Irgendwo ist der Wurm oder so drin

#1 Hallo alle zusammen,

ich habe ein grosses Problem, Windows braucht lange zum starten, dann wenn ich zu früh den IE öffne stürzt der Rechner ab. Ich kann nichts machen.

Da ich schon mehrfach Scanner am laufen hatte, habe ich mal eine sogenannte Hijackthis erstellt, was immer das ist, vielelicht kann mir jemand von euch helfen.

Mir ist gerade aufgefallen wenn ich mit dem Online Virus checkker : Trend Micro House Call meinen rechner überprüfe geht immer kurz vor Ende der IE zu und das kann ich ganz normal weiter machen, ich denke da steckt irgendwo was drin.

Logfile of HijackThis v1.99.1
Scan saved at 15:35:27, on 17.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
G:\XPHOME\System32\smss.exe
G:\XPHOME\system32\winlogon.exe
G:\XPHOME\system32\services.exe
G:\XPHOME\system32\lsass.exe
G:\XPHOME\system32\Ati2evxx.exe
G:\XPHOME\system32\svchost.exe
G:\XPHOME\System32\svchost.exe
G:\XPHOME\system32\svchost.exe
G:\XPHOME\system32\Ati2evxx.exe
G:\XPHOME\Explorer.EXE
G:\XPHOME\system32\spoolsv.exe
G:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
G:\Programme\Trojancheck 6\tcguard.exe
G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\XPHOME\SOUNDMAN.EXE
G:\XPHOME\system32\ctfmon.exe
G:\Programme\AntiVir PersonalEdition Classic\sched.exe
G:\Programme\AntiVir PersonalEdition Classic\avguard.exe
G:\XPHOME\system32\tcpsvcs.exe
G:\XPHOME\System32\snmp.exe
G:\XPHOME\system32\svchost.exe
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\Temporäres Verzeichnis 2 für ProcessExplorer.zip\procexp.exe
G:\XPHOME\system32\wscntfy.exe
G:\Programme\Internet Explorer\iexplore.exe
G:\Programme\Gemeinsame Dateien\Ahead\lib\NMIndexStoreSvr.exe
G:\Programme\PC Connectivity Solution\ServiceLayer.exe
G:\PROGRA~1\GEMEIN~1\MICROS~1\Msinfo\OFFPROV.EXE
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\mexe.com
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\ScanningProcess.exe
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\ScanningProcess.exe
G:\Programme\WinRAR\WinRAR.exe
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\Rar$EX00.484\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.at/login.php?id=360766&c=087
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avgnt] "G:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Trojancheck 6 Guard] G:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\XPHOME\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] G:\XPHOME\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] G:\XPHOME\system32\ctfmon.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: G:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171013128548
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bul-online.de/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F23FCD9-5391-4C40-8145-42586EEE5D69}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F23FCD9-5391-4C40-8145-42586EEE5D69}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F23FCD9-5391-4C40-8145-42586EEE5D69}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\XPHOME\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - G:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - G:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\XPHOME\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\XPHOME\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\XPHOME\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - G:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\XPHOME\system32\ZoneLabs\vsmon.exe
__________
MfG
Dragon29581

#2 Dragon29581

Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 Ich hoffe das hilft dir, schonmal vielen Dank im vorraus.

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME\system32

17.02.2007 22:20 54.112 vsconfig.xml
17.02.2007 19:12 0 tmp.txt
17.02.2007 19:12 3.264 tmp.reg
17.02.2007 16:03 2.550 Uninstall.ico
17.02.2007 16:03 1.406 Help.ico
17.02.2007 16:03 30.590 pavas.ico
17.02.2007 13:24 0 asfiles.txt
17.02.2007 12:04 40.832 perfc009.dat
17.02.2007 12:04 313.038 perfh009.dat
17.02.2007 12:04 318.430 perfh007.dat
17.02.2007 12:04 49.044 perfc007.dat
17.02.2007 12:04 728.854 PerfStringBackup.INI
17.02.2007 11:58 180.240 FNTCACHE.DAT
17.02.2007 11:50 337.192 TZLog.log
17.02.2007 11:46 12.718 wpa.dbl
17.02.2007 11:06 647 $winnt$.inf
17.02.2007 11:03 16.832 amcompat.tlb
17.02.2007 11:03 23.392 nscompat.tlb
17.02.2007 11:01 488 logonui.exe.manifest
17.02.2007 11:01 488 WindowsLogon.manifest
17.02.2007 11:01 749 ncpa.cpl.manifest
17.02.2007 11:01 749 cdplayer.exe.manifest
17.02.2007 11:01 749 sapi.cpl.manifest
17.02.2007 11:01 749 wuaucpl.cpl.manifest
17.02.2007 11:01 749 nwc.cpl.manifest
17.02.2007 11:00 22.960 emptyregdb.dat
17.02.2007 08:41 43.520 CmdLineExt03.dll
12.02.2007 11:00 664 d3d9caps.dat
10.02.2007 08:45 9.480 jupdate-1.5.0_11-b03.log
09.02.2007 18:50 98.304 CmdLineExt.dll
08.02.2007 11:29 34.064 lhacm.acm
07.02.2007 23:01 12.293.536 MRT.exe
07.02.2007 10:46 51.712 man.exe
07.02.2007 09:05 176.167 rmoc3260.dll
07.02.2007 09:05 5.632 pndx5032.dll
07.02.2007 09:05 6.656 pndx5016.dll
07.02.2007 09:05 278.528 pncrt.dll
06.02.2007 23:56 4.212 zllictbl.dat
06.02.2007 16:31 22 ati64hlp.stb
06.02.2007 12:36 18.144 msgagt.PWD
06.02.2007 12:09 12.718 wpa.bak
06.02.2007 11:08 333 $ncsp$.inf
05.02.2007 18:57 2.951 CONFIG.NT
05.02.2007 18:44 0 h323log.txt
02.02.2007 17:37 81.920 ElbyCDIO.dll
29.01.2007 09:58 60.416 tzchange.exe
24.01.2007 15:27 255.848 xactengine2_6.dll
23.01.2007 20:30 546.304 hhctrl.ocx


Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp

17.02.2007 22:20 6.715.880 MWAV.LOG
17.02.2007 22:20 46.708 sfdb.dat
17.02.2007 22:20 2.921 mwXface.log
17.02.2007 15:29 4.755.686 vlist.txt
17.02.2007 15:29 274 vlist.log
17.02.2007 15:28 3.613 Memory.Process
17.02.2007 12:28 149.066 ppinfo.dat
17.02.2007 12:28 0 ppv5exc.dat
17.02.2007 12:28 639.110 pploc.dat
17.02.2007 12:28 607.886 ppfile.dat
17.02.2007 12:27 36 PPGUID.txt
16.02.2007 15:37 158.720 esupdate.exe
16.02.2007 15:35 35.840 unregx.exe
16.02.2007 15:30 114.688 avpmhook.dll
16.02.2007 15:21 19.816 avp.klb
16.02.2007 15:21 3.590 daily-ex.avc
16.02.2007 15:21 61.570 daily.avc
16.02.2007 15:21 14.483 unp037.avc
16.02.2007 15:21 43.559 unp034.avc
16.02.2007 15:21 7.876 dailyc.avc
16.02.2007 15:21 491 daily-ec.avc
16.02.2007 15:21 4.191 fa001.avc
16.02.2007 15:03 139.264 msvl64.dll
16.02.2007 15:00 43.520 setpriv.exe
16.02.2007 14:59 403.520 mexe.com
16.02.2007 14:59 403.520 mwavscan.com
16.02.2007 14:58 139.264 msvlclnt.dll
16.02.2007 14:56 44.096 Getvlist.exe
16.02.2007 13:41 149.898 Spyware.sdb
16.02.2007 13:41 210.985 spydb.old
16.02.2007 13:41 733.938 File2.sdb
16.02.2007 13:41 1.022.526 Cid.sdb
16.02.2007 13:41 2.022.176 File1.sdb
16.02.2007 13:41 210.985 spydb.avs
16.02.2007 13:41 594.004 Dir.sdb
15.02.2007 11:10 241.664 MYDB.DLL
15.02.2007 10:00 142.919 phupdn.txt
15.02.2007 09:58 18.427 global.daz
15.02.2007 09:58 44.473 phupdn.txz
14.02.2007 21:44 300.368 8A6AC52Q.emf
14.02.2007 21:44 262.448 GLHMJ23L.emf
14.02.2007 21:44 596 T0Y1RS9B.emf
14.02.2007 21:44 300.368 1QVIXVX9.emf
14.02.2007 21:44 112.688 UN1H6CUD.emf
14.02.2007 21:44 596 XG36NSV9.emf
14.02.2007 13:15 403.968 MWAVReg.EXE
14.02.2007 13:01 5.194 English.dow
14.02.2007 13:01 5.194 Download.lan
14.02.2007 12:58 497.664 Download.exe
14.02.2007 12:36 406.528 viewtcp.exe
13.02.2007 17:31 1.696 eicar.avc
13.02.2007 17:31 18.775 unp000.avc
13.02.2007 17:31 7.688 smart.avc
13.02.2007 17:31 1.828 chuka.avc
13.02.2007 17:31 37.361 krnjava.avc
13.02.2007 12:14 58.870 mwav.bmp
12.02.2007 18:04 2.696 avp.set
12.02.2007 18:04 29.277 fa.avc
12.02.2007 18:04 17.733 ext008.avc
12.02.2007 18:04 18.176 gen005.avc
12.02.2007 18:04 46.541 unp033.avc
12.02.2007 18:04 66.469 unp023.avc
12.02.2007 18:04 65.819 unp010.avc
12.02.2007 18:04 49.588 base130.avc
11.02.2007 14:03 24.253 flourish.mid
10.02.2007 10:17 844 jusched.log
10.02.2007 10:11 16.384 Perflib_Perfdata_dc4.dat
10.02.2007 08:43 0 java_install.log
10.02.2007 08:41 1.156 jinstall.cfg
10.02.2007 00:21 16.384 Perflib_Perfdata_d40.dat
09.02.2007 23:39 16.384 Perflib_Perfdata_c0c.dat
09.02.2007 23:02 16.384 Perflib_Perfdata_384.dat
09.02.2007 22:20 89.680 MSSSerif120.fon
09.02.2007 21:46 46.596 drm_dialogs.dll
09.02.2007 19:53 356 MSI5f617.LOG
09.02.2007 19:23 47.342 MSIb05eb.LOG
09.02.2007 18:48 344.064 4920.rra
09.02.2007 18:35 344.064 3871.rra
28.12.2006 12:57 383.488 MDownload.exe


Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME

17.02.2007 22:56 300 wiadebug.log
17.02.2007 22:51 595.984 setupapi.log
17.02.2007 22:21 2.048 bootstat.dat
17.02.2007 22:20 1.092.141 WindowsUpdate.log
17.02.2007 22:19 0 0.log
17.02.2007 22:19 50 wiaservc.log
17.02.2007 19:14 1.072 win.ini
17.02.2007 19:13 26 Lic.xxx
17.02.2007 19:12 176.184 setupact.log
17.02.2007 19:10 87.436 ntbtlog.txt
17.02.2007 19:08 3.636 SchedLgU.Txt
17.02.2007 16:03 32 pavsig.txt
17.02.2007 15:28 456 AvxOnline.log
17.02.2007 11:59 12.358 spupdsvc.log

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME\system32

17.02.2007 22:20 54.112 vsconfig.xml
17.02.2007 19:12 0 tmp.txt
17.02.2007 19:12 3.264 tmp.reg
17.02.2007 16:03 2.550 Uninstall.ico
17.02.2007 16:03 1.406 Help.ico
17.02.2007 16:03 30.590 pavas.ico
17.02.2007 13:24 0 asfiles.txt
17.02.2007 12:04 40.832 perfc009.dat
17.02.2007 12:04 313.038 perfh009.dat
17.02.2007 12:04 318.430 perfh007.dat
17.02.2007 12:04 49.044 perfc007.dat
17.02.2007 12:04 728.854 PerfStringBackup.INI
17.02.2007 11:58 180.240 FNTCACHE.DAT
17.02.2007 11:50 337.192 TZLog.log
17.02.2007 11:46 12.718 wpa.dbl
17.02.2007 11:06 647 $winnt$.inf
17.02.2007 11:03 16.832 amcompat.tlb
17.02.2007 11:03 23.392 nscompat.tlb
17.02.2007 11:01 488 logonui.exe.manifest
17.02.2007 11:01 488 WindowsLogon.manifest
17.02.2007 11:01 749 ncpa.cpl.manifest
17.02.2007 11:01 749 cdplayer.exe.manifest
17.02.2007 11:01 749 sapi.cpl.manifest
17.02.2007 11:01 749 wuaucpl.cpl.manifest
17.02.2007 11:01 749 nwc.cpl.manifest
17.02.2007 11:00 22.960 emptyregdb.dat
17.02.2007 08:41 43.520 CmdLineExt03.dll
12.02.2007 11:00 664 d3d9caps.dat
10.02.2007 08:45 9.480 jupdate-1.5.0_11-b03.log
09.02.2007 18:50 98.304 CmdLineExt.dll
08.02.2007 11:29 34.064 lhacm.acm
07.02.2007 23:01 12.293.536 MRT.exe
07.02.2007 10:46 51.712 man.exe
07.02.2007 09:05 176.167 rmoc3260.dll
07.02.2007 09:05 5.632 pndx5032.dll
07.02.2007 09:05 6.656 pndx5016.dll
07.02.2007 09:05 278.528 pncrt.dll
06.02.2007 23:56 4.212 zllictbl.dat
06.02.2007 16:31 22 ati64hlp.stb
06.02.2007 12:36 18.144 msgagt.PWD
06.02.2007 12:09 12.718 wpa.bak
06.02.2007 11:08 333 $ncsp$.inf
05.02.2007 18:57 2.951 CONFIG.NT
05.02.2007 18:44 0 h323log.txt
02.02.2007 17:37 81.920 ElbyCDIO.dll
29.01.2007 09:58 60.416 tzchange.exe
24.01.2007 15:27 255.848 xactengine2_6.dll
23.01.2007 20:30 546.304 hhctrl.ocx
08.01.2007 15:30 15.128 x3daudio1_1.dll
04.01.2007 15:02 474.624 shlwapi.dll
04.01.2007 15:02 1.498.112 shdocvw.dll
04.01.2007 15:01 1.056.256 danim.dll
04.01.2007 15:01 1.022.976 browseui.dll
04.01.2007 15:01 152.064 cdfview.dll
04.01.2007 12:52 270.336 xpsp3res.dll
19.12.2006 22:49 135.168 shsvcs.dll
19.12.2006 22:49 8.494.592 shell32.dll
19.12.2006 19:17 334.336 wiaservc.dll
12.12.2006 10:45 1.474.864 LegitCheckControl.DLL
11.12.2006 14:45 116.736 aaclient.dll
11.12.2006 14:45 36.352 tsgqec.dll
11.12.2006 14:45 288.768 rhttpaa.dll
08.12.2006 12:02 251.672 xactengine2_5.dll
07.12.2006 17:02 2.174.976 wmvcore.dll
01.12.2006 05:20 79.360 swxcacls.exe
29.11.2006 13:06 3.426.072 d3dx9_32.dll
27.11.2006 15:54 539.136 msftedit.dll
27.11.2006 15:54 433.152 riched20.dll
23.11.2006 16:45 24.072 uxtuneup.dll
21.11.2006 11:24 33.280 snmp.exe
17.11.2006 18:54 1.040.384 ieframe.dll.mui
17.11.2006 18:53 12.288 advpack.dll.mui
08.11.2006 06:06 679.424 inetcomm.dll
07.11.2006 21:03 1.162.240 urlmon.dll
07.11.2006 21:03 3.577.856 mshtml.dll
07.11.2006 21:03 50.688 msfeedsbs.dll
07.11.2006 21:03 670.720 mstime.dll
07.11.2006 21:03 131.584 extmgr.dll
07.11.2006 21:03 413.696 vbscript.dll
07.11.2006 21:03 191.488 iepeers.dll
07.11.2006 21:03 180.736 ieui.dll
07.11.2006 21:03 6.049.280 ieframe.dll
07.11.2006 21:03 156.160 msls31.dll
07.11.2006 21:03 458.752 msfeeds.dll
07.11.2006 21:03 27.136 jsproxy.dll
07.11.2006 21:03 231.424 webcheck.dll
07.11.2006 21:03 818.688 wininet.dll
07.11.2006 21:03 475.648 mshtmled.dll
07.11.2006 03:27 382.976 iedkcs32.dll
07.11.2006 03:27 229.376 ieaksie.dll
07.11.2006 03:26 152.064 ieakeng.dll
07.11.2006 03:26 71.680 admparse.dll
07.11.2006 03:26 55.296 iesetup.dll
07.11.2006 03:26 13.312 ieudinit.exe
07.11.2006 03:26 54.784 ie4uinit.exe
07.11.2006 03:26 43.008 iernonce.dll
07.11.2006 03:26 92.672 inseng.dll
07.11.2006 03:26 123.904 advpack.dll
07.11.2006 03:25 161.792 ieakui.dll
07.11.2006 03:24 56.483 ieuinit.inf
04.11.2006 14:14 1.245.696 msxml4.dll
02.11.2006 11:51 43.008 wpdshextres.dll
01.11.2006 20:17 927.504 mfc40u.dll

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME

17.02.2007 22:56 300 wiadebug.log
17.02.2007 22:51 595.984 setupapi.log
17.02.2007 22:21 2.048 bootstat.dat
17.02.2007 22:20 1.092.141 WindowsUpdate.log
17.02.2007 22:19 0 0.log
17.02.2007 22:19 50 wiaservc.log
17.02.2007 19:14 1.072 win.ini
17.02.2007 19:13 26 Lic.xxx
17.02.2007 19:12 176.184 setupact.log
17.02.2007 19:10 87.436 ntbtlog.txt
17.02.2007 19:08 3.636 SchedLgU.Txt
17.02.2007 16:03 32 pavsig.txt
17.02.2007 15:28 456 AvxOnline.log
17.02.2007 11:59 12.358 spupdsvc.log
17.02.2007 11:50 27.332 ocmsn.log
17.02.2007 11:50 76.246 iis6.log
17.02.2007 11:50 117.237 ntdtcsetup.log
17.02.2007 11:50 1.374 imsins.log
17.02.2007 11:50 197.379 comsetup.log
17.02.2007 11:50 195.007 tsoc.log
17.02.2007 11:50 101.122 KB931836.log
17.02.2007 11:50 247.506 ocgen.log
17.02.2007 11:50 24.285 msgsocm.log
17.02.2007 11:50 486.647 FaxSetup.log
17.02.2007 11:50 1.374 imsins.BAK
17.02.2007 11:50 103.608 KB928090.log
17.02.2007 11:50 52.202 updspapi.log
17.02.2007 11:50 91.909 KB926436.log
17.02.2007 11:49 103.626 KB918118.log
17.02.2007 11:49 91.980 KB927779.log
17.02.2007 11:49 89.558 KB924667.log
17.02.2007 11:49 88.979 KB927802.log
17.02.2007 11:49 100.353 KB928843.log
17.02.2007 11:49 93.007 KB928255.log
17.02.2007 11:49 35.853 ie7_main.log
17.02.2007 11:48 89.848 ie7.log
17.02.2007 11:46 39.031 IDNMitigationAPIs.log
17.02.2007 11:46 39.086 NLSDownlevelMapping.log
17.02.2007 11:45 39.247 KB915865.log
17.02.2007 11:45 53.281 KB904942.log
17.02.2007 11:44 38.458 KB929969.log
17.02.2007 11:44 38.672 KB926247.log
17.02.2007 11:44 36.658 KB923689.log
17.02.2007 11:43 35.625 KB925398.log
17.02.2007 11:43 38.370 KB923694.log
17.02.2007 11:43 37.867 KB926255.log
17.02.2007 11:43 37.387 KB923980.log
17.02.2007 11:43 37.661 KB924270.log
17.02.2007 11:43 36.668 KB920213.log
17.02.2007 11:42 35.492 KB922819.log
17.02.2007 11:42 33.789 KB924191.log
17.02.2007 11:42 30.834 KB923191.log
17.02.2007 11:42 32.931 KB924496.log
17.02.2007 11:42 32.429 KB923414.log
17.02.2007 11:42 33.902 KB920872.log
17.02.2007 11:42 32.218 KB920685.log
17.02.2007 11:42 32.439 KB919007.log
17.02.2007 11:41 32.385 KB916595.log
17.02.2007 11:41 28.572 KB922582.log
17.02.2007 11:41 30.281 KB920683.log
17.02.2007 11:41 28.836 KB920670.log
17.02.2007 11:41 28.988 KB917422.log
17.02.2007 11:41 28.886 KB914388.log
17.02.2007 11:41 27.583 KB911280.log
17.02.2007 11:40 26.926 KB917953.log
17.02.2007 11:40 28.101 KB913580.log
17.02.2007 11:40 26.715 KB918439.log
17.02.2007 11:40 27.285 KB917344.log
17.02.2007 11:40 27.034 KB914389.log
17.02.2007 11:40 23.050 KB917734.log
17.02.2007 11:40 2.925 wmsetup.log
17.02.2007 11:39 27.013 KB908531.log
17.02.2007 11:39 27.208 KB900485.log
17.02.2007 11:39 26.402 KB911562.log
17.02.2007 11:39 21.631 KB911564.log
17.02.2007 11:38 24.578 KB901190.log
17.02.2007 11:38 24.891 KB911927.log
17.02.2007 11:38 24.955 KB912919.log
17.02.2007 11:38 24.192 KB908519.log
17.02.2007 11:38 24.073 KB904706.log
17.02.2007 11:38 21.138 KB910437.log
17.02.2007 11:38 24.123 KB896424.log
17.02.2007 11:38 24.223 KB900725.log
17.02.2007 11:37 21.718 KB905749.log
17.02.2007 11:37 21.058 KB905414.log
17.02.2007 11:37 20.249 KB901017.log
17.02.2007 11:37 24.198 KB902400.log
17.02.2007 11:36 16.625 KB894391.log
17.02.2007 11:36 17.677 KB896423.log
17.02.2007 11:36 14.505 KB899587.log
17.02.2007 11:36 14.008 KB899591.log
17.02.2007 11:36 14.115 KB893756.log
17.02.2007 11:36 13.260 KB896358.log
17.02.2007 11:36 14.616 KB890859.log
17.02.2007 11:36 11.711 KB901214.log
17.02.2007 11:35 10.608 KB896428.log
17.02.2007 11:35 10.663 KB885835.log
17.02.2007 11:35 9.555 KB891781.log
17.02.2007 11:35 9.486 KB888302.log
17.02.2007 11:35 8.936 KB885836.log
17.02.2007 11:35 5.945 KB886185.log
17.02.2007 11:35 8.955 KB873339.log
17.02.2007 11:20 1.454 COM+.log
17.02.2007 11:18 7.781 KB893803v2.log
17.02.2007 11:08 814.634 setuplog.txt
17.02.2007 11:03 316.640 WMSysPr9.prx
17.02.2007 11:02 886 OEWABLog.txt
17.02.2007 11:02 4.460 ODBCINST.INI
17.02.2007 11:01 749 WindowsShell.Manifest
17.02.2007 11:01 14.586 setuperr.log
17.02.2007 10:59 240 DtcInstall.log
17.02.2007 10:59 2.084 sessmgr.setup.log
17.02.2007 10:52 346 cmsetacl.log
17.02.2007 10:40 2.958 regopt.log
17.02.2007 10:40 227 system.ini
17.02.2007 10:24 11.898 WINNT32.LOG
17.02.2007 10:24 254 UPGRADE.TXT
17.02.2007 10:24 34.322 wsdu.log
17.02.2007 10:22 534 DHCPUPG.LOG
17.02.2007 10:13 318.115 setupapi.old
15.02.2007 18:16 1.609.920.512 MEMORY.DMP
15.02.2007 17:09 0 Sti_Trace.log
15.02.2007 11:12 6.268.753 REGBK00.ZIP
15.02.2007 10:29 101 MsgAgt.INI
11.02.2007 17:41 147 winamp.ini
09.02.2007 19:48 69 NeroDigital.ini
09.02.2007 19:24 642 Tcsofla.INI
09.02.2007 09:18 3.753 Ascd_tmp.ini
08.02.2007 10:44 169 RtlRack.ini
07.02.2007 10:46 17 man.ini
07.02.2007 10:16 116 homeDVD-Fotos3_5_dlx.INI
07.02.2007 10:05 85 magix.ini
07.02.2007 09:50 0 Irremote.ini
07.02.2007 08:21 212 PCPRUEF.INI
07.02.2007 08:18 70 INSTALL.INI
06.02.2007 18:40 104.249 hpoins04.dat
06.02.2007 17:56 397 ODBC.INI
06.02.2007 17:56 59 vbaddin.ini
06.02.2007 13:43 63 mdm.ini
06.02.2007 13:42 0 NSREX.INI
06.02.2007 12:47 0 Path.idx
06.02.2007 11:08 61 smscfg.ini
05.02.2007 19:00 8.192 REGLOCS.OLD
05.02.2007 18:57 0 control.ini
05.02.2007 18:53 36 vb.ini
16.11.2006 19:47 524.288 opuc.dll
27.05.2005 00:22 10.752 hh.exe

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME\Temp

17.02.2007 22:51 704 servic001.log
17.02.2007 22:51 704 servic000.log
17.02.2007 22:19 16.384 Perflib_Perfdata_668.dat
17.02.2007 22:19 256 ZLT03cb0.TMP
17.02.2007 22:19 256 ZLT03cac.TMP
17.02.2007 17:14 0 Upd1403.tmp
17.02.2007 11:59 16.384 Perflib_Perfdata_4d8.dat
17.02.2007 11:47 108 teredo.txt
17.02.2007 11:22 16.384 Perflib_Perfdata_3b4.dat
17.02.2007 11:21 256 ZLT04585.TMP
17.02.2007 11:21 256 ZLT0457e.TMP
17.02.2007 11:07 16.384 Perflib_Perfdata_128.dat
17.02.2007 10:42 3.103 wudf_update.log
17.02.2007 10:20 16.384 Perflib_Perfdata_2f8.dat
17.02.2007 10:20 256 ZLT0163f.TMP
17.02.2007 10:20 256 ZLT0163b.TMP
17.02.2007 10:13 16.384 Perflib_Perfdata_130.dat
17.02.2007 10:13 256 ZLT01af5.TMP
17.02.2007 10:13 256 ZLT01107.TMP
17.02.2007 09:32 16.384 Perflib_Perfdata_6b8.dat
17.02.2007 09:32 256 ZLT071af.TMP
17.02.2007 09:32 256 ZLT071ac.TMP
17.02.2007 09:28 16.384 Perflib_Perfdata_478.dat
17.02.2007 09:28 256 ZLT06e7c.TMP
17.02.2007 09:28 256 ZLT06e78.TMP
17.02.2007 09:22 16.384 Perflib_Perfdata_160.dat
17.02.2007 09:22 256 ZLT06a49.TMP
17.02.2007 09:22 256 ZLT06a46.TMP
17.02.2007 09:13 16.384 Perflib_Perfdata_58c.dat
17.02.2007 09:12 256 ZLT062d0.TMP
17.02.2007 09:12 256 ZLT062cc.TMP
17.02.2007 09:09 16.384 Perflib_Perfdata_744.dat
17.02.2007 09:09 256 ZLT056fd.TMP
17.02.2007 09:09 256 ZLT05fee.TMP
17.02.2007 08:06 16.384 Perflib_Perfdata_2f4.dat
17.02.2007 08:06 256 ZLT03001.TMP
17.02.2007 08:06 256 ZLT02ffe.TMP
17.02.2007 08:03 16.384 Perflib_Perfdata_350.dat
17.02.2007 08:02 256 ZLT042e3.TMP
17.02.2007 08:02 256 ZLT02d22.TMP
17.02.2007 07:54 256 ZLT026a4.TMP
17.02.2007 07:54 256 ZLT026a1.TMP
17.02.2007 04:00 16.384 Perflib_Perfdata_314.dat
17.02.2007 04:00 256 ZLT07388.TMP
17.02.2007 04:00 256 ZLT07385.TMP
17.02.2007 01:03 256 ZLT079f9.TMP
17.02.2007 01:03 256 ZLT06c47.TMP
16.02.2007 15:25 16.384 Perflib_Perfdata_310.dat
16.02.2007 15:24 256 ZLT03172.TMP
16.02.2007 15:24 256 ZLT0316f.TMP
16.02.2007 12:43 16.384 Perflib_Perfdata_70.dat
16.02.2007 12:43 256 ZLT00112.TMP
16.02.2007 12:43 256 ZLT0360f.TMP
15.02.2007 21:36 16.384 Perflib_Perfdata_404.dat
15.02.2007 21:36 256 ZLT07367.TMP
15.02.2007 21:36 256 ZLT07f7f.TMP
15.02.2007 21:09 557.737 HP000032.PDL
15.02.2007 21:09 4.104 HP000031.PDL
15.02.2007 21:09 4.104 HP000030.PDL
15.02.2007 21:09 4.104 HP00002F.PDL
15.02.2007 21:09 4.104 HP00002E.PDL
15.02.2007 21:09 4.104 HP00002D.PDL
15.02.2007 21:09 4.104 HP00002C.PDL
15.02.2007 21:09 4.104 HP00002B.PDL
15.02.2007 21:09 4.104 HP00002A.PDL
15.02.2007 21:09 4.114 HP000029.PDL
15.02.2007 21:09 4.114 HP000028.PDL
15.02.2007 21:09 4.114 HP000027.PDL
15.02.2007 21:09 4.114 HP000026.PDL
15.02.2007 21:09 4.114 HP000025.PDL
15.02.2007 21:09 4.114 HP000024.PDL
15.02.2007 21:09 4.114 HP000023.PDL
15.02.2007 21:09 4.114 HP000022.PDL
15.02.2007 21:09 4.114 HP000021.PDL
15.02.2007 21:09 4.114 HP000020.PDL
15.02.2007 21:09 4.114 HP00001F.PDL
15.02.2007 21:09 4.114 HP00001E.PDL
15.02.2007 21:09 4.114 HP00001D.PDL
15.02.2007 21:09 4.114 HP00001C.PDL
15.02.2007 21:09 4.114 HP00001B.PDL
15.02.2007 21:09 4.114 HP00001A.PDL
15.02.2007 21:09 4.114 HP000019.PDL
15.02.2007 21:09 4.114 HP000018.PDL
15.02.2007 21:09 4.114 HP000017.PDL
15.02.2007 21:09 4.114 HP000016.PDL
15.02.2007 21:09 4.114 HP000015.PDL
15.02.2007 21:09 4.114 HP000014.PDL
15.02.2007 21:09 4.114 HP000013.PDL
15.02.2007 21:09 4.114 HP000012.PDL
15.02.2007 21:09 4.114 HP000011.PDL
15.02.2007 21:09 4.114 HP000010.PDL
15.02.2007 21:09 4.114 HP00000F.PDL
15.02.2007 21:09 4.114 HP00000E.PDL
15.02.2007 21:09 4.114 HP00000D.PDL
15.02.2007 21:09 4.114 HP00000C.PDL
15.02.2007 21:09 4.114 HP00000B.PDL
15.02.2007 21:09 4.114 HP00000A.PDL
15.02.2007 21:09 4.114 HP000009.PDL
15.02.2007 21:09 4.114 HP000008.PDL
15.02.2007 21:09 4.114 HP000007.PDL
15.02.2007 21:09 4.114 HP000006.PDL
15.02.2007 21:09 4.114 HP000005.PDL
15.02.2007 21:09 4.114 HP000004.PDL
15.02.2007 21:09 4.114 HP000003.PDL
15.02.2007 21:09 4.114 HP000002.PDL
15.02.2007 21:09 4.114 HP000001.PDL
15.02.2007 21:09 2.967 HP000000.IDX
15.02.2007 18:34 16.384 Perflib_Perfdata_4d4.dat
15.02.2007 18:34 256 ZLT06e66.TMP
15.02.2007 18:34 256 ZLT07477.TMP
15.02.2007 18:22 16.384 Perflib_Perfdata_4b0.dat
15.02.2007 18:22 256 ZLT06b0d.TMP
15.02.2007 18:22 256 ZLT06b0a.TMP
15.02.2007 18:17 16.384 Perflib_Perfdata_394.dat
15.02.2007 18:16 256 ZLT066e2.TMP
15.02.2007 18:16 256 ZLT066de.TMP
15.02.2007 17:12 16.384 Perflib_Perfdata_374.dat
15.02.2007 17:11 256 ZLT0350b.TMP
15.02.2007 17:11 256 ZLT03508.TMP
15.02.2007 17:09 16.384 Perflib_Perfdata_280.dat
120 Datei(en) 1.138.029 Bytes
0 Verzeichnis(se), 67.674.071.040 Bytes frei

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME\Downloaded Program Files

17.02.2007 11:01 65 desktop.ini
17.02.2007 05:03 987.120 vet.da1
07.02.2007 08:35 300.680 arclib.dll
11.12.2006 16:44 367 LegitCheckControl.inf
20.11.2006 12:02 180.282 webscan.dll
09.11.2006 14:36 5.019 swflash.inf
25.10.2006 12:18 385.536 Housecall_ActiveX.dll
14.10.2006 00:16 723 hcImpl.inf
02.10.2006 08:17 1.021.504 vete.dll
28.08.2006 10:05 227 opuc.inf
24.08.2006 08:28 141.424 asinst.dll
22.08.2006 09:06 537 asinst.inf
24.07.2006 08:12 4.349.432 vet.dat
21.07.2006 12:55 477 webscan.inf
16.06.2006 15:31 181.856 fscax.dll
15.06.2006 10:19 483 fscax.inf
03.02.2006 11:20 188.416 fsauc.dll
17.01.2006 17:11 580.663 daas_s.dll
26.05.2005 04:19 291 wuweb.inf
31.01.2005 14:13 595 OSD38A.OSD
31.01.2005 14:11 685.120 ppctl.dll
09.11.2004 13:53 670.320 PPSDKActiveXScanner.ocx
09.11.2004 13:53 1.801 PPSDKActiveXScanner.INF
25.06.2003 19:00 541 ca.pub
30.01.2003 16:52 348.160 bitdefender.ocx
25.07.2002 17:13 24.576 dwusplay.dll
25.07.2002 17:13 196.608 dwusplay.exe
25.07.2002 17:05 172.032 isusweb.dll
21.03.2002 15:26 815 bitdefender.inf
31.10.2001 10:37 118 uninst.bat
12.07.2000 02:02 36.864 fxfileop.dll
31 Datei(en) 10.462.652 Bytes
0 Verzeichnis(se), 67.674.066.944 Bytes frei

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\

17.02.2007 23:06 0 sys.txt
17.02.2007 23:06 1.780 down.txt
17.02.2007 23:06 6.487 tmp.txt
17.02.2007 23:04 10.206 system.txt
17.02.2007 23:03 35.089 systemtemp.txt
17.02.2007 23:03 113.073 system32.txt
17.02.2007 22:19 2.145.386.496 pagefile.sys
17.02.2007 21:13 0 23990098.$$$
17.02.2007 19:12 1.249 rapport.txt
17.02.2007 18:01 210 VundoFix.txt
06.02.2007 12:48 156 UnInstall.dat
06.02.2004 16:17 16.384 hpqimgrc.resources.dll
12 Datei(en) 2.145.571.130 Bytes
0 Verzeichnis(se), 67.674.046.464 Bytes frei
__________
MfG
Dragon29581

#4 ««
wende Cleanup an
http://virus-protect.org/cleanup.html

««
virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

G:\XPHOME\system32\man.exe

poste hier den report
__________
MfG Sabina

rund um die PC-Sicherheit

#5 Hier der Bericht von CleanUp :

CleanUp! started on 02/18/07 03:31:24.
...
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\gen002.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\gen003.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\gen004.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\gen005.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\gen999.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\header.ini - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\info.iad.DFUpdates - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\info.iad.ols_30_bin - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\info.iad.ols_30_hkedb - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\info.iad.ols_30_pegdb - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\info.iad.ols_bl - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\kernel.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krn001.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krn002.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krn003.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krn004.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krndos.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krnengn.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krnexe.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krnexe32.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krnjava.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krnmacro.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\krnunp.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\lsse.dll - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\mail.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\nvcbin.def - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\nvcmacro.def - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\ocr.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\orion.dat - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\orioneng.dat - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\orionfin.dat - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\perf.dat - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\sae.dat - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\sai.dat - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\sign.def - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\smart.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp000.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp001.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp002.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp003.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp004.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp005.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp006.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp007.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp008.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp009.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp010.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp011.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp012.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp013.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp014.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp015.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp016.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp017.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp018.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp019.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp020.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp021.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp022.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp023.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp024.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp025.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp026.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp027.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp028.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp029.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp030.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp031.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp032.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp033.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp034.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp035.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp036.avc - deleted
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\OnlineScanner\Anti-Virus\unp037.avc - deleted
G:\XPHOME\SET3.tmp - deleted
G:\XPHOME\SET4.tmp - deleted
G:\XPHOME\SET44.tmp - deleted
G:\XPHOME\SET46.tmp - deleted
G:\XPHOME\SET4E.tmp - deleted
G:\XPHOME\SET8.tmp - deleted
G:\XPHOME\SET90.tmp - deleted
G:\XPHOME\SET92.tmp - deleted
G:\XPHOME\SET9A.tmp - deleted
G:\XPHOME\SETA1.tmp - deleted
G:\XPHOME\SETA3.tmp - deleted
G:\XPHOME\SETAB.tmp - deleted
G:\XPHOME\temp\HP000000.IDX - deleted
G:\XPHOME\temp\HP000001.PDL - deleted
G:\XPHOME\temp\HP000002.PDL - deleted
G:\XPHOME\temp\HP000003.PDL - deleted
G:\XPHOME\temp\HP000004.PDL - deleted
G:\XPHOME\temp\HP000005.PDL - deleted
G:\XPHOME\temp\HP000006.PDL - deleted
G:\XPHOME\temp\HP000007.PDL - deleted
G:\XPHOME\temp\HP000008.PDL - deleted
G:\XPHOME\temp\HP000009.PDL - deleted
G:\XPHOME\temp\HP00000A.PDL - deleted
G:\XPHOME\temp\HP00000B.PDL - deleted
G:\XPHOME\temp\HP00000C.PDL - deleted
G:\XPHOME\temp\HP00000D.PDL - deleted
G:\XPHOME\temp\HP00000E.PDL - deleted
G:\XPHOME\temp\HP00000F.PDL - deleted
G:\XPHOME\temp\HP000010.PDL - deleted
G:\XPHOME\temp\HP000011.PDL - deleted
G:\XPHOME\temp\HP000012.PDL - deleted
G:\XPHOME\temp\HP000013.PDL - deleted
G:\XPHOME\temp\HP000014.PDL - deleted
G:\XPHOME\temp\HP000015.PDL - deleted
G:\XPHOME\temp\HP000016.PDL - deleted
G:\XPHOME\temp\HP000017.PDL - deleted
G:\XPHOME\temp\HP000018.PDL - deleted
G:\XPHOME\temp\HP000019.PDL - deleted
G:\XPHOME\temp\HP00001A.PDL - deleted
G:\XPHOME\temp\HP00001B.PDL - deleted
G:\XPHOME\temp\HP00001C.PDL - deleted
G:\XPHOME\temp\HP00001D.PDL - deleted
G:\XPHOME\temp\HP00001E.PDL - deleted
G:\XPHOME\temp\HP00001F.PDL - deleted
G:\XPHOME\temp\HP000020.PDL - deleted
G:\XPHOME\temp\HP000021.PDL - deleted
G:\XPHOME\temp\HP000022.PDL - deleted
G:\XPHOME\temp\HP000023.PDL - deleted
G:\XPHOME\temp\HP000024.PDL - deleted
G:\XPHOME\temp\HP000025.PDL - deleted
G:\XPHOME\temp\HP000026.PDL - deleted
G:\XPHOME\temp\HP000027.PDL - deleted
G:\XPHOME\temp\HP000028.PDL - deleted
G:\XPHOME\temp\HP000029.PDL - deleted
G:\XPHOME\temp\HP00002A.PDL - deleted
G:\XPHOME\temp\HP00002B.PDL - deleted
G:\XPHOME\temp\HP00002C.PDL - deleted
G:\XPHOME\temp\HP00002D.PDL - deleted
G:\XPHOME\temp\HP00002E.PDL - deleted
G:\XPHOME\temp\HP00002F.PDL - deleted
G:\XPHOME\temp\HP000030.PDL - deleted
G:\XPHOME\temp\HP000031.PDL - deleted
G:\XPHOME\temp\HP000032.PDL - deleted
G:\XPHOME\temp\Perflib_Perfdata_128.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_130.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_158.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_160.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_280.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_2f4.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_2f8.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_310.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_314.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_350.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_374.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_394.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_3b4.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_404.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_478.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_4b0.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_4d4.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_4d8.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_58c.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_668.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_6b8.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_70.dat - deleted
G:\XPHOME\temp\Perflib_Perfdata_744.dat - deleted
G:\XPHOME\temp\servic000.log - deleted
G:\XPHOME\temp\servic001.log - deleted
G:\XPHOME\temp\teredo.txt - deleted
G:\XPHOME\temp\Upd1403.tmp - deleted
G:\XPHOME\temp\wudf_update.log - deleted
G:\XPHOME\temp\ZLT00112.TMP - deleted
G:\XPHOME\temp\ZLT00871.TMP - deleted
G:\XPHOME\temp\ZLT00874.TMP - deleted
G:\XPHOME\temp\ZLT01107.TMP - deleted
G:\XPHOME\temp\ZLT0163b.TMP - deleted
G:\XPHOME\temp\ZLT0163f.TMP - deleted
G:\XPHOME\temp\ZLT01af5.TMP - deleted
G:\XPHOME\temp\ZLT026a1.TMP - deleted
G:\XPHOME\temp\ZLT026a4.TMP - deleted
G:\XPHOME\temp\ZLT02d22.TMP - deleted
G:\XPHOME\temp\ZLT02ffe.TMP - deleted
G:\XPHOME\temp\ZLT03001.TMP - deleted
G:\XPHOME\temp\ZLT0316f.TMP - deleted
G:\XPHOME\temp\ZLT03172.TMP - deleted
G:\XPHOME\temp\ZLT03508.TMP - deleted
G:\XPHOME\temp\ZLT0350b.TMP - deleted
G:\XPHOME\temp\ZLT0360f.TMP - deleted
G:\XPHOME\temp\ZLT03cac.TMP - deleted
G:\XPHOME\temp\ZLT03cb0.TMP - deleted
G:\XPHOME\temp\ZLT042e3.TMP - deleted
G:\XPHOME\temp\ZLT0457e.TMP - deleted
G:\XPHOME\temp\ZLT04585.TMP - deleted
G:\XPHOME\temp\ZLT056fd.TMP - deleted
G:\XPHOME\temp\ZLT05fee.TMP - deleted
G:\XPHOME\temp\ZLT062cc.TMP - deleted
G:\XPHOME\temp\ZLT062d0.TMP - deleted
G:\XPHOME\temp\ZLT066de.TMP - deleted
G:\XPHOME\temp\ZLT066e2.TMP - deleted
G:\XPHOME\temp\ZLT06a46.TMP - deleted
G:\XPHOME\temp\ZLT06a49.TMP - deleted
G:\XPHOME\temp\ZLT06b0a.TMP - deleted
G:\XPHOME\temp\ZLT06b0d.TMP - deleted
G:\XPHOME\temp\ZLT06c47.TMP - deleted
G:\XPHOME\temp\ZLT06e66.TMP - deleted
G:\XPHOME\temp\ZLT06e78.TMP - deleted
G:\XPHOME\temp\ZLT06e7c.TMP - deleted
G:\XPHOME\temp\ZLT071ac.TMP - deleted
G:\XPHOME\temp\ZLT071af.TMP - deleted
G:\XPHOME\temp\ZLT07367.TMP - deleted
G:\XPHOME\temp\ZLT07385.TMP - deleted
G:\XPHOME\temp\ZLT07388.TMP - deleted
G:\XPHOME\temp\ZLT07477.TMP - deleted
G:\XPHOME\temp\ZLT079f9.TMP - deleted
G:\XPHOME\temp\ZLT07f7f.TMP - deleted
G:\XPHOME\temp\ASHeuristic\ - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ad.ambiweb[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ads.heias[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@as1.falkag[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@auto.abacho[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@bul-online[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@de.ebayrtm[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@de.trendmicro-europe[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@drweb-online[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ebayobjects[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ebay[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@eu-housecall.trendmicro-europe[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@forum.kilrathy-clan[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@gmx[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[3].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[4].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@imps.abacho[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@informationsarchiv[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ivwbox[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ivwbox[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@komtrack[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@lpg.the-wildcat[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@lpg.the-wildcat[3].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@m1.webstats4u[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@map24[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@mediaplex[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@offthewrist[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@panda-software[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@pandasoftware[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@pcwelt.de.intellitxt[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@protecus[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@sdc.ca[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@shop.pandasoftware[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@store.webroot[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@track.webtrekk[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@tradedoubler[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@traffic.mpnrs[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@translate.google[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@travian[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@trojaner-board[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@uimserv[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@virus-protect[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@wdm.map24[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@webroot[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.atribune[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.citibank[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.f-secure[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.googleadservices[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.googleadservices[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.ikarus-software[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.informationsarchiv[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.pandasoftware[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.pcwelt[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.travian[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.travian[3].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.virustotal[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.webroot[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.windowspower[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ad.ambiweb[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ads.heias[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@as1.falkag[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@auto.abacho[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@bul-online[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@de.ebayrtm[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@de.trendmicro-europe[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@drweb-online[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ebayobjects[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ebay[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@eu-housecall.trendmicro-europe[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@forum.kilrathy-clan[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@gmx[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[3].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@google[4].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@imps.abacho[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@informationsarchiv[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ivwbox[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@ivwbox[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@komtrack[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@lpg.the-wildcat[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@lpg.the-wildcat[3].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@m1.webstats4u[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@map24[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@mediaplex[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@offthewrist[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@panda-software[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@pandasoftware[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@pcwelt.de.intellitxt[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@protecus[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@sdc.ca[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@shop.pandasoftware[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@store.webroot[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@track.webtrekk[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@tradedoubler[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@traffic.mpnrs[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@translate.google[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@travian[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@trojaner-board[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@uimserv[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@virus-protect[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@wdm.map24[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@webroot[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.atribune[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.citibank[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.f-secure[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.googleadservices[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.googleadservices[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.ikarus-software[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.informationsarchiv[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.pandasoftware[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.pcwelt[1].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.travian[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.travian[3].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.virustotal[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.webroot[2].txt - deleted
G:\Dokumente und Einstellungen\Sascha.RECHNER\Cookies\sascha@www.windowspower[2].txt - deleted
G:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\LocalService.NT-AUTORITÄT\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\LocalService\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Default User.XPHOME\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Default User.XPHOME\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Administrator.SASCHA\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Administrator.SASCHA\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
G:\Dokumente und Einstellungen\Administrator\Cookies\index.dat - deleted
G:\XPHOME\Prefetch\ATIPTAXX.EXE-1AEA8AAE.pf - deleted
G:\XPHOME\Prefetch\AVGNT.EXE-2A9B689D.pf - deleted
G:\XPHOME\Prefetch\AVNOTIFY.EXE-1CE8FF55.pf - deleted
G:\XPHOME\Prefetch\AVSCAN.EXE-1AA21B28.pf - deleted
G:\XPHOME\Prefetch\BLBETA.EXE-390D41DC.pf - deleted
G:\XPHOME\Prefetch\CHKNTFS.EXE-1677EB18.pf - deleted
G:\XPHOME\Prefetch\CLEANUP.EXE-32BD6F36.pf - deleted
G:\XPHOME\Prefetch\CLEANUP452.EXE-3572F805.pf - deleted
G:\XPHOME\Prefetch\CMD.EXE-31D28DC2.pf - deleted
G:\XPHOME\Prefetch\CSCRIPT.EXE-249A4B6A.pf - deleted
G:\XPHOME\Prefetch\CTFMON.EXE-27DBB1C4.pf - deleted
G:\XPHOME\Prefetch\DUMPHIVE.EXE-19CD9A12.pf - deleted
G:\XPHOME\Prefetch\DUMPREP.EXE-25796A75.pf - deleted
G:\XPHOME\Prefetch\EXCEL.EXE-134ED9B0.pf - deleted
G:\XPHOME\Prefetch\EXPLORER.EXE-2BEC3398.pf - deleted
G:\XPHOME\Prefetch\FIND.EXE-2CCE4FA1.pf - deleted
G:\XPHOME\Prefetch\FINDSTR.EXE-3B63E131.pf - deleted
G:\XPHOME\Prefetch\FSGK32.EXE-2E4912F8.pf - deleted
G:\XPHOME\Prefetch\FSSM32.EXE-32E01A5D.pf - deleted
G:\XPHOME\Prefetch\HIJACKTHIS.EXE-21122047.pf - deleted
G:\XPHOME\Prefetch\HIJACKTHIS.EXE-2521BDB8.pf - deleted
G:\XPHOME\Prefetch\HPZENG10.EXE-23A3947D.pf - deleted
G:\XPHOME\Prefetch\HPZSTC10.EXE-06EFBE2E.pf - deleted
G:\XPHOME\Prefetch\IEXPLORE.EXE-1697BCC2.pf - deleted
G:\XPHOME\Prefetch\IMAPI.EXE-043F202B.pf - deleted
G:\XPHOME\Prefetch\IMEKRMIG.EXE-3724DBE9.pf - deleted
G:\XPHOME\Prefetch\IMJPMIG.EXE-1A40BD19.pf - deleted
G:\XPHOME\Prefetch\LOGONUI.EXE-1017C2C6.pf - deleted
G:\XPHOME\Prefetch\MORE.COM-1A5C354F.pf - deleted
G:\XPHOME\Prefetch\NOTEPAD.EXE-079AF8F7.pf - deleted
G:\XPHOME\Prefetch\NOTEPAD.EXE-3888EB18.pf - deleted
G:\XPHOME\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
G:\XPHOME\Prefetch\OUTLOOK.EXE-0287CBAD.pf - deleted
G:\XPHOME\Prefetch\PREUPD.EXE-26610F7C.pf - deleted
G:\XPHOME\Prefetch\REGEDIT.COM-35A35FD2.pf - deleted
G:\XPHOME\Prefetch\REGEDIT.EXE-0CC4CA95.pf - deleted
G:\XPHOME\Prefetch\RUNDLL32.EXE-1DFFE707.pf - deleted
G:\XPHOME\Prefetch\RUNDLL32.EXE-1F5CAD97.pf - deleted
G:\XPHOME\Prefetch\RUNDLL32.EXE-2FC51795.pf - deleted
G:\XPHOME\Prefetch\RUNDLL32.EXE-3A4FC62F.pf - deleted
G:\XPHOME\Prefetch\SMITFRAUDFIX.EXE-1C93A758.pf - deleted
G:\XPHOME\Prefetch\SOUNDMAN.EXE-0A48A0BB.pf - deleted
G:\XPHOME\Prefetch\SPIDER.EXE-253D96ED.pf - deleted
G:\XPHOME\Prefetch\SRCHSTS.EXE-0F66FDFE.pf - deleted
G:\XPHOME\Prefetch\SWREG.EXE-06707110.pf - deleted
G:\XPHOME\Prefetch\SWREG.EXE-14EC4094.pf - deleted
G:\XPHOME\Prefetch\TCGUARD.EXE-0319AEA0.pf - deleted
G:\XPHOME\Prefetch\UPDATE.EXE-0C7B69C0.pf - deleted
G:\XPHOME\Prefetch\UPDCLIENT.EXE-03767861.pf - deleted
G:\XPHOME\Prefetch\VERCLSID.EXE-0D8ECC63.pf - deleted
G:\XPHOME\Prefetch\VUNDOFIX.EXE-03E51ADF.pf - deleted
G:\XPHOME\Prefetch\WINRAR.EXE-08BE4BCC.pf - deleted
G:\XPHOME\Prefetch\WMIPRVSE.EXE-1B0858F3.pf - deleted
G:\XPHOME\Prefetch\WSCNTFY.EXE-15FF5C7C.pf - deleted
G:\XPHOME\Prefetch\WUAUCLT.EXE-3474F503.pf - deleted
G:\XPHOME\Prefetch\ZLCLIENT.EXE-26067E56.pf - deleted
G:\temp\image.000 - deleted
G:\temp\image.001 - deleted
G:\temp\image.002 - deleted
G:\temp\image.003 - deleted
G:\temp\image.004 - deleted
G:\temp\image.005 - deleted
G:\temp\image.006 - deleted
G:\temp\image.007 - deleted
G:\temp\image.dvd - deleted
'Run MRU' list - removed from the registry.
'Doc Find Spec MRU' list - removed from the registry.
'FindComputerMRU' list - removed from the registry.
'ComputerNameMRU' list - removed from the registry.
'ContainingTextMRU' list - removed from the registry.
'FilesNamedMRU' list - removed from the registry.
Search Assistant MRU list - removed from the registry.
Explorer Open/Save MRU list - removed from the registry.
Explorer Last Visited MRU list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
Windows Media Player Recent File List - removed from the registry.
WinZip Extract MRU list - removed from the registry.
WinZip File MRU list - removed from the registry.
CleanUp! 4.5.2 recovered 7.82 GB of disk space from 4721 files. Wow! You really needed that.
CleanUp! finished on 02/18/07 03:32:05.

Und von Virus Total :

Complete scanning result of "man.exe", processed in VirusTotal at 02/18/2007 03:46:55 (CET).

[ file data ]
* name: man.exe
* size: 51712
* md5.: 496461f08a323b575236004dfeb299dc
* sha1: c2c10f489a33b6196cb25b2a09e0d422957c0a6b

[ scan result ]
AntiVir 7.3.1.37/20070217 found nothing
Authentium 4.93.8/20070216 found nothing
Avast 4.7.936.0/20070218 found nothing
AVG 386/20070217 found nothing
BitDefender 7.2/20070218 found nothing
CAT-QuickHeal 9.00/20070216 found nothing
ClamAV devel-20060426/20070217 found nothing
DrWeb 4.33/20070217 found nothing
eSafe 7.0.14.0/20070216 found nothing
eTrust-Vet 30.4.3408/20070217 found nothing
Ewido 4.0/20070217 found nothing
F-Prot 4.2.1.29/20070216 found nothing
F-Secure 6.70.13030.0/20070217 found nothing
Fortinet 2.85.0.0/20070217 found nothing
Ikarus T3.1.0.31/20070217 found nothing
Kaspersky 4.0.2.24/20070218 found nothing
McAfee 4965/20070216 found nothing
Microsoft 1.2204/20070217 found nothing
NOD32v2 2067/20070217 found nothing
Norman 5.80.02/20070216 found nothing
Panda 9.0.0.4/20070217 found nothing
Prevx1 V2/20070218 found nothing
Sophos 4.14.0/20070216 found nothing
Sunbelt 2.2.907.0/20070217 found nothing
Symantec 10/20070218 found nothing
TheHacker 6.1.6.059/20070216 found nothing
UNA 1.83/20070216 found nothing
VBA32 3.11.2/20070217 found nothing
VirusBuster 4.3.19:9/20070217 found nothing
__________
MfG
Dragon29581

#6 arbeite das ab und poste den report, der erscheint
http://virus-protect.org/artikel/tools/comboscan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#7 ComboScan v20070212.14 run by Sascha on 2007-02-18 at 22:24:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Sascha.com) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:25:13, on 18.02.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
G:\XPHOME\System32\smss.exe
G:\XPHOME\system32\winlogon.exe
G:\XPHOME\system32\services.exe
G:\XPHOME\system32\lsass.exe
G:\XPHOME\system32\Ati2evxx.exe
G:\XPHOME\system32\svchost.exe
G:\XPHOME\System32\svchost.exe
G:\XPHOME\system32\svchost.exe
G:\XPHOME\system32\ZoneLabs\vsmon.exe
G:\XPHOME\system32\Ati2evxx.exe
G:\XPHOME\Explorer.EXE
G:\XPHOME\system32\spoolsv.exe
G:\Programme\AntiVir PersonalEdition Classic\sched.exe
G:\Programme\AntiVir PersonalEdition Classic\avguard.exe
G:\XPHOME\system32\tcpsvcs.exe
G:\XPHOME\System32\snmp.exe
G:\XPHOME\system32\svchost.exe
G:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
G:\Programme\Trojancheck 6\tcguard.exe
G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\XPHOME\SOUNDMAN.EXE
G:\XPHOME\system32\ctfmon.exe
G:\Programme\Internet Explorer\iexplore.exe
G:\Dokumente und Einstellungen\Sascha.RECHNER\Eigene Dateien\Empfangene dateien\comboscan.exe
G:\DOKUME~1\SASCHA~1.REC\LOKALE~1\Temp\~zgyvnkd.tmp\Sascha.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian.at/login.php?id=360766&c=087
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = G:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [avgnt] "G:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Trojancheck 6 Guard] G:\Programme\Trojancheck 6\tcguard.exe
O4 - HKLM\..\Run: [ATIPTA] G:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\XPHOME\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] G:\XPHOME\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] G:\XPHOME\system32\ctfmon.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - G:\Programme\ICQLite\ICQLite.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .UVR: G:\Programme\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171013128548
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bul-online.de/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F23FCD9-5391-4C40-8145-42586EEE5D69}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F23FCD9-5391-4C40-8145-42586EEE5D69}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F23FCD9-5391-4C40-8145-42586EEE5D69}: NameServer = 195.50.140.114 195.50.140.252
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F23FCD9-5391-4C40-8145-42586EEE5D69}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - G:\XPHOME\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - G:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - G:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\XPHOME\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\XPHOME\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - G:\XPHOME\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - G:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\XPHOME\system32\ZoneLabs\vsmon.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "G:\XPHOME\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /s
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 ALCXSENS (Service for WDM 3D Audio Driver) - system32\drivers\ALCXSENS.SYS
3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - system32\drivers\ALCXWDM.SYS
3 AnyDVD - System32\Drivers\AnyDVD.sys
3 Arp1394 (1394-ARP-Clientprotokoll) - system32\DRIVERS\arp1394.sys
4 aslm75 - \??\G:\XPHOME\system32\drivers\aslm75.sys
3 ati2mtag - system32\DRIVERS\ati2mtag.sys
1 avgio - \??\G:\Programme\AntiVir PersonalEdition Classic\avgio.sys
3 avgntflt - \??\G:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys
3 BthEnum (Bluetooth-Anforderungsblocktreiber) - system32\DRIVERS\BthEnum.sys
3 BTHMODEM (Bluetooth-Modemkommunikationstreiber) - system32\DRIVERS\bthmodem.sys
3 BthPan (Bluetooth-Gerät (PAN)) - system32\DRIVERS\bthpan.sys
3 BTHPORT (Bluetooth-Porttreiber) - System32\Drivers\BTHport.sys
3 BTHUSB (USB-Treiber für Bluetooth-Funkgerät) - System32\Drivers\BTHUSB.sys
3 CCDECODE (Untertiteldecoder) - system32\DRIVERS\CCDECODE.sys
3 ElbyCDFL - System32\Drivers\ElbyCDFL.sys
2 ElbyCDIO (ElbyCDIO Driver) - System32\Drivers\ElbyCDIO.sys
3 ElbyDelay - System32\Drivers\ElbyDelay.sys
4 ENTECH - \??\G:\XPHOME\system32\DRIVERS\ENTECH.sys
0 fasttx2k - system32\DRIVERS\fasttx2k.sys
3 fixustor - system32\drivers\fixustor.sys
3 HidUsb (Microsoft HID Class-Treiber) - system32\DRIVERS\hidusb.sys
3 HPZid412 (IEEE-1284.4 Driver HPZid412) - system32\DRIVERS\HPZid412.sys
3 HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - system32\DRIVERS\HPZipr12.sys
3 HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - system32\DRIVERS\HPZius12.sys
4 InCDfs (InCD File System) - system32\drivers\InCDFs.sys
1 InCDPass - system32\drivers\InCDPass.sys
1 incdrm (InCD Reader) - system32\drivers\InCDRm.sys
1 intelppm (Intel-Prozessortreiber) - system32\DRIVERS\intelppm.sys
1 kbdhid (Tastatur-HID-Treiber) - system32\DRIVERS\kbdhid.sys
4 mbmiodrvr - \??\G:\XPHOME\system32\mbmiodrvr.sys
3 mouhid (Maus-HID-Treiber) - system32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink-Konvertierung) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI-Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV-/Videoverbindung) - system32\DRIVERS\NdisIP.sys
3 NIC1394 (1394-Netzwerktreiber) - system32\DRIVERS\nic1394.sys
0 ohci1394 (VIA OHCI-konformer IEEE 1394-Hostcontroller) - system32\DRIVERS\ohci1394.sys
0 PCIIde - system32\DRIVERS\pciide.sys
4 Pfc (Padus ASPI Shell) - system32\drivers\pfc.sys
3 RFCOMM (Bluetooth-Gerät (RFCOMM-Protokoll-TDI)) - system32\DRIVERS\rfcomm.sys
3 ROOTMODEM (Microsoft Legacy Modem Driver) - System32\Drivers\RootMdm.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
3 SONYPVU1 (Sony USB-Filtertreiber (SONYPVU1)) - system32\DRIVERS\SONYPVU1.SYS
0 srescan - system32\ZoneLabs\srescan.sys
3 streamip (BDA-IPSink) - system32\DRIVERS\StreamIP.sys
1 Tcpip6 (Microsoft IPv6-Protokolltreiber) - system32\DRIVERS\tcpip6.sys
2 tmcomm - \??\G:\XPHOME\system32\drivers\tmcomm.sys
3 tunmp (Microsoft Tun-Miniportadaptertreiber) - system32\DRIVERS\tunmp.sys
0 UlSata - system32\DRIVERS\ulsata.sys
? UnlockerDriver5 - \??\G:\Programme\Unlocker\UnlockerDriver5.sys
3 usbccgp (Microsoft Standard-USB-Haupttreiber) - system32\DRIVERS\usbccgp.sys
3 usbehci (Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller) - system32\DRIVERS\usbehci.sys
3 usbprint (Microsoft USB-Druckerklasse) - system32\DRIVERS\usbprint.sys
3 usbscan (USB-Scannertreiber) - system32\DRIVERS\usbscan.sys
3 usbstor (USB-Massenspeichertreiber) - system32\DRIVERS\USBSTOR.SYS
0 VClone - system32\DRIVERS\VClone.sys
1 vsdatant - System32\vsdatant.sys
3 WmBEnum (Logitech Virtual Bus Enumerator Driver) - system32\drivers\WmBEnum.sys
3 WmFilter (Logitech WingMan HID Filter Driver) - system32\drivers\WmFilter.sys
3 WmVirHid (Logitech Virtual Hid Device Driver) - system32\drivers\WmVirHid.sys
3 WmXlCore (Logitech WingMan Translation Layer Driver) - system32\drivers\WmXlCore.sys
3 WSTCODEC (World Standard Teletext-Codec) - system32\DRIVERS\WSTCODEC.SYS
0 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys
3 yukonwxp (NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller) - system32\DRIVERS\yk51x86.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 6to4 (IPv6-Hilfsdienst) - %SystemRoot%\system32\svchost.exe -k netsvcs
2 AntiVirScheduler (AntiVir PersonalEdition Classic Planer) - G:\Programme\AntiVir PersonalEdition Classic\sched.exe
2 AntiVirService (AntiVir PersonalEdition Classic Guard) - G:\Programme\AntiVir PersonalEdition Classic\avguard.exe
2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 ATI Smart - G:\XPHOME\system32\ati2sgag.exe
2 BthServ (Bluetooth Support Service) - %SystemRoot%\system32\svchost.exe -k bthsvcs
3 p2pgasvc (Peernetzwerk-Gruppenauthentifizierung) - %SystemRoot%\system32\svchost.exe -k p2psvc
3 p2pimsvc (Peernetzwerkidentitäts-Manager) - %SystemRoot%\system32\svchost.exe -k p2psvc
3 p2psvc (Peernetzwerk) - %SystemRoot%\system32\svchost.exe -k p2psvc
3 Pml Driver HPZ12 - G:\XPHOME\system32\HPZipm12.exe
3 PNRPSvc (Peer Name Resolution-Protokoll) - %SystemRoot%\system32\svchost.exe -k p2psvc
3 ServiceLayer - "G:\Programme\PC Connectivity Solution\ServiceLayer.exe"
2 SimpTcp (Einfache TCP/IP-Dienste) - %SystemRoot%\system32\tcpsvcs.exe
2 SNMP (SNMP-Dienst) - %SystemRoot%\System32\snmp.exe
3 SNMPTRAP (SNMP-Trap-Dienst) - %SystemRoot%\System32\snmptrap.exe
2 UxTuneUp (TuneUp Designerweiterung) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 vsmon (TrueVector Internet Monitor) - G:\XPHOME\system32\ZoneLabs\vsmon.exe -service
3 WMPNetworkSvc (Windows Media Player-Netzwerkfreigabedienst) - "G:\Programme\Windows Media Player\WMPNetwk.exe"
2 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-16 17:16:21 398 --a------ G:\XPHOME\Tasks\1-Klick-Wartung.job<1-KLIC~1.JOB>


-- Files created between 2007-01-18 and 2007-02-18 ------------------------------

2007-02-18 03:36:33 0 d-------- G:\XPHOME\ie7updates<IE7UPD~1>
2007-02-17 22:17:42 0 d-------- G:\bases_x
2007-02-17 18:09:12 3264 --a------ G:\XPHOME\system32\tmp.reg
2007-02-17 18:08:58 79360 --a------ G:\XPHOME\system32\swxcacls.exe<Unsigned: SteelWerX>
2007-02-17 18:08:58 40960 --a------ G:\XPHOME\system32\swsc.exe<Unsigned: n/a>
2007-02-17 18:08:58 135168 --a------ G:\XPHOME\system32\swreg.exe<Unsigned: SteelWerX>
2007-02-17 18:08:58 288417 --a------ G:\XPHOME\system32\SrchSTS.exe<Unsigned: S!Ri>
2007-02-17 18:08:58 53248 --a------ G:\XPHOME\system32\Process.exe<Unsigned: http://www.beyondlogic.org>
2007-02-17 18:08:58 51200 --a------ G:\XPHOME\system32\dumphive.exe<Unsigned: n/a>
2007-02-17 17:30:27 0 d-------- G:\VundoFix Backups<VUNDOF~1>
2007-02-17 15:26:16 0 d-------- G:\XPHOME\avxoscan
2007-02-17 13:19:18 0 d-------- G:\XPHOME\system32\ActiveScan<ACTIVE~1>
2007-02-17 11:07:38 0 d-------- G:\XPHOME\Prefetch
2007-02-17 10:40:27 24661 --a------ G:\XPHOME\system32\spxcoins.dll<Signed: Perle Systems Ltd.>
2007-02-16 19:27:26 68936 --a------ G:\XPHOME\system32\drivers\AnyDVD.sys<Signed: SlySoft, Inc.>
2007-02-16 01:56:49 11984 --a------ G:\XPHOME\system32\drivers\RegKill.sys<Signed: Elaborate Bytes AG>
2007-02-16 01:54:43 15440 --a------ G:\XPHOME\system32\drivers\ElbyCDIO.sys<Signed: Elaborate Bytes AG>
2007-02-15 11:16:53 0 d--h----- G:\XPHOME\PIF
2007-02-15 11:11:08 0 d-a------ G:\XPHOME\zts2.exe
2007-02-15 11:11:08 0 d-a------ G:\XPHOME\system32\vcmgcd32.dll
2007-02-15 11:11:08 0 d-a------ G:\XPHOME\system32\iifgfgf.dll
2007-02-15 11:11:08 0 d-a------ G:\XPHOME\rundll16.exe
2007-02-15 11:11:08 0 d-a------ G:\XPHOME\rundl132.dll
2007-02-15 11:11:08 0 d-a------ G:\XPHOME\logo1_.exe
2007-02-15 11:10:14 140800 --a------ G:\XPHOME\system32\TASKMGR.COM
2007-02-15 11:10:14 140800 --a------ G:\XPHOME\system32\T.COM
2007-02-15 11:10:14 153600 --a------ G:\XPHOME\REGEDIT.COM
2007-02-15 11:10:14 153600 --a------ G:\XPHOME\R.COM
2007-02-15 10:51:47 0 d-------- G:\Programme\Security Task Manager<SECURI~1>
2007-02-15 10:38:02 0 d-------- G:\XPHOME\pss
2007-02-12 10:59:40 664 --a------ G:\XPHOME\system32\d3d9caps.dat
2007-02-11 17:40:05 7552 --a------ G:\XPHOME\system32\drivers\SONYPVU1.SYS<Signed: Sony Corporation>
2007-02-10 08:49:56 76560 --a------ G:\XPHOME\system32\drivers\tmcomm.sys<Signed: Trend Micro Inc.>
2007-02-10 08:46:02 0 d-------- G:\XPHOME\Sun
2007-02-09 22:56:00 43520 --a------ G:\XPHOME\system32\CmdLineExt03.dll<CMDLIN~2.DLL><Unsigned: n/a>
2007-02-09 21:22:07 0 d-------- G:\Programme\Ubisoft
2007-02-09 21:18:44 0 d-------- G:\Programme\Red Storm Entertainment<REDSTO~1>
2007-02-09 21:16:58 69632 -ra------ G:\XPHOME\system32\xmltok.dll<Unsigned: n/a>
2007-02-09 21:16:58 36864 -ra------ G:\XPHOME\system32\xmlparse.dll<Unsigned: n/a>
2007-02-09 21:16:58 26096 -ra------ G:\XPHOME\system32\xmlinst.exe<Unsigned: Microsoft Corporation>
2007-02-09 21:16:58 24576 -ra------ G:\XPHOME\system32\msxml3a.dll<Unsigned: Microsoft Corporation>
2007-02-09 21:16:56 0 d-------- G:\Programme\Ubi Soft<UBISOF~1>
2007-02-09 18:50:16 98304 --a------ G:\XPHOME\system32\CmdLineExt.dll<CMDLIN~1.DLL><Unsigned: Sony DADC Austria AG.>
2007-02-09 11:34:38 756736 -----n--- G:\XPHOME\system32\ir41_32.dll<Unsigned: Intel Corporation>
2007-02-09 09:26:39 0 d-------- G:\XPHOME\setup.pss
2007-02-09 09:21:16 24576 -ra------ G:\XPHOME\system32\ptipbm.dll<Signed: Promise Technology,Inc.>
2007-02-09 09:21:16 73984 -ra------ G:\XPHOME\system32\drivers\ulsata.sys<Signed: Promise Technology, Inc.>
2007-02-09 09:07:37 5824 --a------ G:\XPHOME\system32\drivers\ASUSHWIO.SYS<Unsigned: n/a>
2007-02-09 07:11:22 143360 --a------ G:\XPHOME\system32\ConTest.dll<Unsigned: Ascentive>
2007-02-09 07:11:21 0 d-------- G:\Programme\Ascentive<ASCENT~1>
2007-02-08 14:09:48 0 d-------- G:\Programme\Stinger
2007-02-08 13:25:32 0 d-------- G:\Programme\directx
2007-02-08 12:05:55 0 d-------- G:\Programme\DVDStyler<DVDSTY~1>
2007-02-08 12:01:14 0 d-------- G:\Programme\audiograbber<AUDIOG~1>
2007-02-08 12:01:02 0 d-------- G:\XPHOME\uninstall<UNINST~1>
2007-02-08 11:35:19 0 d-------- G:\Programme\Winamp
2007-02-08 11:31:25 0 d-------- G:\Programme\WordToPDF<WORDTO~1>
2007-02-08 11:29:05 0 d-------- G:\Programme\Teamspeak2_RC2<TEAMSP~1>
2007-02-08 11:25:34 0 d-------- G:\Programme\SpywareBlaster<SPYWAR~1>
2007-02-08 11:23:35 0 d-------- G:\Programme\SniperRS
2007-02-08 11:17:33 516784 -ra------ G:\XPHOME\system32\XceedCry.dll<Signed: Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com>
2007-02-08 11:17:33 44544 --a------ G:\XPHOME\system32\Gif89.dll<Unsigned: n/a>
2007-02-08 11:17:33 118784 --a------ G:\XPHOME\system32\DartWeb.dll<Unsigned: Dart Communications>
2007-02-08 11:17:33 217088 --a------ G:\XPHOME\system32\DartSock.dll<Unsigned: Dart Communications>
2007-02-08 11:17:33 0 d-------- G:\Programme\Convar
2007-02-08 11:09:02 0 d-------- G:\Programme\Lavasoft
2007-02-08 11:05:57 0 d-------- G:\Programme\IZArc
2007-02-08 11:04:05 0 d-------- G:\Programme\IrfanView<IRFANV~1>
2007-02-08 11:02:03 0 d-------- G:\Programme\IceChat7
2007-02-08 10:22:49 0 d-------- G:\Programme\Google
2007-02-08 10:12:58 0 d-------- G:\Programme\Gemeinsame Dateien\Skype
2007-02-07 10:46:28 51712 --a------ G:\XPHOME\system32\man.exe<Unsigned: n/a>
2007-02-07 10:33:53 0 d-------- G:\Programme\Maxon
2007-02-07 10:15:03 24576 --a------ G:\XPHOME\system32\TTIC32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 24576 --a------ G:\XPHOME\system32\TTI32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 28672 --a------ G:\XPHOME\system32\STRING32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 1581056 --a------ G:\XPHOME\system32\mplvw7.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 1122304 --a------ G:\XPHOME\system32\mplvpx.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 1552384 --a------ G:\XPHOME\system32\mplvm6.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 1650688 --a------ G:\XPHOME\system32\mplva6.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 77824 --a------ G:\XPHOME\system32\mplaw7.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 65536 --a------ G:\XPHOME\system32\mplapx.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 65536 --a------ G:\XPHOME\system32\mplam6.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 77824 --a------ G:\XPHOME\system32\mplaa6.dll<Unsigned: Ligos Corporation>
2007-02-07 10:15:03 57344 --a------ G:\XPHOME\system32\DLLTPO32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 176128 --a------ G:\XPHOME\system32\DLLRES32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 40960 --a------ G:\XPHOME\system32\DLLRD32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 65536 --a------ G:\XPHOME\system32\DLLPTL32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 53248 --a------ G:\XPHOME\system32\DLLPRJ32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 49152 --a------ G:\XPHOME\system32\DLLPRF32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 36864 --a------ G:\XPHOME\system32\DLLPNT32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 32768 --a------ G:\XPHOME\system32\DLLMSC32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 24576 --a------ G:\XPHOME\system32\DLLIX.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 32768 --a------ G:\XPHOME\system32\DLLISO32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 49152 --a------ G:\XPHOME\system32\DLLIO32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 45056 --a------ G:\XPHOME\system32\DLLIMG32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 122880 --a------ G:\XPHOME\system32\DLLDRV32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 32768 --a------ G:\XPHOME\system32\DLLDIR32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 151552 --a------ G:\XPHOME\system32\DLLDEV32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:03 81920 --a------ G:\XPHOME\system32\DLLCPY32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:02 61440 --a------ G:\XPHOME\system32\DLLCDF32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:02 114688 --a------ G:\XPHOME\system32\DLLCDA32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:15:02 319488 --a------ G:\XPHOME\system32\DLLAV32.dll<Unsigned: PoINT Software & Systems GmbH>
2007-02-07 10:05:29 0 d-------- G:\Programme\MAGIX
2007-02-07 10:05:08 176128 --a------ G:\XPHOME\system32\mgxoschk.dll<Unsigned: MAGIX AG>
2007-02-07 10:01:39 0 d-------- G:\Programme\3D-Album
2007-02-07 09:50:51 0 d-------- G:\XPHOME\system32\IOSUBSYS
2007-02-07 09:50:51 0 d-------- G:\Programme\Nero
2007-02-07 09:37:53 0 d-------- G:\Programme\7-Zip
2007-02-07 09:27:44 28352 --a------ G:\XPHOME\system32\drivers\MxlW2k.sys<Unsigned: MusicMatch, Inc.>
2007-02-07 09:18:04 0 d-------- G:\Programme\Musicmatch<MUSICM~1>
2007-02-07 09:16:07 165648 --a------ G:\XPHOME\system32\MSTEXT35.DLL<Unsigned: Microsoft Corporation>
2007-02-07 09:16:07 166160 --a------ G:\XPHOME\system32\MSLTUS35.DLL<Unsigned: Microsoft Corporation>
2007-02-07 09:16:07 250128 --a------ G:\XPHOME\system32\MSEXCL35.DLL<Unsigned: Microsoft Corporation>
2007-02-07 09:16:07 330000 --a------ G:\XPHOME\system32\MSEXCH35.DLL<Unsigned: Microsoft Corporation>
2007-02-07 09:16:06 415504 --a------ G:\XPHOME\system32\MSREPL35.DLL<Unsigned: Microsoft Corporation>
2007-02-07 09:16:06 252176 --a------ G:\XPHOME\system32\MSRD2X35.DLL<Unsigned: Microsoft Corporation>
2007-02-07 09:16:06 250128 --a------ G:\XPHOME\system32\MSPDOX35.DLL<Unsigned: Microsoft Corporation>
2007-02-07 09:16:06 0 d-------- G:\XPHOME\system32\AIM
2007-02-07 09:00:55 304128 --a------ G:\XPHOME\unin0407.exe<Unsigned: InstallShield Corporation, Inc.>
2007-02-07 08:42:21 16384 --a------ G:\XPHOME\system32\FileOps.exe<Unsigned: n/a>
2007-02-07 08:42:20 0 d-------- G:\XPHOME\system32\Adobe
2007-02-07 08:40:59 106496 -----n--- G:\XPHOME\UPSCR.Scr
2007-02-07 08:40:08 0 d-------- G:\XPHOME\system32\windows media<WINDOW~1>
2007-02-07 08:40:01 0 d-------- G:\XPHOME\RegisteredPackages<REGIST~2>
2007-02-07 08:39:23 24576 --a------ G:\XPHOME\system32\Ulead Photo Explorer 85.scr<ULEADP~1.SCR>
2007-02-07 08:39:21 24576 --a------ G:\XPHOME\system32\UleadPhotoExplorer85_Res.dll<ULEADP~1.DLL><Unsigned: Ulead Systems, Inc.>
2007-02-07 08:34:52 0 d-------- G:\Programme\Ulead Systems<ULEADS~1>
2007-02-07 08:28:40 2944 --a------ G:\XPHOME\system32\mbmiodrvr.sys<MBMIOD~1.SYS><Unsigned: cansoft@livewiredev.com>
2007-02-07 08:28:38 0 d-------- G:\Programme\Motherboard Monitor 5<MOTHER~1>
2007-02-07 08:28:06 0 d-------- G:\XPHOME\system32\Futuremark<FUTURE~1>
2007-02-07 08:28:06 3972 -----n--- G:\XPHOME\system32\drivers\PciBus.sys<Unsigned: n/a>
2007-02-07 08:28:06 21664 --a------ G:\XPHOME\system32\drivers\Entech.sys<Unsigned: EnTech Taiwan>
2007-02-07 08:27:36 0 d-------- G:\Programme\Futuremark<FUTURE~1>
2007-02-07 08:27:32 0 d-------- G:\XPHOME\system32\QuickTime<QUICKT~1>
2007-02-07 08:27:26 75264 --a------ G:\XPHOME\system32\MACDec.dll<Unsigned: Matthew T. Ashland>
2007-02-07 08:27:25 679936 --a------ G:\XPHOME\system32\xvidcore.dll<Unsigned: n/a>
2007-02-07 08:27:25 421888 --a------ G:\XPHOME\system32\OpenQuicktimeLib.dll<OPENQU~1.DLL><Unsigned: n/a>
2007-02-07 08:27:25 1024000 --a------ G:\XPHOME\system32\3ivx.dll<Unsigned: 3ivx.com>
2007-02-07 08:27:23 19968 --a------ G:\XPHOME\system32\cpuinf32.dll<Unsigned: n/a>
2007-02-07 08:27:23 0 d-------- G:\Programme\K-Lite Codec Pack<K-LITE~1>
2007-02-07 08:04:32 328704 --a------ G:\XPHOME\IsUn0407.exe<Unsigned: InstallShield Software Corporation >
2007-02-07 00:36:42 91360 -----n--- G:\XPHOME\system\VSWND.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 57024 -----n--- G:\XPHOME\system\VSWHELPX.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 43920 -----n--- G:\XPHOME\system\VSTABNPR.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 67936 -----n--- G:\XPHOME\system\VSTABN.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 22256 -----n--- G:\XPHOME\system\VSTABCLP.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 48496 -----n--- G:\XPHOME\system\VSKERNEL.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 36736 -----n--- G:\XPHOME\system\VSGDI.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 82608 -----n--- G:\XPHOME\system\VSCTRL.dll<Unsigned: creaTeam>
2007-02-07 00:36:42 0 d-------- G:\Programme\Feuerwehr<FEUERW~1>
2007-02-07 00:33:38 53248 --a------ G:\XPHOME\system32\SONYHCY.DLL<Signed: Sony Corporation>
2007-02-07 00:33:38 102220 --a------ G:\XPHOME\system32\drivers\sonypvs1.sys<Unsigned: Sony Corporation>
2007-02-07 00:33:38 299923 --a------ G:\XPHOME\system32\drivers\sonyhcs.sys<Signed: Sony Corporation>
2007-02-07 00:33:38 3654 --a------ G:\XPHOME\system32\drivers\Sonyhcp.dll<Unsigned: n/a>
2007-02-07 00:33:38 38739 --a------ G:\XPHOME\system32\drivers\sonyhcc.sys<Signed: Sony Corporation>
2007-02-07 00:33:38 6097 --a------ G:\XPHOME\system32\drivers\sonyhcb.sys<Signed: Sony Corporation>
2007-02-07 00:33:21 854528 -----n--- G:\XPHOME\system32\Ltwvc12n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:21 41472 -----n--- G:\XPHOME\system32\LTTWN12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:21 406528 -----n--- G:\XPHOME\system32\LTKRN12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 166400 -----n--- G:\XPHOME\system32\LTIMG12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 122368 -----n--- G:\XPHOME\system32\LTFIL12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 227840 -----n--- G:\XPHOME\system32\LTEFX12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 278528 -----n--- G:\XPHOME\system32\LTDIS12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 155648 -----n--- G:\XPHOME\system32\LFTIF12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 121856 -----n--- G:\XPHOME\system32\lfmpg12n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 43008 -----n--- G:\XPHOME\system32\lfgif12n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 78336 -----n--- G:\XPHOME\system32\LFFAX12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 314880 -----n--- G:\XPHOME\system32\LFCMP12n.DLL<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:20 25600 -----n--- G:\XPHOME\system32\lfavi12n.dll<Unsigned: LEAD Technologies, Inc.>
2007-02-07 00:33:10 125712 --a------ G:\XPHOME\system32\VB6DE.DLL<Unsigned: Microsoft Corporation>
2007-02-07 00:33:10 89360 --a------ G:\XPHOME\system32\VB5DB.DLL<Unsigned: Microsoft Corporation>
2007-02-07 00:32:32 13566 -----n--- G:\XPHOME\system32\drivers\cdrbsvsd.sys<Unsigned: B.H.A Corporation>
2007-02-06 23:56:20 315376 --a------ G:\XPHOME\system32\drivers\ctdvda2k.sys<Unsigned: Creative Technology Ltd>
2007-02-06 23:56:20 77824 --a------ G:\XPHOME\system32\ctdvda32.dll<Unsigned: Creative Technology Ltd>
2007-02-06 23:56:20 831600 --a------ G:\XPHOME\system32\Ctaa1.dat
2007-02-06 23:56:20 0 d-------- G:\Programme\Creative
2007-02-06 23:55:00 4212 ---h----- G:\XPHOME\system32\zllictbl.dat
2007-02-06 23:54:44 42920 --a------ G:\XPHOME\system32\vsutil_loc0407.dll<VSUTIL~1.DLL><Signed: Zone Labs Inc.>
2007-02-06 23:54:35 10368 -----n--- G:\XPHOME\system32\drivers\pfc.sys<Unsigned: Padus, Inc.>
2007-02-06 23:54:31 0 d-------- G:\XPHOME\system32\ZoneLabs
2007-02-06 23:54:21 204800 --a------ G:\XPHOME\system32\IVIresizeW7.dll<IV828C~1.DLL><Unsigned: n/a>
2007-02-06 23:54:21 188416 --a------ G:\XPHOME\system32\IVIresizePX.dll<IV760B~1.DLL><Unsigned: n/a>
2007-02-06 23:54:21 192512 --a------ G:\XPHOME\system32\IVIresizeP6.dll<IVIRES~4.DLL><Unsigned: n/a>
2007-02-06 23:54:21 192512 --a------ G:\XPHOME\system32\IVIresizeM6.dll<IVIRES~3.DLL><Unsigned: n/a>
2007-02-06 23:54:21 200704 --a------ G:\XPHOME\system32\IVIresizeA6.dll<IVIRES~2.DLL><Unsigned: n/a>
2007-02-06 23:54:21 20480 --a------ G:\XPHOME\system32\IVIresize.dll<IVIRES~1.DLL><Unsigned: n/a>
2007-02-06 23:53:56 0 d-------- G:\XPHOME\Internet Logs<INTERN~1>
2007-02-06 23:38:08 14848 --a------ G:\XPHOME\system32\drivers\avgntmgr.sys<Unsigned: AVIRA GmbH>
2007-02-06 23:38:08 34304 --a------ G:\XPHOME\system32\drivers\avgntdd.sys<Unsigned: AVIRA GmbH>
2007-02-06 23:21:43 0 d-------- G:\Programme\PC Connectivity Solution<PCCONN~1>
2007-02-06 22:40:49 0 d-------- G:\XPHOME\Downloaded Installations<DOWNLO~2>
2007-02-06 22:31:36 0 d------c- G:\XPHOME\system32\DRVSTORE
2007-02-06 18:35:44 82432 -ra------ G:\XPHOME\system32\MSXML4r.dll<Unsigned: Microsoft Corporation>
2007-02-06 18:35:44 44544 -ra------ G:\XPHOME\system32\MSXML4a.dll<Unsigned: Microsoft Corporation>
2007-02-06 18:35:43 344064 -ra------ G:\XPHOME\system32\hpvcr70.dll<Unsigned: Microsoft Corporation>
2007-02-06 18:35:43 487424 -ra------ G:\XPHOME\system32\hpvcp70.dll<Unsigned: Microsoft Corporation>
2007-02-06 18:35:43 626960 -ra------ G:\XPHOME\system32\hpvaut32.dll<Unsigned: Microsoft Corporation>
2007-02-06 18:33:33 0 d-------- G:\XPHOME\Microsoft.NET<MICROS~1.NET>
2007-02-06 18:33:33 0 dr--s---- G:\XPHOME\assembly
2007-02-06 18:33:32 0 d-------- G:\XPHOME\system32\URTTemp
2007-02-06 18:32:24 16496 -ra------ G:\XPHOME\system32\drivers\HPZipr12.sys<Signed: HP>
2007-02-06 18:32:22 51088 -ra------ G:\XPHOME\system32\drivers\hpzid412.sys<Signed: HP>
2007-02-06 18:32:01 21744 -ra------ G:\XPHOME\system32\drivers\HPZius12.sys<Signed: HP>
2007-02-06 18:30:45 61440 --a------ G:\XPHOME\system32\HPZinw12.exe<Unsigned: HP>
2007-02-06 18:30:44 57344 --a------ G:\XPHOME\system32\HPZisn12.dll<Unsigned: HP>
2007-02-06 18:30:44 94208 --a------ G:\XPHOME\system32\HPZipt12.dll<Unsigned: HP>
2007-02-06 18:30:44 204800 --a------ G:\XPHOME\system32\HPZipr12.dll<Unsigned: HP>
2007-02-06 18:30:44 65536 --a------ G:\XPHOME\system32\HPZipm12.exe<Unsigned: HP>
2007-02-06 18:30:44 278584 --a------ G:\XPHOME\system32\HPZidr12.dll<Unsigned: HP>
2007-02-06 18:27:03 17176 -----n--- G:\XPHOME\hpomdl04.dat
2007-02-06 18:27:03 104249 --a------ G:\XPHOME\hpoins04.dat
2007-02-06 16:59:31 0 d-------- G:\XPHOME\system32\drivers\UMDF
2007-02-06 16:59:30 0 d-------- G:\XPHOME\system32\LogFiles
2007-02-06 13:39:59 0 d--h----- G:\XPHOME\ShellNew
2007-02-06 13:38:45 0 d-------- G:\XPHOME\Twain32
2007-02-06 13:23:21 516096 -----n--- G:\XPHOME\system32\ati2sgag.exe<Unsigned: n/a>
2007-02-06 13:23:15 294912 --a------ G:\XPHOME\system32\atiiiexx.dll<Signed: ATI Technologies Inc.>
2007-02-06 13:07:02 6656 -ra------ G:\XPHOME\system32\drivers\fixustor.sys<Unsigned: Genesys Logic>
2007-02-06 13:07:01 53248 -ra------ G:\XPHOME\system32\umonit.exe<Unsigned: General>
2007-02-06 13:07:01 139264 -ra------ G:\XPHOME\system32\geneicon.dll<Unsigned: Genesys>
2007-02-06 13:06:53 0 d-------- G:\XPHOME\Cache
2007-02-06 12:53:06 24072 --a------ G:\XPHOME\system32\uxtuneup.dll<Signed: TuneUp Software GmbH>
2007-02-06 12:48:42 156 --a------ G:\UnInstall.dat<UNINST~1.DAT>
2007-02-06 12:43:28 118784 -ra------ G:\XPHOME\system32\ptipbmf.dll<Signed: Promise Technology, Inc.>
2007-02-06 12:43:28 159744 -ra------ G:\XPHOME\system32\drivers\Fasttx2k.sys<Signed: Promise Technology, Inc.>
2007-02-06 12:38:11 368912 --a------ G:\XPHOME\system32\vbar332.dll<Unsigned: Microsoft Corporation>
2007-02-06 12:38:11 287504 --a------ G:\XPHOME\system32\MSXBSE35.DLL<Unsigned: Microsoft Corporation>
2007-02-06 12:38:11 24848 --a------ G:\XPHOME\system32\msjter35.dll<Unsigned: Microsoft Corporation>
2007-02-06 12:38:11 123664 --a------ G:\XPHOME\system32\msjint35.dll<Unsigned: Microsoft Corporation>
2007-02-06 12:38:11 1046288 --a------ G:\XPHOME\system32\MSJET35.DLL<Unsigned: Microsoft Corporation>
2007-02-06 12:38:11 247296 --a------ G:\XPHOME\system32\01odbc32.dll<Unsigned: Microsoft Corporation>
2007-02-06 12:36:19 45056 --a------ G:\XPHOME\system32\ptistp.dll<Unsigned: Promise Technology, inc>
2007-02-06 12:36:16 0 d-------- G:\Programme\Promise
2007-02-06 12:33:37 306688 --a------ G:\XPHOME\IsUninst.exe<Unsigned: InstallShield Software Corporation>
2007-02-06 12:32:56 996872 --a------ G:\XPHOME\system\CP3240MT.DLL<Unsigned: Borland International>
2007-02-06 12:32:56 458752 --a------ G:\XPHOME\system\COMCTL32.DLL<Unsigned: Microsoft Corporation>
2007-02-06 12:32:56 29952 --a------ G:\XPHOME\system\BORLNDMM.DLL<Signed: Borland International>
2007-02-06 12:31:46 6272 --a------ G:\XPHOME\system32\drivers\ASLM75.SYS<Unsigned: n/a>
2007-02-06 12:31:18 299520 --a------ G:\XPHOME\uninst.exe<Unsigned: InstallShield Corporation, Inc.>
2007-02-06 12:30:15 65536 --a------ G:\XPHOME\system32\Audio3D.dll<Signed: Sensaura Ltd>
2007-02-06 12:30:15 65536 --a------ G:\XPHOME\system32\a3d.dll<Signed: Sensaura Ltd>
2007-02-06 12:30:15 765952 --a------ G:\XPHOME\system\crlds3d.dll<Signed: Sensaura Ltd>
2007-02-06 12:30:14 400384 --a------ G:\XPHOME\system32\drivers\ALCXSENS.SYS<Signed: Sensaura>
2007-02-06 12:30:13 155648 --a------ G:\XPHOME\system32\RTLCPAPI.dll<Signed: n/a>
2007-02-06 12:30:13 611820 --a------ G:\XPHOME\system32\drivers\ALCXWDM.SYS<Signed: Realtek Semiconductor Corp.>
2007-02-06 12:30:13 65024 --a------ G:\XPHOME\SOUNDMAN.EXE<Signed: Realtek Semiconductor Corp.>
2007-02-06 12:30:11 6584832 --a------ G:\XPHOME\system32\RTLCPL.EXE<Signed: Realtek Semiconductor Corp.>
2007-02-06 12:30:06 208896 -----n--- G:\XPHOME\alcupd.exe<Unsigned: Realtek Semiconductor Corp.>
2007-02-06 12:30:06 139264 -----n--- G:\XPHOME\alcrmv.exe<Unsigned: Realtek Semiconductor Corp.>
2007-02-06 12:30:05 744 -----n--- G:\XPHOME\system32\drivers\alcxinit.dat
2007-02-06 12:29:40 0 d-------- G:\XPHOME\system32\ReinstallBackups<REINST~1>
2007-02-06 12:17:13 0 d-------- G:\XPHOME\WBEM
2007-02-06 12:17:12 0 d-------- G:\XPHOME\system32\de-de
2007-02-06 12:15:46 0 d--h---c- G:\XPHOME\ie7
2007-02-06 12:15:00 0 d-------- G:\XPHOME\network diagnostic<NETWOR~1>
2007-02-06 10:51:22 0 d-------- G:\XPHOME\system32\PreInstall<PREINS~1>
2007-02-06 10:51:20 0 d--h----- G:\XPHOME\$hf_mig$
2007-02-06 10:36:40 0 d-------- G:\XPHOME\system32\SoftwareDistribution<SOFTWA~1>
2007-02-05 19:13:31 0 d-------- G:\XPHOME
2007-02-05 19:13:31 0 d-------- G:\XPHOME\WinSxS
2007-02-05 19:13:31 0 dr------- G:\XPHOME\Web
2007-02-05 19:13:31 0 d-------- G:\XPHOME\twain_32
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\wins
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\wbem
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\usmt
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\spool
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\ShellExt
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\Setup
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\ras
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\oobe
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\npp
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\mui
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\inetsrv
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\IME
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\icsxml
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\ias
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\export
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\drivers
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\drivers\etc
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\drivers\disdn
2007-02-05 19:13:31 0 dr-hs--c- G:\XPHOME\system32\dllcache
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\dhcp
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\config
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\3com_dmi
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\3076
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\2052
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1054
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1042
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1041
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1037
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1033
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1031
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1028
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system32\1025
2007-02-05 19:13:31 0 d-------- G:\XPHOME\system
2007-02-05 19:13:31 0 d-------- G:\XPHOME\security
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Resources<RESOUR~1>
2007-02-05 19:13:31 0 d-------- G:\XPHOME\repair
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Provisioning<PROVIS~1>
2007-02-05 19:13:31 0 d-------- G:\XPHOME\PeerNet
2007-02-05 19:13:31 0 d-------- G:\XPHOME\pchealth
2007-02-05 19:13:31 0 d-------- G:\XPHOME\mui
2007-02-05 19:13:31 0 d-------- G:\XPHOME\msapps
2007-02-05 19:13:31 0 d-------- G:\XPHOME\msagent
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Media
2007-02-05 19:13:31 0 d-------- G:\XPHOME\java
2007-02-05 19:13:31 0 d--h----- G:\XPHOME\inf
2007-02-05 19:13:31 0 d-------- G:\XPHOME\ime
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Help
2007-02-05 19:13:31 0 dr--s---- G:\XPHOME\Fonts
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Driver Cache<DRIVER~1>
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Debug
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Cursors
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Connection Wizard<CONNEC~1>
2007-02-05 19:13:31 0 d-------- G:\XPHOME\Config
2007-02-05 19:13:31 0 d-------- G:\XPHOME\AppPatch
2007-02-05 19:13:31 0 d-------- G:\XPHOME\addins
2007-02-05 19:00:50 0 d-------- G:\XPHOME\SoftwareDistribution<SOFTWA~1>
2007-02-05 18:57:14 0 d-------- G:\XPHOME\system32\xircom
2007-02-05 18:55:36 0 dr------- G:\XPHOME\Offline Web Pages<OFFLIN~1>
2007-02-05 18:55:35 0 d---s---- G:\XPHOME\Downloaded Program Files<DOWNLO~1>
2007-02-05 18:54:58 0 d-------- G:\XPHOME\system32\DirectX
2007-02-05 18:54:37 0 d---s---- G:\XPHOME\Tasks
2007-02-05 18:54:34 0 d-------- G:\XPHOME\system32\Macromed
2007-02-05 18:54:34 0 d-------- G:\XPHOME\srchasst
2007-02-05 18:54:25 0 d-------- G:\XPHOME\system32\Restore
2007-02-05 18:54:25 32768 --a------ G:\XPHOME\system32\isrdbg32.dll<Signed: Intel Corporation>
2007-02-05 18:54:13 22960 --a------ G:\XPHOME\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-02-05 18:53:48 0 d-------- G:\XPHOME\Registration<REGIST~1>
2007-02-05 18:52:59 44544 --a------ G:\XPHOME\system32\hticons.dll<Signed: Hilgraeve, Inc.>
2007-02-05 18:52:53 1237 --a------ G:\XPHOME\system32\usrlogon.cmd
2007-02-05 18:52:40 356352 --a------ G:\XPHOME\system32\hypertrm.dll<Signed: Hilgraeve, Inc.>
2007-02-05 18:52:38 0 d-------- G:\XPHOME\system32\MsDtc
2007-02-05 18:52:37 0 d-------- G:\XPHOME\system32\Com
2007-02-05 18:23:39 928256 --a------ G:\XPHOME\system32\drivers\ati2mtag.sys<Signed: ATI Technologies Inc.>
2007-02-05 18:23:39 428320 --a------ G:\XPHOME\system32\ativvaxx.dll<Signed: ATI Technologies Inc. >
2007-02-05 18:23:39 2169120 --a------ G:\XPHOME\system32\ati3duag.dll<Signed: ATI Technologies Inc. >
2007-02-05 18:23:39 870784 --a------ G:\XPHOME\system32\ati3d1ag.dll<Signed: ATI Technologies Inc. >
2007-02-05 18:23:39 222208 --a------ G:\XPHOME\system32\ati2dvag.dll<Signed: ATI Technologies Inc.>
2007-02-05 18:23:39 245760 --a------ G:\XPHOME\system32\ati2cqag.dll<Signed: ATI Technologies Inc.>
2007-02-05 18:20:38 0 d--hs---- G:\XPHOME\Installer<INSTAL~1>
2007-02-05 18:20:22 176157 --a------ G:\XPHOME\system32\dgrpsetu.dll<Signed: Digi International, Inc.>
2007-02-05 18:20:21 103936 --a------ G:\XPHOME\system32\EqnClass.Dll<Signed: Equinox Systems Inc.>
2007-02-05 18:19:46 0 d-------- G:\XPHOME\system32\CatRoot2
2007-02-05 18:19:46 0 d-------- G:\XPHOME\system32\CatRoot
2007-02-02 17:37:30 81920 --a------ G:\XPHOME\system32\ElbyCDIO.dll<Unsigned: Elaborate Bytes AG>


-- Find3M Report ----------------------------------------------------------------

2007-02-18 21:24:57 0 d-------- G:\Programme\Trojancheck 6<TROJAN~1>
2007-02-17 16:58:16 0 d-------- G:\Programme\TuneUp Utilities 2007<TUNEUP~2>
2007-02-17 16:40:40 0 d-------- G:\Programme\AntiVir PersonalEdition Classic<ANTIVI~1>
2007-02-17 12:04:10 318430 --a------ G:\XPHOME\system32\perfh007.dat
2007-02-17 12:04:10 49044 --a------ G:\XPHOME\system32\perfc007.dat
2007-02-17 11:43:37 0 d-------- G:\Programme\Gemeinsame Dateien\System
2007-02-17 11:41:23 0 d-------- G:\Programme\Gemeinsame Dateien<GEMEIN~1>
2007-02-17 11:37:36 0 d-------- G:\Programme\Java
2007-02-15 11:27:14 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Uniblue
2007-02-15 10:44:51 0 d-------- G:\Programme\Gemeinsame Dateien\Microsoft Shared<MICROS~1>
2007-02-11 14:00:53 0 d-------- G:\Programme\ATI Technologies<ATITEC~1>
2007-02-10 08:46:02 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Sun
2007-02-10 08:43:44 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Webroot
2007-02-10 08:38:38 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\IceChat
2007-02-09 22:49:36 0 d--h----- G:\Programme\InstallShield Installation Information<INSTAL~1>
2007-02-09 20:22:42 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Leadertech<LEADER~1>
2007-02-09 15:53:43 0 d---s---- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Microsoft<MICROS~1>
2007-02-08 18:58:23 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Skype
2007-02-08 12:22:07 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Sandbox
2007-02-08 11:29:20 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\teamspeak2<TEAMSP~1>
2007-02-08 11:27:34 0 d-------- G:\Programme\Windows Media Connect 2<WI4DF6~1>
2007-02-08 11:18:43 0 d-------- G:\Programme\Elaborate Bytes<ELABOR~1>
2007-02-08 11:09:10 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Lavasoft
2007-02-08 10:58:08 0 d-------- G:\Programme\HP
2007-02-08 10:56:03 0 d-------- G:\Programme\Gemeinsame Dateien\Dienste
2007-02-08 10:47:54 0 d-------- G:\Programme\AvRack
2007-02-08 10:43:26 0 d-------- G:\Programme\Antispy
2007-02-08 10:27:33 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Google
2007-02-08 10:19:10 0 d-------- G:\Programme\Gemeinsame Dateien\Adobe
2007-02-08 10:12:58 0 d-------- G:\Programme\Skype
2007-02-07 10:24:42 0 d-------- G:\Programme\CyberLink<CYBERL~1>
2007-02-07 09:52:19 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Ahead
2007-02-07 09:36:29 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\concept design<CONCEP~1>
2007-02-07 09:34:55 0 d-------- G:\Programme\ABBYY FineReader 6.0 Sprint<ABBYYF~2.0SP>
2007-02-07 09:21:08 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Real
2007-02-07 09:19:55 0 d-------- G:\Programme\MovieJack DVD<MOVIEJ~1>
2007-02-07 09:18:04 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Musicmatch<MUSICM~1>
2007-02-07 09:02:06 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\CDZilla
2007-02-07 09:01:51 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Mozilla
2007-02-07 08:52:48 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Hemera
2007-02-07 08:10:20 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\InterVideo<INTERV~1>
2007-02-07 00:22:28 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\ICQLite
2007-02-07 00:21:50 0 d-------- G:\Programme\ICQLite
2007-02-07 00:09:46 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\SlySoft
2007-02-06 23:57:50 0 d-------- G:\Programme\InterVideo<INTERV~1>
2007-02-06 23:28:05 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Nokia
2007-02-06 23:21:47 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\PC Suite<PCSUIT~1>
2007-02-06 22:58:29 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\AdobeUM
2007-02-06 22:29:45 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Macromedia<MACROM~1>
2007-02-06 18:19:07 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\OfficeUpdate12<OFFICE~1>
2007-02-06 17:54:09 0 d-------- G:\Programme\Snapshot Viewer<SNAPSH~1>
2007-02-06 16:30:39 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Help
2007-02-06 13:38:45 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Microsoft Web Folders<MICROS~2>
2007-02-06 13:38:29 0 d-------- G:\Programme\microsoft frontpage<MICROS~1>
2007-02-06 12:46:37 0 d-------- G:\Programme\ASUS
2007-02-06 12:38:40 0 d-------- G:\Programme\Marvell
2007-02-06 12:36:37 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Adobe
2007-02-06 10:45:57 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\TuneUp Software<TUNEUP~1>
2007-02-05 19:01:48 0 d-------- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\Identities<IDENTI~1>
2007-02-05 18:20:06 62 --ahs---- G:\Dokumente und Einstellungen\Sascha.RECHNER\Anwendungsdaten\desktop.ini
2006-12-26 13:54:35 34760 --a------ G:\XPHOME\system32\drivers\ElbyCDFL.sys<Signed: SlySoft, Inc.>
2006-12-20 15:04:32 0 d-------- G:\Programme\Gemeinsame Dateien\Wise Installation Wizard<WISEIN~1>
2006-12-11 14:45:22 36352 -----n--- G:\XPHOME\system32\tsgqec.dll<Unsigned: Microsoft Corporation>
2006-12-11 14:45:22 288768 -----n--- G:\XPHOME\system32\rhttpaa.dll<Unsigned: Microsoft Corporation>
2006-12-11 14:45:22 116736 -----n--- G:\XPHOME\system32\aaclient.dll<Unsigned: Microsoft Corporation>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="G:\\XPHOME\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avgnt"="\"G:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Zone Labs Client"="\"G:\\Programme\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Trojancheck 6 Guard"="G:\\Programme\\Trojancheck 6\\tcguard.exe"
"ATIPTA"="G:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Ptipbmf"="rundll32.exe ptipbmf.dll,SetWriteCacheMode"
"IMJPMIG8.1"="\"G:\\XPHOME\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="G:\\XPHOME\\ime\\imkr6_1\\IMEKRMIG.EXE"
"SoundMan"="SOUNDMAN.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled]
"PHIME2002ASync"="G:\\XPHOME\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="G:\\XPHOME\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"MSPY2002"="G:\\XPHOME\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="G:\\XPHOME\\system32\\CTFMON.EXE"
"PcSync"="G:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="G:\\XPHOME\\system32\\CTFMON.EXE"
"PcSync"="G:\\Programme\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"GreyMSIAds"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"="\"G:\\DOKUME~1\\SASCHA~1.REC\\LOKALE~1\\TEMP\\TEMPOR„RES VERZEICHNIS 2 F�R PROCESSEXPLORER.ZIP\\PROCEXP.EXE\""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
p2psvc REG_MULTI_SZ p2psvc\0p2pimsvc\0p2pgasvc\0PNRPSvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{325e51ee-b5ca-11db-a941-806d6172696f}]
Shell\AutoRun\command H:\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e4794e7-b544-11db-a210-806d6172696f}]
Shell\AutoRun\command L:\setup.exe


-- End of ComboScan: finished at 2007-02-18 at 22:29:29 -------------------------
__________
MfG
Dragon29581

#8 Dragon29581

wahrscheinlich hast du dir den W32.Looked eingefangen
http://virus-protect.org/artikel/spyware/rundl132_dll.html

------------------------------------------------

Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "G:\XPHOME\PIF" >>files.txt
dir "G:\Dokumente und Einstellungen\%UserName%" >>files.txt
dir "G:\Programme\Internet Explorer\PLUGINS" >>files.txt
dir "G:\Programme\Gemeinsame Dateien\System" >>files.txt
dir "G:\Programme\Gemeinsame Dateien\Microsoft Shared" >>files.txt
dir "G:\XPHOME\system32\Com" >>files.txt
notepad files.txt

----------------------------------------------------------------
««
lade FindIt_Nt-2k-XP
Doppelklick find.bat --> output.txt - poste den text
http://virus-protect.org/artikel/tools/FindItNt2kXP.html

----------------------------------------------------------------

««
Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Files to delete:
G:\XPHOME\zts2.exe
G:\XPHOME\system32\vcmgcd32.dll
G:\XPHOME\system32\iifgfgf.dll
G:\XPHOME\rundll16.exe
G:\XPHOME\rundl132.dll
G:\XPHOME\logo1_.exe
G:\XPHOME\system32\TASKMGR.COM
G:\XPHOME\system32\T.COM
G:\XPHOME\REGEDIT.COM
G:\XPHOME\R.COM

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten
__________
MfG Sabina

rund um die PC-Sicherheit

#9 Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME\PIF

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\Dokumente und Einstellungen

Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\Programme\Internet Explorer\PLUGINS

08.02.2007 10:34 <DIR> .
08.02.2007 10:34 <DIR> ..
24.09.2005 09:08 5.120 nppdf32.DEU
18.12.2006 04:18 77.824 nppdf32.dll
13.01.2003 10:59 86.016 NPUPano.dll
13.01.2003 10:59 278.528 PanoViewer.dll
07.02.2007 09:04 <DIR> RichFX
30.04.1999 16:00 98.304 UPjpeg.dll
5 Datei(en) 545.792 Bytes
3 Verzeichnis(se), 67.474.427.904 Bytes frei
Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\Programme\Gemeinsame Dateien\System

17.02.2007 11:43 <DIR> .
17.02.2007 11:43 <DIR> ..
17.02.2007 11:58 <DIR> ado
08.11.2006 06:06 86.528 directdb.dll
06.02.2007 17:56 <DIR> Mapi
17.02.2007 11:58 <DIR> msadc
06.02.2007 17:56 <DIR> Ole DB
05.08.2003 19:41 133.704 SNAPVIEW.OCX
06.11.1998 16:43 106.496 SYSTEM.MDW
08.11.2006 06:06 510.976 wab32.dll
04.08.2004 13:00 259.072 wab32res.dll
5 Datei(en) 1.096.776 Bytes
6 Verzeichnis(se), 67.474.427.904 Bytes frei
Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\Programme\Gemeinsame Dateien\Microsoft Shared

15.02.2007 10:44 <DIR> .
15.02.2007 10:44 <DIR> ..
06.02.2007 17:54 <DIR> Artgalry
05.06.2006 08:11 <DIR> Clipart
06.02.2007 13:38 <DIR> DAO
05.06.2006 08:13 <DIR> Database Replication
06.02.2007 17:54 <DIR> Datamap
06.02.2007 17:55 <DIR> Equation
06.02.2007 17:32 <DIR> Euro
06.02.2007 17:55 <DIR> Grphflt
06.02.2007 17:32 <DIR> MSDesigners98
06.02.2007 17:55 <DIR> MSInfo
06.02.2007 17:55 <DIR> OrgChart
06.02.2007 17:55 <DIR> PhotoEd
06.02.2007 17:55 <DIR> Proof
05.06.2006 08:12 <DIR> Reference Titles
04.06.2006 22:00 <DIR> Speech
04.06.2006 21:36 <DIR> Stationery
09.02.2007 10:09 <DIR> TextConv
06.02.2007 17:53 <DIR> Themes
17.02.2007 11:35 <DIR> Triedit
05.06.2006 08:12 <DIR> VBA
18.02.2007 03:36 <DIR> VGX
05.06.2006 08:13 <DIR> vs98
06.02.2007 17:32 <DIR> Web Folders
04.06.2006 21:38 <DIR> web server extensions
0 Datei(en) 0 Bytes
26 Verzeichnis(se), 67.474.427.904 Bytes frei
Datentr„ger in Laufwerk G: ist Programme
Volumeseriennummer: F473-76CC

Verzeichnis von G:\XPHOME\system32\Com

17.02.2007 11:37 <DIR> .
17.02.2007 11:37 <DIR> ..
26.07.2005 05:39 195.072 comadmin.dll
04.08.2004 13:00 61.440 comempty.dat
04.08.2004 13:00 77.348 comexp.msc
04.08.2004 13:00 9.728 comrepl.exe
04.08.2004 13:00 5.120 comrereg.exe
04.08.2004 13:00 19.456 mtsadmin.tlb
6 Datei(en) 368.164 Bytes
2 Verzeichnis(se), 67.474.427.904 Bytes frei
__________
MfG
Dragon29581

#10 ««
lade FindIt_Nt-2k-XP
Doppelklick find.bat --> output.txt - poste den text
http://virus-protect.org/artikel/tools/FindItNt2kXP.html
__________
MfG Sabina

rund um die PC-Sicherheit

#11 lade FindIt_Nt-2k-XP
da erzählt er mir immer Datei nicht gefunden

Beginn strings.exe search... this portion of the search can take several minutes, plaese allow it to run until the log appears.

Das System kann den angegebenen Pfad nicht finden.
__________
MfG
Dragon29581

#12 Avenger
http://virus-protect.org/artikel/tools/avenger.html
Input script manually (anhaken)
kopiere in: View/edit script

Zitat

Files to delete:
G:\XPHOME\zts2.exe
G:\XPHOME\system32\vcmgcd32.dll
G:\XPHOME\system32\iifgfgf.dll
G:\XPHOME\rundll16.exe
G:\XPHOME\rundl132.dll
G:\XPHOME\logo1_.exe
G:\XPHOME\system32\TASKMGR.COM
G:\XPHOME\system32\T.COM
G:\XPHOME\REGEDIT.COM
G:\XPHOME\R.COM

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

»»
poste den report vom avenger, der nach neustart erscheint
__________
MfG Sabina

rund um die PC-Sicherheit

#13 Er sagt :

Error : selected file´does not appear to be a valid script.

der error.txt

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: could not create new script file.
Error code: 0
Error logged to errorlog.txt. Aborting now!

Es hat geklappt :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qxcfxhvg

*******************

Script file located at: \??\G:\jiluhmok.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at G:\Avenger

*******************

Beginning to process script file:



Error: G:\XPHOME\zts2.exe is a folder, not a file!
Deletion of file G:\XPHOME\zts2.exe failed!

Could not process line:
G:\XPHOME\zts2.exe
Status: 0xc00000ba



Error: G:\XPHOME\system32\vcmgcd32.dll is a folder, not a file!
Deletion of file G:\XPHOME\system32\vcmgcd32.dll failed!

Could not process line:
G:\XPHOME\system32\vcmgcd32.dll
Status: 0xc00000ba



Error: G:\XPHOME\system32\iifgfgf.dll is a folder, not a file!
Deletion of file G:\XPHOME\system32\iifgfgf.dll failed!

Could not process line:
G:\XPHOME\system32\iifgfgf.dll
Status: 0xc00000ba



Error: G:\XPHOME\rundll16.exe is a folder, not a file!
Deletion of file G:\XPHOME\rundll16.exe failed!

Could not process line:
G:\XPHOME\rundll16.exe
Status: 0xc00000ba



Error: G:\XPHOME\rundl132.dll is a folder, not a file!
Deletion of file G:\XPHOME\rundl132.dll failed!

Could not process line:
G:\XPHOME\rundl132.dll
Status: 0xc00000ba



Error: G:\XPHOME\logo1_.exe is a folder, not a file!
Deletion of file G:\XPHOME\logo1_.exe failed!

Could not process line:
G:\XPHOME\logo1_.exe
Status: 0xc00000ba

File G:\XPHOME\system32\TASKMGR.COM deleted successfully.
File G:\XPHOME\system32\T.COM deleted successfully.
File G:\XPHOME\REGEDIT.COM deleted successfully.
File G:\XPHOME\R.COM deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
__________
MfG
Dragon29581

#14 War es jetzt so richtig
__________
MfG
Dragon29581

#15 Avenger

Zitat

Folders to delete:
G:\XPHOME\zts2.exe
G:\XPHOME\system32\vcmgcd32.dll
G:\XPHOME\system32\iifgfgf.dll
G:\XPHOME\rundll16.exe
G:\XPHOME\rundl132.dll
G:\XPHOME\logo1_.exe

poste den report nach neustart
__________
MfG Sabina

rund um die PC-Sicherheit