Bank Tans wurden abgefragt

chaos2009 · 02.02.2011, 16:54

Hi Leute

auf dem Rechner von einer Freundin hat sich ein Trojaner eingeschlichen.
Er wollte dass sie 20 Tans eingibt.
Mit Malwarebytes habe ich folgendes log file bekommen.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

02.02.2011 16:23:50
mbam-log-2011-02-02 (16-23-21)_anni

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155159
Laufzeit: 19 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 6
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pro Antispyware 2009 4.7 (Rogue.ProAntiSpyware) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.

Infizierte Verzeichnisse:
c:\programdata\solt lake software (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009 (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\BASE (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> No action taken.

Infizierte Dateien:
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090414002452641.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090414002918449.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090414205235470.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090415183451737.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090416211141469.log (Rogue.ProAntiSpyware) -> No action taken.

dann habe ich noch mit OTL einen suchlauf erstellt und folgende logs bekommen.OTL Logfile:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.02.2011 01:10:53 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = K:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,46 Gb Total Space | 152,09 Gb Free Space | 67,46% Space Free | Partition Type: NTFS
Drive J: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 465,11 Gb Total Space | 420,17 Gb Free Space | 90,34% Space Free | Partition Type: NTFS
 
Computer Name: ANNI-PC | User Name: Anni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.24 20:36:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.08.20 17:55:38 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.07 00:17:43 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.12.29 11:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.11.03 12:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.22 11:13:56 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Programme\Sony\Marketing Tools\MarketingTools.exe
PRC - [2007.10.31 13:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007.10.12 22:15:23 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2007.09.20 09:23:16 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe
PRC - [2007.09.20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe
PRC - [2007.09.19 11:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2007.09.12 01:29:47 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007.08.14 20:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007.06.10 01:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2007.06.10 01:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2007.06.10 01:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.04.14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [1999.08.24 09:56:30 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Programme\Corel\WordPerfect Office 2000\programs\dad9.exe
PRC - [1999.08.24 09:56:26 | 000,241,664 | ---- | M] (Corel Corporation Limited) -- C:\Programme\Corel\WordPerfect Office 2000\programs\alarm.exe
PRC - [1998.07.23 09:51:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Programme\Corel\WordPerfect Office 2000\Register\Remind32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.24 20:36:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.20 17:55:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.10 03:44:07 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.10.12 22:14:27 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.10.12 22:11:50 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.09.28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.09.20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007.09.20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.06.28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\xdG2dsG.sys -- (xdG2dsG)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.15 18:39:39 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.07 15:08:06 | 000,583,424 | ---- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ttusb2bda.sys -- (TTUSB2BDA)
DRV - [2007.12.10 03:45:43 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.11.16 01:20:10 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.25 01:03:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.10.25 01:03:42 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.10.25 01:03:40 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.10.25 01:03:40 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.10.25 01:03:31 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.12 22:15:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007.10.12 22:15:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007.10.12 22:15:04 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.10.12 22:15:04 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.10.12 22:15:04 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.10.12 22:14:57 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.10.08 01:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2007.10.08 01:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.10.08 01:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007.10.08 01:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVENG.SYS -- (NAVENG)
DRV - [2007.09.19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.09.19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.29 02:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.08.25 01:06:19 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.15 01:28:09 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.06.10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.05.26 09:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.29 17:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.29 17:35:30 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.04.15 19:53:07 | 000,000,721 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Programme\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 22:12:18 | 000,000,088 | ---- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{08164347-60d6-11df-bb6e-001a80b8c9e6}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell - "" = AutoRun
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell - "" = AutoRun
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell\AutoRun\command - "" = H:\Installieren!.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.02 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Malwarebytes
[2011.02.02 00:37:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.02 00:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.02 00:37:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.02 00:37:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.02 00:26:19 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.02.02 00:26:19 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.02.02 00:26:19 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2011.02.02 00:26:19 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.02.02 00:26:12 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011.02.02 00:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Partner
[2011.01.29 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Local
[2011.01.29 16:49:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.01.29 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.01.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\WinRAR
[2011.01.29 14:51:03 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.01.29 01:53:31 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Avira
[2011.01.23 23:17:33 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.01.22 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Libxml
[2011.01.14 00:26:53 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Yahoo
[2011.01.14 00:26:46 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2011.01.14 00:26:40 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2011.01.14 00:26:37 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Conduit
[2011.01.14 00:26:36 | 000,000,000 | ---D | C] -- C:\Programme\Elf_1.13
[2011.01.11 21:35:42 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 21:35:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\Documents\My Downloads
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\FinalTorrent
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\PackageAware
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Programme\FinalTorrent
[2011.01.07 23:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011.01.07 23:23:28 | 000,000,000 | ---D | C] -- C:\Programme\Surf Canyon
[2011.01.07 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\PriceGong
[2011.01.07 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011.01.07 23:23:11 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Yahoo!
[2011.01.07 23:23:10 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.02 00:43:02 | 000,703,736 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.02 00:43:02 | 000,658,034 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.02 00:43:02 | 000,158,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.02 00:43:02 | 000,128,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.02 00:37:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:27:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.02 00:26:27 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.02.02 00:21:09 | 000,056,088 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2011.02.02 00:20:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.29 19:55:33 | 000,041,984 | ---- | M] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 17:39:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | M] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | M] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.02 00:37:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:26:27 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | C] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.29 17:05:46 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | C] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2010.05.31 18:25:08 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.01.03 17:15:22 | 000,417,792 | ---- | C] () -- C:\Windows\System32\fxdb.dll
[2010.01.03 17:14:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\iduninst.dll
[2010.01.03 17:14:09 | 001,213,440 | ---- | C] () -- C:\Windows\System32\opengl.dll
[2010.01.03 17:14:08 | 000,315,904 | ---- | C] () -- C:\Windows\System32\glu.dll
[2010.01.03 17:14:08 | 000,154,624 | ---- | C] () -- C:\Windows\System32\glut.dll
[2009.08.08 13:12:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.21 09:48:08 | 000,002,641 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.02.15 18:39:39 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.12.19 23:18:52 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.19 23:18:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.17 21:42:36 | 000,041,984 | ---- | C] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.17 21:34:36 | 000,000,680 | ---- | C] () -- C:\Users\Anni\AppData\Local\d3d9caps.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2008.11.21 22:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.16 12:38:24 | 000,088,632 | ---- | C] () -- C:\Windows\System32\drivers\snsntfy.dll
[2007.12.10 03:35:25 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.12.10 03:19:10 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 
--- --- ---
SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.20 17:55:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.10 03:44:07 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.10.12 22:14:27 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.10.12 22:11:50 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.09.28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.09.20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007.09.20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.06.28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\xdG2dsG.sys -- (xdG2dsG)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.15 18:39:39 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.07 15:08:06 | 000,583,424 | ---- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ttusb2bda.sys -- (TTUSB2BDA)
DRV - [2007.12.10 03:45:43 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.11.16 01:20:10 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.25 01:03:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.10.25 01:03:42 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.10.25 01:03:40 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.10.25 01:03:40 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.10.25 01:03:31 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.12 22:15:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007.10.12 22:15:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007.10.12 22:15:04 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.10.12 22:15:04 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.10.12 22:15:04 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.10.12 22:14:57 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.10.08 01:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2007.10.08 01:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.10.08 01:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007.10.08 01:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVENG.SYS -- (NAVENG)
DRV - [2007.09.19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.09.19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.29 02:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.08.25 01:06:19 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.15 01:28:09 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.06.10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.05.26 09:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.29 17:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.29 17:35:30 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.04.15 19:53:07 | 000,000,721 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Programme\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 22:12:18 | 000,000,088 | ---- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{08164347-60d6-11df-bb6e-001a80b8c9e6}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell - "" = AutoRun
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell - "" = AutoRun
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell\AutoRun\command - "" = H:\Installieren!.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.02 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Malwarebytes
[2011.02.02 00:37:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.02 00:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.02 00:37:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.02 00:37:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.02 00:26:19 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.02.02 00:26:19 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.02.02 00:26:19 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2011.02.02 00:26:19 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.02.02 00:26:12 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011.02.02 00:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Partner
[2011.01.29 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Local
[2011.01.29 16:49:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.01.29 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.01.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\WinRAR
[2011.01.29 14:51:03 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.01.29 01:53:31 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Avira
[2011.01.23 23:17:33 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.01.22 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Libxml
[2011.01.14 00:26:53 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Yahoo
[2011.01.14 00:26:46 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2011.01.14 00:26:40 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2011.01.14 00:26:37 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Conduit
[2011.01.14 00:26:36 | 000,000,000 | ---D | C] -- C:\Programme\Elf_1.13
[2011.01.11 21:35:42 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 21:35:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\Documents\My Downloads
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\FinalTorrent
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\PackageAware
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Programme\FinalTorrent
[2011.01.07 23:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011.01.07 23:23:28 | 000,000,000 | ---D | C] -- C:\Programme\Surf Canyon
[2011.01.07 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\PriceGong
[2011.01.07 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011.01.07 23:23:11 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Yahoo!
[2011.01.07 23:23:10 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.02 00:43:02 | 000,703,736 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.02 00:43:02 | 000,658,034 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.02 00:43:02 | 000,158,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.02 00:43:02 | 000,128,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.02 00:37:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:27:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.02 00:26:27 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.02.02 00:21:09 | 000,056,088 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2011.02.02 00:20:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.29 19:55:33 | 000,041,984 | ---- | M] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 17:39:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | M] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | M] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.02 00:37:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:26:27 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | C] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.29 17:05:46 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | C] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2010.05.31 18:25:08 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.01.03 17:15:22 | 000,417,792 | ---- | C] () -- C:\Windows\System32\fxdb.dll
[2010.01.03 17:14:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\iduninst.dll
[2010.01.03 17:14:09 | 001,213,440 | ---- | C] () -- C:\Windows\System32\opengl.dll
[2010.01.03 17:14:08 | 000,315,904 | ---- | C] () -- C:\Windows\System32\glu.dll
[2010.01.03 17:14:08 | 000,154,624 | ---- | C] () -- C:\Windows\System32\glut.dll
[2009.08.08 13:12:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.21 09:48:08 | 000,002,641 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.02.15 18:39:39 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.12.19 23:18:52 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.19 23:18:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.17 21:42:36 | 000,041,984 | ---- | C] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.17 21:34:36 | 000,000,680 | ---- | C] () -- C:\Users\Anni\AppData\Local\d3d9caps.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2008.11.21 22:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.16 12:38:24 | 000,088,632 | ---- | C] () -- C:\Windows\System32\drivers\snsntfy.dll
[2007.12.10 03:35:25 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.12.10 03:19:10 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 
< End of report >

--- --- ---

könnt ihr mir bitte weiterhelfen damit ich ihr den PC wieder säubere
Vielen Dank im voraus

kira · 02.02.2011, 22:25

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Sicherheitskonzept v. SETI@home/Punkt 1.

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

4.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

5.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

6.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ "Download"→ " Download from FileHippo.com"
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
Coverflow

chaos2009 · 04.02.2011, 14:29

Hallo

danke schon jetzt für deine Hilfe.
Hier meine abgearbeiteten Schritte.
Zu 1.

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-03 20:51:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: 1fbifgl6.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldrpod.sys


---- System - GMER 1.0.15 ----

SSDT            93728988                                                                                               ZwAlertResumeThread
SSDT            93728A68                                                                                               ZwAlertThread
SSDT            93726C58                                                                                               ZwAllocateVirtualMemory
SSDT            91D72F58                                                                                               ZwConnectPort
SSDT            937286E8                                                                                               ZwCreateMutant
SSDT            93726E28                                                                                               ZwCreateThread
SSDT            93726A88                                                                                               ZwFreeVirtualMemory
SSDT            937287C8                                                                                               ZwImpersonateAnonymousToken
SSDT            937288A8                                                                                               ZwImpersonateThread
SSDT            93726988                                                                                               ZwMapViewOfSection
SSDT            93728608                                                                                               ZwOpenEvent
SSDT            93726D48                                                                                               ZwOpenProcessToken
SSDT            937266E8                                                                                               ZwOpenThreadToken
SSDT            936DE150                                                                                               ZwResumeThread
SSDT            93726608                                                                                               ZwSetContextThread
SSDT            937267C8                                                                                               ZwSetInformationProcess
SSDT            93728F90                                                                                               ZwSetInformationThread
SSDT            93728528                                                                                               ZwSuspendProcess
SSDT            93728BB0                                                                                               ZwSuspendThread
SSDT            93726EF8                                                                                               ZwTerminateProcess
SSDT            93728EB0                                                                                               ZwTerminateThread
SSDT            937268A8                                                                                               ZwUnmapViewOfSection
SSDT            93726B68                                                                                               ZwWriteVirtualMemory

INT 0x51        ?                                                                                                      8B876F00
INT 0x62        ?                                                                                                      8B876F00
INT 0x72        ?                                                                                                      89C1CBF8
INT 0x82        ?                                                                                                      89289BF8
INT 0x92        ?                                                                                                      89289BF8
INT 0xA2        ?                                                                                                      8B876F00
INT 0xA2        ?                                                                                                      8B876F00
INT 0xA2        ?                                                                                                      8B876F00
INT 0xB3        ?                                                                                                      8B876F00

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                          86EAF880 8 Bytes  [88, 89, 72, 93, 68, 8A, 72, ...] {MOV [ECX-0x75976c8e], CL; JB 0xffffffffffffff9b}
.text           ntkrnlpa.exe!KeSetEvent + 131                                                                          86EAF894 4 Bytes  [58, 6C, 72, 93] {POP EAX; INSB ; JB 0xffffffffffffff97}
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                          86EAF924 4 Bytes  [58, 2F, D7, 91] {POP EAX; DAS ; XLATB ; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 221                                                                          86EAF984 4 Bytes  [28, 6E, 72, 93] {SUB [ESI+0x72], CH; XCHG EBX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 335                                                                          86EAFA98 4 Bytes  [88, 6A, 72, 93] {MOV [EDX+0x72], CH; XCHG EBX, EAX}
.text           ...                                                                                                    
?               System32\Drivers\spnr.sys                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                               section is writeable [0x90A09360, 0x35B0A2, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                  8CFA941B 5 Bytes  JMP 8B8764E0 
.text           adigo6r3.SYS                                                                                           91796000 22 Bytes  [82, 33, 1C, 87, 6C, 32, 1C, ...]
.text           adigo6r3.SYS                                                                                           91796017 181 Bytes  [00, 32, C7, 99, 8C, 3D, C5, ...]
.text           adigo6r3.SYS                                                                                           917960CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6A, ...]
.text           adigo6r3.SYS                                                                                           917960DA 12 Bytes  [00, 00, 02, 00, 00, 00, 25, ...]
.text           adigo6r3.SYS                                                                                           917960E7 714 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text           ...                                                                                                    

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                              [8C8936D2] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                               [8C893040] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                       [8C8937FC] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                              [8C8930BE] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                        [8C89313C] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                     [8C8A3048] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortNotification]                             CC000CC2
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortWritePortUchar]                           83EC8B55
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortWritePortUlong]                           575320EC
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                       458DFF33
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]            8D5750FC
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetScatterGatherList]                     5750F845
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReadPortUchar]                            8957046A
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortStallExecution]                           75E8FC7D
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetParentBusType]                         BB0001E8
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortRequestCallback]                          000000EA
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                    850FC33B
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                     0000012B
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortCompleteRequest]                          0FFC7D39
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortMoveMemory]                               00012284
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                458D5600
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                   106A50F4
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                     38335668
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReadPortUshort]                           FC75FF36
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                     D1E85757
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortInitialize]                               8B0001E7
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetDeviceBase]                            1BDEF7F0
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortDeviceStateChange]                        23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                  [74217817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                   [7426A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]               [7421BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]         [7420F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                   [742175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                [7420E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [74248395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]       [7421DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]               [7420FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                [7420FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                 [742071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]         [7429CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]            [7423C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]               [7420D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                         [74206853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                        [7420687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]           [74212AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                 89C1E1F8
Device          \FileSystem\udfs \UdfsCdRom                                                                            898EE1F8
Device          \FileSystem\udfs \UdfsDisk                                                                             898EE1F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{17DC868A-C502-41EA-86C5-E329A33F206F}                               936DC500
Device          \Driver\volmgr \Device\VolMgrControl                                                                   8928B1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                       8B7B11F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                       8B7AD500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                       8B7B11F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                       8B7B11F8
Device          \Driver\usbehci \Device\USBPDO-6                                                                       8B7AD500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                 8928B1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                 8928B1F8
Device          \Driver\cdrom \Device\CdRom0                                                                           8B7BA1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                            89C1D1F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                     [8CC48D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                     89C1D1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                     89C1D1F8
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                          [8CC48D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                           8B7BA1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                 8928B1F8
Device          \Driver\USBSTOR \Device\00000080                                                                       8970F1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                 8928B1F8
Device          \Driver\cdrom \Device\CdRom3                                                                           8B7BA1F8
Device          \Driver\USBSTOR \Device\00000081                                                                       8970F1F8
Device          \Driver\sptd \Device\2289369890                                                                        spnr.sys
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                 8928B1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                936DC500
Device          \Driver\netbt \Device\NetBT_Tcpip_{7940B5D8-D5CC-45DE-A482-B65C0C28653A}                               936DC500
Device          \Driver\Smb \Device\NetbiosSmb                                                                         936BA1F8
Device          \Driver\PCI_PNP5871 \Device\0000005a                                                                   spnr.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                     8B93F1F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                       8B7B11F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                       8B7AD500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                       8B7B11F8
Device          \Driver\USBSTOR \Device\0000007f                                                                       8970F1F8
Device          \Driver\usbehci \Device\USBFDO-6                                                                       8B7AD500
Device          \Driver\adigo6r3 \Device\Scsi\adigo6r31Port4Path0Target0Lun0                                           8B9161F8
Device          \Driver\adigo6r3 \Device\Scsi\adigo6r31                                                                8B9161F8
Device          \FileSystem\cdfs \Cdfs                                                                                 8957A1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                     771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                     285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                    C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                 0x11 0x18 0x7B 0x5E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh        0x1D 0x4A 0x9A 0xBE ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh  0x78 0xAB 0x6E 0x67 ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                           
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                        C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                        0
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                     0x11 0x18 0x7B 0x5E ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                  
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh            0x1D 0x4A 0x9A 0xBE ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40            
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh      0x78 0xAB 0x6E 0x67 ...

---- EOF - GMER 1.0.15 ----
         
 --- --- ---

zu 2. Hier habe ich einen voll scan gemacht. Ich konnte aber die Datenbank nicht updaten da ich den PC bei mir nicht ans Netz bekomme.
Somit nur mit der älteren Datenbank.
Ich versuche heute abend den PC in seiner Heimatumgebung wider ins Netz zu bringen.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

04.02.2011 01:47:18
mbam-log-2011-02-04 (01-47-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 288571
Laufzeit: 1 Stunde(n), 13 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hatte ja diese Version schon einmal ausgeführt.

zu 3. habe ich folgende File bekommen

Code:

ATTFilter

HiJackthis Logfile:

	Code: 

 ATTFilter

  
	Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:42:51, on 04.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\mobsync.exe
K:\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Dvdreal] C:\Users\***\AppData\Roaming\Libxml\packres.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14889 bytes
         
 --- --- ---

zu 4. habe ich ausgeführt

So nach dem ich nicht alles in einen Eintrag packen kann folgt ein zweiter.

chaos2009 · 04.02.2011, 14:34

so und jetzt geht es weiter
zu 5.

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6002]
 
 
C:

  04.02.2011 02:14     C:\System Volume Information --------- 32768   
       C:\pagefile.sys ---------    
  03.02.2011 19:26     C:\Windows --------- 32768   
  02.02.2011 16:48     C:\ProgramData --------- 8192   
  02.02.2011 00:37     C:\Program Files --------- 24576   
  17.12.2010 00:07     C:\cd336de29ca1720de1938fd42cc5 --------- 12288   
  28.09.2010 00:58     C:\56c9e0694153038b76d352d9168e04 --------- 12288   
  16.08.2010 17:42     C:\81819d3b6a57250986d4 --------- 0   
  27.06.2010 00:10     C:\599badcfe849d9ab7e03 --------- 12288   
  22.04.2010 00:19     C:\Temp --------- 0   
  10.04.2010 13:55     C:\Boot --------- 4096   
  03.01.2010 17:18     C:\IO.SYS --------- 0   
  03.01.2010 17:18     C:\MSDOS.SYS --------- 0   
  28.10.2009 22:49     C:\dd002597a72894372a8fb6e66340 --------- 0   
  11.04.2009 07:36     C:\bootmgr --------- 333257   
  18.03.2009 23:06     C:\PerfLogs --------- 0   
  08.03.2009 16:28     C:\Spiele --------- 0   
  21.12.2008 23:26     C:\Musik --------- 0   
  19.12.2008 23:17     C:\Users --------- 4096   
  17.12.2008 21:36     C:\$Recycle.Bin --------- 4096   
  10.12.2007 03:37     C:\vcredist_x86.log --------- 390276   
  10.12.2007 03:35     C:\Documentation --------- 0   
  10.12.2007 03:25     C:\WAUUPGRD --------- 4096   
  22.11.2007 11:08     C:\Big Fish Games --------- 4096   
  22.11.2007 11:03     C:\MSOCache --------- 0   
  22.11.2007 01:14     C:\BOOTSECT.BAK --------- 8192   
  21.11.2007 16:19     C:\Programme --------- 0   
  21.11.2007 16:19     C:\Dokumente und Einstellungen --------- 0   
  02.11.2006 14:02     C:\Documents and Settings --------- 0   
  18.09.2006 22:43     C:\config.sys --------- 10   
  18.09.2006 22:43     C:\autoexec.bat --------- 24   
----------------------------------------

 
C:\Windows

  04.02.2011 13:41     C:\Windows\WindowsUpdate.log --------- 1461757   
  04.02.2011 13:31     C:\Windows\bootstat.dat --------- 67584   
  03.02.2011 20:59     C:\Windows\setupact.log --------- 46111   
  29.01.2011 19:24     C:\Windows\PFRO.log --------- 45468   
  21.10.2010 23:02     C:\Windows\win.ini --------- 341   
  21.10.2010 22:56     C:\Windows\hpoins19.dat --------- 164347   
  16.07.2010 10:57     C:\Windows\BDTSupport.dll.old --------- 767928   
  22.01.2010 07:56     C:\Windows\PCTBDCore.dll.old --------- 1652688   
  28.11.2009 10:57     C:\Windows\msxml4-KB973688-enu.LOG --------- 278510   
  23.10.2009 20:23     C:\Windows\ie8_main.log --------- 2084   
  21.04.2009 09:54     C:\Windows\DPINST.LOG --------- 22038   
  17.04.2009 00:53     C:\Windows\ntbtlog.txt --------- 189038   
  11.04.2009 07:27     C:\Windows\explorer.exe --------- 2926592   
  19.03.2009 20:48     C:\Windows\WindowsShell.Manifest --------- 749   
  19.03.2009 20:47     C:\Windows\DtcInstall.log --------- 4596   
  08.03.2009 16:35     C:\Windows\DirectX.log --------- 111045   
  12.02.2009 22:27     C:\Windows\ocsetup_install_NetFx3.etl --------- 32768000   
  12.02.2009 22:27     C:\Windows\ocsetup_cbs_install_NetFx3.perf --------- 196608   
  12.02.2009 22:27     C:\Windows\ocsetup_cbs_install_NetFx3.dpx --------- 65536   
  22.12.2008 00:32     C:\Windows\msxml4-KB941833-enu.LOG --------- 259990   
  22.12.2008 00:20     C:\Windows\msxml4-KB954430-enu.LOG --------- 289180   
  17.12.2008 21:26     C:\Windows\TSSysprep.log --------- 5767   
  19.01.2008 08:33     C:\Windows\regedit.exe --------- 134656   
  19.01.2008 08:33     C:\Windows\notepad.exe --------- 151040   
  19.01.2008 08:33     C:\Windows\HelpPane.exe --------- 498176   
  19.01.2008 08:33     C:\Windows\fveupdate.exe --------- 13312   
  19.01.2008 08:33     C:\Windows\bfsvc.exe --------- 58880   
  10.12.2007 03:35     C:\Windows\VAIOUpdt.INI --------- 0   
  10.12.2007 03:30     C:\Windows\xpsp1hfm.log --------- 1392   
  22.11.2007 11:18     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 8060928   
  22.11.2007 11:18     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608   
  22.11.2007 11:18     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   
  22.11.2007 09:44     C:\Windows\DIFxAPI.dll --------- 319456   
  22.11.2007 09:41     C:\Windows\HideWin.exe --------- 315392   
  22.11.2007 09:15     C:\Windows\msxml4-KB936181-deu.LOG --------- 266240   
  21.11.2007 07:48     C:\Windows\csup.txt --------- 12   
  26.10.2007 07:21     C:\Windows\WMPrfDeu.prx --------- 33820   
  25.08.2007 01:06     C:\Windows\SkyTel.exe --------- 1826816   
  25.08.2007 01:06     C:\Windows\RtlUpd.exe --------- 1191936   
  25.08.2007 01:06     C:\Windows\RtHDVCpl.exe --------- 4669440   
  25.08.2007 01:06     C:\Windows\RtlExUpd.dll --------- 520192   
  13.03.2007 21:01     C:\Windows\hpomdl19.dat --------- 26952   
  02.01.2007 16:27     C:\Windows\Twunk_16.dll --------- 12288   
  02.01.2007 16:27     C:\Windows\Twunk_32.dll --------- 12288   
  02.11.2006 13:52     C:\Windows\setuperr.log --------- 0   
  02.11.2006 13:47     C:\Windows\SETUPAPI.LOG --------- 94   
  02.11.2006 13:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 13:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 13:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 13:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 13:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 10:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 10:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 08:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 12:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 22:46     C:\Windows\system.ini --------- 219   
  18.09.2006 22:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 22:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 22:30     C:\Windows\msdfmap.ini --------- 1405   
  06.07.1999 10:54     C:\Windows\corelpf.lrs --------- 28252   
  17.12.1997 18:33     C:\Windows\IsUninst.exe --------- 304128   
----------------------------------------

 
C:\Windows\System

 22.11.2007 11:23      C:\Windows\System\ykrp.com --------- 180 
 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 04.02.2011 02:26     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 04.02.2011 02:26     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 03.02.2011 21:00     C:\Windows\system32\perfh009.dat --------- 658034  
 03.02.2011 21:00     C:\Windows\system32\perfc009.dat --------- 128268  
 03.02.2011 21:00     C:\Windows\system32\perfh007.dat --------- 703736  
 03.02.2011 21:00     C:\Windows\system32\perfc007.dat --------- 158404  
 03.02.2011 21:00     C:\Windows\system32\PerfStringBackup.INI --------- 1642184  
 02.02.2011 16:56     C:\Windows\system32\drivers --------- 61440  
 02.02.2011 00:26     C:\Windows\system32\catroot --------- 4096  
 23.01.2011 17:40     C:\Windows\system32\WDI --------- 8192  
 20.01.2011 21:53     C:\Windows\system32\catroot2 --------- 24576  
 12.01.2011 00:01     C:\Windows\system32\mrt.exe --------- 37403080  
 09.01.2011 03:13     C:\Windows\system32\de-DE --------- 262144  
 09.01.2011 03:03     C:\Windows\system32\en-US --------- 8192  
 28.12.2010 16:55     C:\Windows\system32\odbc32.dll --------- 413696  
 15.12.2010 20:49     C:\Windows\system32\FNTCACHE.DAT --------- 482424  
 15.12.2010 20:45     C:\Windows\system32\migration --------- 0  
 14.12.2010 15:49     C:\Windows\system32\sdclt.exe --------- 1169408  
 02.12.2010 04:35     C:\Windows\system32\GPhotos.scr --------- 4280320  
 24.11.2010 19:04     C:\Windows\system32\config --------- 12288  
 24.11.2010 19:04     C:\Windows\system32\Msdtc --------- 4096  
 24.11.2010 19:04     C:\Windows\system32\wbem --------- 61440  
 12.11.2010 01:44     C:\Windows\system32\dpl100.dll --------- 94208  
 08.11.2010 23:57     C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592  
 04.11.2010 19:56     C:\Windows\system32\wmicmiplugin.dll --------- 345600  
 04.11.2010 19:55     C:\Windows\system32\taskschd.dll --------- 352768  
 04.11.2010 19:55     C:\Windows\system32\taskcomp.dll --------- 270336  
 04.11.2010 19:55     C:\Windows\system32\schedsvc.dll --------- 601600  
 04.11.2010 17:34     C:\Windows\system32\taskeng.exe --------- 171520  
 02.11.2010 07:01     C:\Windows\system32\wininet.dll --------- 916480  
 02.11.2010 07:01     C:\Windows\system32\urlmon.dll --------- 1210880  
 02.11.2010 07:00     C:\Windows\system32\occache.dll --------- 206848  
 02.11.2010 06:58     C:\Windows\system32\mstime.dll --------- 611840  
 02.11.2010 06:58     C:\Windows\system32\mshtmled.dll --------- 66560  
 02.11.2010 06:58     C:\Windows\system32\mshtml.dll --------- 5959168  
 02.11.2010 06:58     C:\Windows\system32\msfeeds.dll --------- 602112  
 02.11.2010 06:58     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 02.11.2010 06:57     C:\Windows\system32\licmgr10.dll --------- 43520  
 02.11.2010 06:57     C:\Windows\system32\jsproxy.dll --------- 25600  
 02.11.2010 06:57     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 02.11.2010 06:57     C:\Windows\system32\ieui.dll --------- 164352  
 02.11.2010 06:57     C:\Windows\system32\iesysprep.dll --------- 109056  
 02.11.2010 06:57     C:\Windows\system32\iertutil.dll --------- 1991680  
 02.11.2010 06:57     C:\Windows\system32\iesetup.dll --------- 71680  
 02.11.2010 06:57     C:\Windows\system32\iernonce.dll --------- 55808  
 02.11.2010 06:57     C:\Windows\system32\iepeers.dll --------- 184320  
 02.11.2010 06:57     C:\Windows\system32\ieframe.dll --------- 11080704  
 02.11.2010 06:57     C:\Windows\system32\iedkcs32.dll --------- 387584  
 02.11.2010 06:01     C:\Windows\system32\html.iec --------- 385024  
 02.11.2010 05:26     C:\Windows\system32\ieUnatt.exe --------- 133632  
 02.11.2010 05:25     C:\Windows\system32\ie4uinit.exe --------- 173568  
 02.11.2010 05:25     C:\Windows\system32\msfeedssync.exe --------- 13312  
 02.11.2010 05:24     C:\Windows\system32\mshtml.tlb --------- 1638912  
 28.10.2010 16:44     C:\Windows\system32\atmlib.dll --------- 34304  
 28.10.2010 14:27     C:\Windows\system32\atmfd.dll --------- 292352  
 28.10.2010 14:20     C:\Windows\system32\tzres.dll --------- 2048  
 19.10.2010 10:41     C:\Windows\system32\MpSigStub.exe --------- 222080  
 18.10.2010 14:37     C:\Windows\system32\consent.exe --------- 81920  
 18.10.2010 14:31     C:\Windows\system32\win32k.sys --------- 2038272  
 13.09.2010 16:46     C:\Windows\system32\wmp.dll --------- 10628096  
 13.09.2010 14:56     C:\Windows\system32\wmploc.DLL --------- 8147456  
 06.09.2010 17:20     C:\Windows\system32\srvsvc.dll --------- 125952  
 06.09.2010 17:19     C:\Windows\system32\netevent.dll --------- 17920  
 31.08.2010 16:46     C:\Windows\system32\mfc40u.dll --------- 954288  
 31.08.2010 16:46     C:\Windows\system32\mfc40.dll --------- 954752  
 31.08.2010 16:44     C:\Windows\system32\comctl32.dll --------- 531968  
 26.08.2010 17:37     C:\Windows\system32\t2embed.dll --------- 157184  
 26.08.2010 17:34     C:\Windows\system32\gameux.dll --------- 1696256  
 26.08.2010 17:33     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 26.08.2010 15:23     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 20.08.2010 23:35     C:\Windows\system32\Tasks --------- 4096  
 20.08.2010 17:05     C:\Windows\system32\wmpmde.dll --------- 867328  
 17.08.2010 15:11     C:\Windows\system32\spoolsv.exe --------- 128000  
 12.08.2010 21:10     C:\Windows\system32\spool --------- 4096  
 10.08.2010 16:53     C:\Windows\system32\schannel.dll --------- 274944  
 26.07.2010 16:51     C:\Windows\system32\shell32.dll --------- 11584512  
 12.07.2010 19:36     C:\Windows\system32\Px.dll --------- 698864  
 12.07.2010 19:36     C:\Windows\system32\pxafs.dll --------- 133616  
 12.07.2010 19:36     C:\Windows\system32\pxdrv.dll --------- 567792  
 12.07.2010 19:36     C:\Windows\system32\pxhpinst.exe --------- 72176  
 12.07.2010 19:36     C:\Windows\system32\pxinsi64.exe --------- 126448  
 12.07.2010 19:36     C:\Windows\system32\PxMas.dll --------- 219632  
 12.07.2010 19:36     C:\Windows\system32\vxblock.dll --------- 100848  
 12.07.2010 19:36     C:\Windows\system32\pxsfs.dll --------- 2120176  
 12.07.2010 19:36     C:\Windows\system32\PxWave.dll --------- 440816  
 12.07.2010 19:36     C:\Windows\system32\pxinsa64.exe --------- 68592  
 28.06.2010 18:00     C:\Windows\system32\ole32.dll --------- 1316864  
 18.06.2010 18:31     C:\Windows\system32\rtutils.dll --------- 36864  
 16.06.2010 16:30     C:\Windows\system32\fontsub.dll --------- 72704  
 11.06.2010 17:15     C:\Windows\system32\msxml3.dll --------- 1248768  
 08.06.2010 18:35     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
 08.06.2010 18:35     C:\Windows\system32\ntkrnlpa.exe --------- 3600768  
 27.05.2010 21:08     C:\Windows\system32\inetcomm.dll --------- 739328  
 27.05.2010 21:08     C:\Windows\system32\iccvid.dll --------- 81920  
 04.05.2010 20:13     C:\Windows\system32\msshsq.dll --------- 231424  
 16.04.2010 17:46     C:\Windows\system32\usp10.dll --------- 502272  
 15.04.2010 10:25     C:\Windows\system32\CodeIntegrity --------- 4096  
 11.04.2010 02:08     C:\Windows\system32\pt-BR --------- 0  
 11.04.2010 02:08     C:\Windows\system32\bg-BG --------- 0  
 11.04.2010 02:08     C:\Windows\system32\it-IT --------- 0  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 04.02.2011 13:31     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
 04.02.2011 00:28     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 04.02.2011 00:27     C:\Windows\Tasks\SA.DAT --------- 6  
 03.02.2011 21:25     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32536  
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\***\AppData\Local\Temp

 04.02.2011 13:47     C:\Users\***\AppData\Local\Temp\WPDNSE --------- 0  
 04.02.2011 13:32     C:\Users\***\AppData\Local\Temp\hsperfdata_*** --------- 0  
 04.02.2011 13:32     C:\Users\***\AppData\Local\Temp\AUCHECK_CORE.txt --------- 13524  
 04.02.2011 13:32     C:\Users\***\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 3587  
 04.02.2011 13:32     C:\Users\***\AppData\Local\Temp\jusched.log --------- 578999  
 04.02.2011 13:31     C:\Users\***\AppData\Local\Temp\symlcsv1.exe --------- 31864  
 04.02.2011 00:30     C:\Users\***\AppData\Local\Temp\svm4i.tmp --------- 0  
 04.02.2011 00:29     C:\Users\***\AppData\Local\Temp\STSE61B.tmp --------- 132  
 04.02.2011 00:29     C:\Users\***\AppData\Local\Temp\~DF9D8C.tmp --------- 16384  
 04.02.2011 00:29     C:\Users\***\AppData\Local\Temp\~DFDC5E.tmp --------- 16384  
 04.02.2011 00:29     C:\Users\***\AppData\Local\Temp\hpqddusr.log --------- 262437  
 04.02.2011 00:28     C:\Users\***\AppData\Local\Temp\MAR588B.tmp --------- 1285  
 04.02.2011 00:28     C:\Users\***\AppData\Local\Temp\MAR5283.tmp --------- 1342  
 04.02.2011 00:28     C:\Users\***\AppData\Local\Temp\divBE2.tmp --------- 0  
 03.02.2011 19:27     C:\Users\***\AppData\Local\Temp\STS8008.tmp --------- 132  
 03.02.2011 19:26     C:\Users\***\AppData\Local\Temp\~DF4275.tmp --------- 16384  
 03.02.2011 19:26     C:\Users\***\AppData\Local\Temp\~DF6D85.tmp --------- 16384  
 03.02.2011 19:26     C:\Users\***\AppData\Local\Temp\MARF94E.tmp --------- 1285  
 03.02.2011 19:26     C:\Users\***\AppData\Local\Temp\MAREB57.tmp --------- 1342  
 03.02.2011 19:26     C:\Users\***\AppData\Local\Temp\divC33E.tmp --------- 0  
 02.02.2011 16:32     C:\Users\***\AppData\Local\Temp\~DF1E3E.tmp --------- 81920  
 02.02.2011 00:51     C:\Users\***\AppData\Local\Temp\divF21B.tmp --------- 0  
 02.02.2011 00:38     C:\Users\***\AppData\Local\Temp\~DF504F.tmp --------- 81920  
 02.02.2011 00:26     C:\Users\***\AppData\Local\Temp\E220AutoRunLog.tmp --------- 20836  
 02.02.2011 00:24     C:\Users\***\AppData\Local\Temp\UTPSDLL --------- 0  
 02.02.2011 00:21     C:\Users\***\AppData\Local\Temp\STSAB8B.tmp --------- 132  
 02.02.2011 00:21     C:\Users\***\AppData\Local\Temp\~DF503A.tmp --------- 16384  
 02.02.2011 00:21     C:\Users\***\AppData\Local\Temp\MAR47BA.tmp --------- 1285  
 02.02.2011 00:21     C:\Users\***\AppData\Local\Temp\MAR43E2.tmp --------- 1342  
 02.02.2011 00:21     C:\Users\***\AppData\Local\Temp\~DFA072.tmp --------- 16384  
 02.02.2011 00:17     C:\Users\***\AppData\Local\Temp\nsm14F8.tmp --------- 0  
 02.02.2011 00:16     C:\Users\***\AppData\Local\Temp\nswB8E3.tmp --------- 15720496  
 02.02.2011 00:14     C:\Users\***\AppData\Local\Temp\Dat43A4.tmp --------- 0  
 02.02.2011 00:12     C:\Users\***\AppData\Local\Temp\~DF693.tmp --------- 16384  
 02.02.2011 00:12     C:\Users\***\AppData\Local\Temp\div3928.tmp --------- 0  
 31.01.2011 22:42     C:\Users\***\AppData\Local\Temp\Low --------- 12288  
 31.01.2011 20:45     C:\Users\***\AppData\Local\Temp\au-descriptor-uac-1.6.0_20-b76.xml --------- 8854  
 31.01.2011 20:41     C:\Users\***\AppData\Local\Temp\STS67A8.tmp --------- 132  
 31.01.2011 20:41     C:\Users\***\AppData\Local\Temp\~DF8757.tmp --------- 16384  
 31.01.2011 20:40     C:\Users\***\AppData\Local\Temp\div10F0.tmp --------- 0  
 31.01.2011 20:40     C:\Users\***\AppData\Local\Temp\MAR7FE9.tmp --------- 1285  
 31.01.2011 20:40     C:\Users\***\AppData\Local\Temp\MAR6A46.tmp --------- 1342  
 31.01.2011 20:40     C:\Users\***\AppData\Local\Temp\~DF3939.tmp --------- 16384  
 30.01.2011 20:02     C:\Users\***\AppData\Local\Temp\STSD3B5.tmp --------- 132  
 30.01.2011 20:02     C:\Users\***\AppData\Local\Temp\~DFA294.tmp --------- 16384  
 30.01.2011 20:01     C:\Users\***\AppData\Local\Temp\div7B27.tmp --------- 0  
 30.01.2011 20:01     C:\Users\***\AppData\Local\Temp\MAR1583.tmp --------- 1285  
 30.01.2011 20:01     C:\Users\***\AppData\Local\Temp\~DFABB4.tmp --------- 16384  
 30.01.2011 20:01     C:\Users\***\AppData\Local\Temp\MAR9CF.tmp --------- 1342  
 30.01.2011 19:07     C:\Users\***\AppData\Local\Temp\~DFF7B9.tmp --------- 16384  
 30.01.2011 17:49     C:\Users\***\AppData\Local\Temp\~DF2F83.tmp --------- 36864  
 30.01.2011 17:24     C:\Users\***\AppData\Local\Temp\B74.tmp --------- 311248  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DFAD6C.tmp --------- 512  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DFACEA.tmp --------- 32768  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DFAC63.tmp --------- 512  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DFABF6.tmp --------- 16384  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DFAB16.tmp --------- 512  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DFAAF9.tmp --------- 32768  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DFDCCF.tmp --------- 16384  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\STSA15E.tmp --------- 132  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DF53B8.tmp --------- 16384  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\MAR33FB.tmp --------- 1285  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\MAR2AC7.tmp --------- 1342  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\~DF92D7.tmp --------- 16384  
 30.01.2011 17:23     C:\Users\***\AppData\Local\Temp\divE1D5.tmp --------- 0  
 30.01.2011 17:22     C:\Users\***\AppData\Local\Temp\wmplog08.sqm --------- 1284  
 29.01.2011 23:52     C:\Users\***\AppData\Local\Temp\D577.tmp --------- 311248  
 29.01.2011 23:49     C:\Users\***\AppData\Local\Temp\STSB193.tmp --------- 132  
 29.01.2011 23:49     C:\Users\***\AppData\Local\Temp\~DF649B.tmp --------- 16384  
 29.01.2011 23:49     C:\Users\***\AppData\Local\Temp\divA005.tmp --------- 0  
 29.01.2011 23:49     C:\Users\***\AppData\Local\Temp\MAR1777.tmp --------- 1285  
 29.01.2011 23:49     C:\Users\***\AppData\Local\Temp\~DF95F3.tmp --------- 16384  
 29.01.2011 23:49     C:\Users\***\AppData\Local\Temp\MARD29.tmp --------- 1342  
 29.01.2011 22:45     C:\Users\***\AppData\Local\Temp\{8E2DAE68-D6A7-4CA6-8014-4F0FD5ECA710} --------- 0  
 29.01.2011 20:28     C:\Users\***\AppData\Local\Temp\8AC2.tmp --------- 311248  
 29.01.2011 19:33     C:\Users\***\AppData\Local\Temp\STS7899.tmp --------- 132  
 29.01.2011 19:33     C:\Users\***\AppData\Local\Temp\~DF8273.tmp --------- 16384  
 29.01.2011 19:32     C:\Users\***\AppData\Local\Temp\divB20F.tmp --------- 0  
 29.01.2011 19:32     C:\Users\***\AppData\Local\Temp\~DF4A39.tmp --------- 16384  
 29.01.2011 19:32     C:\Users\***\AppData\Local\Temp\MAR197A.tmp --------- 1285  
 29.01.2011 19:32     C:\Users\***\AppData\Local\Temp\MARDA18.tmp --------- 1342  
 29.01.2011 18:12     C:\Users\***\AppData\Local\Temp\divEEC6.tmp --------- 0  
 29.01.2011 17:42     C:\Users\***\AppData\Local\Temp\div6F97.tmp --------- 0  
 29.01.2011 16:39     C:\Users\***\AppData\Local\Temp\wmplog07.sqm --------- 1550  
 29.01.2011 16:37     C:\Users\***\AppData\Local\Temp\wmplog06.sqm --------- 1550  
 29.01.2011 16:32     C:\Users\***\AppData\Local\Temp\wmplog05.sqm --------- 1814  
 29.01.2011 16:28     C:\Users\***\AppData\Local\Temp\DivF5F6.tmp --------- 0  
 29.01.2011 16:22     C:\Users\***\AppData\Local\Temp\wmplog04.sqm --------- 1550  
 29.01.2011 14:39     C:\Users\***\AppData\Local\Temp\EFEB.tmp --------- 311248  
 29.01.2011 14:36     C:\Users\***\AppData\Local\Temp\~DF60BB.tmp --------- 16384  
 29.01.2011 14:27     C:\Users\***\AppData\Local\Temp\{09CD8ACB-E753-4154-B50E-972AC0E8A361} --------- 0  
 29.01.2011 14:18     C:\Users\***\AppData\Local\Temp\Google Toolbar --------- 0  
 29.01.2011 13:48     C:\Users\***\AppData\Local\Temp\ImageDebug --------- 0  
 29.01.2011 13:38     C:\Users\***\AppData\Local\Temp\WinSAT_StorageAsmt.etl --------- 3145728  
 29.01.2011 13:36     C:\Users\***\AppData\Local\Temp\WinSAT_DX.etl --------- 11534336  
 29.01.2011 13:36     C:\Users\***\AppData\Local\Temp\WinSAT_KernelLog.etl --------- 13631488  
 29.01.2011 12:35     C:\Users\***\AppData\Local\Temp\SnS --------- 0  
 29.01.2011 12:34     C:\Users\***\AppData\Local\Temp\~e5.0001.dir.0000 --------- 0  
 29.01.2011 12:34     C:\Users\***\AppData\Local\Temp\~e5.0001 --------- 72192  
 29.01.2011 12:32     C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #001.txt --------- 73592  
 29.01.2011 12:30     C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #004.txt --------- 7067  
 29.01.2011 12:29     C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #003.txt --------- 4292  
 29.01.2011 12:29     C:\Users\***\AppData\Local\Temp\GenericTdiDll.txt --------- 2  
 29.01.2011 12:25     C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #002.txt --------- 6275  
 28.01.2011 22:36     C:\Users\***\AppData\Local\Temp\shtdf~~ --------- 721  
 28.01.2011 22:36     C:\Users\***\AppData\Local\Temp\STSA7C.tmp --------- 132  
 28.01.2011 22:36     C:\Users\***\AppData\Local\Temp\~DFA397.tmp --------- 16384  
 28.01.2011 22:35     C:\Users\***\AppData\Local\Temp\MAR51AA.tmp --------- 1285  
 28.01.2011 22:35     C:\Users\***\AppData\Local\Temp\MARE9C2.tmp --------- 1342  
 28.01.2011 22:33     C:\Users\***\AppData\Local\Temp\~DF73B5.tmp --------- 16384  
 27.01.2011 23:28     C:\Users\***\AppData\Local\Temp\STS2397.tmp --------- 132  
 27.01.2011 23:28     C:\Users\***\AppData\Local\Temp\~DF9FE1.tmp --------- 16384  
 27.01.2011 23:28     C:\Users\***\AppData\Local\Temp\MAR1841.tmp --------- 1285  
 27.01.2011 23:27     C:\Users\***\AppData\Local\Temp\MARDF46.tmp --------- 1342  
 27.01.2011 23:26     C:\Users\***\AppData\Local\Temp\wmplog03.sqm --------- 1284  
 27.01.2011 23:24     C:\Users\***\AppData\Local\Temp\~DF2FD5.tmp --------- 16384  
 27.01.2011 22:09     C:\Users\***\AppData\Local\Temp\STS8288.tmp --------- 132  
 27.01.2011 22:09     C:\Users\***\AppData\Local\Temp\~DFD525.tmp --------- 16384  
 27.01.2011 22:09     C:\Users\***\AppData\Local\Temp\MARC3BC.tmp --------- 1285  
 27.01.2011 22:09     C:\Users\***\AppData\Local\Temp\MARBAD5.tmp --------- 1342  
 27.01.2011 22:07     C:\Users\***\AppData\Local\Temp\wmplog02.sqm --------- 1340  
 27.01.2011 22:06     C:\Users\***\AppData\Local\Temp\~DF2EF7.tmp --------- 16384  
 26.01.2011 21:32     C:\Users\***\AppData\Local\Temp\STS9D87.tmp --------- 132  
 26.01.2011 21:32     C:\Users\***\AppData\Local\Temp\~DF770F.tmp --------- 16384  
 26.01.2011 21:32     C:\Users\***\AppData\Local\Temp\MAR6E3.tmp --------- 1285  
 26.01.2011 21:32     C:\Users\***\AppData\Local\Temp\MAREF7C.tmp --------- 1342  
 26.01.2011 21:31     C:\Users\***\AppData\Local\Temp\~DFE432.tmp --------- 16384  
 26.01.2011 21:31     C:\Users\***\AppData\Local\Temp\wmplog01.sqm --------- 1284  
 26.01.2011 19:28     C:\Users\***\AppData\Local\Temp\F8CF.tmp --------- 311248  
 26.01.2011 19:21     C:\Users\***\AppData\Local\Temp\STS9972.tmp --------- 132  
 26.01.2011 19:21     C:\Users\***\AppData\Local\Temp\~DF4D91.tmp --------- 16384  
 26.01.2011 19:21     C:\Users\***\AppData\Local\Temp\MARB26E.tmp --------- 1285  
 26.01.2011 19:20     C:\Users\***\AppData\Local\Temp\~DF4B1E.tmp --------- 16384  
 26.01.2011 19:20     C:\Users\***\AppData\Local\Temp\MAR8B5D.tmp --------- 1342  
 26.01.2011 19:18     C:\Users\***\AppData\Local\Temp\wmplog00.sqm --------- 1548  
 25.01.2011 22:19     C:\Users\***\AppData\Local\Temp\STSAFBF.tmp --------- 132  
 25.01.2011 22:19     C:\Users\***\AppData\Local\Temp\~DFCB97.tmp --------- 16384  
 25.01.2011 22:19     C:\Users\***\AppData\Local\Temp\wmsetup.log --------- 49844  
 25.01.2011 22:18     C:\Users\***\AppData\Local\Temp\MAR626B.tmp --------- 1285  
 25.01.2011 22:17     C:\Users\***\AppData\Local\Temp\MARE11B.tmp --------- 1342  
 25.01.2011 22:14     C:\Users\***\AppData\Local\Temp\~DFBDB7.tmp --------- 16384  
 24.01.2011 20:15     C:\Users\***\AppData\Local\Temp\AE58.tmp --------- 311248  
 24.01.2011 20:04     C:\Users\***\AppData\Local\Temp\STSAE68.tmp --------- 132  
 24.01.2011 20:04     C:\Users\***\AppData\Local\Temp\~DF73FD.tmp --------- 16384  
 24.01.2011 20:03     C:\Users\***\AppData\Local\Temp\MARD49E.tmp --------- 1285  
 24.01.2011 20:03     C:\Users\***\AppData\Local\Temp\MAR733D.tmp --------- 1342  
 24.01.2011 20:01     C:\Users\***\AppData\Local\Temp\~DF56B4.tmp --------- 16384  
 23.01.2011 13:29     C:\Users\***\AppData\Local\Temp\695C.tmp --------- 311248  
 23.01.2011 13:24     C:\Users\***\AppData\Local\Temp\STS8ED7.tmp --------- 132  
 23.01.2011 13:24     C:\Users\***\AppData\Local\Temp\~DFC675.tmp --------- 16384  
 23.01.2011 13:23     C:\Users\***\AppData\Local\Temp\MAR5A02.tmp --------- 1285  
 23.01.2011 13:23     C:\Users\***\AppData\Local\Temp\MAR27AB.tmp --------- 1342  
 23.01.2011 13:23     C:\Users\***\AppData\Local\Temp\~DFE050.tmp --------- 16384  
 22.01.2011 16:52     C:\Users\***\AppData\Local\Temp\C0FD.tmp --------- 311248  
 22.01.2011 16:48     C:\Users\***\AppData\Local\Temp\STS4E01.tmp --------- 132  
 22.01.2011 16:48     C:\Users\***\AppData\Local\Temp\~DFD8D1.tmp --------- 16384  
 22.01.2011 16:47     C:\Users\***\AppData\Local\Temp\~DF87F.tmp --------- 16384  
 22.01.2011 16:47     C:\Users\***\AppData\Local\Temp\MARED6B.tmp --------- 1285  
 22.01.2011 16:47     C:\Users\***\AppData\Local\Temp\MARDDA1.tmp --------- 1342  
 22.01.2011 15:39     C:\Users\***\AppData\Local\Temp\Acr9255.tmp --------- 358  
 22.01.2011 15:37     C:\Users\***\AppData\Local\Temp\Acr9254.tmp --------- 2048000  
 22.01.2011 13:01     C:\Users\***\AppData\Local\Temp\STS8823.tmp --------- 132  
 22.01.2011 13:01     C:\Users\***\AppData\Local\Temp\~DF86B1.tmp --------- 16384  
 22.01.2011 13:00     C:\Users\***\AppData\Local\Temp\MAR849A.tmp --------- 1285  
 22.01.2011 13:00     C:\Users\***\AppData\Local\Temp\MAR6B7E.tmp --------- 1342  
 22.01.2011 12:59     C:\Users\***\AppData\Local\Temp\~DFF931.tmp --------- 16384  
 21.01.2011 18:31     C:\Users\***\AppData\Local\Temp\88FD.tmp --------- 311248  
 21.01.2011 18:25     C:\Users\***\AppData\Local\Temp\STSBFB6.tmp --------- 132  
 21.01.2011 18:25     C:\Users\***\AppData\Local\Temp\~DFD1CF.tmp --------- 16384  
 21.01.2011 18:24     C:\Users\***\AppData\Local\Temp\MARF6BD.tmp --------- 1285  
 21.01.2011 18:24     C:\Users\***\AppData\Local\Temp\MARE771.tmp --------- 1342  
 21.01.2011 18:22     C:\Users\***\AppData\Local\Temp\~DFB5D1.tmp --------- 16384  
 21.01.2011 18:09     C:\Users\***\AppData\Local\Temp\STS6789.tmp --------- 132  
 21.01.2011 18:09     C:\Users\***\AppData\Local\Temp\~DF7050.tmp --------- 16384  
 21.01.2011 18:09     C:\Users\***\AppData\Local\Temp\MARF5C4.tmp --------- 1285  
 21.01.2011 18:09     C:\Users\***\AppData\Local\Temp\MAREFBA.tmp --------- 1342  
 21.01.2011 18:06     C:\Users\***\AppData\Local\Temp\~DFDED1.tmp --------- 16384  
 20.01.2011 22:06     C:\Users\***\AppData\Local\Temp\DE6C.tmp --------- 311248  
 20.01.2011 21:58     C:\Users\***\AppData\Local\Temp\STSC91A.tmp --------- 132  
 20.01.2011 21:58     C:\Users\***\AppData\Local\Temp\~DF234F.tmp --------- 16384  
 20.01.2011 21:58     C:\Users\***\AppData\Local\Temp\MAR624C.tmp --------- 1285  
 20.01.2011 21:58     C:\Users\***\AppData\Local\Temp\MAR5BF5.tmp --------- 1342  
 20.01.2011 21:58     C:\Users\***\AppData\Local\Temp\~DF3797.tmp --------- 16384  
 19.01.2011 20:10     C:\Users\***\AppData\Local\Temp\A87E.tmp --------- 311248  
 19.01.2011 19:44     C:\Users\***\AppData\Local\Temp\STSB146.tmp --------- 132  
 19.01.2011 19:44     C:\Users\***\AppData\Local\Temp\~DF7906.tmp --------- 16384  
 19.01.2011 19:44     C:\Users\***\AppData\Local\Temp\~DF7B4A.tmp --------- 16384  
 19.01.2011 19:44     C:\Users\***\AppData\Local\Temp\MARF7B.tmp --------- 1285  
 19.01.2011 19:44     C:\Users\***\AppData\Local\Temp\MAR1E3.tmp --------- 1342  
 18.01.2011 21:45     C:\Users\***\AppData\Local\Temp\STS6FC3.tmp --------- 132  
 18.01.2011 21:44     C:\Users\***\AppData\Local\Temp\~DFFD7.tmp --------- 16384  
 18.01.2011 21:44     C:\Users\***\AppData\Local\Temp\MARC072.tmp --------- 1285  
 18.01.2011 21:44     C:\Users\***\AppData\Local\Temp\MARA2C5.tmp --------- 1342  
 18.01.2011 21:41     C:\Users\***\AppData\Local\Temp\~DFFF71.tmp --------- 16384  
 17.01.2011 20:53     C:\Users\***\AppData\Local\Temp\9C9D.tmp --------- 311248  
 17.01.2011 20:04     C:\Users\***\AppData\Local\Temp\STSCD4D.tmp --------- 132  
 17.01.2011 20:04     C:\Users\***\AppData\Local\Temp\~DFABF7.tmp --------- 16384  
 17.01.2011 20:03     C:\Users\***\AppData\Local\Temp\MAR190C.tmp --------- 1285  
 17.01.2011 20:03     C:\Users\***\AppData\Local\Temp\MARDC5.tmp --------- 1342  
 17.01.2011 20:00     C:\Users\***\AppData\Local\Temp\~DF1AE2.tmp --------- 16384  
 16.01.2011 22:31     C:\Users\***\AppData\Local\Temp\dd_vcredistUI6A0A.txt --------- 11710  
 16.01.2011 22:31     C:\Users\***\AppData\Local\Temp\dd_vcredistMSI6A0A.txt --------- 443044  
 16.01.2011 13:02     C:\Users\***\AppData\Local\Temp\5DC8.tmp --------- 311248  
 16.01.2011 12:55     C:\Users\***\AppData\Local\Temp\STSB86.tmp --------- 132  
 16.01.2011 12:55     C:\Users\***\AppData\Local\Temp\~DFD2FD.tmp --------- 16384  
 16.01.2011 12:55     C:\Users\***\AppData\Local\Temp\MAR8D80.tmp --------- 1285  
 16.01.2011 12:55     C:\Users\***\AppData\Local\Temp\MAR8870.tmp --------- 1342  
 16.01.2011 12:52     C:\Users\***\AppData\Local\Temp\~DF10E4.tmp --------- 16384  
 15.01.2011 20:25     C:\Users\***\AppData\Local\Temp\STSFDEE.tmp --------- 132  
 15.01.2011 20:24     C:\Users\***\AppData\Local\Temp\~DFFA56.tmp --------- 16384  
 15.01.2011 20:24     C:\Users\***\AppData\Local\Temp\MAR2626.tmp --------- 1285  
 15.01.2011 20:24     C:\Users\***\AppData\Local\Temp\MAR1E87.tmp --------- 1342  
 15.01.2011 20:22     C:\Users\***\AppData\Local\Temp\~DF19D0.tmp --------- 16384  
 15.01.2011 14:24     C:\Users\***\AppData\Local\Temp\STSD807.tmp --------- 132  
 15.01.2011 14:24     C:\Users\***\AppData\Local\Temp\~DF434.tmp --------- 16384  
 15.01.2011 14:23     C:\Users\***\AppData\Local\Temp\MARA7B4.tmp --------- 1285  
 15.01.2011 14:23     C:\Users\***\AppData\Local\Temp\MARA35F.tmp --------- 1342  
 15.01.2011 14:22     C:\Users\***\AppData\Local\Temp\~DFCA4E.tmp --------- 16384  
 15.01.2011 14:17     C:\Users\***\AppData\Local\Temp\STS90CA.tmp --------- 132  
 15.01.2011 14:17     C:\Users\***\AppData\Local\Temp\~DF40.tmp --------- 16384  
 15.01.2011 14:16     C:\Users\***\AppData\Local\Temp\MAR8E1C.tmp --------- 1285  
 15.01.2011 14:16     C:\Users\***\AppData\Local\Temp\MAR3561.tmp --------- 1342  
 15.01.2011 14:13     C:\Users\***\AppData\Local\Temp\~DFBDE4.tmp --------- 16384  
 14.01.2011 18:10     C:\Users\***\AppData\Local\Temp\STS9AB9.tmp --------- 132  
 14.01.2011 18:10     C:\Users\***\AppData\Local\Temp\~DFEFA.tmp --------- 16384  
 14.01.2011 18:09     C:\Users\***\AppData\Local\Temp\MAR8B10.tmp --------- 1285  
 14.01.2011 18:09     C:\Users\***\AppData\Local\Temp\MAR6A96.tmp --------- 1342  
 14.01.2011 18:07     C:\Users\***\AppData\Local\Temp\~DFA04C.tmp --------- 16384  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\415303181911737796.tmp --------- 3298  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\286185815511737140.tmp --------- 81501  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\103842929111737749.tmp --------- 5  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\16825761111737733.tmp --------- 64878  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\339705145811727453.tmp --------- 81501  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\151161009911727468.tmp --------- 81  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\46019408211727375.tmp --------- 36656  
 14.01.2011 00:27     C:\Users\***\AppData\Local\Temp\114121850811725674.tmp --------- 107  
 14.01.2011 00:24     C:\Users\***\AppData\Local\Temp\B0FA.tmp --------- 311248  
 13.01.2011 21:17     C:\Users\***\AppData\Local\Temp\STS40A8.tmp --------- 132  
 13.01.2011 21:17     C:\Users\***\AppData\Local\Temp\~DF4842.tmp --------- 16384  
 13.01.2011 21:16     C:\Users\***\AppData\Local\Temp\MAR7DA8.tmp --------- 1285  
 13.01.2011 21:16     C:\Users\***\AppData\Local\Temp\MAR6A76.tmp --------- 1342  
 13.01.2011 21:13     C:\Users\***\AppData\Local\Temp\~DFC7B9.tmp --------- 16384  
 12.01.2011 20:41     C:\Users\***\AppData\Local\Temp\4D08.tmp --------- 311248  
 12.01.2011 19:09     C:\Users\***\AppData\Local\Temp\STSB00D.tmp --------- 132  
 12.01.2011 19:08     C:\Users\***\AppData\Local\Temp\~DFDC2A.tmp --------- 16384  
 12.01.2011 19:08     C:\Users\***\AppData\Local\Temp\MARB80A.tmp --------- 1285  
 12.01.2011 19:08     C:\Users\***\AppData\Local\Temp\MARAA71.tmp --------- 1342  
 12.01.2011 19:05     C:\Users\***\AppData\Local\Temp\~DF808A.tmp --------- 16384  
 11.01.2011 21:16     C:\Users\***\AppData\Local\Temp\STSB200.tmp --------- 132  
 11.01.2011 21:15     C:\Users\***\AppData\Local\Temp\~DF1A74.tmp --------- 16384  
 11.01.2011 21:15     C:\Users\***\AppData\Local\Temp\MAREE83.tmp --------- 1285  
 11.01.2011 21:15     C:\Users\***\AppData\Local\Temp\MARE993.tmp --------- 1342  
 11.01.2011 21:12     C:\Users\***\AppData\Local\Temp\~DF39D5.tmp --------- 16384  
 10.01.2011 18:29     C:\Users\***\AppData\Local\Temp\STS1055.tmp --------- 132  
 10.01.2011 18:29     C:\Users\***\AppData\Local\Temp\~DFCA5A.tmp --------- 16384  
 10.01.2011 18:29     C:\Users\***\AppData\Local\Temp\MARB174.tmp --------- 1285  
 10.01.2011 18:29     C:\Users\***\AppData\Local\Temp\MARAA42.tmp --------- 1342  
 10.01.2011 18:26     C:\Users\***\AppData\Local\Temp\~DF1DBE.tmp --------- 16384  
 09.01.2011 23:02     C:\Users\***\AppData\Local\Temp\BC9F.tmp --------- 311248  
 09.01.2011 18:29     C:\Users\***\AppData\Local\Temp\STS21C3.tmp --------- 132  
 09.01.2011 18:29     C:\Users\***\AppData\Local\Temp\~DFBC16.tmp --------- 16384  
 09.01.2011 18:27     C:\Users\***\AppData\Local\Temp\MAR8C49.tmp --------- 1285  
 09.01.2011 18:26     C:\Users\***\AppData\Local\Temp\MAR8880.tmp --------- 1342  
 09.01.2011 18:24     C:\Users\***\AppData\Local\Temp\~DF64C5.tmp --------- 16384  
 09.01.2011 12:34     C:\Users\***\AppData\Local\Temp\9F2B.tmp --------- 311248  
 09.01.2011 12:29     C:\Users\***\AppData\Local\Temp\STS2F4A.tmp --------- 132  
 09.01.2011 12:29     C:\Users\***\AppData\Local\Temp\~DF67BE.tmp --------- 16384  
 09.01.2011 12:28     C:\Users\***\AppData\Local\Temp\MAR757E.tmp --------- 1285  
 09.01.2011 12:28     C:\Users\***\AppData\Local\Temp\MAR5023.tmp --------- 1342  
 09.01.2011 12:27     C:\Users\***\AppData\Local\Temp\~DF3225.tmp --------- 16384  
 08.01.2011 11:50     C:\Users\***\AppData\Local\Temp\STS78B8.tmp --------- 132  
 08.01.2011 11:50     C:\Users\***\AppData\Local\Temp\~DFD5C8.tmp --------- 16384  
 08.01.2011 11:49     C:\Users\***\AppData\Local\Temp\MARA065.tmp --------- 1285  
 08.01.2011 11:49     C:\Users\***\AppData\Local\Temp\MAR99FD.tmp --------- 1342  
 08.01.2011 11:47     C:\Users\***\AppData\Local\Temp\~DF1F23.tmp --------- 16384  
 07.01.2011 23:24     C:\Users\***\AppData\Local\Temp\MSI4919b.LOG --------- 16000  
 07.01.2011 23:24     C:\Users\***\AppData\Local\Temp\MSI4919a.LOG --------- 16008  
 07.01.2011 23:24     C:\Users\***\AppData\Local\Temp\MSI3b37b.LOG --------- 804  
 07.01.2011 23:23     C:\Users\***\AppData\Local\Temp\mia89AE.tmp --------- 0  
 07.01.2011 18:33     C:\Users\***\AppData\Local\Temp\F71A.tmp --------- 311248  
 07.01.2011 18:26     C:\Users\***\AppData\Local\Temp\STSE225.tmp --------- 132  
 07.01.2011 18:26     C:\Users\***\AppData\Local\Temp\~DFCDBD.tmp --------- 16384  
 07.01.2011 18:26     C:\Users\***\AppData\Local\Temp\MAR4691.tmp --------- 1285  
 07.01.2011 18:26     C:\Users\***\AppData\Local\Temp\MAR4153.tmp --------- 1342  
 07.01.2011 18:25     C:\Users\***\AppData\Local\Temp\~DF7E63.tmp --------- 16384  
 06.01.2011 14:47     C:\Users\***\AppData\Local\Temp\8315.tmp --------- 311248  
 06.01.2011 12:55     C:\Users\***\AppData\Local\Temp\STS9B2.tmp --------- 132  
 06.01.2011 12:55     C:\Users\***\AppData\Local\Temp\~DF1F50.tmp --------- 16384  
 06.01.2011 12:54     C:\Users\***\AppData\Local\Temp\MAR3C93.tmp --------- 1285  
 06.01.2011 12:54     C:\Users\***\AppData\Local\Temp\MAR2FE5.tmp --------- 1342  
 06.01.2011 12:54     C:\Users\***\AppData\Local\Temp\~DF4A85.tmp --------- 16384  
 05.01.2011 20:15     C:\Users\***\AppData\Local\Temp\STS6A5.tmp --------- 132  
 05.01.2011 20:15     C:\Users\***\AppData\Local\Temp\~DF3294.tmp --------- 16384  
 05.01.2011 20:15     C:\Users\***\AppData\Local\Temp\~DF86E9.tmp --------- 16384  
 05.01.2011 20:15     C:\Users\***\AppData\Local\Temp\MARB664.tmp --------- 1285  
 05.01.2011 20:14     C:\Users\***\AppData\Local\Temp\MARABBA.tmp --------- 1342  
 05.01.2011 19:24     C:\Users\***\AppData\Local\Temp\1573.tmp --------- 311248  
 05.01.2011 19:18     C:\Users\***\AppData\Local\Temp\STSB85.tmp --------- 132  
 05.01.2011 19:18     C:\Users\***\AppData\Local\Temp\~DFA0DC.tmp --------- 16384  
 05.01.2011 19:18     C:\Users\***\AppData\Local\Temp\~DFA7B8.tmp --------- 16384  
 05.01.2011 19:17     C:\Users\***\AppData\Local\Temp\MAR3AA0.tmp --------- 1285  
 05.01.2011 19:17     C:\Users\***\AppData\Local\Temp\MAR3208.tmp --------- 1342  
 04.01.2011 20:55     C:\Users\***\AppData\Local\Temp\STS6D15.tmp --------- 132  
 04.01.2011 20:55     C:\Users\***\AppData\Local\Temp\~DF3115.tmp --------- 16384  
 04.01.2011 20:55     C:\Users\***\AppData\Local\Temp\MARB164.tmp --------- 1285  
 04.01.2011 20:54     C:\Users\***\AppData\Local\Temp\MARA063.tmp --------- 1342  
 04.01.2011 20:53     C:\Users\***\AppData\Local\Temp\~DFA6FD.tmp --------- 16384  
 03.01.2011 18:32     C:\Users\***\AppData\Local\Temp\STS80C4.tmp --------- 132  
 03.01.2011 18:32     C:\Users\***\AppData\Local\Temp\~DFC6EC.tmp --------- 16384  
 03.01.2011 18:32     C:\Users\***\AppData\Local\Temp\~DF1B1D.tmp --------- 16384  
 03.01.2011 18:31     C:\Users\***\AppData\Local\Temp\MAR7B48.tmp --------- 1285  
 03.01.2011 18:31     C:\Users\***\AppData\Local\Temp\MAR5E83.tmp --------- 1342  
 03.01.2011 10:19     C:\Users\***\AppData\Local\Temp\GLF1C3F.tmp.ConduitEngineSetup.exe --------- 158048  
 03.01.2011 10:16     C:\Users\***\AppData\Local\Temp\prxGLF1C3F.tmp.tbElf_.dll --------- 175400  
 02.01.2011 15:29     C:\Users\***\AppData\Local\Temp\STS6CC8.tmp --------- 132  
 02.01.2011 15:29     C:\Users\***\AppData\Local\Temp\~DFD424.tmp --------- 16384  
 02.01.2011 15:28     C:\Users\***\AppData\Local\Temp\MAR1A36.tmp --------- 1285  
 02.01.2011 15:28     C:\Users\***\AppData\Local\Temp\MARD0A.tmp --------- 1342  
 02.01.2011 15:28     C:\Users\***\AppData\Local\Temp\~DF6575.tmp --------- 16384  
 02.01.2011 00:15     C:\Users\***\AppData\Local\Temp\STSC093.tmp --------- 132  
 02.01.2011 00:15     C:\Users\***\AppData\Local\Temp\~DF102D.tmp --------- 16384  
 02.01.2011 00:14     C:\Users\***\AppData\Local\Temp\~DFA399.tmp --------- 16384  
 02.01.2011 00:13     C:\Users\***\AppData\Local\Temp\MAR2AE7.tmp --------- 1285  
 02.01.2011 00:13     C:\Users\***\AppData\Local\Temp\MAR1A14.tmp --------- 1342  
 01.01.2011 14:56     C:\Users\***\AppData\Local\Temp\STS124A.tmp --------- 132  
 01.01.2011 14:56     C:\Users\***\AppData\Local\Temp\~DF671C.tmp --------- 16384  
 01.01.2011 14:55     C:\Users\***\AppData\Local\Temp\~DFDF4A.tmp --------- 16384  
 01.01.2011 14:55     C:\Users\***\AppData\Local\Temp\MAR96D3.tmp --------- 1285  
 01.01.2011 14:55     C:\Users\***\AppData\Local\Temp\MAR75DA.tmp --------- 1342  
 31.12.2010 21:43     C:\Users\***\AppData\Local\Temp\F601.tmp --------- 311248  
 31.12.2010 21:41     C:\Users\***\AppData\Local\Temp\STSFA.tmp --------- 132  
 31.12.2010 21:41     C:\Users\***\AppData\Local\Temp\~DFE40F.tmp --------- 16384  
 31.12.2010 21:40     C:\Users\***\AppData\Local\Temp\MAR51B8.tmp --------- 1285  
 31.12.2010 21:40     C:\Users\***\AppData\Local\Temp\MAR3DBA.tmp --------- 1342  
 31.12.2010 21:37     C:\Users\***\AppData\Local\Temp\~DF5727.tmp --------- 16384  
 31.12.2010 19:32     C:\Users\***\AppData\Local\Temp\WER4AF4.tmp.version.txt --------- 476  
 31.12.2010 19:25     C:\Users\***\AppData\Local\Temp\MAR1796.tmp --------- 1285  
 31.12.2010 19:25     C:\Users\***\AppData\Local\Temp\MAR144A.tmp --------- 1342  
 31.12.2010 19:22     C:\Users\***\AppData\Local\Temp\RES9B46.tmp --------- 1196  
 31.12.2010 19:22     C:\Users\***\AppData\Local\Temp\CSC9B25.tmp --------- 652  
 31.12.2010 19:22     C:\Users\***\AppData\Local\Temp\huledk3g.out --------- 490  
 31.12.2010 19:22     C:\Users\***\AppData\Local\Temp\huledk3g.cmdline --------- 407  
 31.12.2010 19:22     C:\Users\***\AppData\Local\Temp\huledk3g.0.cs --------- 15196  
 31.12.2010 19:21     C:\Users\***\AppData\Local\Temp\~DF48CE.tmp --------- 16384  
 31.12.2010 11:47     C:\Users\***\AppData\Local\Temp\311D.tmp --------- 311248  
 31.12.2010 11:40     C:\Users\***\AppData\Local\Temp\STS205C.tmp --------- 132  
 31.12.2010 11:40     C:\Users\***\AppData\Local\Temp\~DF1908.tmp --------- 16384  
 31.12.2010 11:40     C:\Users\***\AppData\Local\Temp\~DF2A03.tmp --------- 16384  
 31.12.2010 11:40     C:\Users\***\AppData\Local\Temp\MAR91E3.tmp --------- 1285  
 31.12.2010 11:39     C:\Users\***\AppData\Local\Temp\MAR757D.tmp --------- 1342  
 30.12.2010 19:57     C:\Users\***\AppData\Local\Temp\STS85A.tmp --------- 132  
 30.12.2010 19:57     C:\Users\***\AppData\Local\Temp\~DF6265.tmp --------- 16384  
 30.12.2010 19:56     C:\Users\***\AppData\Local\Temp\MAR7B38.tmp --------- 1285  
 30.12.2010 19:56     C:\Users\***\AppData\Local\Temp\MAR729F.tmp --------- 1342  
 30.12.2010 19:54     C:\Users\***\AppData\Local\Temp\~DFD56E.tmp --------- 16384  
 29.12.2010 19:23     C:\Users\***\AppData\Local\Temp\2941.tmp --------- 311248  
 29.12.2010 19:22     C:\Users\***\AppData\Local\Temp\STSD04B.tmp --------- 132  
 29.12.2010 19:22     C:\Users\***\AppData\Local\Temp\~DF4548.tmp --------- 16384  
 29.12.2010 19:22     C:\Users\***\AppData\Local\Temp\~DFFAF4.tmp --------- 16384  
 29.12.2010 19:22     C:\Users\***\AppData\Local\Temp\MAR2CCB.tmp --------- 1285  
 29.12.2010 19:22     C:\Users\***\AppData\Local\Temp\MAR24AF.tmp --------- 1342  
 28.12.2010 21:20     C:\Users\***\AppData\Local\Temp\F92C.tmp --------- 311248  
 28.12.2010 21:15     C:\Users\***\AppData\Local\Temp\STSE476.tmp --------- 132  
 28.12.2010 21:15     C:\Users\***\AppData\Local\Temp\~DF2659.tmp --------- 16384  
 28.12.2010 21:14     C:\Users\***\AppData\Local\Temp\MARE669.tmp --------- 1285  
 28.12.2010 21:14     C:\Users\***\AppData\Local\Temp\MARE11A.tmp --------- 1342  
 28.12.2010 21:11     C:\Users\***\AppData\Local\Temp\~DF46D.tmp --------- 16384  
 27.12.2010 19:34     C:\Users\***\AppData\Local\Temp\4327.tmp --------- 311248  
 27.12.2010 19:30     C:\Users\***\AppData\Local\Temp\STS405A.tmp --------- 132  
 27.12.2010 19:30     C:\Users\***\AppData\Local\Temp\~DF4CFB.tmp --------- 16384  
 27.12.2010 19:29     C:\Users\***\AppData\Local\Temp\MAR98C6.tmp --------- 1285  
 27.12.2010 19:29     C:\Users\***\AppData\Local\Temp\MAR866D.tmp --------- 1342  
 27.12.2010 19:27     C:\Users\***\AppData\Local\Temp\~DFB528.tmp --------- 16384  
 26.12.2010 18:54     C:\Users\***\AppData\Local\Temp\STS2923.tmp --------- 132  
 26.12.2010 18:54     C:\Users\***\AppData\Local\Temp\~DF4CEF.tmp --------- 16384  
 26.12.2010 18:54     C:\Users\***\AppData\Local\Temp\MARC513.tmp --------- 1285  
 26.12.2010 18:54     C:\Users\***\AppData\Local\Temp\MARB6B1.tmp --------- 1342  
 26.12.2010 18:51     C:\Users\***\AppData\Local\Temp\~DF2DC5.tmp --------- 16384  
 24.12.2010 09:33     C:\Users\***\AppData\Local\Temp\DIO6ECC.tmp --------- 47122  
 24.12.2010 09:31     C:\Users\***\AppData\Local\Temp\DIOC565.tmp --------- 47122  
 24.12.2010 09:31     C:\Users\***\AppData\Local\Temp\DIO7D7C.tmp --------- 47122  
 24.12.2010 09:29     C:\Users\***\AppData\Local\Temp\DIOFF95.tmp --------- 47122  
 24.12.2010 09:29     C:\Users\***\AppData\Local\Temp\STSBC10.tmp --------- 186  
 24.12.2010 09:10     C:\Users\***\AppData\Local\Temp\F768.tmp --------- 311248  
 24.12.2010 09:00     C:\Users\***\AppData\Local\Temp\~DF8200.tmp --------- 16384  
 24.12.2010 08:59     C:\Users\***\AppData\Local\Temp\MARC6A9.tmp --------- 1285  
 24.12.2010 08:59     C:\Users\***\AppData\Local\Temp\MARBDD2.tmp --------- 1342  
 24.12.2010 08:58     C:\Users\***\AppData\Local\Temp\~DFBDA.tmp --------- 16384  
 23.12.2010 18:17     C:\Users\***\AppData\Local\Temp\STS41E0.tmp --------- 132  
 23.12.2010 18:17     C:\Users\***\AppData\Local\Temp\~DF9D7E.tmp --------- 16384  
 23.12.2010 18:16     C:\Users\***\AppData\Local\Temp\MARD99D.tmp --------- 1285  
 23.12.2010 18:16     C:\Users\***\AppData\Local\Temp\MARD50A.tmp --------- 1342  
 23.12.2010 18:14     C:\Users\***\AppData\Local\Temp\~DF7337.tmp --------- 16384  
 22.12.2010 22:55     C:\Users\***\AppData\Local\Temp\9CEA.tmp --------- 311248  
 22.12.2010 22:54     C:\Users\***\AppData\Local\Temp\STSF70B.tmp --------- 132  
 22.12.2010 22:54     C:\Users\***\AppData\Local\Temp\~DF193D.tmp --------- 16384  
 22.12.2010 22:54     C:\Users\***\AppData\Local\Temp\MAR79F2.tmp --------- 1285  
 22.12.2010 22:54     C:\Users\***\AppData\Local\Temp\MAR7638.tmp --------- 1342  
 22.12.2010 22:51     C:\Users\***\AppData\Local\Temp\~DFCDE1.tmp --------- 16384  
 22.12.2010 20:55     C:\Users\***\AppData\Local\Temp\STS5D31.tmp --------- 132  
 22.12.2010 20:53     C:\Users\***\AppData\Local\Temp\DIOC68D.tmp --------- 47122  
 22.12.2010 20:53     C:\Users\***\AppData\Local\Temp\DIOBC5E.tmp --------- 47122  
 22.12.2010 20:13     C:\Users\***\AppData\Local\Temp\FA74.tmp --------- 311248  
 22.12.2010 20:09     C:\Users\***\AppData\Local\Temp\~DF9782.tmp --------- 16384  
 22.12.2010 20:08     C:\Users\***\AppData\Local\Temp\MAR7629.tmp --------- 1285  
 22.12.2010 20:08     C:\Users\***\AppData\Local\Temp\MAR69D9.tmp --------- 1342  
 22.12.2010 20:07     C:\Users\***\AppData\Local\Temp\~DFE326.tmp --------- 16384  
 21.12.2010 23:21     C:\Users\***\AppData\Local\Temp\BE3E.tmp --------- 311248  
 20.12.2010 20:07     C:\Users\***\AppData\Local\Temp\STS44AE.tmp --------- 132  
 20.12.2010 20:07     C:\Users\***\AppData\Local\Temp\~DFAC59.tmp --------- 16384  
 20.12.2010 20:06     C:\Users\***\AppData\Local\Temp\MARC014.tmp --------- 1285  
 20.12.2010 20:06     C:\Users\***\AppData\Local\Temp\MARB309.tmp --------- 1342  
 20.12.2010 20:03     C:\Users\***\AppData\Local\Temp\~DFD8BE.tmp --------- 16384  
 19.12.2010 16:46     C:\Users\***\AppData\Local\Temp\84E7.tmp --------- 311248  
 19.12.2010 16:45     C:\Users\***\AppData\Local\Temp\STSE8E8.tmp --------- 132  
 19.12.2010 16:45     C:\Users\***\AppData\Local\Temp\~DFC784.tmp --------- 16384  
 19.12.2010 16:45     C:\Users\***\AppData\Local\Temp\MAR7A6D.tmp --------- 1285  
 19.12.2010 16:45     C:\Users\***\AppData\Local\Temp\MAR75BB.tmp --------- 1342  
 19.12.2010 16:43     C:\Users\***\AppData\Local\Temp\~DF4479.tmp --------- 16384  
 19.12.2010 11:46     C:\Users\***\AppData\Local\Temp\B53A.tmp --------- 311248  
 19.12.2010 11:45     C:\Users\***\AppData\Local\Temp\STSA63E.tmp --------- 132  
 19.12.2010 11:45     C:\Users\***\AppData\Local\Temp\~DFAC02.tmp --------- 16384  
 19.12.2010 11:44     C:\Users\***\AppData\Local\Temp\MAR4A3B.tmp --------- 1285  
 19.12.2010 11:44     C:\Users\***\AppData\Local\Temp\MAR3F12.tmp --------- 1342  
 19.12.2010 11:42     C:\Users\***\AppData\Local\Temp\~DF4328.tmp --------- 16384  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_thunderstorm.png --------- 3388  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_sunny.png --------- 2200  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_storm.png --------- 3579  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_snow.png --------- 3223  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_rain.png --------- 3335  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_mostlysunny.png --------- 3131  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_mostlycloudy_night.png --------- 2725  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_mostlycloudy.png --------- 3600  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_mostlyclear_night.png --------- 2362  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_icy.png --------- 1079  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_haze.png --------- 2817  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_fog.png --------- 2268  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_flurries.png --------- 3296  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_cloudy.png --------- 2662  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_clear_night.png --------- 1351  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_chanceofthunderstorm.png --------- 3388  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_chanceofstorm.png --------- 3579  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_chanceofsleet.png --------- 3463  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_chanceofsnow.png --------- 3223  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\icon_chanceofrain.png --------- 3335  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\hover_glow.png --------- 526  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_thunderstorm.png --------- 26675  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_sunnyNight.png --------- 9259  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_storm.png --------- 23978  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_sleet.png --------- 23053  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_snow.png --------- 22162  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_rain.png --------- 20549  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_mostlySunnyNight.png --------- 14666  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_mostlySunnyDay.png --------- 19229  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_mostlyCloudyNight.png --------- 16676  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_mostlyCloudyDay.png --------- 22987  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_icy.png --------- 4989  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_haze.png --------- 19842  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_fog.png --------- 16687  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_flurries.png --------- 20935  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\gd_weather_cloudy.png --------- 16776  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\slate_open.png --------- 2883  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\slate_closed.png --------- 1293  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\slate_main.png --------- 1780  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\STS4BF7.tmp --------- 132  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\undocked-sunny.png --------- 7205  
 18.12.2010 23:50     C:\Users\***\AppData\Local\Temp\Google Gadget Cache --------- 0  
 18.12.2010 23:08     C:\Users\***\AppData\Local\Temp\DIO4715.tmp --------- 47122  
 18.12.2010 23:06     C:\Users\***\AppData\Local\Temp\DIOAC0.tmp --------- 47122  
 18.12.2010 23:05     C:\Users\***\AppData\Local\Temp\DIO2F9F.tmp --------- 47122  
 18.12.2010 19:06     C:\Users\***\AppData\Local\Temp\~DFA462.tmp --------- 16384  
 18.12.2010 19:05     C:\Users\***\AppData\Local\Temp\MAR69EA.tmp --------- 1285  
 18.12.2010 19:05     C:\Users\***\AppData\Local\Temp\MAR64DA.tmp --------- 1342  
 18.12.2010 19:03     C:\Users\***\AppData\Local\Temp\~DF607A.tmp --------- 16384  
 18.12.2010 17:08     C:\Users\***\AppData\Local\Temp\5A5F.tmp --------- 311248  
 18.12.2010 16:51     C:\Users\***\AppData\Local\Temp\STSF4F9.tmp --------- 132  
 18.12.2010 16:51     C:\Users\***\AppData\Local\Temp\~DFDBA6.tmp --------- 16384  
 18.12.2010 16:50     C:\Users\***\AppData\Local\Temp\MAR5254.tmp --------- 1285  
 18.12.2010 16:50     C:\Users\***\AppData\Local\Temp\MAR4826.tmp --------- 1342  
 18.12.2010 16:49     C:\Users\***\AppData\Local\Temp\~DF20BA.tmp --------- 16384  
 17.12.2010 20:51     C:\Users\***\AppData\Local\Temp\STS2877.tmp --------- 132  
 17.12.2010 20:51     C:\Users\***\AppData\Local\Temp\~DFF502.tmp --------- 16384  
 17.12.2010 20:50     C:\Users\***\AppData\Local\Temp\MAR7CCE.tmp --------- 1285  
 17.12.2010 20:50     C:\Users\***\AppData\Local\Temp\MAR6363.tmp --------- 1342  
 17.12.2010 20:49     C:\Users\***\AppData\Local\Temp\~DF2373.tmp --------- 16384  
 16.12.2010 23:58     C:\Users\***\AppData\Local\Temp\STS1F39.tmp --------- 132  
 16.12.2010 23:57     C:\Users\***\AppData\Local\Temp\DIO2512.tmp --------- 47122  
 16.12.2010 21:55     C:\Users\***\AppData\Local\Temp\~DF8FDA.tmp --------- 16384  
 16.12.2010 21:55     C:\Users\***\AppData\Local\Temp\MAR1FC1.tmp --------- 1285  
 16.12.2010 21:55     C:\Users\***\AppData\Local\Temp\MAR1A82.tmp --------- 1342  
 16.12.2010 21:51     C:\Users\***\AppData\Local\Temp\~DFC14D.tmp --------- 16384  
 15.12.2010 20:59     C:\Users\***\AppData\Local\Temp\85E1.tmp --------- 311248  
 15.12.2010 20:59     C:\Users\***\AppData\Local\Temp\STS83FF.tmp --------- 132  
 15.12.2010 20:59     C:\Users\***\AppData\Local\Temp\~DF3A4C.tmp --------- 16384  
 15.12.2010 20:58     C:\Users\***\AppData\Local\Temp\MAR6069.tmp --------- 1285  
 15.12.2010 20:57     C:\Users\***\AppData\Local\Temp\MAR508F.tmp --------- 1342  
 15.12.2010 20:57     C:\Users\***\AppData\Local\Temp\~DF66CF.tmp --------- 16384  
 14.12.2010 21:15     C:\Users\***\AppData\Local\Temp\5984.tmp --------- 311248  
 14.12.2010 21:15     C:\Users\***\AppData\Local\Temp\STSF345.tmp --------- 132  
 14.12.2010 21:15     C:\Users\***\AppData\Local\Temp\~DF1791.tmp --------- 16384  
 14.12.2010 21:13     C:\Users\***\AppData\Local\Temp\MARCBB8.tmp --------- 1285  
 14.12.2010 21:13     C:\Users\***\AppData\Local\Temp\MARC448.tmp --------- 1342  
 14.12.2010 21:12     C:\Users\***\AppData\Local\Temp\~DF62EB.tmp --------- 16384  
 13.12.2010 23:39     C:\Users\***\AppData\Local\Temp\STSD08B.tmp --------- 132  
 13.12.2010 23:37     C:\Users\***\AppData\Local\Temp\DIOA0F3.tmp --------- 47122  
 13.12.2010 23:37     C:\Users\***\AppData\Local\Temp\DIOFD34.tmp --------- 47122  
 13.12.2010 23:30     C:\Users\***\AppData\Local\Temp\~DFD844.tmp --------- 16384  
 13.12.2010 23:29     C:\Users\***\AppData\Local\Temp\MAR70FB.tmp --------- 1285  
 13.12.2010 23:29     C:\Users\***\AppData\Local\Temp\MAR67D6.tmp --------- 1342  
 13.12.2010 23:27     C:\Users\***\AppData\Local\Temp\~DFFDF.tmp --------- 16384  
 13.12.2010 20:15     C:\Users\***\AppData\Local\Temp\STSEE55.tmp --------- 132  
 13.12.2010 20:15     C:\Users\***\AppData\Local\Temp\~DF89E.tmp --------- 16384  
 13.12.2010 20:14     C:\Users\***\AppData\Local\Temp\MAR425.tmp --------- 1285  
 13.12.2010 20:14     C:\Users\***\AppData\Local\Temp\MARFF16.tmp --------- 1342  
 13.12.2010 20:12     C:\Users\***\AppData\Local\Temp\~DF9C29.tmp --------- 16384  
 13.12.2010 19:53     C:\Users\***\AppData\Local\Temp\STS3D5E.tmp --------- 132  
 13.12.2010 19:53     C:\Users\***\AppData\Local\Temp\~DF1682.tmp --------- 16384  
 13.12.2010 19:52     C:\Users\***\AppData\Local\Temp\~DF7029.tmp --------- 16384  
 13.12.2010 19:52     C:\Users\***\AppData\Local\Temp\MAR891D.tmp --------- 1285  
 13.12.2010 19:52     C:\Users\***\AppData\Local\Temp\MAR75CB.tmp --------- 1342  
 12.12.2010 23:51     C:\Users\***\AppData\Local\Temp\44F0.tmp --------- 311248  
 12.12.2010 19:53     C:\Users\***\AppData\Local\Temp\STS512D.tmp --------- 132  
 12.12.2010 19:53     C:\Users\***\AppData\Local\Temp\~DFFB54.tmp --------- 16384  
 12.12.2010 19:51     C:\Users\***\AppData\Local\Temp\MARD29A.tmp --------- 1285  
 12.12.2010 19:51     C:\Users\***\AppData\Local\Temp\MARC9D3.tmp --------- 1342  
 12.12.2010 19:50     C:\Users\***\AppData\Local\Temp\~DF6695.tmp --------- 16384  
 12.12.2010 17:52     C:\Users\***\AppData\Local\Temp\A830.tmp --------- 311248  
 12.12.2010 17:50     C:\Users\***\AppData\Local\Temp\STS311F.tmp --------- 132  
 12.12.2010 17:49     C:\Users\***\AppData\Local\Temp\~DF360D.tmp --------- 16384  
 12.12.2010 17:49     C:\Users\***\AppData\Local\Temp\MARCB4A.tmp --------- 1285  
 12.12.2010 17:49     C:\Users\***\AppData\Local\Temp\MARB00C.tmp --------- 1342  
 12.12.2010 17:46     C:\Users\***\AppData\Local\Temp\~DFF7B4.tmp --------- 16384  
 12.12.2010 13:50     C:\Users\***\AppData\Local\Temp\STS6DA1.tmp --------- 132  
 12.12.2010 13:50     C:\Users\***\AppData\Local\Temp\~DFA81F.tmp --------- 16384  
 12.12.2010 13:48     C:\Users\***\AppData\Local\Temp\MAR9925.tmp --------- 1285  
 12.12.2010 13:48     C:\Users\***\AppData\Local\Temp\MAR9491.tmp --------- 1342  
 12.12.2010 13:47     C:\Users\***\AppData\Local\Temp\~DF1D74.tmp --------- 16384  
 11.12.2010 17:42     C:\Users\***\AppData\Local\Temp\DB85.tmp --------- 311248  
 11.12.2010 12:24     C:\Users\***\AppData\Local\Temp\STS58BA.tmp --------- 132  
 11.12.2010 12:24     C:\Users\***\AppData\Local\Temp\~DF297.tmp --------- 16384  
 11.12.2010 12:23     C:\Users\***\AppData\Local\Temp\MAR21A4.tmp --------- 1285  
 11.12.2010 12:23     C:\Users\***\AppData\Local\Temp\MAR1CD2.tmp --------- 1342  
 11.12.2010 12:21     C:\Users\***\AppData\Local\Temp\~DFC2CB.tmp --------- 16384  
 10.12.2010 22:31     C:\Users\***\AppData\Local\Temp\STS8121.tmp --------- 132  
 10.12.2010 22:31     C:\Users\***\AppData\Local\Temp\~DFF9DF.tmp --------- 16384  
 10.12.2010 22:30     C:\Users\***\AppData\Local\Temp\MAR950E.tmp --------- 1285  
 10.12.2010 22:30     C:\Users\***\AppData\Local\Temp\MAR900F.tmp --------- 1342  
 10.12.2010 22:29     C:\Users\***\AppData\Local\Temp\~DFD51C.tmp --------- 16384  
 10.12.2010 19:54     C:\Users\***\AppData\Local\Temp\4DD1.tmp --------- 311248  
 10.12.2010 19:50     C:\Users\***\AppData\Local\Temp\STSE917.tmp --------- 132  
 10.12.2010 19:50     C:\Users\***\AppData\Local\Temp\~DF6BCB.tmp --------- 16384  
 10.12.2010 19:50     C:\Users\***\AppData\Local\Temp\MAR5B59.tmp --------- 1285  
 10.12.2010 19:50     C:\Users\***\AppData\Local\Temp\MAR3F51.tmp --------- 1342  
 10.12.2010 19:48     C:\Users\***\AppData\Local\Temp\~DF7BB.tmp --------- 16384  
 09.12.2010 21:42     C:\Users\***\AppData\Local\Temp\D49C.tmp --------- 311248  
 09.12.2010 21:36     C:\Users\***\AppData\Local\Temp\STSC072.tmp --------- 132  
 09.12.2010 21:36     C:\Users\***\AppData\Local\Temp\~DF9B22.tmp --------- 16384  
 09.12.2010 21:34     C:\Users\***\AppData\Local\Temp\MAR9B46.tmp --------- 1285  
 09.12.2010 21:34     C:\Users\***\AppData\Local\Temp\MAR9452.tmp --------- 1342  
 09.12.2010 21:33     C:\Users\***\AppData\Local\Temp\~DF9547.tmp --------- 16384  
 08.12.2010 20:34     C:\Users\***\AppData\Local\Temp\A958.tmp --------- 311248  
 08.12.2010 20:33     C:\Users\***\AppData\Local\Temp\STS8FD1.tmp --------- 132  
 08.12.2010 20:33     C:\Users\***\AppData\Local\Temp\~DF6494.tmp --------- 16384  
 08.12.2010 20:31     C:\Users\***\AppData\Local\Temp\MAR232.tmp --------- 1285  
 08.12.2010 20:31     C:\Users\***\AppData\Local\Temp\MARFE2C.tmp --------- 1342  
 08.12.2010 20:29     C:\Users\***\AppData\Local\Temp\~DF4333.tmp --------- 16384  
 06.12.2010 21:32     C:\Users\***\AppData\Local\Temp\5FDB.tmp --------- 311248  
 06.12.2010 21:02     C:\Users\***\AppData\Local\Temp\STS10B3.tmp --------- 132  
 06.12.2010 21:02     C:\Users\***\AppData\Local\Temp\~DF2DD9.tmp --------- 16384  
 06.12.2010 21:01     C:\Users\***\AppData\Local\Temp\MARCBD.tmp --------- 1285  
 06.12.2010 21:01     C:\Users\***\AppData\Local\Temp\MARF6DC.tmp --------- 1342  
 06.12.2010 20:58     C:\Users\***\AppData\Local\Temp\~DFB923.tmp --------- 16384  
 05.12.2010 12:38     C:\Users\***\AppData\Local\Temp\58C9.tmp --------- 311248  
 05.12.2010 12:37     C:\Users\***\AppData\Local\Temp\STS628A.tmp --------- 132  
 05.12.2010 12:37     C:\Users\***\AppData\Local\Temp\~DFBCC.tmp --------- 16384  
 05.12.2010 12:36     C:\Users\***\AppData\Local\Temp\MARF1ED.tmp --------- 1285  
 05.12.2010 12:36     C:\Users\***\AppData\Local\Temp\MARE732.tmp --------- 1342  
 05.12.2010 12:34     C:\Users\***\AppData\Local\Temp\~DF569C.tmp --------- 16384  
 04.12.2010 21:48     C:\Users\***\AppData\Local\Temp\89D7.tmp --------- 311248  
 04.12.2010 21:47     C:\Users\***\AppData\Local\Temp\STSF2C7.tmp --------- 132  
 04.12.2010 21:46     C:\Users\***\AppData\Local\Temp\~DFFF5C.tmp --------- 16384  
 04.12.2010 21:46     C:\Users\***\AppData\Local\Temp\MARA0C2.tmp --------- 1285  
 04.12.2010 21:46     C:\Users\***\AppData\Local\Temp\MAR9C0F.tmp --------- 1342  
 04.12.2010 21:43     C:\Users\***\AppData\Local\Temp\~DF3D0E.tmp --------- 16384  
 04.12.2010 12:49     C:\Users\***\AppData\Local\Temp\STS8A26.tmp --------- 132  
 04.12.2010 12:49     C:\Users\***\AppData\Local\Temp\~DF6559.tmp --------- 16384  
 04.12.2010 12:48     C:\Users\***\AppData\Local\Temp\MARF374.tmp --------- 1285  
 04.12.2010 12:48     C:\Users\***\AppData\Local\Temp\MARD8C1.tmp --------- 1342  
 04.12.2010 12:45     C:\Users\***\AppData\Local\Temp\~DF4747.tmp --------- 16384  
 03.12.2010 20:12     C:\Users\***\AppData\Local\Temp\A5C.tmp --------- 311248  
 03.12.2010 19:51     C:\Users\***\AppData\Local\Temp\STS224.tmp --------- 132  
 03.12.2010 19:51     C:\Users\***\AppData\Local\Temp\~DFD791.tmp --------- 16384  
 03.12.2010 19:50     C:\Users\***\AppData\Local\Temp\~DF3C53.tmp --------- 16384  
 03.12.2010 19:50     C:\Users\***\AppData\Local\Temp\MAR4F1A.tmp --------- 1285  
 03.12.2010 19:50     C:\Users\***\AppData\Local\Temp\MAR41EF.tmp --------- 1342  
 02.12.2010 21:09     C:\Users\***\AppData\Local\Temp\7B47.tmp --------- 311248  
 02.12.2010 21:04     C:\Users\***\AppData\Local\Temp\STSCC06.tmp --------- 132  
 02.12.2010 21:04     C:\Users\***\AppData\Local\Temp\~DF68E.tmp --------- 16384  
 02.12.2010 21:03     C:\Users\***\AppData\Local\Temp\MAR2F0C.tmp --------- 1285  
 02.12.2010 21:03     C:\Users\***\AppData\Local\Temp\MAR21D2.tmp --------- 1342  
 02.12.2010 21:00     C:\Users\***\AppData\Local\Temp\~DFCA26.tmp --------- 16384  
 30.11.2010 21:21     C:\Users\***\AppData\Local\Temp\STS5CC0.tmp --------- 132  
 30.11.2010 21:21     C:\Users\***\AppData\Local\Temp\~DF6115.tmp --------- 16384  
 30.11.2010 21:21     C:\Users\***\AppData\Local\Temp\~DF985A.tmp --------- 16384  
 30.11.2010 21:20     C:\Users\***\AppData\Local\Temp\MARBEEC.tmp --------- 1285  
 30.11.2010 21:20     C:\Users\***\AppData\Local\Temp\MARA5B0.tmp --------- 1342  
 29.11.2010 22:51     C:\Users\***\AppData\Local\Temp\1D50.tmp --------- 311248  
 29.11.2010 22:30     C:\Users\***\AppData\Local\Temp\STS561C.tmp --------- 132  
 29.11.2010 22:29     C:\Users\***\AppData\Local\Temp\~DF70A0.tmp --------- 16384  
 29.11.2010 22:28     C:\Users\***\AppData\Local\Temp\MARF66F.tmp --------- 1285  
 29.11.2010 22:28     C:\Users\***\AppData\Local\Temp\MARE7CE.tmp --------- 1342  
 29.11.2010 22:26     C:\Users\***\AppData\Local\Temp\~DFD86E.tmp --------- 16384  
 28.11.2010 22:48     C:\Users\***\AppData\Local\Temp\AC6E.tmp --------- 311248  
 28.11.2010 13:33     C:\Users\***\AppData\Local\Temp\STSA718.tmp --------- 132  
 28.11.2010 13:33     C:\Users\***\AppData\Local\Temp\~DFA0CB.tmp --------- 16384  
 28.11.2010 13:32     C:\Users\***\AppData\Local\Temp\MARCB2B.tmp --------- 1285  
 28.11.2010 13:32     C:\Users\***\AppData\Local\Temp\MARC58F.tmp --------- 1342  
 28.11.2010 13:30     C:\Users\***\AppData\Local\Temp\~DF604A.tmp --------- 16384  
 28.11.2010 01:57     C:\Users\***\AppData\Local\Temp\13EF.tmp --------- 311248  
 27.11.2010 23:52     C:\Users\***\AppData\Local\Temp\STS5042.tmp --------- 132  
 27.11.2010 23:52     C:\Users\***\AppData\Local\Temp\~DFB93.tmp --------- 16384  
 27.11.2010 23:51     C:\Users\***\AppData\Local\Temp\MARB942.tmp --------- 1285  
 27.11.2010 23:51     C:\Users\***\AppData\Local\Temp\MARAAA0.tmp --------- 1342  
 27.11.2010 23:50     C:\Users\***\AppData\Local\Temp\~DF267B.tmp --------- 16384  
 27.11.2010 19:22     C:\Users\***\AppData\Local\Temp\6FE2.tmp --------- 311248  
 27.11.2010 18:44     C:\Users\***\AppData\Local\Temp\STS314D.tmp --------- 132  
 27.11.2010 18:44     C:\Users\***\AppData\Local\Temp\~DF7B0F.tmp --------- 16384  
 27.11.2010 18:44     C:\Users\***\AppData\Local\Temp\MAR82A7.tmp --------- 1285  
 27.11.2010 18:44     C:\Users\***\AppData\Local\Temp\MAR77DE.tmp --------- 1342  
 27.11.2010 18:42     C:\Users\***\AppData\Local\Temp\~DFF147.tmp --------- 16384  
 26.11.2010 17:35     C:\Users\***\AppData\Local\Temp\533D.tmp --------- 311248  
 26.11.2010 17:30     C:\Users\***\AppData\Local\Temp\STS360E.tmp --------- 132  
 26.11.2010 17:30     C:\Users\***\AppData\Local\Temp\~DF3858.tmp --------- 16384  
 26.11.2010 17:30     C:\Users\***\AppData\Local\Temp\MARA489.tmp --------- 1285  
 26.11.2010 17:29     C:\Users\***\AppData\Local\Temp\MAR6CC6.tmp --------- 1342  
 26.11.2010 17:29     C:\Users\***\AppData\Local\Temp\~DFFB93.tmp --------- 16384  
 25.11.2010 21:37     C:\Users\***\AppData\Local\Temp\STSD1D0.tmp --------- 132  
 25.11.2010 21:37     C:\Users\***\AppData\Local\Temp\~DF903F.tmp --------- 16384  
 25.11.2010 21:36     C:\Users\***\AppData\Local\Temp\MAR191C.tmp --------- 1285  
 25.11.2010 21:36     C:\Users\***\AppData\Local\Temp\MARE90.tmp --------- 1342  
 25.11.2010 21:35     C:\Users\***\AppData\Local\Temp\~DF9504.tmp --------- 16384  
 24.11.2010 19:14     C:\Users\***\AppData\Local\Temp\STS5F4F.tmp --------- 132  
 24.11.2010 19:14     C:\Users\***\AppData\Local\Temp\~DF63D.tmp --------- 16384  
 24.11.2010 19:13     C:\Users\***\AppData\Local\Temp\MAR68A2.tmp --------- 1285  
 24.11.2010 19:13     C:\Users\***\AppData\Local\Temp\MAR5FCB.tmp --------- 1342  
 24.11.2010 19:11     C:\Users\***\AppData\Local\Temp\~DFBC77.tmp --------- 16384  
 23.11.2010 20:56     C:\Users\***\AppData\Local\Temp\STSB7CA.tmp --------- 132  
 23.11.2010 20:56     C:\Users\***\AppData\Local\Temp\~DF3B8B.tmp --------- 16384  
 23.11.2010 20:55     C:\Users\***\AppData\Local\Temp\MAR983.tmp --------- 1285  
 23.11.2010 20:55     C:\Users\***\AppData\Local\Temp\~DFD684.tmp --------- 16384  
 23.11.2010 20:55     C:\Users\***\AppData\Local\Temp\MARFA56.tmp --------- 1342  
 23.11.2010 00:42     C:\Users\***\AppData\Local\Temp\BBEE.tmp --------- 311248  
 23.11.2010 00:41     C:\Users\***\AppData\Local\Temp\STS60D5.tmp --------- 132  
 23.11.2010 00:41     C:\Users\***\AppData\Local\Temp\~DF121D.tmp --------- 16384  
 23.11.2010 00:40     C:\Users\***\AppData\Local\Temp\MAR31AB.tmp --------- 1285  
 23.11.2010 00:40     C:\Users\***\AppData\Local\Temp\MAR2599.tmp --------- 1342  
 23.11.2010 00:38     C:\Users\***\AppData\Local\Temp\~DFA42A.tmp --------- 16384  
 22.11.2010 19:23     C:\Users\***\AppData\Local\Temp\D96D.tmp --------- 311248  
 22.11.2010 19:20     C:\Users\***\AppData\Local\Temp\STSCE95.tmp --------- 132  
 22.11.2010 19:20     C:\Users\***\AppData\Local\Temp\~DF40C0.tmp --------- 16384  
 22.11.2010 19:20     C:\Users\***\AppData\Local\Temp\MAR6162.tmp --------- 1285  
 22.11.2010 19:20     C:\Users\***\AppData\Local\Temp\~DF9685.tmp --------- 16384  
 22.11.2010 19:20     C:\Users\***\AppData\Local\Temp\MAR5CEF.tmp --------- 1342  
 21.11.2010 19:32     C:\Users\***\AppData\Local\Temp\2246.tmp --------- 311248  
 21.11.2010 13:43     C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate.exe --------- 2827728  
 21.11.2010 12:40     C:\Users\***\AppData\Local\Temp\STS6680.tmp --------- 132  
 21.11.2010 12:40     C:\Users\***\AppData\Local\Temp\~DFF5F9.tmp --------- 16384  
 21.11.2010 12:39     C:\Users\***\AppData\Local\Temp\MAR958B.tmp --------- 1285  
 21.11.2010 12:39     C:\Users\***\AppData\Local\Temp\MAR8535.tmp --------- 1342  
 21.11.2010 12:38     C:\Users\***\AppData\Local\Temp\~DF8C23.tmp --------- 16384  
 21.11.2010 01:38     C:\Users\***\AppData\Local\Temp\STS7E35.tmp --------- 132  
 21.11.2010 01:37     C:\Users\***\AppData\Local\Temp\~DF457B.tmp --------- 16384  
 21.11.2010 01:37     C:\Users\***\AppData\Local\Temp\MAR35C1.tmp --------- 1285  
 21.11.2010 01:37     C:\Users\***\AppData\Local\Temp\MAR2712.tmp --------- 1342  
 21.11.2010 01:35     C:\Users\***\AppData\Local\Temp\~DFFCFB.tmp --------- 16384  
 17.11.2010 22:23     C:\Users\***\AppData\Local\Temp\STSBC0F.tmp --------- 132  
 17.11.2010 22:22     C:\Users\***\AppData\Local\Temp\~DFCD95.tmp --------- 16384  
 17.11.2010 22:22     C:\Users\***\AppData\Local\Temp\MARD49D.tmp --------- 1285  
 17.11.2010 22:21     C:\Users\***\AppData\Local\Temp\MARBBEE.tmp --------- 1342  
 17.11.2010 22:20     C:\Users\***\AppData\Local\Temp\~DFAD1C.tmp --------- 16384  
 17.11.2010 19:00     C:\Users\***\AppData\Local\Temp\STS5428.tmp --------- 132  
 17.11.2010 19:00     C:\Users\***\AppData\Local\Temp\~DF920D.tmp --------- 16384  
 17.11.2010 18:59     C:\Users\***\AppData\Local\Temp\MARFA08.tmp --------- 1285  
 17.11.2010 18:59     C:\Users\***\AppData\Local\Temp\MARF41E.tmp --------- 1342  
 17.11.2010 18:57     C:\Users\***\AppData\Local\Temp\~DFB9DA.tmp --------- 16384  
 16.11.2010 20:55     C:\Users\***\AppData\Local\Temp\STS3B1D.tmp --------- 132  
 16.11.2010 20:55     C:\Users\***\AppData\Local\Temp\~DF579.tmp --------- 16384  
 16.11.2010 20:55     C:\Users\***\AppData\Local\Temp\MARAB0E.tmp --------- 1285  
 16.11.2010 20:55     C:\Users\***\AppData\Local\Temp\MAR91C3.tmp --------- 1342  
 16.11.2010 20:52     C:\Users\***\AppData\Local\Temp\~DFFBD7.tmp --------- 16384  
 15.11.2010 19:50     C:\Users\***\AppData\Local\Temp\STS163F.tmp --------- 132  
 15.11.2010 19:50     C:\Users\***\AppData\Local\Temp\~DF3B2C.tmp --------- 16384  
 15.11.2010 19:49     C:\Users\***\AppData\Local\Temp\MARC294.tmp --------- 1285  
 15.11.2010 19:49     C:\Users\***\AppData\Local\Temp\MARBB43.tmp --------- 1342  
 15.11.2010 19:46     C:\Users\***\AppData\Local\Temp\~DF56E4.tmp --------- 16384  
 14.11.2010 17:49     C:\Users\***\AppData\Local\Temp\STS7149.tmp --------- 132  
 14.11.2010 17:49     C:\Users\***\AppData\Local\Temp\~DFB0C.tmp --------- 16384  
 14.11.2010 17:48     C:\Users\***\AppData\Local\Temp\MARFA94.tmp --------- 1285  
 14.11.2010 17:48     C:\Users\***\AppData\Local\Temp\MARF3EF.tmp --------- 1342  
 14.11.2010 17:45     C:\Users\***\AppData\Local\Temp\~DF28DE.tmp --------- 16384  
 14.11.2010 12:53     C:\Users\***\AppData\Local\Temp\STSB52D.tmp --------- 132  
 14.11.2010 12:53     C:\Users\***\AppData\Local\Temp\~DF1F00.tmp --------- 16384  
 14.11.2010 12:52     C:\Users\***\AppData\Local\Temp\MARB7BB.tmp --------- 1285  
 14.11.2010 12:52     C:\Users\***\AppData\Local\Temp\MAR929D.tmp --------- 1342  
 14.11.2010 12:50     C:\Users\***\AppData\Local\Temp\~DFCF56.tmp --------- 16384  
 14.11.2010 11:02     C:\Users\***\AppData\Local\Temp\STSC4C6.tmp --------- 132  
 14.11.2010 11:02     C:\Users\***\AppData\Local\Temp\~DF8FA9.tmp --------- 16384  
 14.11.2010 11:01     C:\Users\***\AppData\Local\Temp\MAR9952.tmp --------- 1285  
 14.11.2010 11:01     C:\Users\***\AppData\Local\Temp\MAR8334.tmp --------- 1342  
 14.11.2010 10:59     C:\Users\***\AppData\Local\Temp\~DF518E.tmp --------- 16384  
 13.11.2010 20:47     C:\Users\***\AppData\Local\Temp\STSC10E.tmp --------- 132  
 13.11.2010 20:47     C:\Users\***\AppData\Local\Temp\~DF1CDA.tmp --------- 16384  
 13.11.2010 20:46     C:\Users\***\AppData\Local\Temp\MAR203D.tmp --------- 1285  
 13.11.2010 20:46     C:\Users\***\AppData\Local\Temp\MAR1C75.tmp --------- 1342  
 13.11.2010 20:44     C:\Users\***\AppData\Local\Temp\~DF7681.tmp --------- 16384  
 13.11.2010 14:10     C:\Users\***\AppData\Local\Temp\STS2D19.tmp --------- 132  
 13.11.2010 14:10     C:\Users\***\AppData\Local\Temp\~DFA28F.tmp --------- 16384  
 13.11.2010 14:10     C:\Users\***\AppData\Local\Temp\MAR4624.tmp --------- 1285  
 13.11.2010 14:09     C:\Users\***\AppData\Local\Temp\MAR3E96.tmp --------- 1342  
 13.11.2010 14:09     C:\Users\***\AppData\Local\Temp\~DFD72.tmp --------- 16384  
 12.11.2010 18:11     C:\Users\***\AppData\Local\Temp\STSCDBA.tmp --------- 132  
 12.11.2010 18:11     C:\Users\***\AppData\Local\Temp\~DF4B06.tmp --------- 16384  
 12.11.2010 18:11     C:\Users\***\AppData\Local\Temp\MAR35A1.tmp --------- 1285  
 12.11.2010 18:11     C:\Users\***\AppData\Local\Temp\MAR311D.tmp --------- 1342  
 12.11.2010 18:09     C:\Users\***\AppData\Local\Temp\~DFC60C.tmp --------- 16384  
 11.11.2010 20:26     C:\Users\***\AppData\Local\Temp\STSF21C.tmp --------- 132  
 11.11.2010 20:26     C:\Users\***\AppData\Local\Temp\~DF5B6F.tmp --------- 16384  
 11.11.2010 20:26     C:\Users\***\AppData\Local\Temp\MAR6873.tmp --------- 1285  
 11.11.2010 20:26     C:\Users\***\AppData\Local\Temp\MAR5456.tmp --------- 1342  
 11.11.2010 20:24     C:\Users\***\AppData\Local\Temp\~DFC09F.tmp --------- 16384  
 10.11.2010 18:45     C:\Users\***\AppData\Local\Temp\STS9608.tmp --------- 132  
 10.11.2010 18:45     C:\Users\***\AppData\Local\Temp\~DF8964.tmp --------- 16384  
 10.11.2010 18:44     C:\Users\***\AppData\Local\Temp\MARB7DA.tmp --------- 1285  
 10.11.2010 18:44     C:\Users\***\AppData\Local\Temp\MARB376.tmp --------- 1342  
 10.11.2010 18:43     C:\Users\***\AppData\Local\Temp\~DFD555.tmp --------- 16384  
 09.11.2010 21:43     C:\Users\***\AppData\Local\Temp\STS3A52.tmp --------- 132  
 09.11.2010 21:43     C:\Users\***\AppData\Local\Temp\~DFED46.tmp --------- 16384  
 09.11.2010 21:43     C:\Users\***\AppData\Local\Temp\MAR4FA6.tmp --------- 1285  
 09.11.2010 21:42     C:\Users\***\AppData\Local\Temp\MAR45B6.tmp --------- 1342  
 09.11.2010 21:42     C:\Users\***\AppData\Local\Temp\~DFC3B7.tmp --------- 16384  
 08.11.2010 18:56     C:\Users\***\AppData\Local\Temp\STS64CB.tmp --------- 132  
 08.11.2010 18:56     C:\Users\***\AppData\Local\Temp\~DFA1BD.tmp --------- 16384  
 08.11.2010 18:54     C:\Users\***\AppData\Local\Temp\MARCBE6.tmp --------- 1285  
 08.11.2010 18:54     C:\Users\***\AppData\Local\Temp\MARC0B1.tmp --------- 1342  
 08.11.2010 18:53     C:\Users\***\AppData\Local\Temp\~DF5071.tmp --------- 16384  
 07.11.2010 11:31     C:\Users\***\AppData\Local\Temp\STSF94D.tmp --------- 132  
 07.11.2010 11:31     C:\Users\***\AppData\Local\Temp\~DFA6A.tmp --------- 16384  
 07.11.2010 11:30     C:\Users\***\AppData\Local\Temp\MAR6C4A.tmp --------- 1285  
 07.11.2010 11:30     C:\Users\***\AppData\Local\Temp\MAR672B.tmp --------- 1342  
 07.11.2010 11:28     C:\Users\***\AppData\Local\Temp\~DF25C6.tmp --------- 16384  
 06.11.2010 15:52     C:\Users\***\AppData\Local\Temp\STS28DB.tmp --------- 132  
 06.11.2010 15:50     C:\Users\***\AppData\Local\Temp\DIOE45B.tmp --------- 47122  
 06.11.2010 15:49     C:\Users\***\AppData\Local\Temp\DIO938.tmp --------- 47122  
 06.11.2010 15:49     C:\Users\***\AppData\Local\Temp\DIOC5E3.tmp --------- 47122  
 06.11.2010 12:56     C:\Users\***\AppData\Local\Temp\~DF8687.tmp --------- 16384  
 06.11.2010 12:55     C:\Users\***\AppData\Local\Temp\MARE1C7.tmp --------- 1285  
 06.11.2010 12:55     C:\Users\***\AppData\Local\Temp\MARDB9F.tmp --------- 1342  
 06.11.2010 12:53     C:\Users\***\AppData\Local\Temp\~DF6633.tmp --------- 16384  
 05.11.2010 22:12     C:\Users\***\AppData\Local\Temp\STS2DF.tmp --------- 132  
 05.11.2010 22:12     C:\Users\***\AppData\Local\Temp\~DFF921.tmp --------- 16384  
 05.11.2010 22:12     C:\Users\***\AppData\Local\Temp\MAR733C.tmp --------- 1285  
 05.11.2010 22:12     C:\Users\***\AppData\Local\Temp\MAR5022.tmp --------- 1342  
 05.11.2010 22:10     C:\Users\***\AppData\Local\Temp\~DFD5A4.tmp --------- 16384  
 05.11.2010 16:56     C:\Users\***\AppData\Local\Temp\STSB876.tmp --------- 132  
 05.11.2010 16:56     C:\Users\***\AppData\Local\Temp\~DFB213.tmp --------- 16384  
 05.11.2010 16:55     C:\Users\***\AppData\Local\Temp\MAR1B5.tmp --------- 1285  
 05.11.2010 16:55     C:\Users\***\AppData\Local\Temp\MARFA74.tmp --------- 1342  
 05.11.2010 16:55     C:\Users\***\AppData\Local\Temp\~DF6882.tmp --------- 16384  
 04.11.2010 21:17     C:\Users\***\AppData\Local\Temp\STS84BA.tmp --------- 132  
 04.11.2010 21:17     C:\Users\***\AppData\Local\Temp\~DF7156.tmp --------- 16384  
 04.11.2010 21:17     C:\Users\***\AppData\Local\Temp\MAR43C4.tmp --------- 1285  
 04.11.2010 21:17     C:\Users\***\AppData\Local\Temp\MAR401B.tmp --------- 1342  
 04.11.2010 21:14     C:\Users\***\AppData\Local\Temp\~DF39B9.tmp --------- 16384  
 03.11.2010 19:11     C:\Users\***\AppData\Local\Temp\STS7E82.tmp --------- 132  
 03.11.2010 19:11     C:\Users\***\AppData\Local\Temp\~DFEA9F.tmp --------- 16384  
 03.11.2010 19:10     C:\Users\***\AppData\Local\Temp\MARC909.tmp --------- 1285  
 03.11.2010 19:10     C:\Users\***\AppData\Local\Temp\MARB395.tmp --------- 1342  
 03.11.2010 19:08     C:\Users\***\AppData\Local\Temp\~DF77D9.tmp --------- 16384  
 02.11.2010 23:20     C:\Users\***\AppData\Local\Temp\xtraz_log.txt --------- 12527  
 02.11.2010 21:31     C:\Users\***\AppData\Local\Temp\02B673~1.exe --------- 13542560  
 02.11.2010 21:25     C:\Users\***\AppData\Local\Temp\STS3478.tmp --------- 132  
 02.11.2010 21:25     C:\Users\***\AppData\Local\Temp\~DFA902.tmp --------- 16384  
 02.11.2010 21:25     C:\Users\***\AppData\Local\Temp\~DF7DB0.tmp --------- 16384  
 02.11.2010 21:24     C:\Users\***\AppData\Local\Temp\MARA6E9.tmp --------- 1285  
 02.11.2010 21:24     C:\Users\***\AppData\Local\Temp\MAR9C4E.tmp --------- 1342  
 01.11.2010 13:09     C:\Users\***\AppData\Local\Temp\STSDE3E.tmp --------- 132  
 01.11.2010 13:08     C:\Users\***\AppData\Local\Temp\~DF7222.tmp --------- 16384  
 01.11.2010 13:08     C:\Users\***\AppData\Local\Temp\MARF4DA.tmp --------- 1285  
 01.11.2010 13:08     C:\Users\***\AppData\Local\Temp\MARF076.tmp --------- 1342  
 01.11.2010 13:07     C:\Users\***\AppData\Local\Temp\~DFB846.tmp --------- 16384  
 31.10.2010 21:24     C:\Users\***\AppData\Local\Temp\STSDDE1.tmp --------- 132  
 31.10.2010 21:24     C:\Users\***\AppData\Local\Temp\~DF40AF.tmp --------- 16384  
 31.10.2010 21:24     C:\Users\***\AppData\Local\Temp\MAR60D5.tmp --------- 1285  
 31.10.2010 21:24     C:\Users\***\AppData\Local\Temp\MAR499C.tmp --------- 1342  
 31.10.2010 21:23     C:\Users\***\AppData\Local\Temp\~DF25B3.tmp --------- 16384  
 31.10.2010 11:53     C:\Users\***\AppData\Local\Temp\STS9369.tmp --------- 132  
 31.10.2010 11:53     C:\Users\***\AppData\Local\Temp\~DF67E9.tmp --------- 16384  
 31.10.2010 11:52     C:\Users\***\AppData\Local\Temp\MARD578.tmp --------- 1285  
 31.10.2010 11:52     C:\Users\***\AppData\Local\Temp\MARCFFB.tmp --------- 1342  
 31.10.2010 11:51     C:\Users\***\AppData\Local\Temp\~DF52C4.tmp --------- 16384  
 30.10.2010 21:40     C:\Users\***\AppData\Local\Temp\STS795B.tmp --------- 132  
 30.10.2010 21:00     C:\Users\***\AppData\Local\Temp\DIO21B8.tmp --------- 47122  
 30.10.2010 21:00     C:\Users\***\AppData\Local\Temp\DIOCCF4.tmp --------- 47122  
 30.10.2010 20:59     C:\Users\***\AppData\Local\Temp\DIO7525.tmp --------- 47122  
 30.10.2010 18:13     C:\Users\***\AppData\Local\Temp\~DF2AE2.tmp --------- 16384  
 30.10.2010 18:12     C:\Users\***\AppData\Local\Temp\MAR674C.tmp --------- 1285  
 30.10.2010 18:12     C:\Users\***\AppData\Local\Temp\MAR4F57.tmp --------- 1342  
 30.10.2010 18:11     C:\Users\***\AppData\Local\Temp\~DF4B23.tmp --------- 16384  
 30.10.2010 12:13     C:\Users\***\AppData\Local\Temp\STSA64D.tmp --------- 132  
 30.10.2010 12:13     C:\Users\***\AppData\Local\Temp\~DF2D21.tmp --------- 16384  
 30.10.2010 12:11     C:\Users\***\AppData\Local\Temp\MAR2A5B.tmp --------- 1285  
 30.10.2010 12:11     C:\Users\***\AppData\Local\Temp\MAR2146.tmp --------- 1342  
 30.10.2010 12:11     C:\Users\***\AppData\Local\Temp\~DF4632.tmp --------- 16384  
 29.10.2010 18:16     C:\Users\***\AppData\Local\Temp\STS5C62.tmp --------- 132  
 29.10.2010 18:15     C:\Users\***\AppData\Local\Temp\~DF607D.tmp --------- 16384  
 29.10.2010 18:15     C:\Users\***\AppData\Local\Temp\~DF2132.tmp --------- 16384  
 29.10.2010 18:15     C:\Users\***\AppData\Local\Temp\MARA1EA.tmp --------- 1285  
 29.10.2010 18:15     C:\Users\***\AppData\Local\Temp\MAR999F.tmp --------- 1342  
 28.10.2010 20:40     C:\Users\***\AppData\Local\Temp\STSD9FA.tmp --------- 132  
 28.10.2010 20:40     C:\Users\***\AppData\Local\Temp\~DFD2F.tmp --------- 16384  
 28.10.2010 20:40     C:\Users\***\AppData\Local\Temp\~DFF308.tmp --------- 16384  
 28.10.2010 20:39     C:\Users\***\AppData\Local\Temp\MAR66EE.tmp --------- 1285  
 28.10.2010 20:39     C:\Users\***\AppData\Local\Temp\MAR59E3.tmp --------- 1342  
 27.10.2010 18:12     C:\Users\***\AppData\Local\Temp\STS6529.tmp --------- 132  
 27.10.2010 18:12     C:\Users\***\AppData\Local\Temp\~DFC5CC.tmp --------- 16384  
 27.10.2010 18:11     C:\Users\***\AppData\Local\Temp\~DFECFF.tmp --------- 16384  
 27.10.2010 18:09     C:\Users\***\AppData\Local\Temp\MAR2349.tmp --------- 1285  
 27.10.2010 18:09     C:\Users\***\AppData\Local\Temp\MARED89.tmp --------- 1342  
 26.10.2010 19:59     C:\Users\***\AppData\Local\Temp\STSDD16.tmp --------- 132  
 26.10.2010 19:58     C:\Users\***\AppData\Local\Temp\~DF7B7F.tmp --------- 16384  
 26.10.2010 19:57     C:\Users\***\AppData\Local\Temp\MAR5A9F.tmp --------- 1285  
 26.10.2010 19:57     C:\Users\***\AppData\Local\Temp\MAR40F8.tmp --------- 1342  
 26.10.2010 19:56     C:\Users\***\AppData\Local\Temp\~DF3358.tmp --------- 16384  
 25.10.2010 17:58     C:\Users\***\AppData\Local\Temp\STSC533.tmp --------- 132  
 25.10.2010 17:58     C:\Users\***\AppData\Local\Temp\~DF3056.tmp --------- 16384  
 25.10.2010 17:55     C:\Users\***\AppData\Local\Temp\MAR5447.tmp --------- 1285  
 25.10.2010 17:55     C:\Users\***\AppData\Local\Temp\MAR3E28.tmp --------- 1342  
 25.10.2010 17:53     C:\Users\***\AppData\Local\Temp\~DFF1D1.tmp --------- 16384  
 24.10.2010 20:13     C:\Users\***\AppData\Local\Temp\STS58CA.tmp --------- 132  
 24.10.2010 20:13     C:\Users\***\AppData\Local\Temp\~DF265E.tmp --------- 16384  
 24.10.2010 20:12     C:\Users\***\AppData\Local\Temp\MAR7F6C.tmp --------- 1285  
 24.10.2010 20:12     C:\Users\***\AppData\Local\Temp\MAR7731.tmp --------- 1342  
 24.10.2010 20:10     C:\Users\***\AppData\Local\Temp\~DF9AC2.tmp --------- 16384  
 24.10.2010 17:00     C:\Users\***\AppData\Local\Temp\STS3B0D.tmp --------- 132  
 24.10.2010 17:00     C:\Users\***\AppData\Local\Temp\~DF8BE2.tmp --------- 16384  
 24.10.2010 16:59     C:\Users\***\AppData\Local\Temp\MARBF7A.tmp --------- 1285  
 24.10.2010 16:59     C:\Users\***\AppData\Local\Temp\MARAACF.tmp --------- 1342  
 24.10.2010 16:59     C:\Users\***\AppData\Local\Temp\~DF5408.tmp --------- 16384  
 24.10.2010 12:52     C:\Users\***\AppData\Local\Temp\STSBE6F.tmp --------- 132  
 24.10.2010 12:52     C:\Users\***\AppData\Local\Temp\~DFFDF3.tmp --------- 16384  
 24.10.2010 12:52     C:\Users\***\AppData\Local\Temp\~DFC287.tmp --------- 16384  
 24.10.2010 12:51     C:\Users\***\AppData\Local\Temp\MARFB11.tmp --------- 1285  
 24.10.2010 12:51     C:\Users\***\AppData\Local\Temp\MARF150.tmp --------- 1342  
 23.10.2010 15:31     C:\Users\***\AppData\Local\Temp\STS938C.tmp --------- 132  
 23.10.2010 14:21     C:\Users\***\AppData\Local\Temp\DIO6CA9.tmp --------- 47122  
 23.10.2010 14:05     C:\Users\***\AppData\Local\Temp\~DFD536.tmp --------- 16384  
 23.10.2010 14:05     C:\Users\***\AppData\Local\Temp\DIO2BA5.tmp --------- 47122  
 23.10.2010 14:04     C:\Users\***\AppData\Local\Temp\DIO5764.tmp --------- 47122  
 23.10.2010 14:04     C:\Users\***\AppData\Local\Temp\MAR2F98.tmp --------- 1285  
 23.10.2010 14:04     C:\Users\***\AppData\Local\Temp\MAR18AF.tmp --------- 1342  
 23.10.2010 14:02     C:\Users\***\AppData\Local\Temp\~DF5B57.tmp --------- 16384  
 23.10.2010 13:58     C:\Users\***\AppData\Local\Temp\STS7040.tmp --------- 186  
 23.10.2010 13:58     C:\Users\***\AppData\Local\Temp\DIO6928.tmp --------- 47122  
 23.10.2010 12:00     C:\Users\***\AppData\Local\Temp\DIO7CDF.tmp --------- 47122  
 23.10.2010 11:59     C:\Users\***\AppData\Local\Temp\DIO2C3F.tmp --------- 47122  
 23.10.2010 11:59     C:\Users\***\AppData\Local\Temp\DIO8F47.tmp --------- 47122  
 23.10.2010 11:53     C:\Users\***\AppData\Local\Temp\~DF82B8.tmp --------- 16384  
 23.10.2010 11:52     C:\Users\***\AppData\Local\Temp\MAR5DF8.tmp --------- 1285  
 23.10.2010 11:52     C:\Users\***\AppData\Local\Temp\MAR57C0.tmp --------- 1342  
 23.10.2010 11:50     C:\Users\***\AppData\Local\Temp\~DFD04A.tmp --------- 16384  
 23.10.2010 11:41     C:\Users\***\AppData\Local\Temp\MAR1861.tmp --------- 1285  
 23.10.2010 11:41     C:\Users\***\AppData\Local\Temp\MAR1563.tmp --------- 1342  
 23.10.2010 11:38     C:\Users\***\AppData\Local\Temp\~DF2DE2.tmp --------- 16384  
 23.10.2010 10:16     C:\Users\***\AppData\Local\Temp\STS7FE9.tmp --------- 132  
 23.10.2010 10:16     C:\Users\***\AppData\Local\Temp\~DF795C.tmp --------- 16384  
 23.10.2010 10:15     C:\Users\***\AppData\Local\Temp\MAR9D1A.tmp --------- 1285  
 23.10.2010 10:15     C:\Users\***\AppData\Local\Temp\MAR9867.tmp --------- 1342  
 23.10.2010 10:12     C:\Users\***\AppData\Local\Temp\~DFAE3A.tmp --------- 16384  
 22.10.2010 23:17     C:\Users\***\AppData\Local\Temp\STS28E4.tmp --------- 132  
 22.10.2010 23:17     C:\Users\***\AppData\Local\Temp\~DF8C85.tmp --------- 16384  
 22.10.2010 23:16     C:\Users\***\AppData\Local\Temp\MAR782C.tmp --------- 1285  
 22.10.2010 23:16     C:\Users\***\AppData\Local\Temp\MAR7251.tmp --------- 1342  
 22.10.2010 23:16     C:\Users\***\AppData\Local\Temp\~DF77EF.tmp --------- 16384  
 22.10.2010 16:57     C:\Users\***\AppData\Local\Temp\STS84D9.tmp --------- 132  
 22.10.2010 16:57     C:\Users\***\AppData\Local\Temp\~DFCB13.tmp --------- 16384  
 22.10.2010 16:56     C:\Users\***\AppData\Local\Temp\~DFEB2C.tmp --------- 16384  
 22.10.2010 16:55     C:\Users\***\AppData\Local\Temp\MAR363D.tmp --------- 1285  
 22.10.2010 16:55     C:\Users\***\AppData\Local\Temp\MAR1B4.tmp --------- 1342  
 21.10.2010 23:04     C:\Users\***\AppData\Local\Temp\STSDAAB.tmp --------- 132  
 21.10.2010 23:03     C:\Users\***\AppData\Local\Temp\DIOE3ED.tmp --------- 47122  
 21.10.2010 23:02     C:\Users\***\AppData\Local\Temp\~DFA15C.tmp --------- 16384  
 21.10.2010 23:02     C:\Users\***\AppData\Local\Temp\DIO4678.tmp --------- 47122  
 21.10.2010 22:58     C:\Users\***\AppData\Local\Temp\STSA643.tmp --------- 132  
 21.10.2010 22:55     C:\Users\***\AppData\Local\Temp\DIOEB4.tmp --------- 47122  
 21.10.2010 20:11     C:\Users\***\AppData\Local\Temp\STSD115.tmp --------- 132  
 21.10.2010 20:11     C:\Users\***\AppData\Local\Temp\MAR45B7.tmp --------- 1285  
 21.10.2010 20:11     C:\Users\***\AppData\Local\Temp\MAR3B6A.tmp --------- 1342  
 21.10.2010 20:10     C:\Users\***\AppData\Local\Temp\~DF7529.tmp --------- 16384  
 20.10.2010 18:23     C:\Users\***\AppData\Local\Temp\STS8067.tmp --------- 132  
 20.10.2010 18:23     C:\Users\***\AppData\Local\Temp\~DF2EAC.tmp --------- 16384  
 20.10.2010 18:23     C:\Users\***\AppData\Local\Temp\~DF892C.tmp --------- 16384  
 20.10.2010 18:23     C:\Users\***\AppData\Local\Temp\MARDE1F.tmp --------- 1285  
 20.10.2010 18:22     C:\Users\***\AppData\Local\Temp\MARC1B8.tmp --------- 1342  
 19.10.2010 20:09     C:\Users\***\AppData\Local\Temp\STS3285.tmp --------- 132  
 19.10.2010 20:09     C:\Users\***\AppData\Local\Temp\~DFC505.tmp --------- 16384  
 19.10.2010 20:09     C:\Users\***\AppData\Local\Temp\~DF4361.tmp --------- 16384  
 19.10.2010 20:09     C:\Users\***\AppData\Local\Temp\MAR9656.tmp --------- 1285  
 19.10.2010 20:09     C:\Users\***\AppData\Local\Temp\MAR8AD1.tmp --------- 1342  
 18.10.2010 21:22     C:\Users\***\AppData\Local\Temp\STSB6A2.tmp --------- 132  
 18.10.2010 21:21     C:\Users\***\AppData\Local\Temp\~DFABF3.tmp --------- 16384  
 18.10.2010 21:21     C:\Users\***\AppData\Local\Temp\MAR32E4.tmp --------- 1285  
 18.10.2010 21:21     C:\Users\***\AppData\Local\Temp\MAR2C4D.tmp --------- 1342  
 18.10.2010 21:19     C:\Users\***\AppData\Local\Temp\~DF1150.tmp --------- 16384  
 18.10.2010 21:13     C:\Users\***\AppData\Local\Temp\STS516A.tmp --------- 132  
 18.10.2010 21:13     C:\Users\***\AppData\Local\Temp\~DF238F.tmp --------- 16384  
 18.10.2010 21:12     C:\Users\***\AppData\Local\Temp\MAR8382.tmp --------- 1285  
 18.10.2010 21:12     C:\Users\***\AppData\Local\Temp\MAR7E53.tmp --------- 1342  
 18.10.2010 21:11     C:\Users\***\AppData\Local\Temp\~DF338F.tmp --------- 16384  
 18.10.2010 17:33     C:\Users\***\AppData\Local\Temp\STS4431.tmp --------- 132  
 18.10.2010 17:33     C:\Users\***\AppData\Local\Temp\~DFBD88.tmp --------- 16384  
 18.10.2010 17:32     C:\Users\***\AppData\Local\Temp\MAR6BAE.tmp --------- 1285  
 18.10.2010 17:32     C:\Users\***\AppData\Local\Temp\MAR5D0E.tmp --------- 1342  
 18.10.2010 17:31     C:\Users\***\AppData\Local\Temp\~DF42B9.tmp --------- 16384  
 17.10.2010 12:50     C:\Users\***\AppData\Local\Temp\STSE984.tmp --------- 132  
 17.10.2010 12:49     C:\Users\***\AppData\Local\Temp\~DF4AED.tmp --------- 16384  
 17.10.2010 12:49     C:\Users\***\AppData\Local\Temp\MAR3D8D.tmp --------- 1285  
 17.10.2010 12:49     C:\Users\***\AppData\Local\Temp\MAR26C1.tmp --------- 1342  
 17.10.2010 12:48     C:\Users\***\AppData\Local\Temp\~DFA7FB.tmp --------- 16384  
 16.10.2010 15:54     C:\Users\***\AppData\Local\Temp\STS4940.tmp --------- 132  
 16.10.2010 15:54     C:\Users\***\AppData\Local\Temp\~DFA863.tmp --------- 16384  
 16.10.2010 15:53     C:\Users\***\AppData\Local\Temp\~DFD65.tmp --------- 16384  
 16.10.2010 15:53     C:\Users\***\AppData\Local\Temp\MARCD3F.tmp --------- 1285  
 16.10.2010 15:53     C:\Users\***\AppData\Local\Temp\MARBF97.tmp --------- 1342  
 15.10.2010 19:28     C:\Users\***\AppData\Local\Temp\STS34C6.tmp --------- 132  
 15.10.2010 19:27     C:\Users\***\AppData\Local\Temp\~DF8D3B.tmp --------- 16384  
 15.10.2010 19:27     C:\Users\***\AppData\Local\Temp\~DFEEB9.tmp --------- 16384  
 15.10.2010 19:27     C:\Users\***\AppData\Local\Temp\MARFDEE.tmp --------- 1285  
 15.10.2010 19:27     C:\Users\***\AppData\Local\Temp\MARF890.tmp --------- 1342  
 14.10.2010 20:02     C:\Users\***\AppData\Local\Temp\STS4D65.tmp --------- 132  
 14.10.2010 20:02     C:\Users\***\AppData\Local\Temp\~DF277.tmp --------- 16384  
 14.10.2010 20:01     C:\Users\***\AppData\Local\Temp\MAR5ABD.tmp --------- 1285  
 14.10.2010 20:01     C:\Users\***\AppData\Local\Temp\MAR4E1F.tmp --------- 1342  
 14.10.2010 20:00     C:\Users\***\AppData\Local\Temp\~DFA005.tmp --------- 16384  
 13.10.2010 17:44     C:\Users\***\AppData\Local\Temp\STS8AB2.tmp --------- 132  
 13.10.2010 17:44     C:\Users\***\AppData\Local\Temp\~DFF58F.tmp --------- 16384  
 13.10.2010 17:44     C:\Users\***\AppData\Local\Temp\MAR2E13.tmp --------- 1285  
 13.10.2010 17:44     C:\Users\***\AppData\Local\Temp\MAR2941.tmp --------- 1342  
 13.10.2010 17:43     C:\Users\***\AppData\Local\Temp\~DFCC92.tmp --------- 16384  
 12.10.2010 20:08     C:\Users\***\AppData\Local\Temp\au-descriptor-1.6.0_22-b04.xml --------- 7771  
 12.10.2010 20:07     C:\Users\***\AppData\Local\Temp\STS77EE.tmp --------- 132  
 12.10.2010 20:07     C:\Users\***\AppData\Local\Temp\~DFDAB4.tmp --------- 16384  
 12.10.2010 20:06     C:\Users\***\AppData\Local\Temp\MARD4EB.tmp --------- 1285  
 12.10.2010 20:06     C:\Users\***\AppData\Local\Temp\MARC705.tmp --------- 1342  
 12.10.2010 20:03     C:\Users\***\AppData\Local\Temp\~DFA724.tmp --------- 16384  
 11.10.2010 17:37     C:\Users\***\AppData\Local\Temp\STS7713.tmp --------- 132  
 11.10.2010 17:36     C:\Users\***\AppData\Local\Temp\~DF724D.tmp --------- 16384  
 11.10.2010 17:36     C:\Users\***\AppData\Local\Temp\MAR8805.tmp --------- 1285  
 11.10.2010 17:35     C:\Users\***\AppData\Local\Temp\MAR819D.tmp --------- 1342  
 11.10.2010 17:33     C:\Users\***\AppData\Local\Temp\~DF3AE9.tmp --------- 16384  
 10.10.2010 20:00     C:\Users\***\AppData\Local\Temp\STS76F4.tmp --------- 132  
 10.10.2010 20:00     C:\Users\***\AppData\Local\Temp\~DF17FF.tmp --------- 16384  
 10.10.2010 19:59     C:\Users\***\AppData\Local\Temp\MAR5042.tmp --------- 1285  
 10.10.2010 19:59     C:\Users\***\AppData\Local\Temp\MAR2CBA.tmp --------- 1342  
 10.10.2010 19:57     C:\Users\***\AppData\Local\Temp\~DFBFD5.tmp --------- 16384  
 10.10.2010 11:26     C:\Users\***\AppData\Local\Temp\STS4D94.tmp --------- 132  
 10.10.2010 11:26     C:\Users\***\AppData\Local\Temp\~DF83E5.tmp --------- 16384  
 10.10.2010 11:25     C:\Users\***\AppData\Local\Temp\MAR3497.tmp --------- 1285  
 10.10.2010 11:25     C:\Users\***\AppData\Local\Temp\MAR2950.tmp --------- 1342  
 10.10.2010 11:23     C:\Users\***\AppData\Local\Temp\~DFC713.tmp --------- 16384  
 09.10.2010 17:16     C:\Users\***\AppData\Local\Temp\STSBC3E.tmp --------- 132  
 09.10.2010 17:16     C:\Users\***\AppData\Local\Temp\~DF4B44.tmp --------- 16384  
 09.10.2010 17:15     C:\Users\***\AppData\Local\Temp\MARD02A.tmp --------- 1285  
 09.10.2010 17:15     C:\Users\***\AppData\Local\Temp\MARCB49.tmp --------- 1342  
 09.10.2010 17:14     C:\Users\***\AppData\Local\Temp\~DFFD8E.tmp --------- 16384  
 09.10.2010 14:31     C:\Users\***\AppData\Local\Temp\STS384F.tmp --------- 132  
 09.10.2010 14:31     C:\Users\***\AppData\Local\Temp\~DF5B34.tmp --------- 16384  
 09.10.2010 14:30     C:\Users\***\AppData\Local\Temp\MAR9685.tmp --------- 1285  
 09.10.2010 14:30     C:\Users\***\AppData\Local\Temp\MAR7EB0.tmp --------- 1342  
 09.10.2010 14:28     C:\Users\***\AppData\Local\Temp\~DFF557.tmp --------- 16384  
 08.10.2010 17:02     C:\Users\***\AppData\Local\Temp\STS8D.tmp --------- 132  
 08.10.2010 17:02     C:\Users\***\AppData\Local\Temp\~DFC2DB.tmp --------- 16384  
 08.10.2010 17:01     C:\Users\***\AppData\Local\Temp\~DF589C.tmp --------- 16384  
 08.10.2010 17:00     C:\Users\***\AppData\Local\Temp\MAR4B14.tmp --------- 1285  
 08.10.2010 17:00     C:\Users\***\AppData\Local\Temp\MAR3C92.tmp --------- 1342  
 07.10.2010 20:25     C:\Users\***\AppData\Local\Temp\STS872B.tmp --------- 132  
 07.10.2010 20:25     C:\Users\***\AppData\Local\Temp\~DFB740.tmp --------- 16384  
 07.10.2010 20:24     C:\Users\***\AppData\Local\Temp\MAR58DA.tmp --------- 1285  
 07.10.2010 20:24     C:\Users\***\AppData\Local\Temp\MAR52EF.tmp --------- 1342  
 07.10.2010 20:22     C:\Users\***\AppData\Local\Temp\~DF4E90.tmp --------- 16384  
 06.10.2010 16:10     C:\Users\***\AppData\Local\Temp\STS6F56.tmp --------- 132  
 06.10.2010 16:10     C:\Users\***\AppData\Local\Temp\~DF4F69.tmp --------- 16384  
 06.10.2010 16:10     C:\Users\***\AppData\Local\Temp\MARF5D3.tmp --------- 1285  
 06.10.2010 16:10     C:\Users\***\AppData\Local\Temp\MARD70C.tmp --------- 1342  
 06.10.2010 16:07     C:\Users\***\AppData\Local\Temp\~DF6648.tmp --------- 16384  
 05.10.2010 20:06     C:\Users\***\AppData\Local\Temp\STS4318.tmp --------- 132  
 05.10.2010 20:06     C:\Users\***\AppData\Local\Temp\~DF487D.tmp --------- 16384  
 05.10.2010 20:05     C:\Users\***\AppData\Local\Temp\MAR8BCB.tmp --------- 1285  
 05.10.2010 20:05     C:\Users\***\AppData\Local\Temp\MAR77EE.tmp --------- 1342  
 05.10.2010 20:02     C:\Users\***\AppData\Local\Temp\~DF3A06.tmp --------- 16384  
 04.10.2010 17:59     C:\Users\***\AppData\Local\Temp\STS9CBC.tmp --------- 132  
----------------------------------------

 
C:\Program Files

 02.02.2011 16:32     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 02.02.2011 00:27     C:\Program Files\Mobile Partner --------- 40960  
 29.01.2011 19:24     C:\Program Files\Spyware Doctor --------- 28672  
 29.01.2011 19:24     C:\Program Files\Common Files --------- 4096  
 29.01.2011 17:39     C:\Program Files\DivX --------- 8192  
 29.01.2011 14:51     C:\Program Files\WinRAR --------- 4096  
 23.01.2011 23:17     C:\Program Files\7-Zip --------- 4096  
 14.01.2011 00:26     C:\Program Files\Conduit --------- 0  
 14.01.2011 00:26     C:\Program Files\ConduitEngine --------- 4096  
 14.01.2011 00:26     C:\Program Files\Elf_1.13 --------- 4096  
 07.01.2011 23:23     C:\Program Files\FinalTorrent --------- 4096  
 07.01.2011 23:23     C:\Program Files\Yahoo --------- 0  
 07.01.2011 23:23     C:\Program Files\Surf Canyon --------- 4096  
 07.01.2011 23:23     C:\Program Files\PriceGong --------- 0  
 06.01.2011 13:05     C:\Program Files\ICQ7.2 --------- 16384  
 30.12.2010 20:11     C:\Program Files\Picasa2 --------- 4096  
 15.12.2010 20:45     C:\Program Files\Windows Mail --------- 4096  
 15.12.2010 20:45     C:\Program Files\Internet Explorer --------- 4096  
 03.11.2010 19:07     C:\Program Files\ICQ6Toolbar --------- 4096  
 02.11.2010 21:33     C:\Program Files\InstallShield Installation Information --------- 12288  
 14.10.2010 19:48     C:\Program Files\Windows Media Player --------- 4096  
 14.08.2010 15:28     C:\Program Files\Movie Maker --------- 4096  
 26.06.2010 02:03     C:\Program Files\Microsoft.NET --------- 0  
 11.04.2010 02:08     C:\Program Files\Windows Portable Devices --------- 0  
 10.04.2010 02:39     C:\Program Files\Windows Calendar --------- 0  
 10.04.2010 02:39     C:\Program Files\Windows Sidebar --------- 4096  
 10.04.2010 02:39     C:\Program Files\Windows Collaboration --------- 4096  
 10.04.2010 02:39     C:\Program Files\Windows Journal --------- 4096  
 10.04.2010 02:39     C:\Program Files\Windows Photo Gallery --------- 4096  
 10.04.2010 02:39     C:\Program Files\Windows Defender --------- 4096  
 28.02.2010 13:12     C:\Program Files\JRE --------- 0  
 28.02.2010 13:12     C:\Program Files\OpenOffice.org 3 --------- 4096  
 28.02.2010 13:09     C:\Program Files\Java --------- 4096  
 04.02.2010 00:06     C:\Program Files\Google --------- 4096  
 03.01.2010 17:18     C:\Program Files\WexTech --------- 0  
 03.01.2010 17:14     C:\Program Files\Borland --------- 0  
 03.01.2010 17:14     C:\Program Files\Corel --------- 0  
 09.12.2009 19:33     C:\Program Files\Norton 360 --------- 16384  
 04.12.2009 21:54     C:\Program Files\Google BAE --------- 0  
 01.11.2009 13:00     C:\Program Files\Avira --------- 0  
 21.04.2009 10:09     C:\Program Files\HP --------- 4096  
 21.04.2009 10:00     C:\Program Files\Hewlett-Packard --------- 0  
 16.04.2009 23:37     C:\Program Files\S.N.Safe&Software --------- 0  
 15.04.2009 19:52     C:\Program Files\Enigma Software Group --------- 0  
 19.03.2009 20:48     C:\Program Files\desktop.ini --------- 174  
 08.03.2009 16:35     C:\Program Files\EA GAMES --------- 0  
 18.02.2009 23:43     C:\Program Files\Lexware --------- 0  
 18.02.2009 23:40     C:\Program Files\Haufe --------- 0  
 15.02.2009 18:54     C:\Program Files\YOU DON'T KNOW JACK© 3 - Abw„rts --------- 4096  
 15.02.2009 18:45     C:\Program Files\DAEMON Tools Toolbar --------- 4096  
 15.02.2009 18:45     C:\Program Files\DAEMON Tools Lite --------- 4096  
 21.12.2008 23:54     C:\Program Files\TT-Viewer --------- 4096  
 21.12.2008 14:52     C:\Program Files\D-Link --------- 0  
 19.12.2008 23:18     C:\Program Files\Xvid --------- 4096  
 10.12.2007 03:45     C:\Program Files\Symantec --------- 0  
 10.12.2007 03:40     C:\Program Files\Sony --------- 8192  
 10.12.2007 03:39     C:\Program Files\InterVideo --------- 0  
 10.12.2007 03:32     C:\Program Files\Sony Corporation --------- 0  
 10.12.2007 03:29     C:\Program Files\Roxio --------- 4096  
 22.11.2007 11:14     C:\Program Files\Skype --------- 0  
 22.11.2007 11:11     C:\Program Files\Microsoft Small Business --------- 0  
 22.11.2007 11:11     C:\Program Files\Microsoft Office --------- 4096  
 22.11.2007 11:09     C:\Program Files\Microsoft SQL Server --------- 0  
 22.11.2007 11:08     C:\Program Files\BFG --------- 0  
 22.11.2007 11:07     C:\Program Files\Adobe --------- 0  
 22.11.2007 11:07     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 8192  
 22.11.2007 11:05     C:\Program Files\Microsoft Works --------- 4096  
 22.11.2007 11:05     C:\Program Files\Microsoft Visual Studio --------- 0  
 22.11.2007 09:53     C:\Program Files\Apoint --------- 4096  
 22.11.2007 09:52     C:\Program Files\CONEXANT --------- 0  
 22.11.2007 09:43     C:\Program Files\Realtek --------- 0  
 22.11.2007 09:38     C:\Program Files\Intel --------- 0  
 22.11.2007 09:14     C:\Program Files\MSXML 4.0 --------- 0  
 21.11.2007 16:19     C:\Program Files\Windows NT --------- 4096  
 21.11.2007 16:19     C:\Program Files\Gemeinsame Dateien --------- 0  
 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 13:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 13:37     C:\Program Files\MSBuild --------- 0  
 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

***    
desktop.ini    
Administrator    
Default    
All Users    
Default User    
Public    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

::1 	localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        21.272 K
smss.exe                       460 Services                   0           584 K
csrss.exe                      528 Services                   0         4.680 K
wininit.exe                    580 Services                   0         3.348 K
csrss.exe                      588 Console                    1         8.660 K
services.exe                   628 Services                   0         6.076 K
lsass.exe                      640 Services                   0         1.916 K
lsm.exe                        652 Services                   0         3.648 K
winlogon.exe                   700 Console                    1         4.864 K
svchost.exe                    860 Services                   0         5.804 K
svchost.exe                    944 Services                   0         6.292 K
svchost.exe                    984 Services                   0        39.280 K
svchost.exe                   1084 Services                   0        10.764 K
svchost.exe                   1120 Services                   0        69.800 K
svchost.exe                   1164 Services                   0        23.816 K
audiodg.exe                   1264 Services                   0        12.696 K
svchost.exe                   1288 Services                   0         4.204 K
SLsvc.exe                     1308 Services                   0         3.876 K
svchost.exe                   1364 Services                   0        10.416 K
svchost.exe                   1552 Services                   0        13.248 K
ccSvcHst.exe                  1672 Services                   0         4.312 K
spoolsv.exe                   1832 Services                   0         7.408 K
sched.exe                     1864 Services                   0           976 K
svchost.exe                   1888 Services                   0        12.112 K
avguard.exe                    504 Services                   0         2.216 K
svchost.exe                   1072 Services                   0         8.316 K
ICQ Service.exe               1400 Services                   0         5.004 K
iviRegMgr.exe                 1460 Services                   0         2.928 K
sqlservr.exe                   496 Services                   0        10.368 K
NSUService.exe                2064 Services                   0         8.784 K
avshadow.exe                  2072 Services                   0         3.452 K
svchost.exe                   2216 Services                   0         4.340 K
svchost.exe                   2248 Services                   0         5.832 K
VESMgr.exe                    2292 Services                   0         8.724 K
VCSW.exe                      2348 Services                   0         5.080 K
svchost.exe                   2400 Services                   0         3.384 K
SearchIndexer.exe             2436 Services                   0        17.976 K
XAudio.exe                    2488 Services                   0         2.292 K
YahooAUService.exe            2516 Services                   0         6.368 K
VzCdbSvc.exe                  2664 Services                   0         4.528 K
VzFw.exe                      2816 Services                   0         5.056 K
VESMgrSub.exe                 2868 Console                    1         7.372 K
WUDFHost.exe                  2984 Services                   0         4.340 K
SPMgr.exe                     4088 Console                    1         7.500 K
dwm.exe                       2112 Console                    1        52.764 K
taskeng.exe                    332 Console                    1        10.648 K
MSASCui.exe                   2684 Console                    1         7.372 K
Apoint.exe                    2912 Console                    1         5.028 K
ISBMgr.exe                    3204 Console                    1         5.056 K
GoogleDesktop.exe             1788 Console                    1         6.656 K
MarketingTools.exe            2316 Console                    1         3.240 K
ccApp.exe                     3528 Console                    1         2.124 K
hpwuSchd2.exe                 3232 Console                    1         2.672 K
avgnt.exe                     3604 Console                    1         3.736 K
jusched.exe                   3976 Console                    1         5.812 K
LxUpdateManager.exe           2080 Console                    1        12.696 K
DivXUpdate.exe                2056 Console                    1         8.276 K
DDMService.exe                2260 Console                    1         3.568 K
PicasaMediaDetector.exe       3160 Console                    1         4.296 K
LANUtil.exe                   2096 Console                    1         8.684 K
GoogleToolbarNotifier.exe     3460 Console                    1         4.672 K
ehtray.exe                    3964 Console                    1         1.168 K
wmpnscfg.exe                  3588 Console                    1         4.040 K
wmpnetwk.exe                  1384 Services                   0         9.392 K
Remind32.exe                  1036 Console                    1         2.460 K
alarm.exe                     3512 Console                    1         5.728 K
dad9.exe                      2580 Console                    1         5.616 K
hpqtra08.exe                  3644 Console                    1         8.820 K
rundll32.exe                  1048 Console                    1         4.856 K
soffice.exe                   4080 Console                    1         2.332 K
ehmsas.exe                    4136 Console                    1         3.840 K
ApMsgFwd.exe                  4536 Console                    1         2.516 K
ApntEx.exe                    4736 Console                    1         3.148 K
soffice.bin                   4796 Console                    1         8.620 K
hpqste08.exe                  4876 Console                    1        13.012 K
taskeng.exe                   5880 Console                    1         4.132 K
sdclt.exe                     5576 Console                    1         7.544 K
svchost.exe                   5848 Services                   0         4.844 K
symlcsvc.exe                  1244 Services                   0           316 K
svchost.exe                   3888 Services                   0         3.468 K
mobsync.exe                   5504 Console                    1         6.616 K
explorer.exe                  5240 Console                    1        51.724 K
WinRAR.exe                    3536 Console                    1        13.180 K
SearchProtocolHost.exe        5692 Services                   0         8.140 K
SearchFilterHost.exe          4564 Services                   0         5.116 K
cmd.exe                        832 Console                    1         3.580 K
conime.exe                    5160 Console                    1         3.388 K
dllhost.exe                   5468 Console                    1         4.140 K
tasklist.exe                  5716 Console                    1         4.636 K
WmiPrvSE.exe                  3908 Services                   0         5.688 K

 
***** Ende des Scans 04.02.2011 um 13:55:22,24 ***

zu 6.

Code:

ATTFilter

2007 Microsoft Office system	Microsoft Corporation	21.11.2007	491MB	12.0.4518.1014
7-Zip 9.20		22.01.2011	3,54MB	
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	16.12.2008	14,0MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	20.11.2010		10.1.102.64
Adobe Reader 8.1.0 - Deutsch	Adobe Systems Incorporated	21.11.2007	99,5MB	8.1.0
AirPlus G	D-Link	20.12.2008	0,83MB	1.0.22
Alps Pointing-device for VAIO		21.11.2007	2,78MB	
AnswerWorks Runtime		02.01.2010	4,00KB	
Atlantis - Sky Patrol (remove only)		16.12.2008	54,6MB	
Avira AntiVir Personal - Free Antivirus	Avira GmbH	15.01.2011	158,1MB	10.0.0.609
Big Fish Games Center		16.12.2008	139,9MB	
Big Fish Games Sudoku (remove only)		16.12.2008	139,9MB	
Browser Address Error Redirector		16.12.2008		
Business Contact Manager für Outlook 2007	Microsoft Corporation	21.11.2007	29,0MB	3.0.5828.0
CCleaner	Piriform	03.02.2011	3,48MB	3.03
Click to Disc	Sony Corporation	09.12.2007	62,1MB	1.0.00.11080
Click to Disc Editor	Sony Corporation	09.12.2007	155,4MB	1.0.00
Conduit Engine	Conduit Ltd.	13.01.2011	4,23MB	
Corel Applications		02.01.2010		
DAEMON Tools Toolbar	DT Soft Ltd	14.02.2009	2,84MB	1.0.7.0088
DivX Converter	DivX, Inc.	28.01.2011	52,6MB	6.5
DivX-Setup	DivX, LLC	28.01.2011	3,14MB	2.3.0.20
Elf 1.13 Toolbar	Elf 1.13	13.01.2011	4,30MB	6.3.0.26
FinalTorrent 2010	Bitberry Software	06.01.2011	6,41MB	
Google Desktop	Google	20.08.2010	18,1MB	5.9.1005.12335
Google Earth	Google	21.11.2007	33,3MB	4.2.198.2451
Google Talk (remove only)		16.12.2008	3,71MB	
Google Toolbar for Internet Explorer	Google Inc.	01.12.2010	7,48MB	6.6.1124.846
Haufe iDesk-Browser	Haufe	17.02.2009	18,7MB	8.07.16.5590
Haufe iDesk-Service	Haufe	17.02.2009	44,9MB	8.08.20.5622
HDAUDIO SoftV92 Data Fax Modem with SmartCP		21.11.2007	1,02MB	
HP Customer Participation Program 8.0	HP	20.04.2009	210MB	8.0
HP Imaging Device Functions 8.0	HP	20.04.2009	2,46MB	8.0
HP OCR Software 8.0	HP	20.04.2009	2,45MB	8.0
HP Photosmart Essential	HP	20.04.2009	10,2MB	1.12.0.46
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B	HP	20.04.2009	42,0MB	8.0
HP Solution Center 8.0	HP	20.04.2009	2,45MB	8.0
HP Update	Hewlett-Packard	20.04.2009	3,57MB	4.000.005.006
HPSSupply	Ihr Firmenname	20.04.2009	0,96MB	2.1.3.0000
ICQ Toolbar	ICQ	20.12.2008		3.0.0
ICQ7.2	ICQ	01.11.2010	51,7MB	7.2
Java(TM) 6 Update 18	Sun Microsystems, Inc.	27.02.2010	97,1MB	6.0.180
Java(TM) 6 Update 2	Sun Microsystems, Inc.	21.11.2007	168,1MB	1.6.0.20
Lexware Info Service	Lexware GmbH & Co. KG	10.04.2010	10,4MB	2.61.00.0033
LiveUpdate 3.2 (Symantec Corporation)	Symantec Corporation	16.12.2008	13,8MB	3.2.0.43
Mahjong Towers Eternity EU (remove only)		16.12.2008	15,7MB	
Malwarebytes' Anti-Malware	Malwarebytes Corporation	01.02.2011	4,82MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	14.02.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	11.02.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	08.01.2011	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	08.01.2011	24,5MB	4.0.30319
Microsoft Office 2003 Web Components	Microsoft Corporation	21.11.2007	21,7MB	11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies	Microsoft Corporation	21.11.2007	7,23MB	12.0.4518.1014
Microsoft Office Small Business Connectivity Components	Microsoft Corporation	21.11.2007	0,15MB	2.0.7024.0
Microsoft SQL Server 2005	Microsoft Corporation	21.11.2007	42,6MB	
Microsoft SQL Server Native Client	Microsoft Corporation	21.11.2007	2,59MB	9.00.2047.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	21.11.2007	0,68MB	9.00.2047.00
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.02.2009	0,41MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	31.10.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.01.2011	0,58MB	9.0.30729.4148
Mobile Partner	Huawei Technologies Co.,Ltd	01.02.2011	25,6MB	16.002.03.01.40
Move Media Player	Move Networks	08.03.2010		
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	21.11.2007	47,00KB	4.20.9841.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	21.11.2007	1,28MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	21.12.2008	34,00KB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	21.12.2008	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	27.11.2009	1,34MB	4.20.9876.0
Mystery Case Files - Prime Suspects (remove only)		16.12.2008	39,4MB	
Need for Speed™ Most Wanted		07.03.2009	2.913MB	
Norton 360 (Symantec Corporation)	Symantec Corporation	16.12.2008	47,2MB	1.2.0.10
NVIDIA Drivers		17.03.2009		
OpenMG Limited Patch 4.7-07-15-19-01		16.12.2008		
OpenMG Secure Module 4.7.00	Sony Corporation	09.12.2007		4.7.00.12140
OpenOffice.org 3.2	OpenOffice.org	27.02.2010	371MB	3.2.9483
Picasa 3	Google, Inc.	29.12.2010	93,6MB	3.8
PriceGong 2.1.0	PriceGong	06.01.2011	0,75MB	2.1.0
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	21.11.2007	15,3MB	6.0.1.5449
Registry Reviver	ReviverSoft	03.02.2011	26,4MB	
Roxio Easy Media Creator Home	Roxio	09.12.2007	75,2MB	9.1.095
Setting Utility Series	Sony Corporation	21.11.2007	17,9MB	3.1.00.09240
Skype™ 3.5	Skype Technologies S.A.	21.11.2007	31,9MB	3.5.234
Sony Video Shared Library	Sony Corporation	09.12.2007	3,95MB	3.3.00
Steuer 2008	Lexware	17.02.2009	146,6MB	15.00.00.0033
Steuer 2009	Lexware GmbH & Co. KG	10.04.2010	359MB	16.00.00.0039
Steuer Hilfesammlung	Haufe Mediengruppe	17.02.2009	114,8MB	15.0.0.0
Surf Canyon Search Engine Assistant	Surf Canyon	06.01.2011	0,31MB	3.1.2
Technotrend Viewer	CM&V	20.12.2008	10,3MB	
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	21.11.2007	23,2MB	9.00.2047.00
VAIO Content Folder Setting	Sony Corporation	09.12.2007	6,69MB	1.0.01.09270
VAIO Content Metadata Intelligent Analyzing Manager	Sony Corporation	09.12.2007	13,6MB	2.1.00.09284
VAIO Content Metadata Manager Setting	Sony Corporation	09.12.2007	2,85MB	2.1.00.09281
VAIO Content Metadata XML Interface Library	Sony Corporation	09.12.2007	1,54MB	2.1.00.09202
VAIO Control Center	Sony Corporation	21.11.2007	1,41MB	2.1.00.09190
VAIO Data Restore Tool	Sony Corporation	09.12.2007	6,50MB	1.0.03.10030
VAIO DVD Menu Data Basic	Sony Corporation	09.12.2007	543MB	1.0.00.08130
VAIO Entertainment Platform	Sony Corporation	09.12.2007	16,5MB	3.0.00.06280
VAIO Event Service	Sony Corporation	21.11.2007	5,75MB	3.3.00.11020
VAIO Launcher	Sony Corporation	09.12.2007	5,81MB	1.1.00.09190
Vaio Marketing Tools	Sony	16.12.2008	0,34MB	
VAIO Media 6.0	Sony Corporation	09.12.2007	8,98MB	6.0.10
VAIO Media AC3 Decoder 1.0		16.12.2008	0,79MB	
VAIO Media Content Collection 6.0	Sony Corporation	09.12.2007	30,1MB	
VAIO Media Integrated Server 6.1	Sony Corporation	09.12.2007	30,1MB	
VAIO Media Redistribution 6.0	Sony Corporation	09.12.2007	37,5MB	6.0.10
VAIO Media Registration Tool 6.0	Sony Corporation	09.12.2007	2,09MB	6.0.10
VAIO Movie Story	Sony Corporation	09.12.2007	48,6MB	1.1.00.10160
VAIO Movie Story Template Data	Sony Corporation	09.12.2007	401MB	1.1.00.09281
VAIO MusicBox	Sony Corporation	09.12.2007	11,2MB	1.1.01.09240
VAIO MusicBox Sample Music	Sony Corporation	09.12.2007	0,54MB	1.0.01.09210
VAIO Original Function Setting	Sony Corporation	09.12.2007	5,29MB	1.2.00.11100
VAIO Power Management	Sony Corporation	21.11.2007	12,4MB	2.3.01.10310
VAIO Smart Network	Sony Corporation	09.12.2007	24,2MB	1.2.00.09200
VAIO Update 3	Sony Corporation	09.12.2007	3,60MB	3.0.02.05280
VAIO Wallpaper Contents	Sony Corporation	21.11.2007	116,6MB	1.0.00.09200
Virtual Villagers (remove only)		16.12.2008	20,0MB	
WinDVD for VAIO	InterVideo Inc.	09.12.2007	95,7MB	8.0-B8.411
WinRAR		28.01.2011	3,79MB	
Xvid 1.1.3 final uninstall	Xvid team (Koepi)	18.12.2008	0,77MB	1.1
Yahoo! Software Update		06.01.2011	0,68MB	
Yahoo! Toolbar		06.01.2011	5,20MB	
YOU DON'T KNOW JACK® 3 - Abwärts!		14.02.2009	167,0MB

so jetzt habe ich alle Files angehängt.
Vielen Dank für deine Hilfe.
Wie geht es jetzt weiter?

Gruß Chaos

kira · 04.02.2011, 16:45

1.
- zwei gleichzeitig installierte und aktivierte Antivirenprogramme: AntiVir PersonalEdition Classic & Norton Anti-Virus
- Beide Scanner haben nämlich nur ein Ziel, dein System sinnvoll gegen Schädlingen zu prüfen/schützen.
Da aber laufen beide parallel, sie behindern sich gegenseitig und auch eine eine gewaltige Belastung für dein System! Die Folge kann ein Crash sein, oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Mehr AV Programme bedeutet nicht mehr Sicherheit!
Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen!!

Falls Du für Avira entscheidest:
Norton Antivirus vollständig zu deinstallieren - gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen
oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de

2.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
→ Tipps für die Suche nach Dateien

Code:

ATTFilter

C:\Users\***\AppData\Roaming\Libxml\packres.exe

→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:

Code:

ATTFilter

File name: 
<<Dateiname>>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
    
VT Community

goodware/badware
 Safety score: 100.0% 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.22.00    2010.10.21    -
AntiVir    7.10.13.15    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.22    -
Authentium    5.2.0.5    2010.10.22    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
usw........

...über 40 Virenscannern...also Geduld!!

3.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

R3 - URLSearchHook: (no name) - - (no file)

4.

Zitat:

**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.

alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
gib in der Suchleiste unter dem Windows Start Button folgendes ein:

Code:

ATTFilter

 %temp%

Inhalt markieren und löschen:
- anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

chaos2009 · 07.02.2011, 22:16

Hallo

Danke schon jetzt für die guten Arbeitsanweisungen.

zu 1. Ich habe mit der angegebenen Software Norten deinstalliert. Was auch funktioniert hat laut diesem Programm.

zu 2. entweder ich bin zu ungeduldig aber auch nach einer halben Stunde hat sich nichts getan. Unten links beim Internet Explorer war ein gelbes Dreieck mit Fehler immer eingeblendet.

zu 3. konnte ich ohne Probleme ausführen

zu 4. Temp dateien habe ich alle gelöscht und den Papierkorp gelert.

zu. 5. CCleaner habe ich ausgeführ wie es beschrieben wurde und das System ohne Probleme neugestartet

zu 6. im neuen Thread.

Vielen Dank für die Hilfe und das super Forum ihr seit klasse

chaos2009 · 07.02.2011, 22:19

zu 6.

[code]

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:15:18, on 07.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Anni\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13585 bytes

--- --- ---

wie geht es denn jetzt weiter? kann man das system nochmals wiederbeleben ohne neuinstallation?
Vielen dank für die Hilfe
Gruß chaos

chaos2009 · 07.02.2011, 23:05

Nachtrag
zu 2. Antivir hat es als malware erkannt und ich habe es dann löschen lassen.

chaos2009 · 07.02.2011, 23:34

Ich habe Malware noch upgedatet und folgenden Log bekommen

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5706

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

07.02.2011 23:31:06
mbam-log-2011-02-07 (23-31-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 282399
Laufzeit: 1 Stunde(n), 8 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Vielen Dank für die Hilfe

kira · 08.02.2011, 08:44

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O4 - HKCU\..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe

2.
Einiges solltest deinstallieren, oder/und mit HJT fixen, entweder weil sie "Browser/Systembremser", oder eben wegen ihrer Spionagetechnologie unerwünscht sind bzw stellt für das System Risiko dar (Toolbars sind meistens nicht nötig):
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):

Code:

ATTFilter

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 23 schon fällig!)

4.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

5.
Adobe Reader aktualisieren :
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

6.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!

`Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
`Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
für jedes Benutzerkonto bitte durchführen
anschließend den Papierkorb leeren

7.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

8.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

9.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

** Gibt es weitere Auffälligkeiten/Probleme mit dem Rechner?

chaos2009 · 14.02.2011, 19:40

Hallo
vielen dank für die hilfreichen Arbeitsanleitungen und Arbeitsschritte.
Ich habe alle Punkte abgearbeitet mit folgendem Ergebnis.

zu 1. diesen Punkt habe ich nicht mehr gefunden nachdem Antivir es als Malware entdeckt hat. Ich habe das Logfile nochmals angehängt.

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:48:38, on 13.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Anni\Desktop\HijackThis.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 13574 bytes

--- --- ---

zu 2. Ich habe die Punkte die ich noch gefunden habe fixen lassen. Vorher habe ich diverse Toolbaren deinstalliert.

zu 3 - 6. Diese Schritte habe ich durchgeführt ohne Probleme.

zu 7. Das System ist wieder ohne Probleme gestartet.

zu 8. Der online Suchlauf hat keine Bedrohung festgestellt.

zu 9. Das Logfile von Hijackthis

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:19:31, on 14.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Users\Anni\Desktop\HijackThis.exe
C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 11798 bytes

--- --- ---

So finde ich persönlich den Rechner von der Freundin etwas langsam, es hat sich aber durch die Aktionen schon sehr viel verbessert.
Die Reaktionszeit bis sich ein Programm öffnet ist auch manchmal nichts für meine Geduld.

Vielen lieben Dank für die hilfe.
Ist der Rechner nun wieder sauber?
Was gibts noch zu tun?

Gruß chaos

kira · 17.02.2011, 03:47

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

O18 - Protocol: haufereader - (no CLSID) - (no file)

2.
Empfehlungen/Vorschläge:
Wie lange dauert die Startvorgang? Wenn du auf der Stelle ein schnelleres System haben möchtest:
- Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
- Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
"Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK
it-academy.cc
Laden von Programmen beim Start von Windows Vista verhindern
- Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
- Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
- Falls Du mal brauchst, manueller Start jederzeit möglich
- Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound

Da es ist immer Benutzerspezifisch, ein allgemein gültiges Rezept gibt es nicht, finde über Google die Grundfunktionen der einzelnen Programme heraus!
Gleich ein paar Vorschläge:

Code:

ATTFilter

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

3.
mit HijackThis fixen:

Code:

ATTFilter

 08-09 und 018 Einträge - alle
016 auch - sind ActiveX Komponente, bei Bedarf wird erneut installiert, ansonsten sind nur Risikofaktoren:-> Warum ist Active X gefährlich?

4.
auch mit HijackThis fixen:

Code:

ATTFilter

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

5.
- Überflüssige Dienste belasten nur den Prozessor und Arbeitsspeicher, daher ist es empfehlenswert solche Dienste ganz einfach abschalten:

Code:

ATTFilter

O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

- unter `Systemsteuerung - Verwaltung - Dienste oder "Ausführen"-> gibst Du in das Dialogfenster den Befehl services.msc -> Ok
mit der rechten Maustaste auf den Dienstnamen klicken→ wähle `Eigenschaften`→ `Starttyp`→ Deaktiviert, damit wird der Dienst ruhiggestellt. Den Dienst erst dann nur starten, wenn ein Programm ihn benötigt.
- auf keinen Fall Grafiktreibers, Firewall und Anti-Viren-Programmen abschalten!!
! Ich würde an eurer Stelle fleißig nach Sony/Vaio-Funktionen suchen und was nicht unbedingt nötig deaktivieren

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

chaos2009 · 26.02.2011, 16:10

Hallo Coverflow

danke nochmals für deine Hilfe und die Zeit die du für mich inverstiertst.

Punkte 1, 3-6 habe ich durchgeführt und keine Probleme damit gehabt.

zu Punkt zwei ich habe die Software nachgeschaut und meine Bekannte meinte sie benötigt diese. Genau so hat sich mich auch keine VIO Service ausschalten lassen. Sie findet ihren PC nicht zu langsam.

Meinst du, dass nach dem letzten Scan der PC wieder fit ist?

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:54:09, on 26.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Anni\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\AAVUpdateManager\aavus.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10820 bytes

--- --- ---

Sorry nochmal dass ich mich erst jetzt wieder gemeldet habe aber ich bekomme irgendwie keine Emails wenn du einen neuen Beitrag geschrieben hast.
Tut mir leid für diese Zeitverzögerung.
Sind noch Schritte durchzuführen oder darf Sie mit Ihrem PC wieder ins Netz?

Gruß Chaos

kira · 27.02.2011, 09:05

Zitat:

Zitat von chaos2009

zu Punkt zwei ich habe die Software nachgeschaut und meine Bekannte meinte sie benötigt diese.

- Die Programme bleiben erhalten, nur laufen nicht ständig mit! Also bis auf Vaio könnt ihr ganz ruhig die Anwendungen aus dem Autostart herausnehmen!

- Das Logfile welches du gepostet hast, ist alt:

Code:

ATTFilter

Scan saved at 13:42:51, on 04.02.2011

Du musst es löschen und ein neues erstellen, wichtig auch, dass Du als Admin das Tool HijackThis startest:
Rechtsklick auf HijackThis-> als Administrator auswählen

chaos2009 · 27.02.2011, 12:49

Hallo Coverflow,

vielen Dank für die schnelle Antwort.

Ich habe jetzt auch OpenOffice aus dem Autostart genommen und startet wenn man es benötigt akzeptabel.
Im Autostart ist noch ein Desktop.ini sonst ist der Ordner leer.

Zum log File bei mir steht oben folgendes.
Siehe mein Post vom 26.2.11 um 16:10

Code:

ATTFilter

Scan saved at 15:54:09, on 26.02.2011

Ich habe jetzt nochmal ein neues erstellt nach dem ich OO aus dem Autostart genommen habe hier folgendes log-File.

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:29, on 27.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Anni\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\AAVUpdateManager\aavus.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10580 bytes

--- --- ---

Ist der PC wieder fit??
Vielen Dank
Gruß Chaos2009

Bank Tans wurden abgefragt

Plagegeister aller Art und deren Bekämpfung: Bank Tans wurden abgefragt