrere Durchläufe gemacht hast, alle Logs!

Ausserdem:

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (file missing)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\FIETE\AppData\Roaming\UUSoQLdiE9hE.exe,
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O3 - Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O3 - Toolbar: BrotherSoft Extreme Toolbar - {51a86bb3-6602-4c85-92a5-130ee4864f13} - C:\Program Files (x86)\BrotherSoft_Extreme\tbBrot.dll (file missing)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O4 - HKCU\..\Run: [0ESKOMO9JO] C:\Users\FIETE\AppData\Local\Temp\Flh.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

2.
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Firefox: http://www.proxytype.de/tutorials-ho...tellungen.html
über das Menü Extras-> Einstellungen-> klicke auf den Reiter "Erweitert"-> Netzwerk-> bei "Verbindung" schauen

im Internet Explorer::-> http://windows.microsoft.com/de-AT/w...ernet-Explorer
über das Menü Extras-> Internetoptionen-> Verbindungen-> den Unterpunkt LAN-Einstellungen

oder/und mit HJT fixen:
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.137.72:6588

3.
unter Start> Zubehör> Systemprogramme> Aufgabenplaner...
Löschen:

Code:

ATTFilter

C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job 
C:\Windows\Tasks\Yxrr.job

4.

Zitat:

**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.

Temp Ordner leeren:
C:\Users\xxxxx\AppData\Local\Temp--> lösche nur den Inhalt der Ordner, nicht die Ordner selbst
oder klicke auf Start-> Suche-> %temp% reinschreiben...Inhalt markieren-> löschen

5.
poste erneut - nach der vorgenommenen Reinigungsaktion:
-> TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
die alten Logfiles löschen und ein neues erstellen. Rchtsklick auf HijackThis-> als Admin ausführen wählen
-> hjtscanlist v2.0 - Dateiliste

6.
- Versuche erneut die fehlenden Schritte noch durchzuführen.

Fi3t3 · 19.04.2011, 11:04

Code:

ATTFilter

Malwarebytes Scan:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6374

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.04.2011 00:17:47
mbam-log-2011-04-19 (00-17-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 366282
Laufzeit: 2 Stunde(n), 48 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\FIETE\Desktop\ALLES\logbuchcreator.exe (Trojan.Agent) -> No action taken.
c:\Users\FIETE\Desktop\ALLES\USB\zeitvertreib\other stuff\stress relief.exe (Joke.Stressreducer) -> No action taken.
c:\Users\FIETE\Desktop\GAMES\spiritmt2\metin2.bin (Trojan.Downloader) -> No action taken.
c:\Users\FIETE\Desktop\GAMES\spiritmt2\spiritmt2_ohne patcher.exe (Trojan.Downloader) -> No action taken.
c:\Users\FIETE\Desktop\SETUPS\push.exe (Trojan.Agent) -> No action taken.

Die Anweisungen 1. - 4. habe ich befolgt.
Eine kleine Bemerkung nebenan: Malwarebytes hat nur Dateien gefunden die sicher sind. Metin 2 ist ein Spiel und keine Bösartigkeit. Stress Relief habe ich auch. Es kopiert den jetzigen Hintergrund und man kann ihn zerstören mit nem Hammer, oder mit nem Stempel, also Fun, Jokes, ungefährlich! Und push.exe ist eine Datei die mir ein Freund gemacht hat, man drückt eben die ganze Zeit irgendeine Taste, dann muss man es nochma machen und so weiter. Ist eigentlich eine .bat Datei von mir gewesen, er hat dann eine .exe daraus gemacht. Der Logbuch Creator war genau das Gleiche. Seine Aufgabe war nur, ein Textdokument zu beschriften und zu erstellen, wie der Name schon sagt. Ausserdem habe ich eine Boot-CD mit einem speziellen Linuxsystem und dem AntiVirenprogramm BitLocker fertig gemacht und direkt gescannt. Ich habe aber nichts mehr gefunden, weil flh.exe schon verschwunden war.

HijackThis-scan ist im Edit.

kira · 19.04.2011, 20:57

Ok, dann bitte Schritte 6. bis 9. noch erledigen

Fi3t3 · 19.04.2011, 22:41

2. Als ich die Sache mit mbr.exe gemacht habe, hat alles geklappt, aber das einzige was ich sehen kann ist ein leerer Editor...

7. Das kann ich nicht machen weil ich die Meldung bekomme, die ich gezeigt habe. Die bekomme ich ständig

Das liegt daran, dass das Rootkit wahrscheinlich zu viele Rechte hat, wie mein Vater schon sagte, der kennt sich mit sowas auch ein wenig aus, weil er mal eins hatte, aber er ists nicht losgeworden, was mir zu denken gab.

Kleiner Edit: Ich konnte zwar CCleaner installieren aber nicht öffnen wegen der Meldung -> shit happens ^^

Fi3t3 · 19.04.2011, 22:50

HJT-Scanlist:

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.1.7600]
 
 
C:

  19.04.2011 23:35     C:\mbr.log --------- 0   
  19.04.2011 17:11     C:\Windows --------- 40960   
  19.04.2011 11:37     C:\Fraps --------- 0   
       C:\pagefile.sys ---------    
       C:\hiberfil.sys ---------    
  18.04.2011 21:48     C:\System Volume Information --------- 32768   
  18.04.2011 21:48     C:\Config.Msi --------- 0   
  18.04.2011 21:48     C:\ProgramData --------- 20480   
  18.04.2011 21:48     C:\Program Files (x86) --------- 49152   
  18.04.2011 00:26     C:\bd_logs --------- 0   
  17.04.2011 17:39     C:\TDSSKiller.2.4.21.0_17.04.2011_17.33.43_log.txt --------- 139832   
  15.04.2011 16:01     C:\Half-Life 2 --------- 0   
  26.03.2011 22:26     C:\Program Files --------- 8192   
  14.03.2011 17:12     C:\CPQSYSTEM --------- 0   
  04.01.2011 01:25     C:\Users --------- 4096   
  14.10.2010 11:28     C:\Games --------- 0   
  17.08.2010 17:17     C:\Downloads --------- 0   
  12.02.2010 17:59     C:\Temp --------- 0   
  12.02.2010 01:15     C:\G-Force_JMC.dll --------- 231936   
  20.01.2010 21:53     C:\Samplisizer --------- 0   
  08.01.2010 11:59     C:\$RECYCLE.BIN --------- 4096   
  06.01.2010 18:23     C:\Intel --------- 0   
  29.12.2009 17:10     C:\Programme --------- 0   
  29.12.2009 17:10     C:\Dokumente und Einstellungen --------- 0   
  25.11.2009 05:20     C:\RHDSetup.log --------- 2942   
  07.10.2009 11:30     C:\SWSTAMP.TXT --------- 123   
  08.09.2009 10:25     C:\MSOCache --------- 0   
  08.09.2009 10:25     C:\1033 --------- 0   
  08.09.2009 10:23     C:\Works --------- 0   
  14.07.2009 07:08     C:\Documents and Settings --------- 0   
  14.07.2009 05:20     C:\PerfLogs --------- 0   
----------------------------------------

 
C:\Windows

  19.04.2011 23:26     C:\Windows\setupact.log --------- 41394   
  19.04.2011 22:56     C:\Windows\WindowsUpdate.log --------- 1585540   
  19.04.2011 21:27     C:\Windows\bootstat.dat --------- 67584   
  16.04.2011 21:32     C:\Windows\PFRO.log --------- 1077408   
  07.04.2011 19:39     C:\Windows\Setup1.exe --------- 249856   
  07.04.2011 19:39     C:\Windows\ST6UNST.EXE --------- 73216   
  04.04.2011 13:58     C:\Windows\msxml4-KB973688-enu.LOG --------- 283886   
  04.04.2011 13:57     C:\Windows\msxml4-KB954430-enu.LOG --------- 287088   
  01.04.2011 22:46     C:\Windows\msvcr100d.dll --------- 1467200   
  01.04.2011 22:46     C:\Windows\msvcp100d.dll --------- 631616   
  01.04.2011 17:50     C:\Windows\libcurld.dll --------- 346112   
  17.03.2011 22:44     C:\Windows\DirectX.log --------- 211176   
  03.03.2011 20:25     C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini --------- 268   
  28.02.2011 22:58     C:\Windows\PTrainer2.ini --------- 59   
  23.02.2011 17:04     C:\Windows\avastSS.scr --------- 40648   
  24.12.2010 00:07     C:\Windows\_MSRSTRT.EXE --------- 2560   
  18.12.2010 22:36     C:\Windows\MEMORY.DMP --------- 456989763   
  18.12.2010 13:47     C:\Windows\Menu.INI --------- 32   
  12.12.2010 17:52     C:\Windows\thug2.ini --------- 307   
  09.12.2010 10:48     C:\Windows\PCTBDCore.dll --------- 1996752   
  03.12.2010 15:34     C:\Windows\SGDetectionTool.dll --------- 149456   
  03.12.2010 15:34     C:\Windows\PCTBDRes.dll --------- 1533904   
  03.12.2010 15:34     C:\Windows\BDTSupport.dll --------- 767952   
  26.11.2010 17:45     C:\Windows\galaxy.ini --------- 112   
  18.11.2010 15:01     C:\Windows\system.ini --------- 276   
  10.11.2010 03:28     C:\Windows\WLXPGSS.SCR --------- 301936   
  13.09.2010 18:11     C:\Windows\UDB.zip --------- 2052   
  20.08.2010 10:50     C:\Windows\RegSDImport.xml --------- 882   
  05.08.2010 13:28     C:\Windows\d3dx.dat --------- 4096   
  23.07.2010 18:30     C:\Windows\SIERRA.INI --------- 232   
  10.07.2010 13:12     C:\Windows\setuperr.log --------- 0   
  04.05.2010 17:27     C:\Windows\whopper.c1 --------- 762   
  04.05.2010 17:27     C:\Windows\whopper.c3 --------- 762   
  03.05.2010 15:33     C:\Windows\whopper.swf --------- 1348871   
  12.04.2010 18:29     C:\Windows\whopper.ico --------- 9662   
  18.03.2010 10:36     C:\Windows\msvcp100.dll --------- 607568   
  22.01.2010 09:44     C:\Windows\RegISSImport.xml --------- 879   
  29.12.2009 23:38     C:\Windows\FSX_Screensaver.scr --------- 1396544   
  31.10.2009 08:34     C:\Windows\explorer.exe --------- 2870272   
  07.10.2009 11:30     C:\Windows\csup.txt --------- 10   
  08.09.2009 10:30     C:\Windows\ÿ—& --------- 20   
  08.09.2009 10:21     C:\Windows\win.ini --------- 435   
  18.08.2009 17:16     C:\Windows\RtlExUpd.dll --------- 831488   
  05.08.2009 12:04     C:\Windows\oemlogo.bmp --------- 43254   
  14.07.2009 06:54     C:\Windows\WindowsShell.Manifest --------- 749   
  14.07.2009 03:39     C:\Windows\write.exe --------- 10240   
  14.07.2009 03:39     C:\Windows\splwow64.exe --------- 61952   
  14.07.2009 03:39     C:\Windows\regedit.exe --------- 427008   
  14.07.2009 03:39     C:\Windows\notepad.exe --------- 193536   
  14.07.2009 03:39     C:\Windows\hh.exe --------- 16896   
  14.07.2009 03:39     C:\Windows\HelpPane.exe --------- 733696   
  14.07.2009 03:39     C:\Windows\fveupdate.exe --------- 15360   
  14.07.2009 03:38     C:\Windows\bfsvc.exe --------- 71168   
  14.07.2009 03:16     C:\Windows\twain_32.dll --------- 51200   
  14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   
  14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   
  14.07.2009 01:06     C:\Windows\mib.bin --------- 43131   
  10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   
  10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   
  10.06.2009 22:52     C:\Windows\WMSysPr9.prx --------- 316640   
  10.06.2009 22:36     C:\Windows\msdfmap.ini --------- 1405   
  10.06.2009 22:31     C:\Windows\Ultimate.xml --------- 51867   
  10.06.2009 22:31     C:\Windows\Starter.xml --------- 48201   
  10.06.2009 22:30     C:\Windows\HomePremium.xml --------- 48265   
  26.11.2008 12:08     C:\Windows\IDB.zip --------- 131   
  20.02.2008 17:50     C:\Windows\whopper.scr --------- 903680   
  20.02.2008 17:49     C:\Windows\whopper.exe --------- 495104   
  04.11.2006 22:42     C:\Windows\whopper.bmp --------- 161078   
  24.10.2006 18:06     C:\Windows\whopper.c4 --------- 639   
  08.10.2006 20:33     C:\Windows\whopper.ini --------- 0   
  21.10.1998 18:43     C:\Windows\IsUn0407.exe --------- 328704   
----------------------------------------

 
C:\Windows\System

----------------------------------------

 
C:\Windows\System32

 19.04.2011 23:46     C:\Windows\system32\hjtscanlist.txt --------- 7049  
 19.04.2011 17:43     C:\Windows\system32\drivers --------- 65536  
 19.04.2011 11:04     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 20320  
 19.04.2011 11:04     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 20320  
 19.04.2011 11:02     C:\Windows\system32\perfh009.dat --------- 651882  
 19.04.2011 11:02     C:\Windows\system32\perfc009.dat --------- 120814  
 19.04.2011 11:02     C:\Windows\system32\perfh007.dat --------- 696604  
 19.04.2011 11:02     C:\Windows\system32\perfc007.dat --------- 147868  
 19.04.2011 11:02     C:\Windows\system32\PerfStringBackup.INI --------- 1611396  
 19.04.2011 10:55     C:\Windows\system32\config --------- 32768  
 18.04.2011 21:14     C:\Windows\system32\Tasks --------- 40960  
 18.04.2011 01:07     C:\Windows\system32\mbr.exe --------- 89088  
 18.04.2011 00:14     C:\Windows\system32\FNTCACHE.DAT --------- 367760  
 15.04.2011 18:13     C:\Windows\system32\migration --------- 0  
 15.04.2011 18:13     C:\Windows\system32\Boot --------- 0  
 15.04.2011 15:13     C:\Windows\system32\catroot2 --------- 20480  
 14.04.2011 22:38     C:\Windows\system32\catroot --------- 4096  
 14.04.2011 22:31     C:\Windows\system32\MRT.exe --------- 41455560  
 26.03.2011 22:15     C:\Windows\system32\DriverStore --------- 4096  
 20.03.2011 21:04     C:\Windows\system32\NDF --------- 0  
 11.03.2011 19:22     C:\Windows\system32\IO --------- 0  
 11.03.2011 08:19     C:\Windows\system32\mfc42u.dll --------- 1359872  
 11.03.2011 08:19     C:\Windows\system32\mfc42.dll --------- 1395712  
 08.03.2011 08:14     C:\Windows\system32\inetcomm.dll --------- 976896  
 03.03.2011 08:17     C:\Windows\system32\dnsrslvr.dll --------- 182272  
 03.03.2011 08:17     C:\Windows\system32\dnsapi.dll --------- 356352  
 03.03.2011 08:14     C:\Windows\system32\dnscacheugc.exe --------- 30208  
 03.03.2011 05:58     C:\Windows\system32\win32k.sys --------- 3133440  
 01.03.2011 09:49     C:\Windows\system32\frapsv64.dll --------- 84992  
 24.02.2011 08:30     C:\Windows\system32\XpsGdiConverter.dll --------- 476160  
 24.02.2011 08:29     C:\Windows\system32\wininet.dll --------- 1197056  
 24.02.2011 08:28     C:\Windows\system32\urlmon.dll --------- 1499136  
 24.02.2011 08:25     C:\Windows\system32\mstime.dll --------- 1026560  
 24.02.2011 08:25     C:\Windows\system32\mshtmled.dll --------- 97280  
 24.02.2011 08:25     C:\Windows\system32\mshtml.dll --------- 9311744  
 24.02.2011 08:25     C:\Windows\system32\msfeedsbs.dll --------- 82944  
 24.02.2011 08:25     C:\Windows\system32\msfeeds.dll --------- 703488  
 24.02.2011 08:24     C:\Windows\system32\licmgr10.dll --------- 57856  
 24.02.2011 08:24     C:\Windows\system32\jsproxy.dll --------- 64512  
 24.02.2011 08:24     C:\Windows\system32\ieui.dll --------- 247808  
 24.02.2011 08:24     C:\Windows\system32\iertutil.dll --------- 2447872  
 24.02.2011 08:24     C:\Windows\system32\iepeers.dll --------- 256000  
 24.02.2011 08:24     C:\Windows\system32\ieframe.dll --------- 12369408  
 24.02.2011 08:24     C:\Windows\system32\iedkcs32.dll --------- 445952  
 24.02.2011 08:21     C:\Windows\system32\msfeedssync.exe --------- 12288  
 24.02.2011 07:05     C:\Windows\system32\html.iec --------- 482816  
 24.02.2011 06:24     C:\Windows\system32\mshtml.tlb --------- 1638912  
 23.02.2011 17:04     C:\Windows\system32\aswBoot.exe --------- 238968  
 19.02.2011 08:37     C:\Windows\system32\FntCache.dll --------- 1135104  
 19.02.2011 08:37     C:\Windows\system32\DWrite.dll --------- 1540608  
 19.02.2011 08:36     C:\Windows\system32\d2d1.dll --------- 902656  
 19.02.2011 08:36     C:\Windows\system32\atmlib.dll --------- 46080  
 19.02.2011 06:13     C:\Windows\system32\atmfd.dll --------- 367104  
 18.02.2011 08:37     C:\Windows\system32\vbscript.dll --------- 612352  
 18.02.2011 08:36     C:\Windows\system32\jscript.dll --------- 852480  
 14.02.2011 23:19     C:\Windows\system32\LogFiles --------- 4096  
 12.02.2011 08:14     C:\Windows\system32\FXSCOVER.exe --------- 267776  
 05.02.2011 14:41     C:\Windows\system32\winresume.efi --------- 556928  
 05.02.2011 14:41     C:\Windows\system32\winload.efi --------- 640896  
 05.02.2011 14:41     C:\Windows\system32\kd1394.dll --------- 19328  
 05.02.2011 14:41     C:\Windows\system32\kdusb.dll --------- 20352  
 05.02.2011 14:41     C:\Windows\system32\kdcom.dll --------- 17792  
 05.02.2011 14:39     C:\Windows\system32\winload.exe --------- 603976  
 05.02.2011 14:39     C:\Windows\system32\winresume.exe --------- 518160  
 02.02.2011 19:11     C:\Windows\system32\MpSigStub.exe --------- 270720  
 30.01.2011 20:20     C:\Windows\system32\apphelpd.dll --------- 51200  
 26.01.2011 08:31     C:\Windows\system32\cdd.dll --------- 144384  
 11.01.2011 18:51     C:\Windows\system32\appmgmt --------- 0  
 07.01.2011 10:07     C:\Windows\system32\XpsPrint.dll --------- 662528  
 28.12.2010 13:28     C:\Windows\system32\DRVSTORE --------- 0  
 23.12.2010 08:07     C:\Windows\system32\sbe.dll --------- 1118720  
 23.12.2010 08:07     C:\Windows\system32\EncDec.dll --------- 723968  
 23.12.2010 08:07     C:\Windows\system32\CPFilters.dll --------- 961024  
 23.12.2010 08:02     C:\Windows\system32\mpg2splt.ax --------- 259072  
 21.12.2010 20:22     C:\Windows\system32\wfp --------- 0  
 21.12.2010 20:22     C:\Windows\system32\wbem --------- 65536  
 21.12.2010 08:16     C:\Windows\system32\wscapi.dll --------- 62976  
 21.12.2010 08:16     C:\Windows\system32\wscsvc.dll --------- 97280  
 21.12.2010 08:16     C:\Windows\system32\winsrv.dll --------- 214016  
 21.12.2010 08:16     C:\Windows\system32\winhttp.dll --------- 442880  
 21.12.2010 08:16     C:\Windows\system32\WebClnt.dll --------- 258048  
 21.12.2010 08:15     C:\Windows\system32\upnp.dll --------- 264192  
 21.12.2010 08:15     C:\Windows\system32\slwga.dll --------- 15360  
 21.12.2010 08:13     C:\Windows\system32\msxml6.dll --------- 2003968  
 21.12.2010 08:13     C:\Windows\system32\msxml3.dll --------- 1880576  
 21.12.2010 08:10     C:\Windows\system32\davclnt.dll --------- 100864  
 18.12.2010 13:43     C:\Windows\system32\de-DE --------- 327680  
 18.12.2010 08:12     C:\Windows\system32\mstscax.dll --------- 3138048  
 18.12.2010 08:11     C:\Windows\system32\kerberos.dll --------- 714752  
 18.12.2010 08:08     C:\Windows\system32\mstsc.exe --------- 1097216  
 11.11.2010 23:10     C:\Windows\system32\en-US --------- 4096  
 02.11.2010 07:18     C:\Windows\system32\XpsRasterService.dll --------- 229888  
 02.11.2010 07:18     C:\Windows\system32\wmicmiplugin.dll --------- 524288  
 02.11.2010 07:17     C:\Windows\system32\taskschd.dll --------- 1169408  
 02.11.2010 07:17     C:\Windows\system32\taskcomp.dll --------- 473600  
 02.11.2010 07:16     C:\Windows\system32\schedsvc.dll --------- 1114624  
 02.11.2010 07:12     C:\Windows\system32\d3d10warp.dll --------- 1837568  
 02.11.2010 07:12     C:\Windows\system32\d3d10_1core.dll --------- 320512  
 02.11.2010 07:12     C:\Windows\system32\d3d10_1.dll --------- 197120  
 02.11.2010 07:10     C:\Windows\system32\taskeng.exe --------- 464384  
----------------------------------------

 
C:\Windows\Prefetch

 19.04.2011 23:47     C:\Windows\Prefetch\CMD.EXE-4A81B364.pf --------- 12418  
 19.04.2011 23:46     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf --------- 18626  
 19.04.2011 23:46     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf --------- 16490  
 19.04.2011 23:46     C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf --------- 19708  
 19.04.2011 23:46     C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf --------- 69378  
 19.04.2011 23:46     C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf --------- 37154  
 19.04.2011 23:45     C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf --------- 25976  
 19.04.2011 23:45     C:\Windows\Prefetch\TASKLIST.EXE-C6CEE193.pf --------- 25322  
 19.04.2011 23:45     C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf --------- 18630  
 19.04.2011 23:44     C:\Windows\Prefetch\DLLHOST.EXE-76936ED5.pf --------- 322114  
 19.04.2011 23:44     C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf --------- 205344  
 19.04.2011 23:43     C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf --------- 91910  
 19.04.2011 23:41     C:\Windows\Prefetch\CCLEANER64.EXE-7BB3E865.pf --------- 40214  
 19.04.2011 23:34     C:\Windows\Prefetch\MBR.EXE-0742A11D.pf --------- 21166  
 19.04.2011 23:30     C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf --------- 219620  
 19.04.2011 23:26     C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf --------- 77352  
 19.04.2011 23:26     C:\Windows\Prefetch\WMPLAYER.EXE-26C72A86.pf --------- 631512  
 19.04.2011 23:17     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1780332  
 19.04.2011 23:17     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 783057  
 19.04.2011 23:17     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3657078  
 19.04.2011 23:17     C:\Windows\Prefetch\AgRobust.db --------- 537808  
 19.04.2011 23:16     C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf --------- 78794  
 19.04.2011 23:08     C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf --------- 60966  
 19.04.2011 23:06     C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf --------- 44402  
 19.04.2011 23:00     C:\Windows\Prefetch\AVAST.SETUP-3DA1C849.pf --------- 288594  
 19.04.2011 22:06     C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-A163C36E.pf --------- 20116  
 19.04.2011 21:54     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-F1B02F03.pf --------- 223884  
 19.04.2011 21:54     C:\Windows\Prefetch\XTRAP.XT-BFCEEB1C.pf --------- 75538  
 19.04.2011 21:54     C:\Windows\Prefetch\S4CLIENT.EXE-6914729E.pf --------- 63886  
 19.04.2011 21:53     C:\Windows\Prefetch\AEGIS64.EXE-708EA047.pf --------- 30648  
 19.04.2011 21:53     C:\Windows\Prefetch\AEGIS.EXE-81939DB5.pf --------- 43880  
 19.04.2011 21:53     C:\Windows\Prefetch\HGWC.EXE-CB92C51D.pf --------- 65546  
 19.04.2011 21:53     C:\Windows\Prefetch\PATCHER_S4.EXE-18AEE6D1.pf --------- 110108  
 19.04.2011 21:33     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-569336229-2886518478-1094256818-1000.db --------- 1156807  
 19.04.2011 21:33     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-569336229-2886518478-1094256818-1000.db --------- 2280514  
 19.04.2011 21:28     C:\Windows\Prefetch\AgCx_SC1.db --------- 807486  
 19.04.2011 21:27     C:\Windows\Prefetch\LongTermHist.db --------- 1240763  
 19.04.2011 21:27     C:\Windows\Prefetch\LongTermHist.db.dx --------- 5046272  
 19.04.2011 21:27     C:\Windows\Prefetch\LongTermHist.db.bt --------- 9109504  
 19.04.2011 21:27     C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf --------- 47242  
 19.04.2011 21:27     C:\Windows\Prefetch\SVCHOST.EXE-95B0C790.pf --------- 120586  
 19.04.2011 21:27     C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf --------- 225412  
 19.04.2011 21:27     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 183202  
 19.04.2011 20:39     C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf --------- 138386  
 19.04.2011 20:13     C:\Windows\Prefetch\CHROME.EXE-D999B1BA.pf --------- 138412  
 19.04.2011 20:06     C:\Windows\Prefetch\IELOWUTIL.EXE-903B8AC1.pf --------- 65366  
 19.04.2011 20:06     C:\Windows\Prefetch\ICQ.EXE-1F4051B8.pf --------- 582688  
 19.04.2011 19:59     C:\Windows\Prefetch\NOTEPAD++.EXE-76BDBB33.pf --------- 132102  
 19.04.2011 19:46     C:\Windows\Prefetch\DLLHOST.EXE-F2DCEF0D.pf --------- 23930  
 19.04.2011 19:40     C:\Windows\Prefetch\WINRAR.EXE-94E7D80C.pf --------- 81674  
 19.04.2011 18:33     C:\Windows\Prefetch\MUSICMAESTRO.EXE-EFC4BDCE.pf --------- 152804  
 19.04.2011 18:33     C:\Windows\Prefetch\SKYPEPM.EXE-F9E72290.pf --------- 94838  
 19.04.2011 18:33     C:\Windows\Prefetch\SKYPE.EXE-E71BF59F.pf --------- 171510  
 19.04.2011 17:58     C:\Windows\Prefetch\SNDVOL.EXE-5D4CC7D6.pf --------- 63496  
 19.04.2011 17:13     C:\Windows\Prefetch\RUNDLL32.EXE-D54F9544.pf --------- 72702  
 19.04.2011 17:11     C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf --------- 200604  
 19.04.2011 15:04     C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf --------- 840196  
 19.04.2011 14:14     C:\Windows\Prefetch\AVASTUI.EXE-6398125B.pf --------- 278446  
 19.04.2011 14:12     C:\Windows\Prefetch\DLLHOST.EXE-ECB71776.pf --------- 47832  
 19.04.2011 14:10     C:\Windows\Prefetch\RUNDLL32.EXE-DE9673F9.pf --------- 14472  
 19.04.2011 11:11     C:\Windows\Prefetch\DLLHOST.EXE-E7777CC4.pf --------- 27322  
 19.04.2011 11:09     C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf --------- 24246  
 19.04.2011 11:01     C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf --------- 113624  
 19.04.2011 11:01     C:\Windows\Prefetch\DLLHOST.EXE-6A473D35.pf --------- 127164  
 19.04.2011 11:01     C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf --------- 31052  
 19.04.2011 10:59     C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf --------- 30970  
 19.04.2011 10:59     C:\Windows\Prefetch\CFSVCS.EXE-35E839CF.pf --------- 25358  
 19.04.2011 10:59     C:\Windows\Prefetch\CFPROCSRVC.EXE-3A967DDE.pf --------- 48520  
 19.04.2011 10:59     C:\Windows\Prefetch\CFIWMXSVCS64.EXE-E079CBBA.pf --------- 80616  
 19.04.2011 10:59     C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf --------- 17240  
 19.04.2011 10:59     C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf --------- 17976  
 19.04.2011 10:58     C:\Windows\Prefetch\ReadyBoot --------- 4096  
 19.04.2011 10:58     C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf --------- 217734  
 19.04.2011 10:54     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584  
 19.04.2011 10:53     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf --------- 308506  
 19.04.2011 00:54     C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf --------- 24022  
 19.04.2011 00:18     C:\Windows\Prefetch\RUNDLL32.EXE-29388D79.pf --------- 68480  
 18.04.2011 21:25     C:\Windows\Prefetch\DLLHOST.EXE-824949B9.pf --------- 21754  
 18.04.2011 21:23     C:\Windows\Prefetch\AgCx_SC3_E4BEFF125C621370.db --------- 598761  
 18.04.2011 21:22     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-569336229-2886518478-1094256818-1000.snp.db --------- 2611991  
 18.04.2011 21:21     C:\Windows\Prefetch\RUNDLL32.EXE-A3E35360.pf --------- 46210  
 18.04.2011 21:09     C:\Windows\Prefetch\SVCHOST.EXE-C871F054.pf --------- 36370  
 18.04.2011 21:08     C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf --------- 115140  
 18.04.2011 20:30     C:\Windows\Prefetch\MP4CREATOR.EXE-FF5BC579.pf --------- 152942  
 18.04.2011 20:30     C:\Windows\Prefetch\MENCODER.EXE-4FB5E0C5.pf --------- 202108  
 18.04.2011 19:41     C:\Windows\Prefetch\MPLAYER.EXE-B22A19CE.pf --------- 29816  
 18.04.2011 19:41     C:\Windows\Prefetch\FORMATFACTORY.EXE-778CAF8C.pf --------- 82762  
 18.04.2011 19:40     C:\Windows\Prefetch\AgCx_SC2.db --------- 909516  
 18.04.2011 16:49     C:\Windows\Prefetch\SF.BIN-343B5E4F.pf --------- 104756  
 18.04.2011 16:45     C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf --------- 24364  
 18.04.2011 16:42     C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf --------- 164510  
 18.04.2011 11:54     C:\Windows\Prefetch\HPCUSTPARTIC.EXE-47BEE16E.pf --------- 4698  
 18.04.2011 03:21     C:\Windows\Prefetch\CRASHREPORTER.EXE-E090245C.pf --------- 32448  
 18.04.2011 02:20     C:\Windows\Prefetch\SETUP.EXE-9648BA55.pf --------- 112116  
 18.04.2011 02:20     C:\Windows\Prefetch\OFFICELIVESIGNIN.EXE-291AE2E3.pf --------- 19146  
 18.04.2011 02:20     C:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf --------- 18778  
 18.04.2011 02:20     C:\Windows\Prefetch\WINWORD.EXE-CEA9B574.pf --------- 145550  
 18.04.2011 02:18     C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf --------- 23452  
 18.04.2011 02:18     C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf --------- 11702  
 18.04.2011 02:18     C:\Windows\Prefetch\FORMAT.COM-24856B66.pf --------- 13802  
 18.04.2011 02:16     C:\Windows\Prefetch\SF.BIN-42348DB2.pf --------- 133154  
 18.04.2011 02:12     C:\Windows\Prefetch\FIREFOX.EXE-BE133483.pf --------- 48674  
 18.04.2011 02:11     C:\Windows\Prefetch\FIREFOX 6.0A1.EXE-26A5B9B5.pf --------- 18918  
 18.04.2011 01:47     C:\Windows\Prefetch\PAINTDOTNET.EXE-018D93AD.pf --------- 183816  
 18.04.2011 01:31     C:\Windows\Prefetch\CCLEANER.EXE-72C9B7B3.pf --------- 35008  
 18.04.2011 01:31     C:\Windows\Prefetch\PING.EXE-371F41E2.pf --------- 18190  
 18.04.2011 01:31     C:\Windows\Prefetch\CCSETUP305.EXE-961D6C0B.pf --------- 39124  
 18.04.2011 01:22     C:\Windows\Prefetch\HIJACKTHIS.EXE-49B2CB4A.pf --------- 45568  
 18.04.2011 01:07     C:\Windows\Prefetch\MBR.EXE-183F0FC5.pf --------- 10742  
 18.04.2011 00:28     C:\Windows\Prefetch\H75GBZF5.EXE-DBEC71A2.pf --------- 36438  
 18.04.2011 00:16     C:\Windows\Prefetch\AgCx_SC4.db --------- 400301  
 18.04.2011 00:15     C:\Windows\Prefetch\TOSWAITSRV.EXE-B7D084DF.pf --------- 17932  
 18.04.2011 00:15     C:\Windows\Prefetch\SMARTFACEVWATCHER.EXE-A9E78692.pf --------- 37388  
 18.04.2011 00:15     C:\Windows\Prefetch\SYNTPENH.EXE-E6DC1353.pf --------- 33636  
 18.04.2011 00:15     C:\Windows\Prefetch\RAVCPL64.EXE-D6B4B613.pf --------- 33538  
 18.04.2011 00:15     C:\Windows\Prefetch\TPWRMAIN.EXE-AE6FE534.pf --------- 24122  
 18.04.2011 00:15     C:\Windows\Prefetch\TOSWAITSRV.EXE-4901C686.pf --------- 17976  
 18.04.2011 00:15     C:\Windows\Prefetch\ICQ SERVICE.EXE-3B04F5AD.pf --------- 31872  
 18.04.2011 00:15     C:\Windows\Prefetch\RUNDLL32.EXE-94B80493.pf --------- 18126  
 18.04.2011 00:15     C:\Windows\Prefetch\FABS.EXE-5C0FD53D.pf --------- 22724  
 18.04.2011 00:15     C:\Windows\Prefetch\RUNDLL32.EXE-4402D26F.pf --------- 11394  
 18.04.2011 00:15     C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf --------- 78068  
 18.04.2011 00:15     C:\Windows\Prefetch\AVASTSVC.EXE-A5D796A1.pf --------- 214832  
 17.04.2011 22:04     C:\Windows\Prefetch\IMGBURN.EXE-2489EF51.pf --------- 74312  
 17.04.2011 21:52     C:\Windows\Prefetch\NARRATOR.EXE-0D644B05.pf --------- 42986  
 17.04.2011 21:52     C:\Windows\Prefetch\UTILMAN.EXE-5AD4C272.pf --------- 29020  
 17.04.2011 21:46     C:\Windows\Prefetch\RUNDLL32.EXE-DAFAE305.pf --------- 8474  
 17.04.2011 21:39     C:\Windows\Prefetch\HELPPANE.EXE-FEDC965B.pf --------- 71214  
 17.04.2011 18:14     C:\Windows\Prefetch\MSINFO32.EXE-95097B65.pf --------- 37718  
 17.04.2011 17:49     C:\Windows\Prefetch\MMC.EXE-E21FB123.pf --------- 85208  
 17.04.2011 17:43     C:\Windows\Prefetch\SC.EXE-945D79AE.pf --------- 4656  
 17.04.2011 17:41     C:\Windows\Prefetch\RUNDLL32.EXE-8F2A65FC.pf --------- 36556  
 17.04.2011 17:37     C:\Windows\Prefetch\MSDT.EXE-09841468.pf --------- 59478  
 17.04.2011 17:37     C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf --------- 136306  
 17.04.2011 17:36     C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf --------- 13714  
 17.04.2011 17:36     C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf --------- 46772  
 17.04.2011 17:36     C:\Windows\Prefetch\PCWRUN.EXE-B749B1E3.pf --------- 18546  
 17.04.2011 17:35     C:\Windows\Prefetch\SYSPROT.EXE-99E0F474.pf --------- 24444  
 17.04.2011 17:33     C:\Windows\Prefetch\TDSSKILLER.EXE-7AD7E28D.pf --------- 148832  
 17.04.2011 17:32     C:\Windows\Prefetch\CONDUITINSTALLER.EXE-FE181F0F.pf --------- 58394  
 17.04.2011 17:32     C:\Windows\Prefetch\[FREEWARE.DE]SYSPROT.ZIP.EXE-399F41B9.pf --------- 76942  
 17.04.2011 16:13     C:\Windows\Prefetch\Layout.ini --------- 1440124  
 17.04.2011 14:26     C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf --------- 47914  
 17.04.2011 14:26     C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf --------- 23460  
 17.04.2011 14:16     C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf --------- 19000  
 16.04.2011 16:00     C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf --------- 35726  
 12.04.2011 18:56     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 4276378  
 29.12.2009 17:09     C:\Windows\Prefetch\AgAppLaunch.db --------- 334168  
----------------------------------------

 
C:\Windows\Tasks

 19.04.2011 23:06     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1108  
 19.04.2011 22:06     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1104  
 19.04.2011 10:56     C:\Windows\Tasks\SA.DAT --------- 6  
 08.03.2011 15:48     C:\Windows\Tasks\wavepadShakeIcon.job --------- 294  
 25.02.2011 17:02     C:\Windows\Tasks\wavepadDowngrade.job --------- 294  
 18.12.2010 22:36     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32628  
 13.11.2010 00:54     C:\Windows\Tasks\expressripShakeIcon.job --------- 306  
 10.11.2010 17:00     C:\Windows\Tasks\expressripSevenDays.job --------- 306  
 30.06.2010 20:50     C:\Windows\Tasks\switchDowngrade.job --------- 290  
 22.06.2010 20:50     C:\Windows\Tasks\switchShakeIcon.job --------- 290  
----------------------------------------

 
C:\Windows\Temp

 19.04.2011 23:43     C:\Windows\Temp\_avast_ --------- 8192  
 18.04.2011 22:04     C:\Windows\Temp\Setup Log 2011-04-18 #001.txt --------- 26317  
 17.04.2011 22:21     C:\Windows\Temp\GUR8101.tmp --------- 0  
 17.04.2011 13:45     C:\Windows\Temp\coinlog.log --------- 4048  
 16.04.2011 16:12     C:\Windows\Temp\4b6396f.vbs --------- 209  
 16.04.2011 16:00     C:\Windows\Temp\MpCmdRun.log --------- 1112726  
 15.04.2011 15:13     C:\Windows\Temp\MpSigStub.log --------- 412348  
 15.04.2011 15:13     C:\Windows\Temp\566B3812-6B35-4F35-8479-8FA62DFC12ED-Sigs --------- 0  
 14.04.2011 22:31     C:\Windows\Temp\KB2446708_20110414_222358565.html --------- 55122  
 14.04.2011 22:31     C:\Windows\Temp\KB2446708_20110414_222358565-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 9171466  
 14.04.2011 22:23     C:\Windows\Temp\KB2446708_10.0.30319 --------- 0  
 14.04.2011 22:23     C:\Windows\Temp\dd_clwireg.txt --------- 7545  
 10.04.2011 18:34     C:\Windows\Temp\SDIAG_25ecadec-0c90-4476-9fad-e77497a45101 --------- 12288  
 08.04.2011 14:34     C:\Windows\Temp\MPTelemetrySubmit --------- 0  
 25.03.2011 15:10     C:\Windows\Temp\CR_B54A.tmp --------- 0  
 25.03.2011 15:09     C:\Windows\Temp\chrome_installer.log --------- 0  
 20.03.2011 20:51     C:\Windows\Temp\BIT2BA5.tmp --------- 0  
 20.03.2011 20:51     C:\Windows\Temp\GUREF5D.tmp --------- 0  
 20.03.2011 20:49     C:\Windows\Temp\DMI1360.tmp --------- 0  
 20.03.2011 17:26     C:\Windows\Temp\_avast5_ --------- 0  
 19.03.2011 00:09     C:\Windows\Temp\CR_65E.tmp --------- 0  
 17.03.2011 16:36     C:\Windows\Temp\CR_178A.tmp --------- 0  
 17.03.2011 16:35     C:\Windows\Temp\defaultCache.reg --------- 1008052  
 11.03.2011 20:10     C:\Windows\Temp\CR_8980.tmp --------- 0  
 10.03.2011 17:10     C:\Windows\Temp\CR_E97D.tmp --------- 0  
 09.03.2011 14:31     C:\Windows\Temp\BdeSqm --------- 0  
 07.03.2011 23:17     C:\Windows\Temp\SDIAG_283b9354-5fbc-4817-b642-3fbff584c980 --------- 12288  
 07.03.2011 23:17     C:\Windows\Temp\SDIAG_eee745bc-807d-4ba0-848a-7c0d66e0d04f --------- 12288  
 06.03.2011 02:33     C:\Windows\Temp\WINPHLASH64 --------- 4096  
 06.03.2011 02:26     C:\Windows\Temp\SDIAG_0efb4a15-097d-4739-b703-27ce50c68ded --------- 12288  
 06.03.2011 02:26     C:\Windows\Temp\SDIAG_0becf059-0264-423c-aabe-278765fda4e9 --------- 12288  
 04.03.2011 23:10     C:\Windows\Temp\CR_8AF2.tmp --------- 0  
 27.02.2011 14:39     C:\Windows\Temp\SfAsserts_0adc_0227123938.log --------- 41  
 27.02.2011 14:12     C:\Windows\Temp\SfAsserts_0d3c_0227121258.log --------- 41  
 15.02.2011 15:50     C:\Windows\Temp\SilverlightMSI.log --------- 2464186  
 15.02.2011 15:50     C:\Windows\Temp\Silverlight0.log --------- 2542  
 12.02.2011 12:48     C:\Windows\Temp\CR_9C99.tmp --------- 0  
 09.02.2011 18:10     C:\Windows\Temp\CR_47A5.tmp --------- 0  
 05.02.2011 11:05     C:\Windows\Temp\CR_5029.tmp --------- 0  
 04.02.2011 17:23     C:\Windows\Temp\SDIAG_91b4a9ef-6605-4321-b1d1-830b5a7d4881 --------- 8192  
 17.01.2011 20:16     C:\Windows\Temp\HP --------- 0  
 17.01.2011 17:04     C:\Windows\Temp\dmiwu --------- 0  
 14.01.2011 03:10     C:\Windows\Temp\CR_D0B5.tmp --------- 0  
 27.12.2010 15:48     C:\Windows\Temp\SDIAG_349f0f20-90ae-4425-9bb8-2d04bbf12b38 --------- 12288  
 27.12.2010 15:48     C:\Windows\Temp\SDIAG_752a7f82-ae82-4fb3-9883-1bb8c32971f7 --------- 12288  
 23.12.2010 12:06     C:\Windows\Temp\MPInstrumentation --------- 0  
 22.12.2010 18:47     C:\Windows\Temp\AVSETUP_4d122baf --------- 0  
 18.12.2010 22:35     C:\Windows\Temp\TMP00000D0B2EC80A9CA8826DB9 --------- 524288  
 17.12.2010 16:12     C:\Windows\Temp\CR_885F.tmp --------- 0  
 14.12.2010 18:10     C:\Windows\Temp\SDIAG_65d295e9-a564-4ac9-a1e2-ee660c2e1dbf --------- 12288  
 14.12.2010 18:10     C:\Windows\Temp\SDIAG_028d0440-c181-451f-9594-1b9c31d56c64 --------- 12288  
 14.12.2010 18:09     C:\Windows\Temp\SDIAG_adc5e98e-b319-4910-a13d-a21c70538384 --------- 12288  
 14.12.2010 18:09     C:\Windows\Temp\SDIAG_827224e1-6e18-4670-99c2-918d587fce99 --------- 12288  
 12.12.2010 14:55     C:\Windows\Temp\SDIAG_31f7c250-a152-47a4-80ee-8008a8531132 --------- 12288  
 12.12.2010 14:55     C:\Windows\Temp\SDIAG_836ed096-7e19-4333-9ef5-bc899c4097f0 --------- 12288  
 12.12.2010 01:50     C:\Windows\Temp\GUR73E2.tmp --------- 0  
 11.12.2010 14:45     C:\Windows\Temp\SDIAG_3be95aec-8e95-4a07-83cf-3624ce3e53a0 --------- 12288  
 08.12.2010 19:15     C:\Windows\Temp\CR_7290.tmp --------- 0  
 05.12.2010 20:48     C:\Windows\Temp\_virtual.jpg --------- 213981  
 05.12.2010 20:48     C:\Windows\Temp\_virtual.BMP --------- 3126  
 26.11.2010 00:06     C:\Windows\Temp\SDIAG_e496ef78-b83c-43f1-afc4-d8cceaf64fc2 --------- 12288  
 25.11.2010 23:41     C:\Windows\Temp\SDIAG_cf5f770a-df60-41f8-a7c4-8e599a34545f --------- 12288  
 21.11.2010 15:42     C:\Windows\Temp\~temp.avi --------- 0  
 08.11.2010 01:04     C:\Windows\Temp\TMP00001BC46BDBDB369B03F38A --------- 524288  
 04.11.2010 23:10     C:\Windows\Temp\CR_ED4C.tmp --------- 0  
 04.11.2010 17:57     C:\Windows\Temp\CR_6872.tmp --------- 0  
 29.10.2010 17:27     C:\Windows\Temp\TMP00000211ACC465710885DCDD --------- 524288  
 13.10.2010 12:06     C:\Windows\Temp\KB2160841_20101013_120347190.html --------- 55296  
 13.10.2010 12:06     C:\Windows\Temp\KB2160841_20101013_120347190-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 4776614  
 13.10.2010 12:03     C:\Windows\Temp\KB2160841_10.0.30319 --------- 0  
 04.10.2010 20:19     C:\Windows\Temp\Temporary Internet Files --------- 0  
 04.10.2010 20:19     C:\Windows\Temp\History --------- 0  
 04.10.2010 20:19     C:\Windows\Temp\Cookies --------- 0  
 02.10.2010 12:03     C:\Windows\Temp\KB2416472_20101002_120034062.html --------- 55260  
 02.10.2010 12:03     C:\Windows\Temp\KB2416472_20101002_120034062-Microsoft .NET Framework 4 Extended-MSP0.txt --------- 3188266  
 02.10.2010 12:02     C:\Windows\Temp\ASPNETSetup_00001.log --------- 3432  
 02.10.2010 12:02     C:\Windows\Temp\ASPNETSetup_00000.log --------- 5166  
 02.10.2010 12:01     C:\Windows\Temp\RGI6E1A.tmp --------- 10668  
 02.10.2010 12:01     C:\Windows\Temp\RGI6E1A.tmp-tmp --------- 9234  
 02.10.2010 12:01     C:\Windows\Temp\dd_wcf_CA_smci_20101002_100121_782.txt --------- 4702  
 02.10.2010 12:01     C:\Windows\Temp\dd_wcf_CA_smci_20101002_100118_415.txt --------- 6888  
 02.10.2010 12:00     C:\Windows\Temp\KB2416472_10.0.30319 --------- 0  
 24.09.2010 08:02     C:\Windows\Temp\CR_DECA.tmp --------- 0  
 19.09.2010 03:02     C:\Windows\Temp\isFAAC.tmp --------- 0  
 19.09.2010 03:02     C:\Windows\Temp\isDDC9.tmp --------- 0  
 19.09.2010 03:02     C:\Windows\Temp\._msigeplugin52 --------- 0  
 18.09.2010 17:01     C:\Windows\Temp\CR_2E1E.tmp --------- 0  
 16.09.2010 19:02     C:\Windows\Temp\CR_AE2F.tmp --------- 0  
 14.09.2010 23:35     C:\Windows\Temp\TMP0000014DAD5B12A41168B07E --------- 524288  
 12.09.2010 23:11     C:\Windows\Temp\TS_91.tmp --------- 262144  
 10.09.2010 01:03     C:\Windows\Temp\CR_54AB.tmp --------- 0  
 09.09.2010 14:09     C:\Windows\Temp\KAV6Upgrade --------- 0  
 07.08.2010 16:15     C:\Windows\Temp\SDIAG_e7c9089b-4b5e-481d-bb8b-2d0967e16da6 --------- 12288  
 07.08.2010 16:14     C:\Windows\Temp\SDIAG_71d1423a-6328-4785-8824-d01e58b66aad --------- 12288  
 06.08.2010 12:33     C:\Windows\Temp\SDIAG_8292b326-f434-4f44-9606-e20d22cb9ebe --------- 12288  
 31.07.2010 00:55     C:\Windows\Temp\GUR61BE.tmp --------- 0  
 28.07.2010 17:02     C:\Windows\Temp\CR_30E5.tmp --------- 0  
 23.07.2010 15:02     C:\Windows\Temp\GoogleToolbarInstaller2.log --------- 11824  
 23.07.2010 15:02     C:\Windows\Temp\GoogleToolbarInstaller1.log --------- 5036  
 23.07.2010 15:02     C:\Windows\Temp\Google Toolbar --------- 0  
 15.07.2010 08:21     C:\Windows\Temp\DMI9443.tmp --------- 0  
 15.07.2010 08:21     C:\Windows\Temp\DMI92AD.tmp --------- 0  
 30.08.2009 02:16     C:\Windows\Temp\UDD3FD0.tmp --------- 32304  
 25.08.2009 00:50     C:\Windows\Temp\UDD3FCD.tmp --------- 615040  
----------------------------------------

 
C:\Users\FIETE\AppData\Local\Temp

 19.04.2011 23:28     C:\Users\FIETE\AppData\Local\Temp\wmplog03.sqm --------- 1808  
 19.04.2011 23:27     C:\Users\FIETE\AppData\Local\Temp\_avast_ --------- 0  
 19.04.2011 23:26     C:\Users\FIETE\AppData\Local\Temp\wmplog02.sqm --------- 1808  
 19.04.2011 23:25     C:\Users\FIETE\AppData\Local\Temp\wmplog01.sqm --------- 1820  
 19.04.2011 22:45     C:\Users\FIETE\AppData\Local\Temp\wmplog00.sqm --------- 1808  
 19.04.2011 21:53     C:\Users\FIETE\AppData\Local\Temp\maintenance.ini --------- 87  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\v3init2.log --------- 8012  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\27414e08aa72.tmp --------- 206336  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\f5f34341e787.tmp --------- 206336  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\32c73d74b088.tmp --------- 6144  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\eee236e2faf7.tmp --------- 6144  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\34971b2bd081.tmp --------- 1293120  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\62b01092acf9.tmp --------- 269824  
 19.04.2011 17:43     C:\Users\FIETE\AppData\Local\Temp\0b78042dd016.tmp --------- 269824  
 19.04.2011 17:38     C:\Users\FIETE\AppData\Local\Temp\plugtmp --------- 0  
 19.04.2011 11:11     C:\Users\FIETE\AppData\Local\Temp\WER4057.tmp.resp.erc.xml --------- 0  
 19.04.2011 10:56     C:\Users\FIETE\AppData\Local\Temp\WPDNSE --------- 0  
 18.04.2011 21:51     C:\Users\FIETE\AppData\Local\Temp\Setup Log 2011-04-18 #001.txt --------- 146137  
 18.04.2011 21:51     C:\Users\FIETE\AppData\Local\Temp\PCTInstaller --------- 0  
 18.04.2011 21:48     C:\Users\FIETE\AppData\Local\Temp\Low --------- 0  
 18.04.2011 21:48     C:\Users\FIETE\AppData\Local\Temp\Setup Log 2011-04-18 #004.txt --------- 4648  
 18.04.2011 21:48     C:\Users\FIETE\AppData\Local\Temp\Setup Log 2011-04-18 #003.txt --------- 3711  
 18.04.2011 21:48     C:\Users\FIETE\AppData\Local\Temp\Setup Log 2011-04-18 #002.txt --------- 7014  
 18.04.2011 21:48     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI2F36.txt --------- 11226  
 18.04.2011 21:48     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistMSI2F36.txt --------- 357064  
 18.04.2011 21:48     C:\Users\FIETE\AppData\Local\Temp\dd_vcredistUI2F39.txt --------- 10590  
 23.03.2011 18:27     C:\Users\FIETE\AppData\Local\Temp\etilqs_6xieslWFa6VLdnlXqjLa --------- 29696  
 23.03.2011 18:27     C:\Users\FIETE\AppData\Local\Temp\etilqs_KZmlMnid5dpbkUuVXk7i --------- 7736  
 17.03.2011 18:54     C:\Users\FIETE\AppData\Local\Temp\CornelCheatAdress.dll --------- 648758  
 26.02.2011 11:17     C:\Users\FIETE\AppData\Local\Temp\CornelSkin.png --------- 80912  
 13.02.2011 10:06     C:\Users\FIETE\AppData\Local\Temp\Cornel.bmp --------- 143414  
 10.01.2011 19:17     C:\Users\FIETE\AppData\Local\Temp\Cornel.ico --------- 135094  
 10.01.2011 19:17     C:\Users\FIETE\AppData\Local\Temp\Cornel.dll --------- 745336  
 10.01.2011 19:17     C:\Users\FIETE\AppData\Local\Temp\Cornel.jpg --------- 30865  
 17.08.2010 22:46     C:\Users\FIETE\AppData\Local\Temp\{C8A655AA-DC25-488E-A40E-C2BE3934E9BD}.tmp --------- 100  
 17.08.2010 16:20     C:\Users\FIETE\AppData\Local\Temp\{CF54D28B-F66C-4971-990C-6EA893EA9909}.tmp --------- 100  
 31.07.2010 11:47     C:\Users\FIETE\AppData\Local\Temp\Cookies --------- 0  
 30.07.2010 12:18     C:\Users\FIETE\AppData\Local\Temp\History --------- 0  
 30.07.2010 12:18     C:\Users\FIETE\AppData\Local\Temp\Temporary Internet Files --------- 0  
 10.07.2010 23:05     C:\Users\FIETE\AppData\Local\Temp\{CC79D9AF-19DB-4B74-B484-573DFC3B9B1D}.tmp --------- 100  
 16.04.2010 09:49     C:\Users\FIETE\AppData\Local\Temp\DPCS --------- 745336  
 29.12.2009 17:13     C:\Users\FIETE\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  
----------------------------------------

 
C:\Program Files

 16.04.2011 23:06     C:\Program Files\WinRAR --------- 4096  
 15.04.2011 18:13     C:\Program Files\Internet Explorer --------- 4096  
 28.03.2011 18:20     C:\Program Files\Microsoft Office --------- 0  
 28.03.2011 15:19     C:\Program Files\Paint.NET --------- 16384  
 26.03.2011 22:15     C:\Program Files\Common Files --------- 4096  
 03.03.2011 20:23     C:\Program Files\TeamSpeak 3 Client --------- 4096  
 02.02.2011 18:06     C:\Program Files\iTunes --------- 4096  
 02.02.2011 18:05     C:\Program Files\iPod --------- 0  
 29.01.2011 17:54     C:\Program Files\icPlus --------- 0  
 17.01.2011 20:15     C:\Program Files\HP --------- 0  
 28.12.2010 15:16     C:\Program Files\Windows Live --------- 0  
 18.12.2010 13:43     C:\Program Files\Windows Mail --------- 0  
 29.11.2010 15:13     C:\Program Files\OO Software --------- 0  
 04.11.2010 17:57     C:\Program Files\Microsoft IntelliPoint --------- 8192  
 13.10.2010 12:57     C:\Program Files\Windows Media Player --------- 4096  
 15.05.2010 23:41     C:\Program Files\DivX --------- 0  
 02.02.2010 15:45     C:\Program Files\Alwil Software --------- 0  
 29.12.2009 17:10     C:\Program Files\Windows NT --------- 4096  
 29.12.2009 17:10     C:\Program Files\Gemeinsame Dateien --------- 0  
 25.11.2009 05:28     C:\Program Files\TOSHIBA --------- 4096  
 25.11.2009 05:25     C:\Program Files\Synaptics --------- 0  
 25.11.2009 05:20     C:\Program Files\Realtek --------- 0  
 08.09.2009 10:18     C:\Program Files\Microsoft Games --------- 4096  
 08.09.2009 10:13     C:\Program Files\Skype-Launcher --------- 0  
 08.09.2009 10:11     C:\Program Files\Google --------- 0  
 08.09.2009 09:56     C:\Program Files\PlayReady --------- 0  
 14.07.2009 20:18     C:\Program Files\Windows Journal --------- 4096  
 14.07.2009 20:18     C:\Program Files\DVD Maker --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Sidebar --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Photo Viewer --------- 4096  
 14.07.2009 19:58     C:\Program Files\Windows Defender --------- 0  
 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  
 14.07.2009 07:32     C:\Program Files\Windows Portable Devices --------- 0  
 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  
 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  
 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  
----------------------------------------

 
C:\ProgramData\.. 

FIETE    
Public    
AppData    
Default    
All Users    
Default User    
desktop.ini    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1 71i.de
127.0.0.1 adicqserver.71i.de
127.0.0.1 adserver.71i.de
127.0.0.1 im.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adtech.de
127.0.0.1 atwola.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0           324 K
smss.exe                       320 Services                   0        14.096 K
csrss.exe                      464 Services                   0         7.548 K
wininit.exe                    528 Services                   0         5.504 K
csrss.exe                      540 Console                    1        13.552 K
services.exe                   584 Services                   0        11.820 K
lsass.exe                      616 Services                   0        14.760 K
lsm.exe                        624 Services                   0         4.996 K
winlogon.exe                   636 Console                    1         7.736 K
svchost.exe                    760 Services                   0        10.444 K
svchost.exe                    852 Services                   0        10.664 K
svchost.exe                    924 Services                   0        28.236 K
svchost.exe                    988 Services                   0       153.364 K
svchost.exe                   1020 Services                   0        42.492 K
svchost.exe                    376 Services                   0        18.440 K
svchost.exe                   1200 Services                   0        27.700 K
AvastSvc.exe                  1328 Services                   0        12.436 K
dwm.exe                       1496 Console                    1        54.944 K
explorer.exe                  1528 Console                    1       119.700 K
spoolsv.exe                   1928 Services                   0        17.860 K
RAVCpl64.exe                  1988 Console                    1        14.820 K
SynTPEnh.exe                  2008 Console                    1        13.680 K
BDTUpdateService.exe          1220 Services                   0        10.948 K
FABS.exe                      2312 Services                   0        31.232 K
ICQ Service.exe               2368 Services                   0        10.744 K
pctsAuxs.exe                  2468 Services                   0         1.016 K
pctsSvc.exe                   2572 Services                   0        26.220 K
svchost.exe                   2668 Services                   0         9.680 K
TeamViewer_Service.exe        2712 Services                   0         4.292 K
TeamViewer_Service.exe        2760 Services                   0        11.720 K
TemproSvc.exe                 2800 Services                   0        31.776 K
TODDSrv.exe                   2948 Services                   0         5.312 K
TosCoSrv.exe                  2976 Services                   0         5.100 K
TecoService.exe               3056 Services                   0         5.860 K
WLIDSVC.EXE                   2092 Services                   0        16.036 K
WLIDSVCM.EXE                  1388 Services                   0         3.736 K
alg.exe                       3828 Services                   0         4.804 K
SearchIndexer.exe             3876 Services                   0        31.764 K
svchost.exe                   3996 Services                   0        17.808 K
svchost.exe                   3496 Services                   0         6.332 K
wmpnetwk.exe                  3728 Services                   0        30.724 K
svchost.exe                   4792 Services                   0        15.272 K
dllhost.exe                   6104 Services                   0         7.516 K
CFIWmxSvcs64.exe              2000 Services                   0         3.912 K
CFProcSRVC.exe                5996 Services                   0        12.924 K
CFSvcs.exe                     932 Services                   0         1.832 K
svchost.exe                   3284 Services                   0         4.608 K
AvastUI.exe                   4540 Console                    1        19.240 K
audiodg.exe                   5564 Services                   0        18.320 K
svchost.exe                   1856 Services                   0        16.192 K
WmiPrvSE.exe                  2208 Services                   0         7.492 K
SearchProtocolHost.exe        3080 Services                   0         8.628 K
SearchFilterHost.exe          4468 Services                   0         6.548 K
cmd.exe                       2612 Console                    1         4.196 K
conhost.exe                   3064 Console                    1         6.052 K
tasklist.exe                  5424 Console                    1         6.088 K

 
***** Ende des Scans 19.04.2011 um 23:47:09,56 ***

HJT Scan:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:46:31, on 19.04.2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Users\FIETE\Desktop\ALLES\Trojaner usw loswerden -.-\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\FIETE\AppData\Roaming\UUSoQLdiE9hE.exe,
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (file missing)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B3C37CD-C72C-4B53-8F21-1F816160E80F}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CF8EFA5-1173-414E-9BEC-5D86B7AA82AF}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B3C37CD-C72C-4B53-8F21-1F816160E80F}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12913 bytes

Ich habe alles befolgt, alle Fenster geschlossen!

kira · 19.04.2011, 23:05

tja...unter 64 Bit Systeme funktionieren nicht!

1.
Anwendungen, die im Hintergrund laufen während der Reinigung, können die Leistung deines Computers und auch unsere Arbeit negativ beeinflussen, deswegen bitte die hier aufgelisteten Programme zuerst mal abschalten/deaktivieren!
Dienste beenden:

Klicke auf "Start" -> gibst Du in das Suchfeld "Dienste" ein
dann klicke im oberen Bereich mit der rechten Maustaste auf den Eintrag "Dienste"
und im Kontextmenü auf "Als Administrator ausführen" ->Anleitung/tipps4you.de
den ausgewählte Dienst auf deaktiviert setzen!

Code:

ATTFilter

PC Tools Auxiliary Service (sdAuxService) 
PC Tools Security Service (sdCoreService)

2.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')

3.

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

4.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
- die alten Logfiles löschen und ein neues erstellen. Rechtsklick auf HijackThis-> als Admin ausführen wählen

Fi3t3 · 20.04.2011, 22:48

1. Dienste... das kann man nicht in Worten ausdrücken ...

na toll ...

2. Erledigt!

3. TDSS-Killer Log:

Code:

ATTFilter

2011/04/20 23:12:45.0562 4016	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 23:12:45.0952 4016	================================================================================
2011/04/20 23:12:45.0952 4016	SystemInfo:
2011/04/20 23:12:45.0952 4016	
2011/04/20 23:12:45.0952 4016	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/20 23:12:45.0952 4016	Product type: Workstation
2011/04/20 23:12:45.0952 4016	ComputerName: FIETE-TOSH
2011/04/20 23:12:45.0952 4016	UserName: FIETE
2011/04/20 23:12:45.0952 4016	Windows directory: C:\Windows
2011/04/20 23:12:45.0952 4016	System windows directory: C:\Windows
2011/04/20 23:12:45.0952 4016	Running under WOW64
2011/04/20 23:12:45.0952 4016	Processor architecture: Intel x64
2011/04/20 23:12:45.0952 4016	Number of processors: 2
2011/04/20 23:12:45.0952 4016	Page size: 0x1000
2011/04/20 23:12:45.0952 4016	Boot type: Normal boot
2011/04/20 23:12:45.0952 4016	================================================================================
2011/04/20 23:12:46.0922 4016	Initialize success
2011/04/20 23:12:49.0072 4352	================================================================================
2011/04/20 23:12:49.0072 4352	Scan started
2011/04/20 23:12:49.0072 4352	Mode: Manual; 
2011/04/20 23:12:49.0072 4352	================================================================================
2011/04/20 23:12:50.0692 4352	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/20 23:12:50.0902 4352	acedrv10        (156bc3f91dcf43510c28e75cc5cee3c7) C:\Windows\system32\drivers\acedrv10.sys
2011/04/20 23:12:51.0112 4352	acehlp10        (1afe4120f70962b4a773008557f660cd) C:\Windows\system32\drivers\acehlp10.sys
2011/04/20 23:12:51.0292 4352	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/20 23:12:51.0452 4352	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/20 23:12:51.0632 4352	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/20 23:12:51.0762 4352	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/20 23:12:51.0962 4352	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/20 23:12:52.0172 4352	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/20 23:12:52.0342 4352	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/20 23:12:52.0502 4352	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/20 23:12:52.0522 4352	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/20 23:12:52.0672 4352	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/20 23:12:52.0812 4352	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/20 23:12:52.0852 4352	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/20 23:12:53.0022 4352	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/20 23:12:53.0172 4352	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/20 23:12:53.0312 4352	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/20 23:12:53.0542 4352	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/20 23:12:53.0702 4352	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/20 23:12:53.0962 4352	aswFsBlk        (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/20 23:12:54.0172 4352	aswMonFlt       (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/20 23:12:54.0352 4352	aswRdr          (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/04/20 23:12:54.0552 4352	aswSnx          (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/04/20 23:12:54.0742 4352	aswSP           (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/04/20 23:12:54.0942 4352	aswTdi          (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/04/20 23:12:55.0102 4352	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/20 23:12:55.0272 4352	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/20 23:12:55.0442 4352	athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/04/20 23:12:55.0652 4352	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/20 23:12:55.0822 4352	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/20 23:12:55.0982 4352	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/20 23:12:56.0172 4352	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/20 23:12:56.0322 4352	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/20 23:12:56.0472 4352	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/20 23:12:56.0602 4352	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/20 23:12:56.0752 4352	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/20 23:12:56.0892 4352	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/20 23:12:57.0012 4352	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/20 23:12:57.0132 4352	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/20 23:12:57.0352 4352	BthAvrcp        (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/20 23:12:57.0522 4352	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/20 23:12:57.0692 4352	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/20 23:12:57.0842 4352	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/20 23:12:57.0922 4352	BTHPORT         (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/04/20 23:12:58.0072 4352	BTHUSB          (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/20 23:12:58.0172 4352	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/20 23:12:58.0302 4352	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/20 23:12:58.0442 4352	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/20 23:12:58.0562 4352	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/20 23:12:58.0722 4352	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/20 23:12:58.0842 4352	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/20 23:12:58.0992 4352	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/20 23:12:59.0122 4352	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/20 23:12:59.0222 4352	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/20 23:12:59.0282 4352	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/20 23:12:59.0462 4352	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/20 23:12:59.0642 4352	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/20 23:12:59.0752 4352	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/20 23:12:59.0882 4352	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/20 23:13:00.0042 4352	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/20 23:13:00.0212 4352	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/20 23:13:00.0542 4352	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/20 23:13:00.0772 4352	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/20 23:13:00.0882 4352	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/20 23:13:01.0062 4352	ewusbnet        (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/20 23:13:01.0222 4352	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/20 23:13:01.0442 4352	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/20 23:13:01.0572 4352	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/20 23:13:01.0712 4352	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/20 23:13:01.0832 4352	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/20 23:13:02.0022 4352	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/20 23:13:02.0162 4352	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/20 23:13:02.0312 4352	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/20 23:13:02.0492 4352	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/20 23:13:02.0632 4352	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/20 23:13:02.0832 4352	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/20 23:13:02.0972 4352	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/20 23:13:03.0122 4352	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/20 23:13:03.0262 4352	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/20 23:13:03.0302 4352	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/20 23:13:03.0412 4352	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/20 23:13:03.0542 4352	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/20 23:13:03.0672 4352	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/20 23:13:03.0802 4352	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/20 23:13:03.0852 4352	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/20 23:13:03.0992 4352	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/20 23:13:04.0042 4352	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/20 23:13:04.0242 4352	hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/20 23:13:04.0382 4352	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/20 23:13:04.0542 4352	hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/04/20 23:13:04.0662 4352	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/20 23:13:04.0722 4352	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/20 23:13:04.0882 4352	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/20 23:13:05.0302 4352	igfx            (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/20 23:13:05.0602 4352	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/20 23:13:05.0842 4352	IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/20 23:13:05.0962 4352	IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/04/20 23:13:06.0102 4352	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/20 23:13:06.0222 4352	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/20 23:13:06.0362 4352	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/20 23:13:06.0472 4352	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/20 23:13:06.0502 4352	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/20 23:13:06.0652 4352	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/20 23:13:06.0682 4352	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/20 23:13:06.0822 4352	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/20 23:13:06.0932 4352	ISODrive        (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
2011/04/20 23:13:07.0062 4352	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/20 23:13:07.0182 4352	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/20 23:13:07.0332 4352	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/20 23:13:07.0472 4352	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/20 23:13:07.0602 4352	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/20 23:13:07.0772 4352	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/20 23:13:07.0942 4352	LPCFilter       (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/04/20 23:13:08.0062 4352	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/20 23:13:08.0092 4352	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/20 23:13:08.0262 4352	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/20 23:13:08.0442 4352	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/20 23:13:08.0612 4352	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/20 23:13:08.0732 4352	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/20 23:13:08.0902 4352	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/20 23:13:09.0072 4352	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/20 23:13:09.0182 4352	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/20 23:13:09.0342 4352	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/20 23:13:09.0482 4352	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/20 23:13:09.0592 4352	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/20 23:13:09.0712 4352	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/20 23:13:09.0872 4352	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/20 23:13:09.0932 4352	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/20 23:13:10.0072 4352	mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/20 23:13:10.0222 4352	mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/20 23:13:10.0372 4352	mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/20 23:13:10.0482 4352	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/20 23:13:10.0612 4352	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/20 23:13:10.0812 4352	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/20 23:13:10.0942 4352	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/20 23:13:11.0112 4352	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/20 23:13:11.0252 4352	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/20 23:13:11.0442 4352	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/20 23:13:11.0572 4352	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/20 23:13:11.0792 4352	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/20 23:13:11.0902 4352	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/20 23:13:11.0932 4352	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/20 23:13:12.0042 4352	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/20 23:13:12.0142 4352	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/20 23:13:12.0282 4352	MYFAULT         (e76875f392dedef8a83322727f4df6aa) C:\Windows\system32\drivers\myfault.sys
2011/04/20 23:13:12.0402 4352	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/20 23:13:12.0542 4352	NCHVSC64        (1197cac7a5a857c7a0ca2fc8d68a3385) C:\Windows\system32\drivers\nchvsc64.sys
2011/04/20 23:13:12.0672 4352	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/20 23:13:12.0782 4352	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/20 23:13:12.0892 4352	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/20 23:13:12.0992 4352	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/20 23:13:13.0092 4352	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/20 23:13:13.0202 4352	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/20 23:13:13.0232 4352	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/20 23:13:13.0332 4352	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/20 23:13:13.0502 4352	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/20 23:13:13.0622 4352	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/20 23:13:13.0732 4352	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/20 23:13:13.0892 4352	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/20 23:13:14.0022 4352	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/20 23:13:14.0122 4352	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/20 23:13:14.0242 4352	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/20 23:13:14.0352 4352	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/20 23:13:14.0462 4352	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/20 23:13:14.0612 4352	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/20 23:13:14.0722 4352	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/20 23:13:14.0832 4352	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/20 23:13:14.0882 4352	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/20 23:13:14.0992 4352	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/20 23:13:15.0132 4352	PCTCore         (8f38fffa9e7b9d547b7921efa8edff3c) C:\Windows\system32\drivers\PCTCore64.sys
2011/04/20 23:13:15.0262 4352	pctDS           (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
2011/04/20 23:13:15.0412 4352	pctEFA          (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
2011/04/20 23:13:15.0542 4352	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/20 23:13:15.0692 4352	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/20 23:13:15.0922 4352	Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/04/20 23:13:16.0062 4352	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/20 23:13:16.0182 4352	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/20 23:13:16.0302 4352	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/20 23:13:16.0372 4352	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/20 23:13:16.0482 4352	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/20 23:13:16.0522 4352	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/20 23:13:16.0622 4352	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/20 23:13:16.0732 4352	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/20 23:13:16.0842 4352	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/20 23:13:16.0962 4352	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/20 23:13:17.0072 4352	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/20 23:13:17.0192 4352	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/20 23:13:17.0302 4352	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/20 23:13:17.0422 4352	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/20 23:13:17.0552 4352	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/20 23:13:17.0652 4352	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/20 23:13:17.0762 4352	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/20 23:13:17.0812 4352	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/20 23:13:17.0912 4352	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/20 23:13:18.0062 4352	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/20 23:13:18.0192 4352	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/20 23:13:18.0332 4352	RSUSBSTOR       (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys
2011/04/20 23:13:18.0462 4352	RTL2832UBDA     (9b7514eede8d7916aa5c8ab4cec57d9e) C:\Windows\system32\drivers\RTL2832UBDA.sys
2011/04/20 23:13:18.0622 4352	RTL2832UUSB     (df9bedf967b3b6727b0db75c29e3ac2b) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2011/04/20 23:13:18.0732 4352	RTL8167         (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/20 23:13:18.0862 4352	RTL8187B        (945ab249d12cbe044782430c6013aa1a) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/04/20 23:13:19.0012 4352	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/20 23:13:19.0122 4352	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/20 23:13:19.0252 4352	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/20 23:13:19.0382 4352	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/20 23:13:19.0492 4352	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/20 23:13:19.0602 4352	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/20 23:13:19.0762 4352	sfdrv01         (4fcace92bb0345d58bb96adbd69f5237) C:\Windows\system32\drivers\sfdrv01.sys
2011/04/20 23:13:19.0912 4352	sfdrv01a        (addc96399acdf3c4dd690c74b835082e) C:\Windows\system32\drivers\sfdrv01a.sys
2011/04/20 23:13:20.0032 4352	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/20 23:13:20.0082 4352	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/20 23:13:20.0192 4352	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/20 23:13:20.0332 4352	sfhlp02         (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
2011/04/20 23:13:20.0442 4352	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/20 23:13:20.0572 4352	sfsync02        (40cf333266e10137f805b8956fe19031) C:\Windows\system32\drivers\sfsync02.sys
2011/04/20 23:13:20.0702 4352	sfvfs02         (f3b72568a6fa36e5d63d30b8186d1c48) C:\Windows\system32\drivers\sfvfs02.sys
2011/04/20 23:13:20.0832 4352	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/20 23:13:20.0882 4352	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/20 23:13:20.0982 4352	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/20 23:13:21.0142 4352	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/20 23:13:21.0302 4352	srv             (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/20 23:13:21.0432 4352	srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/20 23:13:21.0552 4352	srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/20 23:13:21.0682 4352	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/20 23:13:21.0812 4352	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/20 23:13:21.0942 4352	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/20 23:13:22.0072 4352	SynTP           (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/20 23:13:22.0262 4352	Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/20 23:13:22.0452 4352	TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/20 23:13:22.0562 4352	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/20 23:13:22.0682 4352	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/20 23:13:22.0802 4352	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/20 23:13:22.0922 4352	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/20 23:13:23.0042 4352	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/20 23:13:23.0192 4352	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/20 23:13:23.0372 4352	tos_sps64       (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/04/20 23:13:23.0512 4352	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/20 23:13:23.0622 4352	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/20 23:13:23.0752 4352	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/20 23:13:23.0872 4352	TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/04/20 23:13:23.0992 4352	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/20 23:13:24.0132 4352	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/20 23:13:24.0272 4352	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/20 23:13:24.0372 4352	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/20 23:13:24.0482 4352	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/20 23:13:24.0612 4352	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/20 23:13:24.0752 4352	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/20 23:13:24.0872 4352	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/20 23:13:24.0942 4352	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/20 23:13:25.0052 4352	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/20 23:13:25.0152 4352	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/20 23:13:25.0292 4352	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/20 23:13:25.0402 4352	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/20 23:13:25.0552 4352	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/20 23:13:25.0602 4352	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/20 23:13:25.0752 4352	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/20 23:13:25.0942 4352	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/20 23:13:26.0062 4352	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/20 23:13:26.0182 4352	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/20 23:13:26.0292 4352	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/20 23:13:26.0392 4352	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/20 23:13:26.0502 4352	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/20 23:13:26.0642 4352	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/20 23:13:26.0752 4352	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/20 23:13:26.0872 4352	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/20 23:13:26.0982 4352	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/20 23:13:27.0102 4352	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/20 23:13:27.0242 4352	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/20 23:13:27.0282 4352	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 23:13:27.0302 4352	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 23:13:27.0422 4352	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/20 23:13:27.0542 4352	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/20 23:13:27.0702 4352	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/20 23:13:27.0802 4352	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/20 23:13:27.0972 4352	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/20 23:13:28.0122 4352	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/20 23:13:28.0272 4352	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/20 23:13:28.0412 4352	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/20 23:13:28.0542 4352	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/20 23:13:28.0852 4352	================================================================================
2011/04/20 23:13:28.0852 4352	Scan finished
2011/04/20 23:13:28.0852 4352	================================================================================

4. das mache ich jetzt^^

Fi3t3 · 20.04.2011, 22:49

1. Dienste... das kann man nicht in Worten ausdrücken ...

na toll ...

2. Erledigt!

3. TDSS-Killer Log:

Code:

ATTFilter

2011/04/20 23:12:45.0562 4016	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 23:12:45.0952 4016	================================================================================
2011/04/20 23:12:45.0952 4016	SystemInfo:
2011/04/20 23:12:45.0952 4016	
2011/04/20 23:12:45.0952 4016	OS Version: 6.1.7600 ServicePack: 0.0
2011/04/20 23:12:45.0952 4016	Product type: Workstation
2011/04/20 23:12:45.0952 4016	ComputerName: FIETE-TOSH
2011/04/20 23:12:45.0952 4016	UserName: FIETE
2011/04/20 23:12:45.0952 4016	Windows directory: C:\Windows
2011/04/20 23:12:45.0952 4016	System windows directory: C:\Windows
2011/04/20 23:12:45.0952 4016	Running under WOW64
2011/04/20 23:12:45.0952 4016	Processor architecture: Intel x64
2011/04/20 23:12:45.0952 4016	Number of processors: 2
2011/04/20 23:12:45.0952 4016	Page size: 0x1000
2011/04/20 23:12:45.0952 4016	Boot type: Normal boot
2011/04/20 23:12:45.0952 4016	================================================================================
2011/04/20 23:12:46.0922 4016	Initialize success
2011/04/20 23:12:49.0072 4352	================================================================================
2011/04/20 23:12:49.0072 4352	Scan started
2011/04/20 23:12:49.0072 4352	Mode: Manual; 
2011/04/20 23:12:49.0072 4352	================================================================================
2011/04/20 23:12:50.0692 4352	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/20 23:12:50.0902 4352	acedrv10        (156bc3f91dcf43510c28e75cc5cee3c7) C:\Windows\system32\drivers\acedrv10.sys
2011/04/20 23:12:51.0112 4352	acehlp10        (1afe4120f70962b4a773008557f660cd) C:\Windows\system32\drivers\acehlp10.sys
2011/04/20 23:12:51.0292 4352	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/20 23:12:51.0452 4352	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/20 23:12:51.0632 4352	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/20 23:12:51.0762 4352	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/20 23:12:51.0962 4352	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/20 23:12:52.0172 4352	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/20 23:12:52.0342 4352	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/20 23:12:52.0502 4352	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/20 23:12:52.0522 4352	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/20 23:12:52.0672 4352	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/20 23:12:52.0812 4352	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/20 23:12:52.0852 4352	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/20 23:12:53.0022 4352	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/20 23:12:53.0172 4352	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/20 23:12:53.0312 4352	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/20 23:12:53.0542 4352	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/20 23:12:53.0702 4352	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/20 23:12:53.0962 4352	aswFsBlk        (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/20 23:12:54.0172 4352	aswMonFlt       (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/20 23:12:54.0352 4352	aswRdr          (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/04/20 23:12:54.0552 4352	aswSnx          (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/04/20 23:12:54.0742 4352	aswSP           (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/04/20 23:12:54.0942 4352	aswTdi          (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/04/20 23:12:55.0102 4352	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/20 23:12:55.0272 4352	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/20 23:12:55.0442 4352	athr            (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
2011/04/20 23:12:55.0652 4352	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/20 23:12:55.0822 4352	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/20 23:12:55.0982 4352	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/20 23:12:56.0172 4352	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/20 23:12:56.0322 4352	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/20 23:12:56.0472 4352	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/20 23:12:56.0602 4352	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/20 23:12:56.0752 4352	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/20 23:12:56.0892 4352	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/20 23:12:57.0012 4352	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/20 23:12:57.0132 4352	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/20 23:12:57.0352 4352	BthAvrcp        (832b121e4532919cc49f2438f1dcaa21) C:\Windows\system32\DRIVERS\BthAvrcp.sys
2011/04/20 23:12:57.0522 4352	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/20 23:12:57.0692 4352	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/20 23:12:57.0842 4352	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/20 23:12:57.0922 4352	BTHPORT         (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/04/20 23:12:58.0072 4352	BTHUSB          (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/20 23:12:58.0172 4352	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/20 23:12:58.0302 4352	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/20 23:12:58.0442 4352	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/20 23:12:58.0562 4352	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/20 23:12:58.0722 4352	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/20 23:12:58.0842 4352	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/20 23:12:58.0992 4352	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/20 23:12:59.0122 4352	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/20 23:12:59.0222 4352	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/20 23:12:59.0282 4352	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/20 23:12:59.0462 4352	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/20 23:12:59.0642 4352	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/20 23:12:59.0752 4352	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/20 23:12:59.0882 4352	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/20 23:13:00.0042 4352	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/20 23:13:00.0212 4352	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/20 23:13:00.0542 4352	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/20 23:13:00.0772 4352	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/20 23:13:00.0882 4352	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/20 23:13:01.0062 4352	ewusbnet        (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/20 23:13:01.0222 4352	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/20 23:13:01.0442 4352	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/20 23:13:01.0572 4352	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/20 23:13:01.0712 4352	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/20 23:13:01.0832 4352	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/20 23:13:02.0022 4352	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/20 23:13:02.0162 4352	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/20 23:13:02.0312 4352	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/20 23:13:02.0492 4352	fssfltr         (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/20 23:13:02.0632 4352	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/20 23:13:02.0832 4352	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/20 23:13:02.0972 4352	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/20 23:13:03.0122 4352	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/20 23:13:03.0262 4352	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/20 23:13:03.0302 4352	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/20 23:13:03.0412 4352	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/20 23:13:03.0542 4352	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/20 23:13:03.0672 4352	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/20 23:13:03.0802 4352	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/20 23:13:03.0852 4352	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/20 23:13:03.0992 4352	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/20 23:13:04.0042 4352	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/20 23:13:04.0242 4352	hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/20 23:13:04.0382 4352	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/20 23:13:04.0542 4352	hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/04/20 23:13:04.0662 4352	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/20 23:13:04.0722 4352	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/20 23:13:04.0882 4352	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/20 23:13:05.0302 4352	igfx            (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/20 23:13:05.0602 4352	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/20 23:13:05.0842 4352	IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/20 23:13:05.0962 4352	IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
2011/04/20 23:13:06.0102 4352	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/20 23:13:06.0222 4352	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/20 23:13:06.0362 4352	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/20 23:13:06.0472 4352	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/20 23:13:06.0502 4352	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/20 23:13:06.0652 4352	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/20 23:13:06.0682 4352	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/20 23:13:06.0822 4352	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/20 23:13:06.0932 4352	ISODrive        (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
2011/04/20 23:13:07.0062 4352	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/20 23:13:07.0182 4352	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/20 23:13:07.0332 4352	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/20 23:13:07.0472 4352	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/20 23:13:07.0602 4352	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/20 23:13:07.0772 4352	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/20 23:13:07.0942 4352	LPCFilter       (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/04/20 23:13:08.0062 4352	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/20 23:13:08.0092 4352	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/20 23:13:08.0262 4352	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/20 23:13:08.0442 4352	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/20 23:13:08.0612 4352	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/20 23:13:08.0732 4352	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/20 23:13:08.0902 4352	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/20 23:13:09.0072 4352	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/20 23:13:09.0182 4352	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/20 23:13:09.0342 4352	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/20 23:13:09.0482 4352	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/20 23:13:09.0592 4352	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/20 23:13:09.0712 4352	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/20 23:13:09.0872 4352	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/20 23:13:09.0932 4352	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/20 23:13:10.0072 4352	mrxsmb          (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/20 23:13:10.0222 4352	mrxsmb10        (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/20 23:13:10.0372 4352	mrxsmb20        (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/20 23:13:10.0482 4352	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/20 23:13:10.0612 4352	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/20 23:13:10.0812 4352	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/20 23:13:10.0942 4352	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/20 23:13:11.0112 4352	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/20 23:13:11.0252 4352	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/20 23:13:11.0442 4352	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/20 23:13:11.0572 4352	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/20 23:13:11.0792 4352	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/20 23:13:11.0902 4352	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/20 23:13:11.0932 4352	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/20 23:13:12.0042 4352	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/20 23:13:12.0142 4352	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/20 23:13:12.0282 4352	MYFAULT         (e76875f392dedef8a83322727f4df6aa) C:\Windows\system32\drivers\myfault.sys
2011/04/20 23:13:12.0402 4352	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/20 23:13:12.0542 4352	NCHVSC64        (1197cac7a5a857c7a0ca2fc8d68a3385) C:\Windows\system32\drivers\nchvsc64.sys
2011/04/20 23:13:12.0672 4352	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/20 23:13:12.0782 4352	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/20 23:13:12.0892 4352	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/20 23:13:12.0992 4352	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/20 23:13:13.0092 4352	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/20 23:13:13.0202 4352	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/20 23:13:13.0232 4352	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/20 23:13:13.0332 4352	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/20 23:13:13.0502 4352	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/20 23:13:13.0622 4352	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/20 23:13:13.0732 4352	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/20 23:13:13.0892 4352	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/20 23:13:14.0022 4352	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/20 23:13:14.0122 4352	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/20 23:13:14.0242 4352	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/20 23:13:14.0352 4352	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/20 23:13:14.0462 4352	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/20 23:13:14.0612 4352	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/20 23:13:14.0722 4352	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/20 23:13:14.0832 4352	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/20 23:13:14.0882 4352	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/20 23:13:14.0992 4352	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/20 23:13:15.0132 4352	PCTCore         (8f38fffa9e7b9d547b7921efa8edff3c) C:\Windows\system32\drivers\PCTCore64.sys
2011/04/20 23:13:15.0262 4352	pctDS           (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
2011/04/20 23:13:15.0412 4352	pctEFA          (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
2011/04/20 23:13:15.0542 4352	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/20 23:13:15.0692 4352	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/20 23:13:15.0922 4352	Point64         (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
2011/04/20 23:13:16.0062 4352	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/20 23:13:16.0182 4352	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/20 23:13:16.0302 4352	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/20 23:13:16.0372 4352	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/20 23:13:16.0482 4352	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/20 23:13:16.0522 4352	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/20 23:13:16.0622 4352	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/20 23:13:16.0732 4352	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/20 23:13:16.0842 4352	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/20 23:13:16.0962 4352	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/20 23:13:17.0072 4352	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/20 23:13:17.0192 4352	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/20 23:13:17.0302 4352	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/20 23:13:17.0422 4352	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/20 23:13:17.0552 4352	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/20 23:13:17.0652 4352	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/20 23:13:17.0762 4352	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/20 23:13:17.0812 4352	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/20 23:13:17.0912 4352	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/20 23:13:18.0062 4352	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/20 23:13:18.0192 4352	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/20 23:13:18.0332 4352	RSUSBSTOR       (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys
2011/04/20 23:13:18.0462 4352	RTL2832UBDA     (9b7514eede8d7916aa5c8ab4cec57d9e) C:\Windows\system32\drivers\RTL2832UBDA.sys
2011/04/20 23:13:18.0622 4352	RTL2832UUSB     (df9bedf967b3b6727b0db75c29e3ac2b) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2011/04/20 23:13:18.0732 4352	RTL8167         (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/20 23:13:18.0862 4352	RTL8187B        (945ab249d12cbe044782430c6013aa1a) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/04/20 23:13:19.0012 4352	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/20 23:13:19.0122 4352	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/20 23:13:19.0252 4352	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/20 23:13:19.0382 4352	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/20 23:13:19.0492 4352	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/20 23:13:19.0602 4352	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/20 23:13:19.0762 4352	sfdrv01         (4fcace92bb0345d58bb96adbd69f5237) C:\Windows\system32\drivers\sfdrv01.sys
2011/04/20 23:13:19.0912 4352	sfdrv01a        (addc96399acdf3c4dd690c74b835082e) C:\Windows\system32\drivers\sfdrv01a.sys
2011/04/20 23:13:20.0032 4352	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/20 23:13:20.0082 4352	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/20 23:13:20.0192 4352	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/20 23:13:20.0332 4352	sfhlp02         (17f6bd95bf04b924f4c05ce78bef8ae6) C:\Windows\system32\drivers\sfhlp02.sys
2011/04/20 23:13:20.0442 4352	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/20 23:13:20.0572 4352	sfsync02        (40cf333266e10137f805b8956fe19031) C:\Windows\system32\drivers\sfsync02.sys
2011/04/20 23:13:20.0702 4352	sfvfs02         (f3b72568a6fa36e5d63d30b8186d1c48) C:\Windows\system32\drivers\sfvfs02.sys
2011/04/20 23:13:20.0832 4352	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/20 23:13:20.0882 4352	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/20 23:13:20.0982 4352	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/20 23:13:21.0142 4352	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/20 23:13:21.0302 4352	srv             (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/20 23:13:21.0432 4352	srv2            (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/20 23:13:21.0552 4352	srvnet          (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/20 23:13:21.0682 4352	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/20 23:13:21.0812 4352	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
2011/04/20 23:13:21.0942 4352	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/20 23:13:22.0072 4352	SynTP           (be7311da9d6833fa69ed04b744a1c8f8) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/20 23:13:22.0262 4352	Tcpip           (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/20 23:13:22.0452 4352	TCPIP6          (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/20 23:13:22.0562 4352	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/20 23:13:22.0682 4352	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/04/20 23:13:22.0802 4352	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/20 23:13:22.0922 4352	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/20 23:13:23.0042 4352	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/20 23:13:23.0192 4352	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/20 23:13:23.0372 4352	tos_sps64       (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/04/20 23:13:23.0512 4352	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/20 23:13:23.0622 4352	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/20 23:13:23.0752 4352	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/04/20 23:13:23.0872 4352	TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/04/20 23:13:23.0992 4352	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/20 23:13:24.0132 4352	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/20 23:13:24.0272 4352	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/20 23:13:24.0372 4352	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/20 23:13:24.0482 4352	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/20 23:13:24.0612 4352	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/20 23:13:24.0752 4352	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/20 23:13:24.0872 4352	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/20 23:13:24.0942 4352	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/20 23:13:25.0052 4352	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/20 23:13:25.0152 4352	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/20 23:13:25.0292 4352	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/20 23:13:25.0402 4352	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/20 23:13:25.0552 4352	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/20 23:13:25.0602 4352	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/20 23:13:25.0752 4352	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/20 23:13:25.0942 4352	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/20 23:13:26.0062 4352	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/20 23:13:26.0182 4352	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/20 23:13:26.0292 4352	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/20 23:13:26.0392 4352	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/20 23:13:26.0502 4352	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/20 23:13:26.0642 4352	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/20 23:13:26.0752 4352	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/20 23:13:26.0872 4352	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/20 23:13:26.0982 4352	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/20 23:13:27.0102 4352	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/20 23:13:27.0242 4352	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/20 23:13:27.0282 4352	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 23:13:27.0302 4352	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 23:13:27.0422 4352	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/20 23:13:27.0542 4352	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/20 23:13:27.0702 4352	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/20 23:13:27.0802 4352	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/20 23:13:27.0972 4352	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/20 23:13:28.0122 4352	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/20 23:13:28.0272 4352	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/20 23:13:28.0412 4352	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/20 23:13:28.0542 4352	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/20 23:13:28.0852 4352	================================================================================
2011/04/20 23:13:28.0852 4352	Scan finished
2011/04/20 23:13:28.0852 4352	================================================================================

4. das mache ich jetzt^^

kira · 20.04.2011, 23:21

Zitat:

Zitat von Fi3t3

das kann man nicht in Worten ausdrücken ...

- sollst Du aber!

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

Fi3t3 · 23.04.2011, 00:42

Ich bin zwar schon auf ein Backup vorbereitet, aber ich währe zufrieden, wenn das endlich verschwinden würde^^

OTL Scan:

Code:

ATTFilter

OTL logfile created on: 22.04.2011 15:05:29 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\FIETE\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 83,97 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 171,30 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
 
Computer Name: FIETE-TOSH | User Name: FIETE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\FIETE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\FIETE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (acedrv10) -- C:\Windows\SysNative\drivers\acedrv10.sys (Protect Software GmbH)
DRV:64bit: - (acehlp10) -- C:\Windows\SysNative\drivers\acehlp10.sys (Protect Software GmbH)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (MYFAULT) -- C:\Windows\SysNative\drivers\myfault.sys (Sysinternals)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (NCHVSC64) SoundTap Recorder (64 Bit) -- C:\Windows\SysNative\drivers\nchvsc64.sys (NCH Swift Sound)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV:64bit: - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfsync02.sys (Protection Technology)
DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 9A 26 0D DC 4A CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.order.2: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.137.1"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: "192.168.137.1"
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "192.168.137.1"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "192.168.137.1"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "192.168.137.1"
FF - prefs.js..network.proxy.gopher: "192.168.137.1"
FF - prefs.js..network.proxy.http: "192.168.137.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.137.1"
FF - prefs.js..network.proxy.ssl: "192.168.137.1"
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "foxsearch"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.02.27 21:36:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2011.04.18 22:04:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.25 15:11:41 | 000,000,000 | ---D | M]
 
[2009.12.30 12:38:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FIETE\AppData\Roaming\mozilla\Extensions
[2011.04.21 23:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions
[2011.03.03 18:02:47 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2011.03.11 18:26:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.16 22:48:02 | 000,000,000 | ---D | M] (WOT) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.01 22:34:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.07 22:03:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.17 17:51:03 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2011.01.27 11:36:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.02.22 21:02:35 | 000,000,000 | ---D | M] (Fasterfox (EladKarako Mod)) -- C:\Users\FIETE\AppData\Roaming\mozilla\Firefox\Profiles\lqm8lza1.default\extensions\{eeeeeeee-aaaa-0000-aaaa-000000000000}
[2011.01.29 17:57:57 | 000,001,141 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\conduit.xml
[2011.03.11 19:22:21 | 000,000,828 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin-1.xml
[2011.03.11 19:22:21 | 000,000,602 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin-2.xml
[2011.03.11 19:22:21 | 000,000,828 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin-3.xml
[2011.03.11 19:22:21 | 000,000,901 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\icqplugin.xml
[2011.02.28 18:53:18 | 000,003,915 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\Mozilla\Firefox\Profiles\lqm8lza1.default\searchplugins\sweetim.xml
[2011.04.21 23:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.01.03 16:55:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.31 18:17:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.23 14:34:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.04 18:08:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.24 00:17:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 17:24:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.27 21:36:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
[2011.03.04 08:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.04 08:05:59 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.01.29 17:57:57 | 000,001,605 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2010.08.07 16:00:04 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\foxsearch.src
[2011.03.04 08:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.04 08:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.04 08:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.20 03:29:24 | 000,001,025 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 ar.atwola.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll ()
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  File not found
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\Alwil Software\Avast5\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -  File not found
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -  File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\FIETE\AppData\Roaming\UUSoQLdiE9hE.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26ffb629-2014-11e0-94c3-002622f1344e}\Shell - "" = AutoRun
O33 - MountPoints2\{26ffb629-2014-11e0-94c3-002622f1344e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{33a6d159-b4f2-11df-a4cf-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{33a6d159-b4f2-11df-a4cf-001bdc002e32}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{a68a4bcf-d96f-11de-ac4f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a68a4bcf-d96f-11de-ac4f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{fdaea6c6-fbeb-11df-9112-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{fdaea6c6-fbeb-11df-9112-001bdc002e32}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fdaea6d7-fbeb-11df-9112-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{fdaea6d7-fbeb-11df-9112-001bdc002e32}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fdaea6f9-fbeb-11df-9112-001bdc002e32}\Shell - "" = AutoRun
O33 - MountPoints2\{fdaea6f9-fbeb-11df-9112-001bdc002e32}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\CDStart.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.22 15:04:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\FIETE\Desktop\OTL.exe
[2011.04.21 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\~KiLL´s~ HacKv0.6
[2011.04.21 22:09:36 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\Siro's pub 8.6
[2011.04.21 18:34:24 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\BlackLegend Public
[2011.04.21 02:03:26 | 001,498,960 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcr100d.dll
[2011.04.21 02:03:26 | 000,771,424 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcr100_clr0400.dll
[2011.04.21 02:03:26 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcr100.dll
[2011.04.21 02:03:26 | 000,743,248 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcp100d.dll
[2011.04.21 02:03:26 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Users\FIETE\Desktop\msvcp100.dll
[2011.04.21 02:03:26 | 000,346,112 | ---- | C] (The cURL library, hxxp://curl.haxx.se/) -- C:\Users\FIETE\Desktop\libcurld.dll
[2011.04.21 01:31:04 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\images
[2011.04.20 23:19:35 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Desktop\Kram
[2011.04.20 03:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.04.20 03:14:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.04.19 17:11:52 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\Threat Expert
[2011.04.18 22:04:25 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2011.04.18 22:04:24 | 001,996,752 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2011.04.18 22:04:24 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2011.04.18 21:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011.04.18 21:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.04.18 01:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.17 17:32:48 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\FIETE\Desktop\tdsskiller.exe
[2011.04.17 13:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011.04.16 21:34:09 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{CEBA4F82-10C3-4A4C-9C54-628B040B8928}
[2011.04.16 15:58:00 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\TechSmith
[2011.04.16 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Documents\Camtasia Studio
[2011.04.16 15:56:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
[2011.04.16 15:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camtasia Studio 7
[2011.04.16 15:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2011.04.16 15:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith
[2011.04.16 15:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2011.04.15 18:17:26 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{E8859431-9F1C-487C-9EEE-C18973BD4D5A}
[2011.04.15 16:57:22 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life 2
[2011.04.15 16:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Half-Life 2
[2011.04.15 15:52:50 | 000,000,000 | ---D | C] -- C:\Half-Life 2
[2011.04.14 22:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gmod9
[2011.04.14 18:24:40 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.04.14 18:24:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.04.14 18:24:35 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.04.14 18:24:34 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.04.14 18:24:34 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.04.14 18:24:29 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011.04.14 18:24:29 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011.04.14 18:24:28 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011.04.14 18:24:28 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011.04.14 18:24:25 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.04.14 18:24:25 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.04.14 18:24:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.04.14 18:24:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.04.14 18:24:13 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.04.14 18:24:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.04.14 18:24:12 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.04.14 18:24:12 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.04.14 18:24:12 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.04.14 18:24:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.04.14 18:24:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.04.14 18:24:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.04.14 18:24:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.04.14 18:24:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.04.14 18:24:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.04.14 18:24:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.04.14 18:24:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.04.14 18:24:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.04.14 18:23:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011.04.14 18:23:17 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011.04.14 18:23:17 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011.04.14 18:23:12 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011.04.14 18:23:12 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011.04.14 18:23:11 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011.04.14 18:23:11 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011.04.14 18:23:11 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011.04.14 18:23:11 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011.04.14 18:23:11 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011.04.14 18:23:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011.04.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\ProtectDisc
[2011.04.12 18:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2011.04.12 18:53:10 | 000,277,904 | ---- | C] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv10.sys
[2011.04.12 18:53:10 | 000,228,000 | ---- | C] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acehlp10.sys
[2011.04.12 18:52:29 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Buchner
[2011.04.12 18:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buchner
[2011.04.12 18:46:48 | 000,000,000 | RH-D | C] -- C:\Users\FIETE\AppData\Roaming\SecuROM
[2011.04.12 18:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase-6
[2011.04.12 18:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Phase6
[2011.04.12 18:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\phase-6
[2011.04.12 18:44:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\auxilium Demoversion
[2011.04.12 18:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\auxilium 3.1 light
[2011.04.12 18:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\auxilium 3.1 light
[2011.04.09 19:06:54 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{1D736F05-F961-47B9-9F78-EED358AF101B}
[2011.04.09 01:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.04.08 14:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperTux
[2011.04.08 14:58:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperTux
[2011.04.07 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{CBB90EA1-2675-4680-8661-A824F28A9D01}
[2011.04.07 19:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\x60xg1XV8
[2011.04.07 19:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickLatin 1.3.2c
[2011.04.07 19:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickLatin
[2011.04.07 19:39:30 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.04.07 19:39:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.04.04 14:29:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpiritMt2
[2011.04.04 13:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.04.04 13:53:56 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{9546DEB2-9D7C-425B-9B4F-93E89CD8D2CF}
[2011.04.03 17:51:39 | 000,607,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2011.04.03 17:51:39 | 000,607,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp100.dll
[2011.04.03 17:22:32 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{B7BC2744-BC34-4689-A3DE-E0116F2B975A}
[2011.04.02 17:58:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LiveUpload
[2011.04.02 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Local\{E0936F40-1CEE-4477-882B-F20B112A5C07}
[2011.04.02 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\mufin
[2011.04.02 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mufin
[2011.04.02 16:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mufin
[2011.04.02 16:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2011.04.02 16:58:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2011.04.02 16:56:48 | 000,000,000 | ---D | C] -- C:\Users\FIETE\Documents\MAGIX Downloads
[2011.04.02 16:56:46 | 000,000,000 | ---D | C] -- C:\Users\FIETE\AppData\Roaming\MAGIX
[2011.04.02 09:46:49 | 001,467,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100d.dll
[2011.04.02 09:46:49 | 001,467,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr100d.dll
[2011.04.02 09:46:49 | 000,631,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100d.dll
[2011.04.02 09:46:49 | 000,631,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp100d.dll
[2011.04.02 09:46:49 | 000,346,112 | ---- | C] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\SysWow64\libcurld.dll
[2011.04.02 09:46:49 | 000,346,112 | ---- | C] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\libcurld.dll
[2011.04.01 16:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiosurf
[2011.04.01 16:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audiosurf
[2011.03.31 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011.03.31 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2011.03.31 23:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad Audio Mixer
[2011.03.29 22:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.4
[2011.03.29 16:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E.M. Magic Swf2Avi
[2011.03.29 16:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\E.M. Magic Swf2Avi
[2011.03.28 18:18:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis
[2011.03.28 17:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011.03.26 12:45:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FIETE\*.tmp files -> C:\Users\FIETE\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.22 15:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.22 15:04:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\FIETE\Desktop\OTL.exe
[2011.04.22 10:48:04 | 001,611,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.22 10:48:04 | 000,696,604 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.22 10:48:04 | 000,651,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.22 10:48:04 | 000,147,868 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.22 10:48:04 | 000,120,814 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.22 10:28:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 23:37:46 | 000,142,432 | ---- | M] () -- C:\Users\FIETE\Desktop\Unbenannt2.png
[2011.04.21 22:09:20 | 003,340,238 | ---- | M] () -- C:\Users\FIETE\Desktop\Siro's pub 8.6.zip
[2011.04.21 22:06:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 22:04:50 | 000,068,361 | ---- | M] () -- C:\Users\FIETE\Desktop\~KiLL´s~ HacKv0.6.rar
[2011.04.21 18:34:13 | 003,236,947 | ---- | M] () -- C:\Users\FIETE\Desktop\BlackLegend Public.rar
[2011.04.21 05:14:48 | 1786,170,646 | ---- | M] () -- C:\Users\FIETE\Desktop\Matrix 1999.exe
[2011.04.21 03:52:47 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:52:47 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 03:45:38 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.04.21 03:44:57 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 02:03:08 | 001,587,561 | ---- | M] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.rar
[2011.04.21 01:51:49 | 000,326,892 | ---- | M] () -- C:\Users\FIETE\Desktop\Sampleedited.jpg
[2011.04.21 01:23:51 | 000,024,300 | ---- | M] () -- C:\Users\FIETE\Desktop\Neuer Ordner.7z
[2011.04.21 01:19:19 | 000,040,448 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.exe
[2011.04.21 01:18:56 | 000,040,448 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.exe
[2011.04.21 01:12:49 | 000,000,795 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.bat
[2011.04.21 01:12:11 | 000,000,063 | ---- | M] () -- C:\Users\FIETE\Desktop\64bit.bat
[2011.04.21 01:08:54 | 000,000,789 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.bat
[2011.04.21 01:08:11 | 000,000,057 | ---- | M] () -- C:\Users\FIETE\Desktop\32bit.bat
[2011.04.21 00:59:58 | 000,000,779 | ---- | M] () -- C:\Users\FIETE\Desktop\s4 Hack.bat
[2011.04.20 23:18:16 | 000,075,507 | ---- | M] () -- C:\Users\FIETE\Desktop\Unbenannt.png
[2011.04.20 22:33:30 | 000,001,932 | ---- | M] () -- C:\Users\FIETE\Desktop\index.html
[2011.04.20 03:29:24 | 000,001,025 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.04.20 03:27:52 | 000,000,237 | ---- | M] () -- C:\Windows\SysNative\ibr.ini
[2011.04.20 03:14:52 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.18 21:49:15 | 001,358,944 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.04.18 01:07:17 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe
[2011.04.18 00:14:12 | 000,367,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.17 17:30:54 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\FIETE\Desktop\tdsskiller.exe
[2011.04.17 10:18:57 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.16 15:56:54 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.04.16 15:52:17 | 000,114,688 | RHS- | M] () -- C:\Windows\SysWow64\qcapi.dll
[2011.04.13 17:54:36 | 000,653,824 | ---- | M] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.exe
[2011.04.12 18:57:33 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000736.LCS
[2011.04.12 18:53:10 | 000,277,904 | ---- | M] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acedrv10.sys
[2011.04.12 18:53:10 | 000,228,000 | ---- | M] (Protect Software GmbH) -- C:\Windows\SysNative\drivers\acehlp10.sys
[2011.04.07 19:39:30 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.04.07 19:39:29 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.04.01 22:46:09 | 001,467,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100d.dll
[2011.04.01 22:46:09 | 001,467,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\msvcr100d.dll
[2011.04.01 22:46:06 | 000,631,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100d.dll
[2011.04.01 22:46:06 | 000,631,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\msvcp100d.dll
[2011.04.01 17:50:58 | 000,346,112 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\SysWow64\libcurld.dll
[2011.04.01 17:50:58 | 000,346,112 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Windows\libcurld.dll
[2011.03.31 22:08:28 | 000,069,632 | ---- | M] () -- C:\Users\FIETE\AppData\Roaming\chrtmp
[2011.03.31 17:26:27 | 000,346,112 | ---- | M] (The cURL library, hxxp://curl.haxx.se/) -- C:\Users\FIETE\Desktop\libcurld.dll
[2011.03.26 22:23:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.03.26 02:04:45 | 000,032,594 | ---- | M] () -- C:\Users\FIETE\AppData\Local\Tempsplash.jpg
[2011.03.25 20:34:38 | 000,081,964 | ---- | M] () -- C:\Users\FIETE\AppData\Local\TempStartup.wav
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FIETE\*.tmp files -> C:\Users\FIETE\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 23:37:35 | 000,142,432 | ---- | C] () -- C:\Users\FIETE\Desktop\Unbenannt2.png
[2011.04.21 22:09:18 | 003,340,238 | ---- | C] () -- C:\Users\FIETE\Desktop\Siro's pub 8.6.zip
[2011.04.21 22:04:49 | 000,068,361 | ---- | C] () -- C:\Users\FIETE\Desktop\~KiLL´s~ HacKv0.6.rar
[2011.04.21 18:34:08 | 003,236,947 | ---- | C] () -- C:\Users\FIETE\Desktop\BlackLegend Public.rar
[2011.04.21 05:15:03 | 1786,170,646 | ---- | C] () -- C:\Users\FIETE\Desktop\Matrix 1999.exe
[2011.04.21 02:03:26 | 000,653,824 | ---- | C] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.exe
[2011.04.21 02:03:08 | 001,587,561 | ---- | C] () -- C:\Users\FIETE\Desktop\Project HarmonY 1.6.rar
[2011.04.21 01:50:47 | 000,326,892 | ---- | C] () -- C:\Users\FIETE\Desktop\Sampleedited.jpg
[2011.04.21 01:31:04 | 000,001,932 | ---- | C] () -- C:\Users\FIETE\Desktop\index.html
[2011.04.21 01:23:45 | 000,024,300 | ---- | C] () -- C:\Users\FIETE\Desktop\Neuer Ordner.7z
[2011.04.21 01:19:08 | 000,040,448 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.exe
[2011.04.21 01:18:42 | 000,040,448 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.exe
[2011.04.21 01:12:48 | 000,000,795 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 64bit.bat
[2011.04.21 01:12:10 | 000,000,063 | ---- | C] () -- C:\Users\FIETE\Desktop\64bit.bat
[2011.04.21 01:08:54 | 000,000,789 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack 32bit.bat
[2011.04.21 01:08:11 | 000,000,057 | ---- | C] () -- C:\Users\FIETE\Desktop\32bit.bat
[2011.04.20 23:18:13 | 000,075,507 | ---- | C] () -- C:\Users\FIETE\Desktop\Unbenannt.png
[2011.04.20 03:26:47 | 000,000,237 | ---- | C] () -- C:\Windows\SysNative\ibr.ini
[2011.04.20 03:14:52 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.04.19 19:57:42 | 000,000,779 | ---- | C] () -- C:\Users\FIETE\Desktop\s4 Hack.bat
[2011.04.18 22:04:25 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2011.04.18 22:04:25 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2011.04.18 22:04:25 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2011.04.18 22:04:25 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2011.04.18 22:04:24 | 000,002,052 | ---- | C] () -- C:\Windows\UDB.zip
[2011.04.18 21:48:42 | 001,358,944 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.04.18 01:07:17 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe
[2011.04.16 15:56:54 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Camtasia Studio 7.lnk
[2011.04.16 15:52:17 | 000,114,688 | RHS- | C] () -- C:\Windows\SysWow64\qcapi.dll
[2011.04.12 18:56:59 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000736.LCS
[2011.04.09 01:21:29 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.04.03 21:28:21 | 000,069,632 | ---- | C] () -- C:\Users\FIETE\AppData\Roaming\chrtmp
[2011.03.26 02:03:47 | 000,032,594 | ---- | C] () -- C:\Users\FIETE\AppData\Local\Tempsplash.jpg
[2011.03.26 01:52:10 | 000,081,964 | ---- | C] () -- C:\Users\FIETE\AppData\Local\TempStartup.wav
[2011.03.26 01:43:54 | 000,062,233 | ---- | C] () -- C:\Users\FIETE\AppData\Local\Tempsplash.png
[2011.03.25 21:40:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.03.03 20:25:00 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011.02.22 21:13:05 | 000,000,059 | ---- | C] () -- C:\Windows\PTrainer2.ini
[2011.02.09 19:07:42 | 000,135,386 | ---- | C] () -- C:\Users\FIETE\AppData\Local\TempCyberLinK BG1.jpg
[2011.02.02 22:04:06 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 23:52:13 | 000,007,621 | ---- | C] () -- C:\Users\FIETE\AppData\Roaming\UserTile.png
[2010.12.24 00:07:59 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.12.12 23:02:47 | 000,001,126 | ---- | C] () -- C:\ProgramData\DAP Games Center.lnk
[2010.12.12 23:02:47 | 000,000,868 | ---- | C] () -- C:\ProgramData\Download Accelerator Plus.lnk
[2010.12.12 17:52:29 | 000,000,307 | ---- | C] () -- C:\Windows\thug2.ini
[2010.11.29 15:11:39 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.11.26 17:45:19 | 000,000,112 | ---- | C] () -- C:\Windows\galaxy.ini
[2010.11.18 15:01:37 | 000,025,600 | ---- | C] () -- C:\Windows\SysWow64\jesterss.dll
[2010.11.12 20:16:28 | 000,000,135 | ---- | C] () -- C:\Users\FIETE\AppData\Roaming\RSBot_Accounts.ini
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.08.20 16:34:32 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.20 15:51:01 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.08.12 22:30:10 | 000,294,974 | R--- | C] () -- C:\Windows\SysWow64\RTL283XACCESS.dll
[2010.08.05 13:28:03 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.05.27 18:22:16 | 000,000,000 | ---- | C] () -- C:\Windows\whopper.ini
[2010.05.14 11:45:47 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2010.05.14 11:45:47 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2010.02.21 00:57:42 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.01.21 22:16:30 | 000,009,728 | ---- | C] () -- C:\Users\FIETE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.18 15:43:47 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2009.12.31 17:01:03 | 000,007,603 | ---- | C] () -- C:\Users\FIETE\AppData\Local\Resmon.ResmonCfg
[2009.12.29 19:13:19 | 000,000,232 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.10.30 11:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009.10.30 11:06:24 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009.08.27 09:05:12 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.27 09:05:12 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.27 09:05:12 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.27 09:05:12 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2000.02.10 00:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\SysWow64\wrkgadm.exe
[2000.02.10 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 22.04.2011 15:05:29 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\FIETE\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 83,97 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 171,30 Gb Free Space | 73,68% Space Free | Partition Type: NTFS
 
Computer Name: FIETE-TOSH | User Name: FIETE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Key error. File not found
.html [@ = UltraEdit.html] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.ini [@ = UltraEdit.ini] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.js [@ = UltraEdit.js] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.txt [@ = UltraEdit.txt] -- "C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.wsf [@ = WSFFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B0ADC3A-FDD7-44D3-B9DF-A811414B0C75}" = HP Photosmart Plus B210 series - Grundlegende Software für das Gerät
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{53480140-1E7B-4DB5-BAA6-4D02D0452355}" = O&O MediaRecovery
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{74E85F31-573F-45BF-8939-4D2BCDCC2083}" = LEGO MINDSTORMS NXT Driver for x64
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{80488962-EB4D-46B2-9E03-F3A8ACA6AE82}" = Studie zur Verbesserung von HP Photosmart Plus B210 series Produkten
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0085029F-9640-4D93-800D-D0F53188758A}" = Arschloch3D
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0823A2E3-69DD-A37A-7CD9-1CBEB037545C}" = Toshiba Photo Service - powered by myphotobook
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.4 Build #4629 Banner Remover 1.0
"{0AFCF5C4-D09B-4BAA-8C4D-1F61CF67BD65}" = mufin player 2.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B39429C-A1AF-4CC7-87BE-C69F5543A054}_is1" = Spammer 1.0.0.0
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1BAE5C85-A6D3-430C-842B-EAA27AC0C2E8}" = ArcSoft TotalMedia 3.5
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F62A62A-CDAD-4C8A-B110-C5541C496290}_is1" = Swf To Gif Converter 3.6
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26D8DF7E-DBF8-43A6-8D42-F37497CE603D}" = Skype(TM) Launcher
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A02BF10-88B9-4D61-9439-A67C9DE7D4BC}" = RS2Bot
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{45FE5100-6C09-4B34-AC2F-92D8B3864546}" = LiveUpload to Facebook
"{481463D7-E5D9-4331-B154-B75D6D3C15F8}" = Worms 3D Demo
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{663140E6-EB60-11D6-AAED-0004769EEFEB}" = Snake Arena SE
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6FF1763A-35B2-4DF5-AB57-AB5613AFBAE0}" = (T)Raumschiff Surprise - Periode 1 - XXL
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{764A334E-5C9A-4EB9-9BD4-8E8BC422FFD8}" = S4 League_EU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Hilfe
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4E4ACA0-79C5-4FC0-818F-ECE4521EBF8D}" = COMPUTERBILD-Abzockschutz
"{B56B13EF-5FD0-4750-B935-66A37103A80F}" = Crazy Machines - Neues aus dem Labor
"{BB10B255-CCA5-4522-8F0C-491CD59A086E}" = MemoduxPLUS
"{BCD8FB4A-8205-4C5F-8822-5D3E7B1E54C8}_is1" = SWF to MP3 Converter v2.4 build 189
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = Conceptronic CTVDIGUSB2 Device Utilities
"{DBB7021A-3437-446F-ACE5-7261644A972C}" = Toshiba TEMPRO
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E48C44A4-05F4-4C23-BE1F-F37A9CD6ACA3}" = Marble ix
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81A7285-8CA6-4430-B6C0-5F719E4D40D9}" = SpongeBob Schwammkopf - Der Film
"{E83BA61A-5D77-4DD5-9C92-A3447F11E27D}" = eBay
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run(TM)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"7-Zip" = 7-Zip 4.65
"Access 97rt PAN EURO G" = Access 97rt PAN EURO G
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Aeon" = Aeon
"AnvSoft Flash to Video Converter_is1" = AnvSoft Flash to Video Converter 1.2.1
"ArtMoney SE_is1" = ArtMoney SE v7.33
"Ashampoo Magical UnInstall 2_is1" = Ashampoo Magical UnInstall 2
"Audiosurf_is1" = Audiosurf Beta
"auxilium 3.1 light_is1" = auxilium 3.1 light
"auxilium Demoversion_is1" = auxilium Demoversion (3.1)
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Browser Defender_is1" = Browser Defender 3.0
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"Clean My Registry_is1" = Clean My Registry v5.2
"conduitEngine" = Conduit Engine
"Debut" = Debut Video Capture Software
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v1.8.0
"E.M. Magic Swf2Avi_is1" = E.M. Magic Swf2Avi V6.80
"eBay Icon" = eBay Icon
"EpicBot" = EpicBot
"eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = Toshiba Photo Service - powered by myphotobook
"ExpressBurn" = Express Burn CD DVD Blu-Ray Brenner
"ExpressRip" = Express Rip
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FormatFactory" = FormatFactory 2.60
"Fraps" = Fraps
"FSX_Screensaver" = FSX_Screensaver
"Game Booster_is1" = Game Booster
"GamersFirst War Rock" = War Rock
"GameSpy Arcade" = GameSpy Arcade
"G-Force" = G-Force
"Google Chrome" = Google Chrome
"Half-Life 2" = Half-Life 2
"Halo CE" = Microsoft Halo Custom Edition
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}" = TOSHIBA Bulletin Board
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}" = TOSHIBA ReelTime
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORMCLauncher
"InstallShield_{EF1394D4-9FB6-4F1F-9A09-20FF3033AE14}" = Tony Hawk's Underground 2
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"JDownloader" = JDownloader
"MAGIX_MSI_mufin_player_2" = mufin player 2.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MixPad" = MixPad Audio Mixer
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"phase-6" = phase-6 2.1.0.5
"phase-6 Feeding Tool" = phase-6 Feeding Tool 1.1
"PhotoStage" = PhotoStage Slideshow Producer
"Pivot 3.2 Beta Deutsch" = Pivot 3.2 Beta Deutsch
"PKR" = PKR
"Prism" = Prism Video Converter
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Samplisizer v1.2 (Demo)" = Samplisizer v1.2 (Demo)
"SCREEN2EXE_is1" = SCREEN2EXE 2.9 (build:2204)
"SimCity 3000 Deutschland" = SimCity 3000 Deutschland
"SpeedFan" = SpeedFan (remove only)
"SpiritMt2" = SpiritMt2
"ST6UNST #1" = QuickLatin 1.3.2c
"SuperTux_is1" = SuperTux 0.1.3
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"SWF to MP3 Converter_is1" = SWF to MP3 Converter v2.3 build 146
"Switch" = Switch Audiodatei-Konverter
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.0
"TVRTLDrv" = DVB-T USB BDA Driver
"UltraISO_is1" = UltraISO Premium V9.36
"Undelete 360_is1" = Undelete 360
"Uninstall_is1" = Uninstall 1.0.0.1
"VideoPad" = VideoPad Video Editor
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.9
"WavePad" = WavePad Audiobearbeitungs-Software
"whopper_is1" = whopper
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite" = Windows Live Essentials
"Zulu" = Zulu DJ Software
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Ausserdem werde ich seit kurzem nichtmehr auf oigtreaognnh.com geleitet wenn ich ne google Suche mache! Das lag daran, dass ich GoogleToolbarNotifer dank msconfig ausm Systemstart geworfen und gelöscht habe. Bevor du dich fragst: Warum hast du das gemacht?
Ich habe das typische erkannt-> Ganz plötzlich hat er so viel Anwendungsspeicher gebraucht wie kein Spiel oder Firefox

(hängt wie sau ich steig auf Google Chrome um

) und das war halt sehr ungewöhnlich. Und wie das halt so is mit böser Software, versucht sie ja immer einem das Arbeiten am PC zu erschweren, indem das System voll ausgelastet wird. Ich habe gleich reagiert und GoogleToolbarNotifer.exe entfernt, auch weil avast ihn als ich ihn einzeln gescannt hatte nur bedingt erkannt hatte. Also es stand zwar da keine Bedrohung gefunden aber ich hab gesehen, dass öfters diese Interneteinstellungsdingsbumsmeldung sich geöffnet hat und avast nicht kommunizieren lassen wollte, weil es Zugriff auf diese Datei wollte. Da der Rootkit mehr Rechte als ich hat, konnte er das unterbinden nach einer kurzen Zeit, aber nicht meinen Verstand

Zum Glück habe ich alles für einen Backup vorbereitet... aber ich werde auf keine andere Seite mehr geleitet, was schonmal ein gutes Zeichen ist, aber ich bin mir sicher, dass ich den Rootkit noch lange nicht losbin, ich glaube er kann nur eingeschränkt funktionieren, wenn ich WOT eingeschaltet hab. Es blockiert zum Glück die weiteren bösen Seiten...

kira · 23.04.2011, 21:12

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

3.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

4.
CCleaner - bitte erneut versuchen

Fi3t3 · 26.04.2011, 01:05

Diesmal mische ich ein wenig... sorry dasses so lang gedauert hat. Einiges kommt in den Edit weil ich in der Zeit jeden Tag weg war und das jetz über die Nacht laufen lassen müsste, was ich lieber nicht mache... aber ich kann jetzt schon sagen der hat ein paar Sachen gefunden, die werde ich dann löschen und später posten!

1. Ich suchte nach einer Log, wo ist sie?

4. Das hat leider wieder nicht geklappt, aber ich hab teilweise Wege gefunden, das zu umgehen ... Zum Beispiel, wenn man Rechtsklick auf dem Lautstärkezeichen macht, dann gibt es da bei mir ein paar Optionen. Zum Beispiel Aufnahmegeräte und wenn ich das dann anklicke kommt dieser Internetschutz, was ich noch nie hatte. Das hat ja eigentlich garnix mitm Internet zu tun

Da bekomm ich einen kleinen Anfall und gebe es bei Start ein und es klappt direkt

. Aber als ich es nochmal unten teste geht es wieder nicht. Ich bin kurz davor diese Sache zu umgehen. Möglicherweise kann ich CCleaner anders starten. Das muss ich noch ein wenig testen.

2. Obwohl ich alles erlaubt hatte, konnte ich den Online-Scan nicht ausführen und habe es schnell mit dem Programmdingens gemacht. Also hier die Log:

Code:

ATTFilter

Achtung Baustelle ^^ Das kommt im Edit

3. Das ebenfalls...

19.04.2011, 20:57	#6
kira /// Helfer-Team	virus-seite? google suche wird zu einem werbe paradies... Ok, dann bitte Schritte 6. bis 9. noch erledigen __________________ --> virus-seite? google suche wird zu einem werbe paradies...

virus-seite? google suche wird zu einem werbe paradies...

Plagegeister aller Art und deren Bekämpfung: virus-seite? google suche wird zu einem werbe paradies...