Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bank Tans wurden abgefragt (https://www.trojaner-board.de/95316-bank-tans-wurden-abgefragt.html)

chaos2009 02.02.2011 16:54
Bank Tans wurden abgefragt
 
Hi Leute

auf dem Rechner von einer Freundin hat sich ein Trojaner eingeschlichen.
Er wollte dass sie 20 Tans eingibt.
Mit malwarebytes habe ich folgendes log file bekommen.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

02.02.2011 16:23:50
mbam-log-2011-02-02 (16-23-21)_anni

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155159
Laufzeit: 19 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 6
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntiSpyware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pro Antispyware 2009 4.7 (Rogue.ProAntiSpyware) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> No action taken.

Infizierte Verzeichnisse:
c:\programdata\solt lake software (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009 (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\BASE (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\DELETED (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\SAVED (Rogue.ProAntiSpyware) -> No action taken.

Infizierte Dateien:
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090414002452641.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090414002918449.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090414205235470.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090415183451737.log (Rogue.ProAntiSpyware) -> No action taken.
c:\programdata\solt lake software\pro antispyware 2009\LOG\20090416211141469.log (Rogue.ProAntiSpyware) -> No action taken.


dann habe ich noch mit OTL einen suchlauf erstellt und folgende logs bekommen.OTL Logfile:OTL Logfile:
Code:
OTL logfile created on: 02.02.2011 01:10:53 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = K:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,46 Gb Total Space | 152,09 Gb Free Space | 67,46% Space Free | Partition Type: NTFS
Drive J: | 614,91 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive K: | 465,11 Gb Total Space | 420,17 Gb Free Space | 90,34% Space Free | Partition Type: NTFS
 
Computer Name: ANNI-PC | User Name: Anni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.24 20:36:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.12.14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 08:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.08.20 17:55:38 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.07 00:17:43 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.12.29 11:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\daemon.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.11.03 12:21:30 | 000,339,240 | ---- | M] (Lexware GmbH & Co. KG) -- C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.22 11:13:56 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Programme\Sony\Marketing Tools\MarketingTools.exe
PRC - [2007.10.31 13:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007.10.12 22:15:23 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2007.09.20 09:23:16 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\LANUtil.exe
PRC - [2007.09.20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\Network Utility\NSUService.exe
PRC - [2007.09.19 11:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ISB Utility\ISBMgr.exe
PRC - [2007.09.12 01:29:47 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Programme\Picasa2\PicasaMediaDetector.exe
PRC - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007.08.14 20:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007.06.10 01:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\Apoint.exe
PRC - [2007.06.10 01:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApntEx.exe
PRC - [2007.06.10 01:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\Apoint\ApMsgFwd.exe
PRC - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.04.14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [1999.08.24 09:56:30 | 000,225,280 | ---- | M] (Corel Corporation Limited) -- C:\Programme\Corel\WordPerfect Office 2000\programs\dad9.exe
PRC - [1999.08.24 09:56:26 | 000,241,664 | ---- | M] (Corel Corporation Limited) -- C:\Programme\Corel\WordPerfect Office 2000\programs\alarm.exe
PRC - [1998.07.23 09:51:26 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\Programme\Corel\WordPerfect Office 2000\Register\Remind32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.24 20:36:05 | 000,602,624 | ---- | M] (OldTimer Tools) -- K:\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.20 17:55:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.10 03:44:07 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.10.12 22:14:27 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.10.12 22:11:50 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.09.28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.09.20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007.09.20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.06.28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\xdG2dsG.sys -- (xdG2dsG)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.15 18:39:39 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.07 15:08:06 | 000,583,424 | ---- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ttusb2bda.sys -- (TTUSB2BDA)
DRV - [2007.12.10 03:45:43 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.11.16 01:20:10 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.25 01:03:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.10.25 01:03:42 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.10.25 01:03:40 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.10.25 01:03:40 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.10.25 01:03:31 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.12 22:15:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007.10.12 22:15:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007.10.12 22:15:04 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.10.12 22:15:04 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.10.12 22:15:04 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.10.12 22:14:57 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.10.08 01:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2007.10.08 01:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.10.08 01:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007.10.08 01:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVENG.SYS -- (NAVENG)
DRV - [2007.09.19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.09.19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.29 02:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.08.25 01:06:19 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.15 01:28:09 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.06.10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.05.26 09:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.29 17:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.29 17:35:30 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.04.15 19:53:07 | 000,000,721 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Programme\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 22:12:18 | 000,000,088 | ---- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{08164347-60d6-11df-bb6e-001a80b8c9e6}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell - "" = AutoRun
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell - "" = AutoRun
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell\AutoRun\command - "" = H:\Installieren!.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.02 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Malwarebytes
[2011.02.02 00:37:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.02 00:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.02 00:37:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.02 00:37:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.02 00:26:19 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.02.02 00:26:19 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.02.02 00:26:19 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2011.02.02 00:26:19 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.02.02 00:26:12 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011.02.02 00:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Partner
[2011.01.29 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Local
[2011.01.29 16:49:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.01.29 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.01.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\WinRAR
[2011.01.29 14:51:03 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.01.29 01:53:31 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Avira
[2011.01.23 23:17:33 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.01.22 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Libxml
[2011.01.14 00:26:53 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Yahoo
[2011.01.14 00:26:46 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2011.01.14 00:26:40 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2011.01.14 00:26:37 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Conduit
[2011.01.14 00:26:36 | 000,000,000 | ---D | C] -- C:\Programme\Elf_1.13
[2011.01.11 21:35:42 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 21:35:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\Documents\My Downloads
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\FinalTorrent
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\PackageAware
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Programme\FinalTorrent
[2011.01.07 23:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011.01.07 23:23:28 | 000,000,000 | ---D | C] -- C:\Programme\Surf Canyon
[2011.01.07 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\PriceGong
[2011.01.07 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011.01.07 23:23:11 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Yahoo!
[2011.01.07 23:23:10 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.02 00:43:02 | 000,703,736 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.02 00:43:02 | 000,658,034 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.02 00:43:02 | 000,158,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.02 00:43:02 | 000,128,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.02 00:37:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:27:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.02 00:26:27 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.02.02 00:21:09 | 000,056,088 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2011.02.02 00:20:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.29 19:55:33 | 000,041,984 | ---- | M] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 17:39:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | M] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | M] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.02 00:37:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:26:27 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | C] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.29 17:05:46 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | C] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2010.05.31 18:25:08 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.01.03 17:15:22 | 000,417,792 | ---- | C] () -- C:\Windows\System32\fxdb.dll
[2010.01.03 17:14:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\iduninst.dll
[2010.01.03 17:14:09 | 001,213,440 | ---- | C] () -- C:\Windows\System32\opengl.dll
[2010.01.03 17:14:08 | 000,315,904 | ---- | C] () -- C:\Windows\System32\glu.dll
[2010.01.03 17:14:08 | 000,154,624 | ---- | C] () -- C:\Windows\System32\glut.dll
[2009.08.08 13:12:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.21 09:48:08 | 000,002,641 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.02.15 18:39:39 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.12.19 23:18:52 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.19 23:18:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.17 21:42:36 | 000,041,984 | ---- | C] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.17 21:34:36 | 000,000,680 | ---- | C] () -- C:\Users\Anni\AppData\Local\d3d9caps.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2008.11.21 22:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.16 12:38:24 | 000,088,632 | ---- | C] () -- C:\Windows\System32\drivers\snsntfy.dll
[2007.12.10 03:35:25 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.12.10 03:19:10 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 
--- --- ---
SRV - [2010.12.13 08:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.13 08:39:19 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.20 17:55:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.10 03:44:07 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.10.12 22:15:27 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007.10.12 22:14:27 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.10.12 22:11:50 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.09.28 21:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.09.20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007.09.20 09:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007.08.28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007.08.28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007.08.14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.06.28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007.06.28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007.06.20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007.06.20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007.06.20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007.06.20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007.01.04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\xdG2dsG.sys -- (xdG2dsG)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.12.13 08:39:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 08:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.15 18:39:39 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.07 15:08:06 | 000,583,424 | ---- | M] (TechnoTrend AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ttusb2bda.sys -- (TTUSB2BDA)
DRV - [2007.12.10 03:45:43 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007.11.16 01:20:10 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.10.25 01:03:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.10.25 01:03:42 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007.10.25 01:03:40 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007.10.25 01:03:40 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007.10.25 01:03:31 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.12 22:15:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007.10.12 22:15:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007.10.12 22:15:04 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.10.12 22:15:04 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.10.12 22:15:04 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.10.12 22:14:57 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.10.08 01:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2007.10.08 01:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.10.08 01:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2007.10.08 01:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20071008.016\NAVENG.SYS -- (NAVENG)
DRV - [2007.09.19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.09.19 04:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.29 02:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.08.25 01:06:19 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.15 01:28:09 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.06.10 01:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.05.26 09:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.03.01 01:03:07 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.29 17:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.29 17:35:30 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.04.15 19:53:07 | 000,000,721 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Programme\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Elf 1.13 Toolbar) - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Elf 1.13 Toolbar) - {B80F591E-FE9A-46CF-A13E-180377240586} - C:\Programme\Elf_1.13\prxtbElf_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Anni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anni\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.18 22:12:18 | 000,000,088 | ---- | M] () - J:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{08164347-60d6-11df-bb6e-001a80b8c9e6}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe -- File not found
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell - "" = AutoRun
O33 - MountPoints2\{96ad7554-2e58-11e0-90cd-001de0d19057}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell - "" = AutoRun
O33 - MountPoints2\{daca53fd-fb87-11dd-a74a-001a80b8c9e6}\Shell\AutoRun\command - "" = H:\Installieren!.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.02 00:37:58 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Malwarebytes
[2011.02.02 00:37:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.02.02 00:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.02.02 00:37:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.02.02 00:37:24 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.02.02 00:26:19 | 000,113,664 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.02.02 00:26:19 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.02.02 00:26:19 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbdev.sys
[2011.02.02 00:26:19 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.02.02 00:26:12 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011.02.02 00:17:31 | 000,000,000 | ---D | C] -- C:\Programme\Mobile Partner
[2011.01.29 17:38:54 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Local
[2011.01.29 16:49:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.01.29 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.01.29 14:52:17 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\WinRAR
[2011.01.29 14:51:03 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.01.29 01:53:31 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Avira
[2011.01.23 23:17:33 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.01.22 15:38:30 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Libxml
[2011.01.14 00:26:53 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Yahoo
[2011.01.14 00:26:46 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2011.01.14 00:26:40 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2011.01.14 00:26:37 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\Conduit
[2011.01.14 00:26:36 | 000,000,000 | ---D | C] -- C:\Programme\Elf_1.13
[2011.01.11 21:35:42 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.11 21:35:35 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\Documents\My Downloads
[2011.01.07 23:24:10 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\FinalTorrent
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Local\PackageAware
[2011.01.07 23:23:46 | 000,000,000 | ---D | C] -- C:\Programme\FinalTorrent
[2011.01.07 23:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011.01.07 23:23:28 | 000,000,000 | ---D | C] -- C:\Programme\Surf Canyon
[2011.01.07 23:23:15 | 000,000,000 | ---D | C] -- C:\Programme\PriceGong
[2011.01.07 23:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011.01.07 23:23:11 | 000,000,000 | ---D | C] -- C:\Users\Anni\AppData\Roaming\Yahoo!
[2011.01.07 23:23:10 | 000,000,000 | ---D | C] -- C:\Programme\Yahoo!
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.02 00:43:02 | 000,703,736 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.02 00:43:02 | 000,658,034 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.02 00:43:02 | 000,158,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.02 00:43:02 | 000,128,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.02 00:37:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:27:05 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.02 00:26:27 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.02.02 00:21:09 | 000,056,088 | ---- | M] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2011.02.02 00:20:54 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.02 00:20:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.29 19:55:33 | 000,041,984 | ---- | M] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 17:39:21 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | M] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | M] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.02 00:37:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.02 00:26:27 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.01.29 17:39:17 | 000,001,393 | ---- | C] () -- C:\Users\Anni\Desktop\DivX Movies.lnk
[2011.01.29 17:17:52 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011.01.29 17:05:46 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011.01.07 23:23:48 | 000,000,852 | ---- | C] () -- C:\Users\Anni\Desktop\FinalTorrent.lnk
[2010.05.31 18:25:08 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010.01.03 17:15:22 | 000,417,792 | ---- | C] () -- C:\Windows\System32\fxdb.dll
[2010.01.03 17:14:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\iduninst.dll
[2010.01.03 17:14:09 | 001,213,440 | ---- | C] () -- C:\Windows\System32\opengl.dll
[2010.01.03 17:14:08 | 000,315,904 | ---- | C] () -- C:\Windows\System32\glu.dll
[2010.01.03 17:14:08 | 000,154,624 | ---- | C] () -- C:\Windows\System32\glut.dll
[2009.08.08 13:12:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.21 09:48:08 | 000,002,641 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.02.15 18:39:39 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.12.19 23:18:52 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.19 23:18:51 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.17 21:42:36 | 000,041,984 | ---- | C] () -- C:\Users\Anni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.17 21:34:36 | 000,000,680 | ---- | C] () -- C:\Users\Anni\AppData\Local\d3d9caps.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.dat
[2008.12.17 21:34:24 | 000,056,088 | ---- | C] () -- C:\Users\Anni\AppData\Roaming\nvModes.001
[2008.11.21 22:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.05.16 12:38:24 | 000,088,632 | ---- | C] () -- C:\Windows\System32\drivers\snsntfy.dll
[2007.12.10 03:35:25 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.12.10 03:19:10 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
 
< End of report >
--- --- ---

könnt ihr mir bitte weiterhelfen damit ich ihr den PC wieder säubere
Vielen Dank im voraus

kira 02.02.2011 22:25
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vB Code Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Sicherheitskonzept v. SETI@home/Punkt 1.
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird Gmer beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

4.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

5.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

6.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ "Download"→ " Download from FileHippo.com"
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow

chaos2009 04.02.2011 14:29
Hallo

danke schon jetzt für deine Hilfe.
Hier meine abgearbeiteten Schritte.
Zu 1.
Code:
GMER Logfile:

       
Code:

       
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-02-03 20:51:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: 1fbifgl6.exe; Driver: C:\Users\***\AppData\Local\Temp\kxldrpod.sys


---- System - GMER 1.0.15 ----

SSDT            93728988                                                                                               ZwAlertResumeThread
SSDT            93728A68                                                                                               ZwAlertThread
SSDT            93726C58                                                                                               ZwAllocateVirtualMemory
SSDT            91D72F58                                                                                               ZwConnectPort
SSDT            937286E8                                                                                               ZwCreateMutant
SSDT            93726E28                                                                                               ZwCreateThread
SSDT            93726A88                                                                                               ZwFreeVirtualMemory
SSDT            937287C8                                                                                               ZwImpersonateAnonymousToken
SSDT            937288A8                                                                                               ZwImpersonateThread
SSDT            93726988                                                                                               ZwMapViewOfSection
SSDT            93728608                                                                                               ZwOpenEvent
SSDT            93726D48                                                                                               ZwOpenProcessToken
SSDT            937266E8                                                                                               ZwOpenThreadToken
SSDT            936DE150                                                                                               ZwResumeThread
SSDT            93726608                                                                                               ZwSetContextThread
SSDT            937267C8                                                                                               ZwSetInformationProcess
SSDT            93728F90                                                                                               ZwSetInformationThread
SSDT            93728528                                                                                               ZwSuspendProcess
SSDT            93728BB0                                                                                               ZwSuspendThread
SSDT            93726EF8                                                                                               ZwTerminateProcess
SSDT            93728EB0                                                                                               ZwTerminateThread
SSDT            937268A8                                                                                               ZwUnmapViewOfSection
SSDT            93726B68                                                                                               ZwWriteVirtualMemory

INT 0x51        ?                                                                                                      8B876F00
INT 0x62        ?                                                                                                      8B876F00
INT 0x72        ?                                                                                                      89C1CBF8
INT 0x82        ?                                                                                                      89289BF8
INT 0x92        ?                                                                                                      89289BF8
INT 0xA2        ?                                                                                                      8B876F00
INT 0xA2        ?                                                                                                      8B876F00
INT 0xA2        ?                                                                                                      8B876F00
INT 0xB3        ?                                                                                                      8B876F00

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 11D                                                                          86EAF880 8 Bytes  [88, 89, 72, 93, 68, 8A, 72, ...] {MOV [ECX-0x75976c8e], CL; JB 0xffffffffffffff9b}
.text           ntkrnlpa.exe!KeSetEvent + 131                                                                          86EAF894 4 Bytes  [58, 6C, 72, 93] {POP EAX; INSB ; JB 0xffffffffffffff97}
.text           ntkrnlpa.exe!KeSetEvent + 1C1                                                                          86EAF924 4 Bytes  [58, 2F, D7, 91] {POP EAX; DAS ; XLATB ; XCHG ECX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 221                                                                          86EAF984 4 Bytes  [28, 6E, 72, 93] {SUB [ESI+0x72], CH; XCHG EBX, EAX}
.text           ntkrnlpa.exe!KeSetEvent + 335                                                                          86EAFA98 4 Bytes  [88, 6A, 72, 93] {MOV [EDX+0x72], CH; XCHG EBX, EAX}
.text           ...                                                                                                   
?               System32\Drivers\spnr.sys                                                                              Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                               section is writeable [0x90A09360, 0x35B0A2, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                  8CFA941B 5 Bytes  JMP 8B8764E0
.text           adigo6r3.SYS                                                                                           91796000 22 Bytes  [82, 33, 1C, 87, 6C, 32, 1C, ...]
.text           adigo6r3.SYS                                                                                           91796017 181 Bytes  [00, 32, C7, 99, 8C, 3D, C5, ...]
.text           adigo6r3.SYS                                                                                           917960CE 10 Bytes  [00, 00, 00, 00, 00, 00, 6A, ...]
.text           adigo6r3.SYS                                                                                           917960DA 12 Bytes  [00, 00, 02, 00, 00, 00, 25, ...]
.text           adigo6r3.SYS                                                                                           917960E7 714 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text           ...                                                                                                   

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                              [8C8936D2] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                               [8C893040] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                       [8C8937FC] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                              [8C8930BE] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                        [8C89313C] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                     [8C8A3048] \SystemRoot\System32\Drivers\spnr.sys
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortNotification]                             CC000CC2
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortWritePortUchar]                           83EC8B55
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortWritePortUlong]                           575320EC
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                       458DFF33
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]            8D5750FC
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetScatterGatherList]                     5750F845
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReadPortUchar]                            8957046A
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortStallExecution]                           75E8FC7D
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetParentBusType]                         BB0001E8
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortRequestCallback]                          000000EA
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                    850FC33B
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                     0000012B
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortCompleteRequest]                          0FFC7D39
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortMoveMemory]                               00012284
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                458D5600
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                   106A50F4
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                     38335668
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReadPortUshort]                           FC75FF36
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                     D1E85757
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortInitialize]                               8B0001E7
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortGetDeviceBase]                            1BDEF7F0
IAT             \SystemRoot\System32\Drivers\adigo6r3.SYS[ataport.SYS!AtaPortDeviceStateChange]                        23D6F7F6

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                  [74217817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                   [7426A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]               [7421BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]         [7420F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                   [742175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                [7420E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [74248395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]       [7421DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]               [7420FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                [7420FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                 [742071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]         [7429CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]            [7423C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]               [7420D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                         [74206853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                        [7420687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5604] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]           [74212AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                 89C1E1F8
Device          \FileSystem\udfs \UdfsCdRom                                                                            898EE1F8
Device          \FileSystem\udfs \UdfsDisk                                                                             898EE1F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{17DC868A-C502-41EA-86C5-E329A33F206F}                               936DC500
Device          \Driver\volmgr \Device\VolMgrControl                                                                   8928B1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                       8B7B11F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                       8B7AD500
Device          \Driver\usbuhci \Device\USBPDO-3                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                       8B7B11F8

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                       8B7B11F8
Device          \Driver\usbehci \Device\USBPDO-6                                                                       8B7AD500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                 8928B1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                 8928B1F8
Device          \Driver\cdrom \Device\CdRom0                                                                           8B7BA1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                            89C1D1F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                     [8CC48D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort0                                                                     89C1D1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                     89C1D1F8
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                          [8CC48D30] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\cdrom \Device\CdRom1                                                                           8B7BA1F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                 8928B1F8
Device          \Driver\USBSTOR \Device\00000080                                                                       8970F1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                 8928B1F8
Device          \Driver\cdrom \Device\CdRom3                                                                           8B7BA1F8
Device          \Driver\USBSTOR \Device\00000081                                                                       8970F1F8
Device          \Driver\sptd \Device\2289369890                                                                        spnr.sys
Device          \Driver\volmgr \Device\HarddiskVolume6                                                                 8928B1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                936DC500
Device          \Driver\netbt \Device\NetBT_Tcpip_{7940B5D8-D5CC-45DE-A482-B65C0C28653A}                               936DC500
Device          \Driver\Smb \Device\NetbiosSmb                                                                         936BA1F8
Device          \Driver\PCI_PNP5871 \Device\0000005a                                                                   spnr.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                     8B93F1F8

AttachedDevice  \Driver\tdx \Device\Udp                                                                                SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                       8B7B11F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                       8B7AD500
Device          \Driver\usbuhci \Device\USBFDO-3                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                       8B7B11F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                       8B7B11F8
Device          \Driver\USBSTOR \Device\0000007f                                                                       8970F1F8
Device          \Driver\usbehci \Device\USBFDO-6                                                                       8B7AD500
Device          \Driver\adigo6r3 \Device\Scsi\adigo6r31Port4Path0Target0Lun0                                           8B9161F8
Device          \Driver\adigo6r3 \Device\Scsi\adigo6r31                                                                8B9161F8
Device          \FileSystem\cdfs \Cdfs                                                                                 8957A1F8

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                     771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                     285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                     1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                    C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                    0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                 0x11 0x18 0x7B 0x5E ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0           0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh        0x1D 0x4A 0x9A 0xBE ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh  0x78 0xAB 0x6E 0x67 ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                          
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                        C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                        0
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                     0x11 0x18 0x7B 0x5E ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                 
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0               0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh            0x1D 0x4A 0x9A 0xBE ...
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40           
Reg             HKLM\SYSTEM\ControlSet114\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh      0x78 0xAB 0x6E 0x67 ...

---- EOF - GMER 1.0.15 ----

--- --- ---
zu 2. Hier habe ich einen voll scan gemacht. Ich konnte aber die Datenbank nicht updaten da ich den PC bei mir nicht ans Netz bekomme.
Somit nur mit der älteren Datenbank.
Ich versuche heute abend den PC in seiner Heimatumgebung wider ins Netz zu bringen.

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

04.02.2011 01:47:18
mbam-log-2011-02-04 (01-47-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 288571
Laufzeit: 1 Stunde(n), 13 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hatte ja diese Version schon einmal ausgeführt.

zu 3. habe ich folgende File bekommen

Code:
HiJackthis Logfile:

       
Code:

       
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:42:51, on 04.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\mobsync.exe
K:\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Dvdreal] C:\Users\***\AppData\Roaming\Libxml\packres.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14889 bytes

--- --- ---
zu 4. habe ich ausgeführt

So nach dem ich nicht alles in einen Eintrag packen kann folgt ein zweiter.

chaos2009 04.02.2011 14:34
so und jetzt geht es weiter
zu 5.

Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
                        º                                    º
                                    hjtscanlist v2.0             
                        º                                    º
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Microsoft Windows [Version 6.0.6002]
 
 
C:

  04.02.2011 02:14    C:\System Volume Information --------- 32768 
      C:\pagefile.sys ---------   
  03.02.2011 19:26    C:\Windows --------- 32768 
  02.02.2011 16:48    C:\ProgramData --------- 8192 
  02.02.2011 00:37    C:\Program Files --------- 24576 
  17.12.2010 00:07    C:\cd336de29ca1720de1938fd42cc5 --------- 12288 
  28.09.2010 00:58    C:\56c9e0694153038b76d352d9168e04 --------- 12288 
  16.08.2010 17:42    C:\81819d3b6a57250986d4 --------- 0 
  27.06.2010 00:10    C:\599badcfe849d9ab7e03 --------- 12288 
  22.04.2010 00:19    C:\Temp --------- 0 
  10.04.2010 13:55    C:\Boot --------- 4096 
  03.01.2010 17:18    C:\IO.SYS --------- 0 
  03.01.2010 17:18    C:\MSDOS.SYS --------- 0 
  28.10.2009 22:49    C:\dd002597a72894372a8fb6e66340 --------- 0 
  11.04.2009 07:36    C:\bootmgr --------- 333257 
  18.03.2009 23:06    C:\PerfLogs --------- 0 
  08.03.2009 16:28    C:\Spiele --------- 0 
  21.12.2008 23:26    C:\Musik --------- 0 
  19.12.2008 23:17    C:\Users --------- 4096 
  17.12.2008 21:36    C:\$Recycle.Bin --------- 4096 
  10.12.2007 03:37    C:\vcredist_x86.log --------- 390276 
  10.12.2007 03:35    C:\Documentation --------- 0 
  10.12.2007 03:25    C:\WAUUPGRD --------- 4096 
  22.11.2007 11:08    C:\Big Fish Games --------- 4096 
  22.11.2007 11:03    C:\MSOCache --------- 0 
  22.11.2007 01:14    C:\BOOTSECT.BAK --------- 8192 
  21.11.2007 16:19    C:\Programme --------- 0 
  21.11.2007 16:19    C:\Dokumente und Einstellungen --------- 0 
  02.11.2006 14:02    C:\Documents and Settings --------- 0 
  18.09.2006 22:43    C:\config.sys --------- 10 
  18.09.2006 22:43    C:\autoexec.bat --------- 24 
----------------------------------------

 
C:\Windows

  04.02.2011 13:41    C:\Windows\WindowsUpdate.log --------- 1461757 
  04.02.2011 13:31    C:\Windows\bootstat.dat --------- 67584 
  03.02.2011 20:59    C:\Windows\setupact.log --------- 46111 
  29.01.2011 19:24    C:\Windows\PFRO.log --------- 45468 
  21.10.2010 23:02    C:\Windows\win.ini --------- 341 
  21.10.2010 22:56    C:\Windows\hpoins19.dat --------- 164347 
  16.07.2010 10:57    C:\Windows\BDTSupport.dll.old --------- 767928 
  22.01.2010 07:56    C:\Windows\PCTBDCore.dll.old --------- 1652688 
  28.11.2009 10:57    C:\Windows\msxml4-KB973688-enu.LOG --------- 278510 
  23.10.2009 20:23    C:\Windows\ie8_main.log --------- 2084 
  21.04.2009 09:54    C:\Windows\DPINST.LOG --------- 22038 
  17.04.2009 00:53    C:\Windows\ntbtlog.txt --------- 189038 
  11.04.2009 07:27    C:\Windows\explorer.exe --------- 2926592 
  19.03.2009 20:48    C:\Windows\WindowsShell.Manifest --------- 749 
  19.03.2009 20:47    C:\Windows\DtcInstall.log --------- 4596 
  08.03.2009 16:35    C:\Windows\DirectX.log --------- 111045 
  12.02.2009 22:27    C:\Windows\ocsetup_install_NetFx3.etl --------- 32768000 
  12.02.2009 22:27    C:\Windows\ocsetup_cbs_install_NetFx3.perf --------- 196608 
  12.02.2009 22:27    C:\Windows\ocsetup_cbs_install_NetFx3.dpx --------- 65536 
  22.12.2008 00:32    C:\Windows\msxml4-KB941833-enu.LOG --------- 259990 
  22.12.2008 00:20    C:\Windows\msxml4-KB954430-enu.LOG --------- 289180 
  17.12.2008 21:26    C:\Windows\TSSysprep.log --------- 5767 
  19.01.2008 08:33    C:\Windows\regedit.exe --------- 134656 
  19.01.2008 08:33    C:\Windows\notepad.exe --------- 151040 
  19.01.2008 08:33    C:\Windows\HelpPane.exe --------- 498176 
  19.01.2008 08:33    C:\Windows\fveupdate.exe --------- 13312 
  19.01.2008 08:33    C:\Windows\bfsvc.exe --------- 58880 
  10.12.2007 03:35    C:\Windows\VAIOUpdt.INI --------- 0 
  10.12.2007 03:30    C:\Windows\xpsp1hfm.log --------- 1392 
  22.11.2007 11:18    C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 8060928 
  22.11.2007 11:18    C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608 
  22.11.2007 11:18    C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536 
  22.11.2007 09:44    C:\Windows\DIFxAPI.dll --------- 319456 
  22.11.2007 09:41    C:\Windows\HideWin.exe --------- 315392 
  22.11.2007 09:15    C:\Windows\msxml4-KB936181-deu.LOG --------- 266240 
  21.11.2007 07:48    C:\Windows\csup.txt --------- 12 
  26.10.2007 07:21    C:\Windows\WMPrfDeu.prx --------- 33820 
  25.08.2007 01:06    C:\Windows\SkyTel.exe --------- 1826816 
  25.08.2007 01:06    C:\Windows\RtlUpd.exe --------- 1191936 
  25.08.2007 01:06    C:\Windows\RtHDVCpl.exe --------- 4669440 
  25.08.2007 01:06    C:\Windows\RtlExUpd.dll --------- 520192 
  13.03.2007 21:01    C:\Windows\hpomdl19.dat --------- 26952 
  02.01.2007 16:27    C:\Windows\Twunk_16.dll --------- 12288 
  02.01.2007 16:27    C:\Windows\Twunk_32.dll --------- 12288 
  02.11.2006 13:52    C:\Windows\setuperr.log --------- 0 
  02.11.2006 13:47    C:\Windows\SETUPAPI.LOG --------- 94 
  02.11.2006 13:35    C:\Windows\WMSysPr9.prx --------- 316640 
  02.11.2006 13:34    C:\Windows\twunk_16.exe --------- 49680 
  02.11.2006 13:34    C:\Windows\twain_32.dll --------- 50688 
  02.11.2006 13:34    C:\Windows\twunk_32.exe --------- 31232 
  02.11.2006 13:34    C:\Windows\twain.dll --------- 94784 
  02.11.2006 10:45    C:\Windows\winhlp32.exe --------- 9216 
  02.11.2006 10:45    C:\Windows\hh.exe --------- 14848 
  02.11.2006 08:46    C:\Windows\mib.bin --------- 43131 
  19.09.2006 12:41    C:\Windows\HomePremium.xml --------- 8328 
  18.09.2006 22:46    C:\Windows\system.ini --------- 219 
  18.09.2006 22:43    C:\Windows\_default.pif --------- 707 
  18.09.2006 22:43    C:\Windows\winhelp.exe --------- 256192 
  18.09.2006 22:30    C:\Windows\msdfmap.ini --------- 1405 
  06.07.1999 10:54    C:\Windows\corelpf.lrs --------- 28252 
  17.12.1997 18:33    C:\Windows\IsUninst.exe --------- 304128 
----------------------------------------

 
C:\Windows\System

 22.11.2007 11:23      C:\Windows\System\ykrp.com --------- 180
 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------

 
C:\Windows\System32

 04.02.2011 02:26    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568 
 04.02.2011 02:26    C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568 
 03.02.2011 21:00    C:\Windows\system32\perfh009.dat --------- 658034 
 03.02.2011 21:00    C:\Windows\system32\perfc009.dat --------- 128268 
 03.02.2011 21:00    C:\Windows\system32\perfh007.dat --------- 703736 
 03.02.2011 21:00    C:\Windows\system32\perfc007.dat --------- 158404 
 03.02.2011 21:00    C:\Windows\system32\PerfStringBackup.INI --------- 1642184 
 02.02.2011 16:56    C:\Windows\system32\drivers --------- 61440 
 02.02.2011 00:26    C:\Windows\system32\catroot --------- 4096 
 23.01.2011 17:40    C:\Windows\system32\WDI --------- 8192 
 20.01.2011 21:53    C:\Windows\system32\catroot2 --------- 24576 
 12.01.2011 00:01    C:\Windows\system32\mrt.exe --------- 37403080 
 09.01.2011 03:13    C:\Windows\system32\de-DE --------- 262144 
 09.01.2011 03:03    C:\Windows\system32\en-US --------- 8192 
 28.12.2010 16:55    C:\Windows\system32\odbc32.dll --------- 413696 
 15.12.2010 20:49    C:\Windows\system32\FNTCACHE.DAT --------- 482424 
 15.12.2010 20:45    C:\Windows\system32\migration --------- 0 
 14.12.2010 15:49    C:\Windows\system32\sdclt.exe --------- 1169408 
 02.12.2010 04:35    C:\Windows\system32\GPhotos.scr --------- 4280320 
 24.11.2010 19:04    C:\Windows\system32\config --------- 12288 
 24.11.2010 19:04    C:\Windows\system32\Msdtc --------- 4096 
 24.11.2010 19:04    C:\Windows\system32\wbem --------- 61440 
 12.11.2010 01:44    C:\Windows\system32\dpl100.dll --------- 94208 
 08.11.2010 23:57    C:\Windows\system32\DivXControlPanelApplet.cpl --------- 353592 
 04.11.2010 19:56    C:\Windows\system32\wmicmiplugin.dll --------- 345600 
 04.11.2010 19:55    C:\Windows\system32\taskschd.dll --------- 352768 
 04.11.2010 19:55    C:\Windows\system32\taskcomp.dll --------- 270336 
 04.11.2010 19:55    C:\Windows\system32\schedsvc.dll --------- 601600 
 04.11.2010 17:34    C:\Windows\system32\taskeng.exe --------- 171520 
 02.11.2010 07:01    C:\Windows\system32\wininet.dll --------- 916480 
 02.11.2010 07:01    C:\Windows\system32\urlmon.dll --------- 1210880 
 02.11.2010 07:00    C:\Windows\system32\occache.dll --------- 206848 
 02.11.2010 06:58    C:\Windows\system32\mstime.dll --------- 611840 
 02.11.2010 06:58    C:\Windows\system32\mshtmled.dll --------- 66560 
 02.11.2010 06:58    C:\Windows\system32\mshtml.dll --------- 5959168 
 02.11.2010 06:58    C:\Windows\system32\msfeeds.dll --------- 602112 
 02.11.2010 06:58    C:\Windows\system32\msfeedsbs.dll --------- 55296 
 02.11.2010 06:57    C:\Windows\system32\licmgr10.dll --------- 43520 
 02.11.2010 06:57    C:\Windows\system32\jsproxy.dll --------- 25600 
 02.11.2010 06:57    C:\Windows\system32\inetcpl.cpl --------- 1469440 
 02.11.2010 06:57    C:\Windows\system32\ieui.dll --------- 164352 
 02.11.2010 06:57    C:\Windows\system32\iesysprep.dll --------- 109056 
 02.11.2010 06:57    C:\Windows\system32\iertutil.dll --------- 1991680 
 02.11.2010 06:57    C:\Windows\system32\iesetup.dll --------- 71680 
 02.11.2010 06:57    C:\Windows\system32\iernonce.dll --------- 55808 
 02.11.2010 06:57    C:\Windows\system32\iepeers.dll --------- 184320 
 02.11.2010 06:57    C:\Windows\system32\ieframe.dll --------- 11080704 
 02.11.2010 06:57    C:\Windows\system32\iedkcs32.dll --------- 387584 
 02.11.2010 06:01    C:\Windows\system32\html.iec --------- 385024 
 02.11.2010 05:26    C:\Windows\system32\ieUnatt.exe --------- 133632 
 02.11.2010 05:25    C:\Windows\system32\ie4uinit.exe --------- 173568 
 02.11.2010 05:25    C:\Windows\system32\msfeedssync.exe --------- 13312 
 02.11.2010 05:24    C:\Windows\system32\mshtml.tlb --------- 1638912 
 28.10.2010 16:44    C:\Windows\system32\atmlib.dll --------- 34304 
 28.10.2010 14:27    C:\Windows\system32\atmfd.dll --------- 292352 
 28.10.2010 14:20    C:\Windows\system32\tzres.dll --------- 2048 
 19.10.2010 10:41    C:\Windows\system32\MpSigStub.exe --------- 222080 
 18.10.2010 14:37    C:\Windows\system32\consent.exe --------- 81920 
 18.10.2010 14:31    C:\Windows\system32\win32k.sys --------- 2038272 
 13.09.2010 16:46    C:\Windows\system32\wmp.dll --------- 10628096 
 13.09.2010 14:56    C:\Windows\system32\wmploc.DLL --------- 8147456 
 06.09.2010 17:20    C:\Windows\system32\srvsvc.dll --------- 125952 
 06.09.2010 17:19    C:\Windows\system32\netevent.dll --------- 17920 
 31.08.2010 16:46    C:\Windows\system32\mfc40u.dll --------- 954288 
 31.08.2010 16:46    C:\Windows\system32\mfc40.dll --------- 954752 
 31.08.2010 16:44    C:\Windows\system32\comctl32.dll --------- 531968 
 26.08.2010 17:37    C:\Windows\system32\t2embed.dll --------- 157184 
 26.08.2010 17:34    C:\Windows\system32\gameux.dll --------- 1696256 
 26.08.2010 17:33    C:\Windows\system32\Apphlpdm.dll --------- 28672 
 26.08.2010 15:23    C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384 
 20.08.2010 23:35    C:\Windows\system32\Tasks --------- 4096 
 20.08.2010 17:05    C:\Windows\system32\wmpmde.dll --------- 867328 
 17.08.2010 15:11    C:\Windows\system32\spoolsv.exe --------- 128000 
 12.08.2010 21:10    C:\Windows\system32\spool --------- 4096 
 10.08.2010 16:53    C:\Windows\system32\schannel.dll --------- 274944 
 26.07.2010 16:51    C:\Windows\system32\shell32.dll --------- 11584512 
 12.07.2010 19:36    C:\Windows\system32\Px.dll --------- 698864 
 12.07.2010 19:36    C:\Windows\system32\pxafs.dll --------- 133616 
 12.07.2010 19:36    C:\Windows\system32\pxdrv.dll --------- 567792 
 12.07.2010 19:36    C:\Windows\system32\pxhpinst.exe --------- 72176 
 12.07.2010 19:36    C:\Windows\system32\pxinsi64.exe --------- 126448 
 12.07.2010 19:36    C:\Windows\system32\PxMas.dll --------- 219632 
 12.07.2010 19:36    C:\Windows\system32\vxblock.dll --------- 100848 
 12.07.2010 19:36    C:\Windows\system32\pxsfs.dll --------- 2120176 
 12.07.2010 19:36    C:\Windows\system32\PxWave.dll --------- 440816 
 12.07.2010 19:36    C:\Windows\system32\pxinsa64.exe --------- 68592 
 28.06.2010 18:00    C:\Windows\system32\ole32.dll --------- 1316864 
 18.06.2010 18:31    C:\Windows\system32\rtutils.dll --------- 36864 
 16.06.2010 16:30    C:\Windows\system32\fontsub.dll --------- 72704 
 11.06.2010 17:15    C:\Windows\system32\msxml3.dll --------- 1248768 
 08.06.2010 18:35    C:\Windows\system32\ntoskrnl.exe --------- 3548040 
 08.06.2010 18:35    C:\Windows\system32\ntkrnlpa.exe --------- 3600768 
 27.05.2010 21:08    C:\Windows\system32\inetcomm.dll --------- 739328 
 27.05.2010 21:08    C:\Windows\system32\iccvid.dll --------- 81920 
 04.05.2010 20:13    C:\Windows\system32\msshsq.dll --------- 231424 
 16.04.2010 17:46    C:\Windows\system32\usp10.dll --------- 502272 
 15.04.2010 10:25    C:\Windows\system32\CodeIntegrity --------- 4096 
 11.04.2010 02:08    C:\Windows\system32\pt-BR --------- 0 
 11.04.2010 02:08    C:\Windows\system32\bg-BG --------- 0 
 11.04.2010 02:08    C:\Windows\system32\it-IT --------- 0 
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 04.02.2011 13:31    C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096 
 04.02.2011 00:28    C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092 
 04.02.2011 00:27    C:\Windows\Tasks\SA.DAT --------- 6 
 03.02.2011 21:25    C:\Windows\Tasks\SCHEDLGU.TXT --------- 32536 
----------------------------------------

 
C:\Windows\Temp

----------------------------------------

 
C:\Users\***\AppData\Local\Temp

 04.02.2011 13:47    C:\Users\***\AppData\Local\Temp\WPDNSE --------- 0 
 04.02.2011 13:32    C:\Users\***\AppData\Local\Temp\hsperfdata_*** --------- 0 
 04.02.2011 13:32    C:\Users\***\AppData\Local\Temp\AUCHECK_CORE.txt --------- 13524 
 04.02.2011 13:32    C:\Users\***\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 3587 
 04.02.2011 13:32    C:\Users\***\AppData\Local\Temp\jusched.log --------- 578999 
 04.02.2011 13:31    C:\Users\***\AppData\Local\Temp\symlcsv1.exe --------- 31864 
 04.02.2011 00:30    C:\Users\***\AppData\Local\Temp\svm4i.tmp --------- 0 
 04.02.2011 00:29    C:\Users\***\AppData\Local\Temp\STSE61B.tmp --------- 132 
 04.02.2011 00:29    C:\Users\***\AppData\Local\Temp\~DF9D8C.tmp --------- 16384 
 04.02.2011 00:29    C:\Users\***\AppData\Local\Temp\~DFDC5E.tmp --------- 16384 
 04.02.2011 00:29    C:\Users\***\AppData\Local\Temp\hpqddusr.log --------- 262437 
 04.02.2011 00:28    C:\Users\***\AppData\Local\Temp\MAR588B.tmp --------- 1285 
 04.02.2011 00:28    C:\Users\***\AppData\Local\Temp\MAR5283.tmp --------- 1342 
 04.02.2011 00:28    C:\Users\***\AppData\Local\Temp\divBE2.tmp --------- 0 
 03.02.2011 19:27    C:\Users\***\AppData\Local\Temp\STS8008.tmp --------- 132 
 03.02.2011 19:26    C:\Users\***\AppData\Local\Temp\~DF4275.tmp --------- 16384 
 03.02.2011 19:26    C:\Users\***\AppData\Local\Temp\~DF6D85.tmp --------- 16384 
 03.02.2011 19:26    C:\Users\***\AppData\Local\Temp\MARF94E.tmp --------- 1285 
 03.02.2011 19:26    C:\Users\***\AppData\Local\Temp\MAREB57.tmp --------- 1342 
 03.02.2011 19:26    C:\Users\***\AppData\Local\Temp\divC33E.tmp --------- 0 
 02.02.2011 16:32    C:\Users\***\AppData\Local\Temp\~DF1E3E.tmp --------- 81920 
 02.02.2011 00:51    C:\Users\***\AppData\Local\Temp\divF21B.tmp --------- 0 
 02.02.2011 00:38    C:\Users\***\AppData\Local\Temp\~DF504F.tmp --------- 81920 
 02.02.2011 00:26    C:\Users\***\AppData\Local\Temp\E220AutoRunLog.tmp --------- 20836 
 02.02.2011 00:24    C:\Users\***\AppData\Local\Temp\UTPSDLL --------- 0 
 02.02.2011 00:21    C:\Users\***\AppData\Local\Temp\STSAB8B.tmp --------- 132 
 02.02.2011 00:21    C:\Users\***\AppData\Local\Temp\~DF503A.tmp --------- 16384 
 02.02.2011 00:21    C:\Users\***\AppData\Local\Temp\MAR47BA.tmp --------- 1285 
 02.02.2011 00:21    C:\Users\***\AppData\Local\Temp\MAR43E2.tmp --------- 1342 
 02.02.2011 00:21    C:\Users\***\AppData\Local\Temp\~DFA072.tmp --------- 16384 
 02.02.2011 00:17    C:\Users\***\AppData\Local\Temp\nsm14F8.tmp --------- 0 
 02.02.2011 00:16    C:\Users\***\AppData\Local\Temp\nswB8E3.tmp --------- 15720496 
 02.02.2011 00:14    C:\Users\***\AppData\Local\Temp\Dat43A4.tmp --------- 0 
 02.02.2011 00:12    C:\Users\***\AppData\Local\Temp\~DF693.tmp --------- 16384 
 02.02.2011 00:12    C:\Users\***\AppData\Local\Temp\div3928.tmp --------- 0 
 31.01.2011 22:42    C:\Users\***\AppData\Local\Temp\Low --------- 12288 
 31.01.2011 20:45    C:\Users\***\AppData\Local\Temp\au-descriptor-uac-1.6.0_20-b76.xml --------- 8854 
 31.01.2011 20:41    C:\Users\***\AppData\Local\Temp\STS67A8.tmp --------- 132 
 31.01.2011 20:41    C:\Users\***\AppData\Local\Temp\~DF8757.tmp --------- 16384 
 31.01.2011 20:40    C:\Users\***\AppData\Local\Temp\div10F0.tmp --------- 0 
 31.01.2011 20:40    C:\Users\***\AppData\Local\Temp\MAR7FE9.tmp --------- 1285 
 31.01.2011 20:40    C:\Users\***\AppData\Local\Temp\MAR6A46.tmp --------- 1342 
 31.01.2011 20:40    C:\Users\***\AppData\Local\Temp\~DF3939.tmp --------- 16384 
 30.01.2011 20:02    C:\Users\***\AppData\Local\Temp\STSD3B5.tmp --------- 132 
 30.01.2011 20:02    C:\Users\***\AppData\Local\Temp\~DFA294.tmp --------- 16384 
 30.01.2011 20:01    C:\Users\***\AppData\Local\Temp\div7B27.tmp --------- 0 
 30.01.2011 20:01    C:\Users\***\AppData\Local\Temp\MAR1583.tmp --------- 1285 
 30.01.2011 20:01    C:\Users\***\AppData\Local\Temp\~DFABB4.tmp --------- 16384 
 30.01.2011 20:01    C:\Users\***\AppData\Local\Temp\MAR9CF.tmp --------- 1342 
 30.01.2011 19:07    C:\Users\***\AppData\Local\Temp\~DFF7B9.tmp --------- 16384 
 30.01.2011 17:49    C:\Users\***\AppData\Local\Temp\~DF2F83.tmp --------- 36864 
 30.01.2011 17:24    C:\Users\***\AppData\Local\Temp\B74.tmp --------- 311248 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DFAD6C.tmp --------- 512 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DFACEA.tmp --------- 32768 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DFAC63.tmp --------- 512 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DFABF6.tmp --------- 16384 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DFAB16.tmp --------- 512 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DFAAF9.tmp --------- 32768 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DFDCCF.tmp --------- 16384 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\STSA15E.tmp --------- 132 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DF53B8.tmp --------- 16384 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\MAR33FB.tmp --------- 1285 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\MAR2AC7.tmp --------- 1342 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\~DF92D7.tmp --------- 16384 
 30.01.2011 17:23    C:\Users\***\AppData\Local\Temp\divE1D5.tmp --------- 0 
 30.01.2011 17:22    C:\Users\***\AppData\Local\Temp\wmplog08.sqm --------- 1284 
 29.01.2011 23:52    C:\Users\***\AppData\Local\Temp\D577.tmp --------- 311248 
 29.01.2011 23:49    C:\Users\***\AppData\Local\Temp\STSB193.tmp --------- 132 
 29.01.2011 23:49    C:\Users\***\AppData\Local\Temp\~DF649B.tmp --------- 16384 
 29.01.2011 23:49    C:\Users\***\AppData\Local\Temp\divA005.tmp --------- 0 
 29.01.2011 23:49    C:\Users\***\AppData\Local\Temp\MAR1777.tmp --------- 1285 
 29.01.2011 23:49    C:\Users\***\AppData\Local\Temp\~DF95F3.tmp --------- 16384 
 29.01.2011 23:49    C:\Users\***\AppData\Local\Temp\MARD29.tmp --------- 1342 
 29.01.2011 22:45    C:\Users\***\AppData\Local\Temp\{8E2DAE68-D6A7-4CA6-8014-4F0FD5ECA710} --------- 0 
 29.01.2011 20:28    C:\Users\***\AppData\Local\Temp\8AC2.tmp --------- 311248 
 29.01.2011 19:33    C:\Users\***\AppData\Local\Temp\STS7899.tmp --------- 132 
 29.01.2011 19:33    C:\Users\***\AppData\Local\Temp\~DF8273.tmp --------- 16384 
 29.01.2011 19:32    C:\Users\***\AppData\Local\Temp\divB20F.tmp --------- 0 
 29.01.2011 19:32    C:\Users\***\AppData\Local\Temp\~DF4A39.tmp --------- 16384 
 29.01.2011 19:32    C:\Users\***\AppData\Local\Temp\MAR197A.tmp --------- 1285 
 29.01.2011 19:32    C:\Users\***\AppData\Local\Temp\MARDA18.tmp --------- 1342 
 29.01.2011 18:12    C:\Users\***\AppData\Local\Temp\divEEC6.tmp --------- 0 
 29.01.2011 17:42    C:\Users\***\AppData\Local\Temp\div6F97.tmp --------- 0 
 29.01.2011 16:39    C:\Users\***\AppData\Local\Temp\wmplog07.sqm --------- 1550 
 29.01.2011 16:37    C:\Users\***\AppData\Local\Temp\wmplog06.sqm --------- 1550 
 29.01.2011 16:32    C:\Users\***\AppData\Local\Temp\wmplog05.sqm --------- 1814 
 29.01.2011 16:28    C:\Users\***\AppData\Local\Temp\DivF5F6.tmp --------- 0 
 29.01.2011 16:22    C:\Users\***\AppData\Local\Temp\wmplog04.sqm --------- 1550 
 29.01.2011 14:39    C:\Users\***\AppData\Local\Temp\EFEB.tmp --------- 311248 
 29.01.2011 14:36    C:\Users\***\AppData\Local\Temp\~DF60BB.tmp --------- 16384 
 29.01.2011 14:27    C:\Users\***\AppData\Local\Temp\{09CD8ACB-E753-4154-B50E-972AC0E8A361} --------- 0 
 29.01.2011 14:18    C:\Users\***\AppData\Local\Temp\Google Toolbar --------- 0 
 29.01.2011 13:48    C:\Users\***\AppData\Local\Temp\ImageDebug --------- 0 
 29.01.2011 13:38    C:\Users\***\AppData\Local\Temp\WinSAT_StorageAsmt.etl --------- 3145728 
 29.01.2011 13:36    C:\Users\***\AppData\Local\Temp\WinSAT_DX.etl --------- 11534336 
 29.01.2011 13:36    C:\Users\***\AppData\Local\Temp\WinSAT_KernelLog.etl --------- 13631488 
 29.01.2011 12:35    C:\Users\***\AppData\Local\Temp\SnS --------- 0 
 29.01.2011 12:34    C:\Users\***\AppData\Local\Temp\~e5.0001.dir.0000 --------- 0 
 29.01.2011 12:34    C:\Users\***\AppData\Local\Temp\~e5.0001 --------- 72192 
 29.01.2011 12:32    C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #001.txt --------- 73592 
 29.01.2011 12:30    C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #004.txt --------- 7067 
 29.01.2011 12:29    C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #003.txt --------- 4292 
 29.01.2011 12:29    C:\Users\***\AppData\Local\Temp\GenericTdiDll.txt --------- 2 
 29.01.2011 12:25    C:\Users\***\AppData\Local\Temp\Uninstall Log 2011-01-29 #002.txt --------- 6275 
 28.01.2011 22:36    C:\Users\***\AppData\Local\Temp\shtdf~~ --------- 721 
 28.01.2011 22:36    C:\Users\***\AppData\Local\Temp\STSA7C.tmp --------- 132 
 28.01.2011 22:36    C:\Users\***\AppData\Local\Temp\~DFA397.tmp --------- 16384 
 28.01.2011 22:35    C:\Users\***\AppData\Local\Temp\MAR51AA.tmp --------- 1285 
 28.01.2011 22:35    C:\Users\***\AppData\Local\Temp\MARE9C2.tmp --------- 1342 
 28.01.2011 22:33    C:\Users\***\AppData\Local\Temp\~DF73B5.tmp --------- 16384 
 27.01.2011 23:28    C:\Users\***\AppData\Local\Temp\STS2397.tmp --------- 132 
 27.01.2011 23:28    C:\Users\***\AppData\Local\Temp\~DF9FE1.tmp --------- 16384 
 27.01.2011 23:28    C:\Users\***\AppData\Local\Temp\MAR1841.tmp --------- 1285 
 27.01.2011 23:27    C:\Users\***\AppData\Local\Temp\MARDF46.tmp --------- 1342 
 27.01.2011 23:26    C:\Users\***\AppData\Local\Temp\wmplog03.sqm --------- 1284 
 27.01.2011 23:24    C:\Users\***\AppData\Local\Temp\~DF2FD5.tmp --------- 16384 
 27.01.2011 22:09    C:\Users\***\AppData\Local\Temp\STS8288.tmp --------- 132 
 27.01.2011 22:09    C:\Users\***\AppData\Local\Temp\~DFD525.tmp --------- 16384 
 27.01.2011 22:09    C:\Users\***\AppData\Local\Temp\MARC3BC.tmp --------- 1285 
 27.01.2011 22:09    C:\Users\***\AppData\Local\Temp\MARBAD5.tmp --------- 1342 
 27.01.2011 22:07    C:\Users\***\AppData\Local\Temp\wmplog02.sqm --------- 1340 
 27.01.2011 22:06    C:\Users\***\AppData\Local\Temp\~DF2EF7.tmp --------- 16384 
 26.01.2011 21:32    C:\Users\***\AppData\Local\Temp\STS9D87.tmp --------- 132 
 26.01.2011 21:32    C:\Users\***\AppData\Local\Temp\~DF770F.tmp --------- 16384 
 26.01.2011 21:32    C:\Users\***\AppData\Local\Temp\MAR6E3.tmp --------- 1285 
 26.01.2011 21:32    C:\Users\***\AppData\Local\Temp\MAREF7C.tmp --------- 1342 
 26.01.2011 21:31    C:\Users\***\AppData\Local\Temp\~DFE432.tmp --------- 16384 
 26.01.2011 21:31    C:\Users\***\AppData\Local\Temp\wmplog01.sqm --------- 1284 
 26.01.2011 19:28    C:\Users\***\AppData\Local\Temp\F8CF.tmp --------- 311248 
 26.01.2011 19:21    C:\Users\***\AppData\Local\Temp\STS9972.tmp --------- 132 
 26.01.2011 19:21    C:\Users\***\AppData\Local\Temp\~DF4D91.tmp --------- 16384 
 26.01.2011 19:21    C:\Users\***\AppData\Local\Temp\MARB26E.tmp --------- 1285 
 26.01.2011 19:20    C:\Users\***\AppData\Local\Temp\~DF4B1E.tmp --------- 16384 
 26.01.2011 19:20    C:\Users\***\AppData\Local\Temp\MAR8B5D.tmp --------- 1342 
 26.01.2011 19:18    C:\Users\***\AppData\Local\Temp\wmplog00.sqm --------- 1548 
 25.01.2011 22:19    C:\Users\***\AppData\Local\Temp\STSAFBF.tmp --------- 132 
 25.01.2011 22:19    C:\Users\***\AppData\Local\Temp\~DFCB97.tmp --------- 16384 
 25.01.2011 22:19    C:\Users\***\AppData\Local\Temp\wmsetup.log --------- 49844 
 25.01.2011 22:18    C:\Users\***\AppData\Local\Temp\MAR626B.tmp --------- 1285 
 25.01.2011 22:17    C:\Users\***\AppData\Local\Temp\MARE11B.tmp --------- 1342 
 25.01.2011 22:14    C:\Users\***\AppData\Local\Temp\~DFBDB7.tmp --------- 16384 
 24.01.2011 20:15    C:\Users\***\AppData\Local\Temp\AE58.tmp --------- 311248 
 24.01.2011 20:04    C:\Users\***\AppData\Local\Temp\STSAE68.tmp --------- 132 
 24.01.2011 20:04    C:\Users\***\AppData\Local\Temp\~DF73FD.tmp --------- 16384 
 24.01.2011 20:03    C:\Users\***\AppData\Local\Temp\MARD49E.tmp --------- 1285 
 24.01.2011 20:03    C:\Users\***\AppData\Local\Temp\MAR733D.tmp --------- 1342 
 24.01.2011 20:01    C:\Users\***\AppData\Local\Temp\~DF56B4.tmp --------- 16384 
 23.01.2011 13:29    C:\Users\***\AppData\Local\Temp\695C.tmp --------- 311248 
 23.01.2011 13:24    C:\Users\***\AppData\Local\Temp\STS8ED7.tmp --------- 132 
 23.01.2011 13:24    C:\Users\***\AppData\Local\Temp\~DFC675.tmp --------- 16384 
 23.01.2011 13:23    C:\Users\***\AppData\Local\Temp\MAR5A02.tmp --------- 1285 
 23.01.2011 13:23    C:\Users\***\AppData\Local\Temp\MAR27AB.tmp --------- 1342 
 23.01.2011 13:23    C:\Users\***\AppData\Local\Temp\~DFE050.tmp --------- 16384 
 22.01.2011 16:52    C:\Users\***\AppData\Local\Temp\C0FD.tmp --------- 311248 
 22.01.2011 16:48    C:\Users\***\AppData\Local\Temp\STS4E01.tmp --------- 132 
 22.01.2011 16:48    C:\Users\***\AppData\Local\Temp\~DFD8D1.tmp --------- 16384 
 22.01.2011 16:47    C:\Users\***\AppData\Local\Temp\~DF87F.tmp --------- 16384 
 22.01.2011 16:47    C:\Users\***\AppData\Local\Temp\MARED6B.tmp --------- 1285 
 22.01.2011 16:47    C:\Users\***\AppData\Local\Temp\MARDDA1.tmp --------- 1342 
 22.01.2011 15:39    C:\Users\***\AppData\Local\Temp\Acr9255.tmp --------- 358 
 22.01.2011 15:37    C:\Users\***\AppData\Local\Temp\Acr9254.tmp --------- 2048000 
 22.01.2011 13:01    C:\Users\***\AppData\Local\Temp\STS8823.tmp --------- 132 
 22.01.2011 13:01    C:\Users\***\AppData\Local\Temp\~DF86B1.tmp --------- 16384 
 22.01.2011 13:00    C:\Users\***\AppData\Local\Temp\MAR849A.tmp --------- 1285 
 22.01.2011 13:00    C:\Users\***\AppData\Local\Temp\MAR6B7E.tmp --------- 1342 
 22.01.2011 12:59    C:\Users\***\AppData\Local\Temp\~DFF931.tmp --------- 16384 
 21.01.2011 18:31    C:\Users\***\AppData\Local\Temp\88FD.tmp --------- 311248 
 21.01.2011 18:25    C:\Users\***\AppData\Local\Temp\STSBFB6.tmp --------- 132 
 21.01.2011 18:25    C:\Users\***\AppData\Local\Temp\~DFD1CF.tmp --------- 16384 
 21.01.2011 18:24    C:\Users\***\AppData\Local\Temp\MARF6BD.tmp --------- 1285 
 21.01.2011 18:24    C:\Users\***\AppData\Local\Temp\MARE771.tmp --------- 1342 
 21.01.2011 18:22    C:\Users\***\AppData\Local\Temp\~DFB5D1.tmp --------- 16384 
 21.01.2011 18:09    C:\Users\***\AppData\Local\Temp\STS6789.tmp --------- 132 
 21.01.2011 18:09    C:\Users\***\AppData\Local\Temp\~DF7050.tmp --------- 16384 
 21.01.2011 18:09    C:\Users\***\AppData\Local\Temp\MARF5C4.tmp --------- 1285 
 21.01.2011 18:09    C:\Users\***\AppData\Local\Temp\MAREFBA.tmp --------- 1342 
 21.01.2011 18:06    C:\Users\***\AppData\Local\Temp\~DFDED1.tmp --------- 16384 
 20.01.2011 22:06    C:\Users\***\AppData\Local\Temp\DE6C.tmp --------- 311248 
 20.01.2011 21:58    C:\Users\***\AppData\Local\Temp\STSC91A.tmp --------- 132 
 20.01.2011 21:58    C:\Users\***\AppData\Local\Temp\~DF234F.tmp --------- 16384 
 20.01.2011 21:58    C:\Users\***\AppData\Local\Temp\MAR624C.tmp --------- 1285 
 20.01.2011 21:58    C:\Users\***\AppData\Local\Temp\MAR5BF5.tmp --------- 1342 
 20.01.2011 21:58    C:\Users\***\AppData\Local\Temp\~DF3797.tmp --------- 16384 
 19.01.2011 20:10    C:\Users\***\AppData\Local\Temp\A87E.tmp --------- 311248 
 19.01.2011 19:44    C:\Users\***\AppData\Local\Temp\STSB146.tmp --------- 132 
 19.01.2011 19:44    C:\Users\***\AppData\Local\Temp\~DF7906.tmp --------- 16384 
 19.01.2011 19:44    C:\Users\***\AppData\Local\Temp\~DF7B4A.tmp --------- 16384 
 19.01.2011 19:44    C:\Users\***\AppData\Local\Temp\MARF7B.tmp --------- 1285 
 19.01.2011 19:44    C:\Users\***\AppData\Local\Temp\MAR1E3.tmp --------- 1342 
 18.01.2011 21:45    C:\Users\***\AppData\Local\Temp\STS6FC3.tmp --------- 132 
 18.01.2011 21:44    C:\Users\***\AppData\Local\Temp\~DFFD7.tmp --------- 16384 
 18.01.2011 21:44    C:\Users\***\AppData\Local\Temp\MARC072.tmp --------- 1285 
 18.01.2011 21:44    C:\Users\***\AppData\Local\Temp\MARA2C5.tmp --------- 1342 
 18.01.2011 21:41    C:\Users\***\AppData\Local\Temp\~DFFF71.tmp --------- 16384 
 17.01.2011 20:53    C:\Users\***\AppData\Local\Temp\9C9D.tmp --------- 311248 
 17.01.2011 20:04    C:\Users\***\AppData\Local\Temp\STSCD4D.tmp --------- 132 
 17.01.2011 20:04    C:\Users\***\AppData\Local\Temp\~DFABF7.tmp --------- 16384 
 17.01.2011 20:03    C:\Users\***\AppData\Local\Temp\MAR190C.tmp --------- 1285 
 17.01.2011 20:03    C:\Users\***\AppData\Local\Temp\MARDC5.tmp --------- 1342 
 17.01.2011 20:00    C:\Users\***\AppData\Local\Temp\~DF1AE2.tmp --------- 16384 
 16.01.2011 22:31    C:\Users\***\AppData\Local\Temp\dd_vcredistUI6A0A.txt --------- 11710 
 16.01.2011 22:31    C:\Users\***\AppData\Local\Temp\dd_vcredistMSI6A0A.txt --------- 443044 
 16.01.2011 13:02    C:\Users\***\AppData\Local\Temp\5DC8.tmp --------- 311248 
 16.01.2011 12:55    C:\Users\***\AppData\Local\Temp\STSB86.tmp --------- 132 
 16.01.2011 12:55    C:\Users\***\AppData\Local\Temp\~DFD2FD.tmp --------- 16384 
 16.01.2011 12:55    C:\Users\***\AppData\Local\Temp\MAR8D80.tmp --------- 1285 
 16.01.2011 12:55    C:\Users\***\AppData\Local\Temp\MAR8870.tmp --------- 1342 
 16.01.2011 12:52    C:\Users\***\AppData\Local\Temp\~DF10E4.tmp --------- 16384 
 15.01.2011 20:25    C:\Users\***\AppData\Local\Temp\STSFDEE.tmp --------- 132 
 15.01.2011 20:24    C:\Users\***\AppData\Local\Temp\~DFFA56.tmp --------- 16384 
 15.01.2011 20:24    C:\Users\***\AppData\Local\Temp\MAR2626.tmp --------- 1285 
 15.01.2011 20:24    C:\Users\***\AppData\Local\Temp\MAR1E87.tmp --------- 1342 
 15.01.2011 20:22    C:\Users\***\AppData\Local\Temp\~DF19D0.tmp --------- 16384 
 15.01.2011 14:24    C:\Users\***\AppData\Local\Temp\STSD807.tmp --------- 132 
 15.01.2011 14:24    C:\Users\***\AppData\Local\Temp\~DF434.tmp --------- 16384 
 15.01.2011 14:23    C:\Users\***\AppData\Local\Temp\MARA7B4.tmp --------- 1285 
 15.01.2011 14:23    C:\Users\***\AppData\Local\Temp\MARA35F.tmp --------- 1342 
 15.01.2011 14:22    C:\Users\***\AppData\Local\Temp\~DFCA4E.tmp --------- 16384 
 15.01.2011 14:17    C:\Users\***\AppData\Local\Temp\STS90CA.tmp --------- 132 
 15.01.2011 14:17    C:\Users\***\AppData\Local\Temp\~DF40.tmp --------- 16384 
 15.01.2011 14:16    C:\Users\***\AppData\Local\Temp\MAR8E1C.tmp --------- 1285 
 15.01.2011 14:16    C:\Users\***\AppData\Local\Temp\MAR3561.tmp --------- 1342 
 15.01.2011 14:13    C:\Users\***\AppData\Local\Temp\~DFBDE4.tmp --------- 16384 
 14.01.2011 18:10    C:\Users\***\AppData\Local\Temp\STS9AB9.tmp --------- 132 
 14.01.2011 18:10    C:\Users\***\AppData\Local\Temp\~DFEFA.tmp --------- 16384 
 14.01.2011 18:09    C:\Users\***\AppData\Local\Temp\MAR8B10.tmp --------- 1285 
 14.01.2011 18:09    C:\Users\***\AppData\Local\Temp\MAR6A96.tmp --------- 1342 
 14.01.2011 18:07    C:\Users\***\AppData\Local\Temp\~DFA04C.tmp --------- 16384 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\415303181911737796.tmp --------- 3298 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\286185815511737140.tmp --------- 81501 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\103842929111737749.tmp --------- 5 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\16825761111737733.tmp --------- 64878 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\339705145811727453.tmp --------- 81501 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\151161009911727468.tmp --------- 81 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\46019408211727375.tmp --------- 36656 
 14.01.2011 00:27    C:\Users\***\AppData\Local\Temp\114121850811725674.tmp --------- 107 
 14.01.2011 00:24    C:\Users\***\AppData\Local\Temp\B0FA.tmp --------- 311248 
 13.01.2011 21:17    C:\Users\***\AppData\Local\Temp\STS40A8.tmp --------- 132 
 13.01.2011 21:17    C:\Users\***\AppData\Local\Temp\~DF4842.tmp --------- 16384 
 13.01.2011 21:16    C:\Users\***\AppData\Local\Temp\MAR7DA8.tmp --------- 1285 
 13.01.2011 21:16    C:\Users\***\AppData\Local\Temp\MAR6A76.tmp --------- 1342 
 13.01.2011 21:13    C:\Users\***\AppData\Local\Temp\~DFC7B9.tmp --------- 16384 
 12.01.2011 20:41    C:\Users\***\AppData\Local\Temp\4D08.tmp --------- 311248 
 12.01.2011 19:09    C:\Users\***\AppData\Local\Temp\STSB00D.tmp --------- 132 
 12.01.2011 19:08    C:\Users\***\AppData\Local\Temp\~DFDC2A.tmp --------- 16384 
 12.01.2011 19:08    C:\Users\***\AppData\Local\Temp\MARB80A.tmp --------- 1285 
 12.01.2011 19:08    C:\Users\***\AppData\Local\Temp\MARAA71.tmp --------- 1342 
 12.01.2011 19:05    C:\Users\***\AppData\Local\Temp\~DF808A.tmp --------- 16384 
 11.01.2011 21:16    C:\Users\***\AppData\Local\Temp\STSB200.tmp --------- 132 
 11.01.2011 21:15    C:\Users\***\AppData\Local\Temp\~DF1A74.tmp --------- 16384 
 11.01.2011 21:15    C:\Users\***\AppData\Local\Temp\MAREE83.tmp --------- 1285 
 11.01.2011 21:15    C:\Users\***\AppData\Local\Temp\MARE993.tmp --------- 1342 
 11.01.2011 21:12    C:\Users\***\AppData\Local\Temp\~DF39D5.tmp --------- 16384 
 10.01.2011 18:29    C:\Users\***\AppData\Local\Temp\STS1055.tmp --------- 132 
 10.01.2011 18:29    C:\Users\***\AppData\Local\Temp\~DFCA5A.tmp --------- 16384 
 10.01.2011 18:29    C:\Users\***\AppData\Local\Temp\MARB174.tmp --------- 1285 
 10.01.2011 18:29    C:\Users\***\AppData\Local\Temp\MARAA42.tmp --------- 1342 
 10.01.2011 18:26    C:\Users\***\AppData\Local\Temp\~DF1DBE.tmp --------- 16384 
 09.01.2011 23:02    C:\Users\***\AppData\Local\Temp\BC9F.tmp --------- 311248 
 09.01.2011 18:29    C:\Users\***\AppData\Local\Temp\STS21C3.tmp --------- 132 
 09.01.2011 18:29    C:\Users\***\AppData\Local\Temp\~DFBC16.tmp --------- 16384 
 09.01.2011 18:27    C:\Users\***\AppData\Local\Temp\MAR8C49.tmp --------- 1285 
 09.01.2011 18:26    C:\Users\***\AppData\Local\Temp\MAR8880.tmp --------- 1342 
 09.01.2011 18:24    C:\Users\***\AppData\Local\Temp\~DF64C5.tmp --------- 16384 
 09.01.2011 12:34    C:\Users\***\AppData\Local\Temp\9F2B.tmp --------- 311248 
 09.01.2011 12:29    C:\Users\***\AppData\Local\Temp\STS2F4A.tmp --------- 132 
 09.01.2011 12:29    C:\Users\***\AppData\Local\Temp\~DF67BE.tmp --------- 16384 
 09.01.2011 12:28    C:\Users\***\AppData\Local\Temp\MAR757E.tmp --------- 1285 
 09.01.2011 12:28    C:\Users\***\AppData\Local\Temp\MAR5023.tmp --------- 1342 
 09.01.2011 12:27    C:\Users\***\AppData\Local\Temp\~DF3225.tmp --------- 16384 
 08.01.2011 11:50    C:\Users\***\AppData\Local\Temp\STS78B8.tmp --------- 132 
 08.01.2011 11:50    C:\Users\***\AppData\Local\Temp\~DFD5C8.tmp --------- 16384 
 08.01.2011 11:49    C:\Users\***\AppData\Local\Temp\MARA065.tmp --------- 1285 
 08.01.2011 11:49    C:\Users\***\AppData\Local\Temp\MAR99FD.tmp --------- 1342 
 08.01.2011 11:47    C:\Users\***\AppData\Local\Temp\~DF1F23.tmp --------- 16384 
 07.01.2011 23:24    C:\Users\***\AppData\Local\Temp\MSI4919b.LOG --------- 16000 
 07.01.2011 23:24    C:\Users\***\AppData\Local\Temp\MSI4919a.LOG --------- 16008 
 07.01.2011 23:24    C:\Users\***\AppData\Local\Temp\MSI3b37b.LOG --------- 804 
 07.01.2011 23:23    C:\Users\***\AppData\Local\Temp\mia89AE.tmp --------- 0 
 07.01.2011 18:33    C:\Users\***\AppData\Local\Temp\F71A.tmp --------- 311248 
 07.01.2011 18:26    C:\Users\***\AppData\Local\Temp\STSE225.tmp --------- 132 
 07.01.2011 18:26    C:\Users\***\AppData\Local\Temp\~DFCDBD.tmp --------- 16384 
 07.01.2011 18:26    C:\Users\***\AppData\Local\Temp\MAR4691.tmp --------- 1285 
 07.01.2011 18:26    C:\Users\***\AppData\Local\Temp\MAR4153.tmp --------- 1342 
 07.01.2011 18:25    C:\Users\***\AppData\Local\Temp\~DF7E63.tmp --------- 16384 
 06.01.2011 14:47    C:\Users\***\AppData\Local\Temp\8315.tmp --------- 311248 
 06.01.2011 12:55    C:\Users\***\AppData\Local\Temp\STS9B2.tmp --------- 132 
 06.01.2011 12:55    C:\Users\***\AppData\Local\Temp\~DF1F50.tmp --------- 16384 
 06.01.2011 12:54    C:\Users\***\AppData\Local\Temp\MAR3C93.tmp --------- 1285 
 06.01.2011 12:54    C:\Users\***\AppData\Local\Temp\MAR2FE5.tmp --------- 1342 
 06.01.2011 12:54    C:\Users\***\AppData\Local\Temp\~DF4A85.tmp --------- 16384 
 05.01.2011 20:15    C:\Users\***\AppData\Local\Temp\STS6A5.tmp --------- 132 
 05.01.2011 20:15    C:\Users\***\AppData\Local\Temp\~DF3294.tmp --------- 16384 
 05.01.2011 20:15    C:\Users\***\AppData\Local\Temp\~DF86E9.tmp --------- 16384 
 05.01.2011 20:15    C:\Users\***\AppData\Local\Temp\MARB664.tmp --------- 1285 
 05.01.2011 20:14    C:\Users\***\AppData\Local\Temp\MARABBA.tmp --------- 1342 
 05.01.2011 19:24    C:\Users\***\AppData\Local\Temp\1573.tmp --------- 311248 
 05.01.2011 19:18    C:\Users\***\AppData\Local\Temp\STSB85.tmp --------- 132 
 05.01.2011 19:18    C:\Users\***\AppData\Local\Temp\~DFA0DC.tmp --------- 16384 
 05.01.2011 19:18    C:\Users\***\AppData\Local\Temp\~DFA7B8.tmp --------- 16384 
 05.01.2011 19:17    C:\Users\***\AppData\Local\Temp\MAR3AA0.tmp --------- 1285 
 05.01.2011 19:17    C:\Users\***\AppData\Local\Temp\MAR3208.tmp --------- 1342 
 04.01.2011 20:55    C:\Users\***\AppData\Local\Temp\STS6D15.tmp --------- 132 
 04.01.2011 20:55    C:\Users\***\AppData\Local\Temp\~DF3115.tmp --------- 16384 
 04.01.2011 20:55    C:\Users\***\AppData\Local\Temp\MARB164.tmp --------- 1285 
 04.01.2011 20:54    C:\Users\***\AppData\Local\Temp\MARA063.tmp --------- 1342 
 04.01.2011 20:53    C:\Users\***\AppData\Local\Temp\~DFA6FD.tmp --------- 16384 
 03.01.2011 18:32    C:\Users\***\AppData\Local\Temp\STS80C4.tmp --------- 132 
 03.01.2011 18:32    C:\Users\***\AppData\Local\Temp\~DFC6EC.tmp --------- 16384 
 03.01.2011 18:32    C:\Users\***\AppData\Local\Temp\~DF1B1D.tmp --------- 16384 
 03.01.2011 18:31    C:\Users\***\AppData\Local\Temp\MAR7B48.tmp --------- 1285 
 03.01.2011 18:31    C:\Users\***\AppData\Local\Temp\MAR5E83.tmp --------- 1342 
 03.01.2011 10:19    C:\Users\***\AppData\Local\Temp\GLF1C3F.tmp.ConduitEngineSetup.exe --------- 158048 
 03.01.2011 10:16    C:\Users\***\AppData\Local\Temp\prxGLF1C3F.tmp.tbElf_.dll --------- 175400 
 02.01.2011 15:29    C:\Users\***\AppData\Local\Temp\STS6CC8.tmp --------- 132 
 02.01.2011 15:29    C:\Users\***\AppData\Local\Temp\~DFD424.tmp --------- 16384 
 02.01.2011 15:28    C:\Users\***\AppData\Local\Temp\MAR1A36.tmp --------- 1285 
 02.01.2011 15:28    C:\Users\***\AppData\Local\Temp\MARD0A.tmp --------- 1342 
 02.01.2011 15:28    C:\Users\***\AppData\Local\Temp\~DF6575.tmp --------- 16384 
 02.01.2011 00:15    C:\Users\***\AppData\Local\Temp\STSC093.tmp --------- 132 
 02.01.2011 00:15    C:\Users\***\AppData\Local\Temp\~DF102D.tmp --------- 16384 
 02.01.2011 00:14    C:\Users\***\AppData\Local\Temp\~DFA399.tmp --------- 16384 
 02.01.2011 00:13    C:\Users\***\AppData\Local\Temp\MAR2AE7.tmp --------- 1285 
 02.01.2011 00:13    C:\Users\***\AppData\Local\Temp\MAR1A14.tmp --------- 1342 
 01.01.2011 14:56    C:\Users\***\AppData\Local\Temp\STS124A.tmp --------- 132 
 01.01.2011 14:56    C:\Users\***\AppData\Local\Temp\~DF671C.tmp --------- 16384 
 01.01.2011 14:55    C:\Users\***\AppData\Local\Temp\~DFDF4A.tmp --------- 16384 
 01.01.2011 14:55    C:\Users\***\AppData\Local\Temp\MAR96D3.tmp --------- 1285 
 01.01.2011 14:55    C:\Users\***\AppData\Local\Temp\MAR75DA.tmp --------- 1342 
 31.12.2010 21:43    C:\Users\***\AppData\Local\Temp\F601.tmp --------- 311248 
 31.12.2010 21:41    C:\Users\***\AppData\Local\Temp\STSFA.tmp --------- 132 
 31.12.2010 21:41    C:\Users\***\AppData\Local\Temp\~DFE40F.tmp --------- 16384 
 31.12.2010 21:40    C:\Users\***\AppData\Local\Temp\MAR51B8.tmp --------- 1285 
 31.12.2010 21:40    C:\Users\***\AppData\Local\Temp\MAR3DBA.tmp --------- 1342 
 31.12.2010 21:37    C:\Users\***\AppData\Local\Temp\~DF5727.tmp --------- 16384 
 31.12.2010 19:32    C:\Users\***\AppData\Local\Temp\WER4AF4.tmp.version.txt --------- 476 
 31.12.2010 19:25    C:\Users\***\AppData\Local\Temp\MAR1796.tmp --------- 1285 
 31.12.2010 19:25    C:\Users\***\AppData\Local\Temp\MAR144A.tmp --------- 1342 
 31.12.2010 19:22    C:\Users\***\AppData\Local\Temp\RES9B46.tmp --------- 1196 
 31.12.2010 19:22    C:\Users\***\AppData\Local\Temp\CSC9B25.tmp --------- 652 
 31.12.2010 19:22    C:\Users\***\AppData\Local\Temp\huledk3g.out --------- 490 
 31.12.2010 19:22    C:\Users\***\AppData\Local\Temp\huledk3g.cmdline --------- 407 
 31.12.2010 19:22    C:\Users\***\AppData\Local\Temp\huledk3g.0.cs --------- 15196 
 31.12.2010 19:21    C:\Users\***\AppData\Local\Temp\~DF48CE.tmp --------- 16384 
 31.12.2010 11:47    C:\Users\***\AppData\Local\Temp\311D.tmp --------- 311248 
 31.12.2010 11:40    C:\Users\***\AppData\Local\Temp\STS205C.tmp --------- 132 
 31.12.2010 11:40    C:\Users\***\AppData\Local\Temp\~DF1908.tmp --------- 16384 
 31.12.2010 11:40    C:\Users\***\AppData\Local\Temp\~DF2A03.tmp --------- 16384 
 31.12.2010 11:40    C:\Users\***\AppData\Local\Temp\MAR91E3.tmp --------- 1285 
 31.12.2010 11:39    C:\Users\***\AppData\Local\Temp\MAR757D.tmp --------- 1342 
 30.12.2010 19:57    C:\Users\***\AppData\Local\Temp\STS85A.tmp --------- 132 
 30.12.2010 19:57    C:\Users\***\AppData\Local\Temp\~DF6265.tmp --------- 16384 
 30.12.2010 19:56    C:\Users\***\AppData\Local\Temp\MAR7B38.tmp --------- 1285 
 30.12.2010 19:56    C:\Users\***\AppData\Local\Temp\MAR729F.tmp --------- 1342 
 30.12.2010 19:54    C:\Users\***\AppData\Local\Temp\~DFD56E.tmp --------- 16384 
 29.12.2010 19:23    C:\Users\***\AppData\Local\Temp\2941.tmp --------- 311248 
 29.12.2010 19:22    C:\Users\***\AppData\Local\Temp\STSD04B.tmp --------- 132 
 29.12.2010 19:22    C:\Users\***\AppData\Local\Temp\~DF4548.tmp --------- 16384 
 29.12.2010 19:22    C:\Users\***\AppData\Local\Temp\~DFFAF4.tmp --------- 16384 
 29.12.2010 19:22    C:\Users\***\AppData\Local\Temp\MAR2CCB.tmp --------- 1285 
 29.12.2010 19:22    C:\Users\***\AppData\Local\Temp\MAR24AF.tmp --------- 1342 
 28.12.2010 21:20    C:\Users\***\AppData\Local\Temp\F92C.tmp --------- 311248 
 28.12.2010 21:15    C:\Users\***\AppData\Local\Temp\STSE476.tmp --------- 132 
 28.12.2010 21:15    C:\Users\***\AppData\Local\Temp\~DF2659.tmp --------- 16384 
 28.12.2010 21:14    C:\Users\***\AppData\Local\Temp\MARE669.tmp --------- 1285 
 28.12.2010 21:14    C:\Users\***\AppData\Local\Temp\MARE11A.tmp --------- 1342 
 28.12.2010 21:11    C:\Users\***\AppData\Local\Temp\~DF46D.tmp --------- 16384 
 27.12.2010 19:34    C:\Users\***\AppData\Local\Temp\4327.tmp --------- 311248 
 27.12.2010 19:30    C:\Users\***\AppData\Local\Temp\STS405A.tmp --------- 132 
 27.12.2010 19:30    C:\Users\***\AppData\Local\Temp\~DF4CFB.tmp --------- 16384 
 27.12.2010 19:29    C:\Users\***\AppData\Local\Temp\MAR98C6.tmp --------- 1285 
 27.12.2010 19:29    C:\Users\***\AppData\Local\Temp\MAR866D.tmp --------- 1342 
 27.12.2010 19:27    C:\Users\***\AppData\Local\Temp\~DFB528.tmp --------- 16384 
 26.12.2010 18:54    C:\Users\***\AppData\Local\Temp\STS2923.tmp --------- 132 
 26.12.2010 18:54    C:\Users\***\AppData\Local\Temp\~DF4CEF.tmp --------- 16384 
 26.12.2010 18:54    C:\Users\***\AppData\Local\Temp\MARC513.tmp --------- 1285 
 26.12.2010 18:54    C:\Users\***\AppData\Local\Temp\MARB6B1.tmp --------- 1342 
 26.12.2010 18:51    C:\Users\***\AppData\Local\Temp\~DF2DC5.tmp --------- 16384 
 24.12.2010 09:33    C:\Users\***\AppData\Local\Temp\DIO6ECC.tmp --------- 47122 
 24.12.2010 09:31    C:\Users\***\AppData\Local\Temp\DIOC565.tmp --------- 47122 
 24.12.2010 09:31    C:\Users\***\AppData\Local\Temp\DIO7D7C.tmp --------- 47122 
 24.12.2010 09:29    C:\Users\***\AppData\Local\Temp\DIOFF95.tmp --------- 47122 
 24.12.2010 09:29    C:\Users\***\AppData\Local\Temp\STSBC10.tmp --------- 186 
 24.12.2010 09:10    C:\Users\***\AppData\Local\Temp\F768.tmp --------- 311248 
 24.12.2010 09:00    C:\Users\***\AppData\Local\Temp\~DF8200.tmp --------- 16384 
 24.12.2010 08:59    C:\Users\***\AppData\Local\Temp\MARC6A9.tmp --------- 1285 
 24.12.2010 08:59    C:\Users\***\AppData\Local\Temp\MARBDD2.tmp --------- 1342 
 24.12.2010 08:58    C:\Users\***\AppData\Local\Temp\~DFBDA.tmp --------- 16384 
 23.12.2010 18:17    C:\Users\***\AppData\Local\Temp\STS41E0.tmp --------- 132 
 23.12.2010 18:17    C:\Users\***\AppData\Local\Temp\~DF9D7E.tmp --------- 16384 
 23.12.2010 18:16    C:\Users\***\AppData\Local\Temp\MARD99D.tmp --------- 1285 
 23.12.2010 18:16    C:\Users\***\AppData\Local\Temp\MARD50A.tmp --------- 1342 
 23.12.2010 18:14    C:\Users\***\AppData\Local\Temp\~DF7337.tmp --------- 16384 
 22.12.2010 22:55    C:\Users\***\AppData\Local\Temp\9CEA.tmp --------- 311248 
 22.12.2010 22:54    C:\Users\***\AppData\Local\Temp\STSF70B.tmp --------- 132 
 22.12.2010 22:54    C:\Users\***\AppData\Local\Temp\~DF193D.tmp --------- 16384 
 22.12.2010 22:54    C:\Users\***\AppData\Local\Temp\MAR79F2.tmp --------- 1285 
 22.12.2010 22:54    C:\Users\***\AppData\Local\Temp\MAR7638.tmp --------- 1342 
 22.12.2010 22:51    C:\Users\***\AppData\Local\Temp\~DFCDE1.tmp --------- 16384 
 22.12.2010 20:55    C:\Users\***\AppData\Local\Temp\STS5D31.tmp --------- 132 
 22.12.2010 20:53    C:\Users\***\AppData\Local\Temp\DIOC68D.tmp --------- 47122 
 22.12.2010 20:53    C:\Users\***\AppData\Local\Temp\DIOBC5E.tmp --------- 47122 
 22.12.2010 20:13    C:\Users\***\AppData\Local\Temp\FA74.tmp --------- 311248 
 22.12.2010 20:09    C:\Users\***\AppData\Local\Temp\~DF9782.tmp --------- 16384 
 22.12.2010 20:08    C:\Users\***\AppData\Local\Temp\MAR7629.tmp --------- 1285 
 22.12.2010 20:08    C:\Users\***\AppData\Local\Temp\MAR69D9.tmp --------- 1342 
 22.12.2010 20:07    C:\Users\***\AppData\Local\Temp\~DFE326.tmp --------- 16384 
 21.12.2010 23:21    C:\Users\***\AppData\Local\Temp\BE3E.tmp --------- 311248 
 20.12.2010 20:07    C:\Users\***\AppData\Local\Temp\STS44AE.tmp --------- 132 
 20.12.2010 20:07    C:\Users\***\AppData\Local\Temp\~DFAC59.tmp --------- 16384 
 20.12.2010 20:06    C:\Users\***\AppData\Local\Temp\MARC014.tmp --------- 1285 
 20.12.2010 20:06    C:\Users\***\AppData\Local\Temp\MARB309.tmp --------- 1342 
 20.12.2010 20:03    C:\Users\***\AppData\Local\Temp\~DFD8BE.tmp --------- 16384 
 19.12.2010 16:46    C:\Users\***\AppData\Local\Temp\84E7.tmp --------- 311248 
 19.12.2010 16:45    C:\Users\***\AppData\Local\Temp\STSE8E8.tmp --------- 132 
 19.12.2010 16:45    C:\Users\***\AppData\Local\Temp\~DFC784.tmp --------- 16384 
 19.12.2010 16:45    C:\Users\***\AppData\Local\Temp\MAR7A6D.tmp --------- 1285 
 19.12.2010 16:45    C:\Users\***\AppData\Local\Temp\MAR75BB.tmp --------- 1342 
 19.12.2010 16:43    C:\Users\***\AppData\Local\Temp\~DF4479.tmp --------- 16384 
 19.12.2010 11:46    C:\Users\***\AppData\Local\Temp\B53A.tmp --------- 311248 
 19.12.2010 11:45    C:\Users\***\AppData\Local\Temp\STSA63E.tmp --------- 132 
 19.12.2010 11:45    C:\Users\***\AppData\Local\Temp\~DFAC02.tmp --------- 16384 
 19.12.2010 11:44    C:\Users\***\AppData\Local\Temp\MAR4A3B.tmp --------- 1285 
 19.12.2010 11:44    C:\Users\***\AppData\Local\Temp\MAR3F12.tmp --------- 1342 
 19.12.2010 11:42    C:\Users\***\AppData\Local\Temp\~DF4328.tmp --------- 16384 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_thunderstorm.png --------- 3388 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_sunny.png --------- 2200 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_storm.png --------- 3579 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_snow.png --------- 3223 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_rain.png --------- 3335 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_mostlysunny.png --------- 3131 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_mostlycloudy_night.png --------- 2725 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_mostlycloudy.png --------- 3600 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_mostlyclear_night.png --------- 2362 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_icy.png --------- 1079 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_haze.png --------- 2817 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_fog.png --------- 2268 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_flurries.png --------- 3296 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_cloudy.png --------- 2662 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_clear_night.png --------- 1351 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_chanceofthunderstorm.png --------- 3388 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_chanceofstorm.png --------- 3579 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_chanceofsleet.png --------- 3463 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_chanceofsnow.png --------- 3223 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\icon_chanceofrain.png --------- 3335 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\hover_glow.png --------- 526 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_thunderstorm.png --------- 26675 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_sunnyNight.png --------- 9259 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_storm.png --------- 23978 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_sleet.png --------- 23053 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_snow.png --------- 22162 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_rain.png --------- 20549 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_mostlySunnyNight.png --------- 14666 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_mostlySunnyDay.png --------- 19229 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_mostlyCloudyNight.png --------- 16676 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_mostlyCloudyDay.png --------- 22987 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_icy.png --------- 4989 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_haze.png --------- 19842 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_fog.png --------- 16687 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_flurries.png --------- 20935 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\gd_weather_cloudy.png --------- 16776 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\slate_open.png --------- 2883 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\slate_closed.png --------- 1293 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\slate_main.png --------- 1780 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\STS4BF7.tmp --------- 132 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\undocked-sunny.png --------- 7205 
 18.12.2010 23:50    C:\Users\***\AppData\Local\Temp\Google Gadget Cache --------- 0 
 18.12.2010 23:08    C:\Users\***\AppData\Local\Temp\DIO4715.tmp --------- 47122 
 18.12.2010 23:06    C:\Users\***\AppData\Local\Temp\DIOAC0.tmp --------- 47122 
 18.12.2010 23:05    C:\Users\***\AppData\Local\Temp\DIO2F9F.tmp --------- 47122 
 18.12.2010 19:06    C:\Users\***\AppData\Local\Temp\~DFA462.tmp --------- 16384 
 18.12.2010 19:05    C:\Users\***\AppData\Local\Temp\MAR69EA.tmp --------- 1285 
 18.12.2010 19:05    C:\Users\***\AppData\Local\Temp\MAR64DA.tmp --------- 1342 
 18.12.2010 19:03    C:\Users\***\AppData\Local\Temp\~DF607A.tmp --------- 16384 
 18.12.2010 17:08    C:\Users\***\AppData\Local\Temp\5A5F.tmp --------- 311248 
 18.12.2010 16:51    C:\Users\***\AppData\Local\Temp\STSF4F9.tmp --------- 132 
 18.12.2010 16:51    C:\Users\***\AppData\Local\Temp\~DFDBA6.tmp --------- 16384 
 18.12.2010 16:50    C:\Users\***\AppData\Local\Temp\MAR5254.tmp --------- 1285 
 18.12.2010 16:50    C:\Users\***\AppData\Local\Temp\MAR4826.tmp --------- 1342 
 18.12.2010 16:49    C:\Users\***\AppData\Local\Temp\~DF20BA.tmp --------- 16384 
 17.12.2010 20:51    C:\Users\***\AppData\Local\Temp\STS2877.tmp --------- 132 
 17.12.2010 20:51    C:\Users\***\AppData\Local\Temp\~DFF502.tmp --------- 16384 
 17.12.2010 20:50    C:\Users\***\AppData\Local\Temp\MAR7CCE.tmp --------- 1285 
 17.12.2010 20:50    C:\Users\***\AppData\Local\Temp\MAR6363.tmp --------- 1342 
 17.12.2010 20:49    C:\Users\***\AppData\Local\Temp\~DF2373.tmp --------- 16384 
 16.12.2010 23:58    C:\Users\***\AppData\Local\Temp\STS1F39.tmp --------- 132 
 16.12.2010 23:57    C:\Users\***\AppData\Local\Temp\DIO2512.tmp --------- 47122 
 16.12.2010 21:55    C:\Users\***\AppData\Local\Temp\~DF8FDA.tmp --------- 16384 
 16.12.2010 21:55    C:\Users\***\AppData\Local\Temp\MAR1FC1.tmp --------- 1285 
 16.12.2010 21:55    C:\Users\***\AppData\Local\Temp\MAR1A82.tmp --------- 1342 
 16.12.2010 21:51    C:\Users\***\AppData\Local\Temp\~DFC14D.tmp --------- 16384 
 15.12.2010 20:59    C:\Users\***\AppData\Local\Temp\85E1.tmp --------- 311248 
 15.12.2010 20:59    C:\Users\***\AppData\Local\Temp\STS83FF.tmp --------- 132 
 15.12.2010 20:59    C:\Users\***\AppData\Local\Temp\~DF3A4C.tmp --------- 16384 
 15.12.2010 20:58    C:\Users\***\AppData\Local\Temp\MAR6069.tmp --------- 1285 
 15.12.2010 20:57    C:\Users\***\AppData\Local\Temp\MAR508F.tmp --------- 1342 
 15.12.2010 20:57    C:\Users\***\AppData\Local\Temp\~DF66CF.tmp --------- 16384 
 14.12.2010 21:15    C:\Users\***\AppData\Local\Temp\5984.tmp --------- 311248 
 14.12.2010 21:15    C:\Users\***\AppData\Local\Temp\STSF345.tmp --------- 132 
 14.12.2010 21:15    C:\Users\***\AppData\Local\Temp\~DF1791.tmp --------- 16384 
 14.12.2010 21:13    C:\Users\***\AppData\Local\Temp\MARCBB8.tmp --------- 1285 
 14.12.2010 21:13    C:\Users\***\AppData\Local\Temp\MARC448.tmp --------- 1342 
 14.12.2010 21:12    C:\Users\***\AppData\Local\Temp\~DF62EB.tmp --------- 16384 
 13.12.2010 23:39    C:\Users\***\AppData\Local\Temp\STSD08B.tmp --------- 132 
 13.12.2010 23:37    C:\Users\***\AppData\Local\Temp\DIOA0F3.tmp --------- 47122 
 13.12.2010 23:37    C:\Users\***\AppData\Local\Temp\DIOFD34.tmp --------- 47122 
 13.12.2010 23:30    C:\Users\***\AppData\Local\Temp\~DFD844.tmp --------- 16384 
 13.12.2010 23:29    C:\Users\***\AppData\Local\Temp\MAR70FB.tmp --------- 1285 
 13.12.2010 23:29    C:\Users\***\AppData\Local\Temp\MAR67D6.tmp --------- 1342 
 13.12.2010 23:27    C:\Users\***\AppData\Local\Temp\~DFFDF.tmp --------- 16384 
 13.12.2010 20:15    C:\Users\***\AppData\Local\Temp\STSEE55.tmp --------- 132 
 13.12.2010 20:15    C:\Users\***\AppData\Local\Temp\~DF89E.tmp --------- 16384 
 13.12.2010 20:14    C:\Users\***\AppData\Local\Temp\MAR425.tmp --------- 1285 
 13.12.2010 20:14    C:\Users\***\AppData\Local\Temp\MARFF16.tmp --------- 1342 
 13.12.2010 20:12    C:\Users\***\AppData\Local\Temp\~DF9C29.tmp --------- 16384 
 13.12.2010 19:53    C:\Users\***\AppData\Local\Temp\STS3D5E.tmp --------- 132 
 13.12.2010 19:53    C:\Users\***\AppData\Local\Temp\~DF1682.tmp --------- 16384 
 13.12.2010 19:52    C:\Users\***\AppData\Local\Temp\~DF7029.tmp --------- 16384 
 13.12.2010 19:52    C:\Users\***\AppData\Local\Temp\MAR891D.tmp --------- 1285 
 13.12.2010 19:52    C:\Users\***\AppData\Local\Temp\MAR75CB.tmp --------- 1342 
 12.12.2010 23:51    C:\Users\***\AppData\Local\Temp\44F0.tmp --------- 311248 
 12.12.2010 19:53    C:\Users\***\AppData\Local\Temp\STS512D.tmp --------- 132 
 12.12.2010 19:53    C:\Users\***\AppData\Local\Temp\~DFFB54.tmp --------- 16384 
 12.12.2010 19:51    C:\Users\***\AppData\Local\Temp\MARD29A.tmp --------- 1285 
 12.12.2010 19:51    C:\Users\***\AppData\Local\Temp\MARC9D3.tmp --------- 1342 
 12.12.2010 19:50    C:\Users\***\AppData\Local\Temp\~DF6695.tmp --------- 16384 
 12.12.2010 17:52    C:\Users\***\AppData\Local\Temp\A830.tmp --------- 311248 
 12.12.2010 17:50    C:\Users\***\AppData\Local\Temp\STS311F.tmp --------- 132 
 12.12.2010 17:49    C:\Users\***\AppData\Local\Temp\~DF360D.tmp --------- 16384 
 12.12.2010 17:49    C:\Users\***\AppData\Local\Temp\MARCB4A.tmp --------- 1285 
 12.12.2010 17:49    C:\Users\***\AppData\Local\Temp\MARB00C.tmp --------- 1342 
 12.12.2010 17:46    C:\Users\***\AppData\Local\Temp\~DFF7B4.tmp --------- 16384 
 12.12.2010 13:50    C:\Users\***\AppData\Local\Temp\STS6DA1.tmp --------- 132 
 12.12.2010 13:50    C:\Users\***\AppData\Local\Temp\~DFA81F.tmp --------- 16384 
 12.12.2010 13:48    C:\Users\***\AppData\Local\Temp\MAR9925.tmp --------- 1285 
 12.12.2010 13:48    C:\Users\***\AppData\Local\Temp\MAR9491.tmp --------- 1342 
 12.12.2010 13:47    C:\Users\***\AppData\Local\Temp\~DF1D74.tmp --------- 16384 
 11.12.2010 17:42    C:\Users\***\AppData\Local\Temp\DB85.tmp --------- 311248 
 11.12.2010 12:24    C:\Users\***\AppData\Local\Temp\STS58BA.tmp --------- 132 
 11.12.2010 12:24    C:\Users\***\AppData\Local\Temp\~DF297.tmp --------- 16384 
 11.12.2010 12:23    C:\Users\***\AppData\Local\Temp\MAR21A4.tmp --------- 1285 
 11.12.2010 12:23    C:\Users\***\AppData\Local\Temp\MAR1CD2.tmp --------- 1342 
 11.12.2010 12:21    C:\Users\***\AppData\Local\Temp\~DFC2CB.tmp --------- 16384 
 10.12.2010 22:31    C:\Users\***\AppData\Local\Temp\STS8121.tmp --------- 132 
 10.12.2010 22:31    C:\Users\***\AppData\Local\Temp\~DFF9DF.tmp --------- 16384 
 10.12.2010 22:30    C:\Users\***\AppData\Local\Temp\MAR950E.tmp --------- 1285 
 10.12.2010 22:30    C:\Users\***\AppData\Local\Temp\MAR900F.tmp --------- 1342 
 10.12.2010 22:29    C:\Users\***\AppData\Local\Temp\~DFD51C.tmp --------- 16384 
 10.12.2010 19:54    C:\Users\***\AppData\Local\Temp\4DD1.tmp --------- 311248 
 10.12.2010 19:50    C:\Users\***\AppData\Local\Temp\STSE917.tmp --------- 132 
 10.12.2010 19:50    C:\Users\***\AppData\Local\Temp\~DF6BCB.tmp --------- 16384 
 10.12.2010 19:50    C:\Users\***\AppData\Local\Temp\MAR5B59.tmp --------- 1285 
 10.12.2010 19:50    C:\Users\***\AppData\Local\Temp\MAR3F51.tmp --------- 1342 
 10.12.2010 19:48    C:\Users\***\AppData\Local\Temp\~DF7BB.tmp --------- 16384 
 09.12.2010 21:42    C:\Users\***\AppData\Local\Temp\D49C.tmp --------- 311248 
 09.12.2010 21:36    C:\Users\***\AppData\Local\Temp\STSC072.tmp --------- 132 
 09.12.2010 21:36    C:\Users\***\AppData\Local\Temp\~DF9B22.tmp --------- 16384 
 09.12.2010 21:34    C:\Users\***\AppData\Local\Temp\MAR9B46.tmp --------- 1285 
 09.12.2010 21:34    C:\Users\***\AppData\Local\Temp\MAR9452.tmp --------- 1342 
 09.12.2010 21:33    C:\Users\***\AppData\Local\Temp\~DF9547.tmp --------- 16384 
 08.12.2010 20:34    C:\Users\***\AppData\Local\Temp\A958.tmp --------- 311248 
 08.12.2010 20:33    C:\Users\***\AppData\Local\Temp\STS8FD1.tmp --------- 132 
 08.12.2010 20:33    C:\Users\***\AppData\Local\Temp\~DF6494.tmp --------- 16384 
 08.12.2010 20:31    C:\Users\***\AppData\Local\Temp\MAR232.tmp --------- 1285 
 08.12.2010 20:31    C:\Users\***\AppData\Local\Temp\MARFE2C.tmp --------- 1342 
 08.12.2010 20:29    C:\Users\***\AppData\Local\Temp\~DF4333.tmp --------- 16384 
 06.12.2010 21:32    C:\Users\***\AppData\Local\Temp\5FDB.tmp --------- 311248 
 06.12.2010 21:02    C:\Users\***\AppData\Local\Temp\STS10B3.tmp --------- 132 
 06.12.2010 21:02    C:\Users\***\AppData\Local\Temp\~DF2DD9.tmp --------- 16384 
 06.12.2010 21:01    C:\Users\***\AppData\Local\Temp\MARCBD.tmp --------- 1285 
 06.12.2010 21:01    C:\Users\***\AppData\Local\Temp\MARF6DC.tmp --------- 1342 
 06.12.2010 20:58    C:\Users\***\AppData\Local\Temp\~DFB923.tmp --------- 16384 
 05.12.2010 12:38    C:\Users\***\AppData\Local\Temp\58C9.tmp --------- 311248 
 05.12.2010 12:37    C:\Users\***\AppData\Local\Temp\STS628A.tmp --------- 132 
 05.12.2010 12:37    C:\Users\***\AppData\Local\Temp\~DFBCC.tmp --------- 16384 
 05.12.2010 12:36    C:\Users\***\AppData\Local\Temp\MARF1ED.tmp --------- 1285 
 05.12.2010 12:36    C:\Users\***\AppData\Local\Temp\MARE732.tmp --------- 1342 
 05.12.2010 12:34    C:\Users\***\AppData\Local\Temp\~DF569C.tmp --------- 16384 
 04.12.2010 21:48    C:\Users\***\AppData\Local\Temp\89D7.tmp --------- 311248 
 04.12.2010 21:47    C:\Users\***\AppData\Local\Temp\STSF2C7.tmp --------- 132 
 04.12.2010 21:46    C:\Users\***\AppData\Local\Temp\~DFFF5C.tmp --------- 16384 
 04.12.2010 21:46    C:\Users\***\AppData\Local\Temp\MARA0C2.tmp --------- 1285 
 04.12.2010 21:46    C:\Users\***\AppData\Local\Temp\MAR9C0F.tmp --------- 1342 
 04.12.2010 21:43    C:\Users\***\AppData\Local\Temp\~DF3D0E.tmp --------- 16384 
 04.12.2010 12:49    C:\Users\***\AppData\Local\Temp\STS8A26.tmp --------- 132 
 04.12.2010 12:49    C:\Users\***\AppData\Local\Temp\~DF6559.tmp --------- 16384 
 04.12.2010 12:48    C:\Users\***\AppData\Local\Temp\MARF374.tmp --------- 1285 
 04.12.2010 12:48    C:\Users\***\AppData\Local\Temp\MARD8C1.tmp --------- 1342 
 04.12.2010 12:45    C:\Users\***\AppData\Local\Temp\~DF4747.tmp --------- 16384 
 03.12.2010 20:12    C:\Users\***\AppData\Local\Temp\A5C.tmp --------- 311248 
 03.12.2010 19:51    C:\Users\***\AppData\Local\Temp\STS224.tmp --------- 132 
 03.12.2010 19:51    C:\Users\***\AppData\Local\Temp\~DFD791.tmp --------- 16384 
 03.12.2010 19:50    C:\Users\***\AppData\Local\Temp\~DF3C53.tmp --------- 16384 
 03.12.2010 19:50    C:\Users\***\AppData\Local\Temp\MAR4F1A.tmp --------- 1285 
 03.12.2010 19:50    C:\Users\***\AppData\Local\Temp\MAR41EF.tmp --------- 1342 
 02.12.2010 21:09    C:\Users\***\AppData\Local\Temp\7B47.tmp --------- 311248 
 02.12.2010 21:04    C:\Users\***\AppData\Local\Temp\STSCC06.tmp --------- 132 
 02.12.2010 21:04    C:\Users\***\AppData\Local\Temp\~DF68E.tmp --------- 16384 
 02.12.2010 21:03    C:\Users\***\AppData\Local\Temp\MAR2F0C.tmp --------- 1285 
 02.12.2010 21:03    C:\Users\***\AppData\Local\Temp\MAR21D2.tmp --------- 1342 
 02.12.2010 21:00    C:\Users\***\AppData\Local\Temp\~DFCA26.tmp --------- 16384 
 30.11.2010 21:21    C:\Users\***\AppData\Local\Temp\STS5CC0.tmp --------- 132 
 30.11.2010 21:21    C:\Users\***\AppData\Local\Temp\~DF6115.tmp --------- 16384 
 30.11.2010 21:21    C:\Users\***\AppData\Local\Temp\~DF985A.tmp --------- 16384 
 30.11.2010 21:20    C:\Users\***\AppData\Local\Temp\MARBEEC.tmp --------- 1285 
 30.11.2010 21:20    C:\Users\***\AppData\Local\Temp\MARA5B0.tmp --------- 1342 
 29.11.2010 22:51    C:\Users\***\AppData\Local\Temp\1D50.tmp --------- 311248 
 29.11.2010 22:30    C:\Users\***\AppData\Local\Temp\STS561C.tmp --------- 132 
 29.11.2010 22:29    C:\Users\***\AppData\Local\Temp\~DF70A0.tmp --------- 16384 
 29.11.2010 22:28    C:\Users\***\AppData\Local\Temp\MARF66F.tmp --------- 1285 
 29.11.2010 22:28    C:\Users\***\AppData\Local\Temp\MARE7CE.tmp --------- 1342 
 29.11.2010 22:26    C:\Users\***\AppData\Local\Temp\~DFD86E.tmp --------- 16384 
 28.11.2010 22:48    C:\Users\***\AppData\Local\Temp\AC6E.tmp --------- 311248 
 28.11.2010 13:33    C:\Users\***\AppData\Local\Temp\STSA718.tmp --------- 132 
 28.11.2010 13:33    C:\Users\***\AppData\Local\Temp\~DFA0CB.tmp --------- 16384 
 28.11.2010 13:32    C:\Users\***\AppData\Local\Temp\MARCB2B.tmp --------- 1285 
 28.11.2010 13:32    C:\Users\***\AppData\Local\Temp\MARC58F.tmp --------- 1342 
 28.11.2010 13:30    C:\Users\***\AppData\Local\Temp\~DF604A.tmp --------- 16384 
 28.11.2010 01:57    C:\Users\***\AppData\Local\Temp\13EF.tmp --------- 311248 
 27.11.2010 23:52    C:\Users\***\AppData\Local\Temp\STS5042.tmp --------- 132 
 27.11.2010 23:52    C:\Users\***\AppData\Local\Temp\~DFB93.tmp --------- 16384 
 27.11.2010 23:51    C:\Users\***\AppData\Local\Temp\MARB942.tmp --------- 1285 
 27.11.2010 23:51    C:\Users\***\AppData\Local\Temp\MARAAA0.tmp --------- 1342 
 27.11.2010 23:50    C:\Users\***\AppData\Local\Temp\~DF267B.tmp --------- 16384 
 27.11.2010 19:22    C:\Users\***\AppData\Local\Temp\6FE2.tmp --------- 311248 
 27.11.2010 18:44    C:\Users\***\AppData\Local\Temp\STS314D.tmp --------- 132 
 27.11.2010 18:44    C:\Users\***\AppData\Local\Temp\~DF7B0F.tmp --------- 16384 
 27.11.2010 18:44    C:\Users\***\AppData\Local\Temp\MAR82A7.tmp --------- 1285 
 27.11.2010 18:44    C:\Users\***\AppData\Local\Temp\MAR77DE.tmp --------- 1342 
 27.11.2010 18:42    C:\Users\***\AppData\Local\Temp\~DFF147.tmp --------- 16384 
 26.11.2010 17:35    C:\Users\***\AppData\Local\Temp\533D.tmp --------- 311248 
 26.11.2010 17:30    C:\Users\***\AppData\Local\Temp\STS360E.tmp --------- 132 
 26.11.2010 17:30    C:\Users\***\AppData\Local\Temp\~DF3858.tmp --------- 16384 
 26.11.2010 17:30    C:\Users\***\AppData\Local\Temp\MARA489.tmp --------- 1285 
 26.11.2010 17:29    C:\Users\***\AppData\Local\Temp\MAR6CC6.tmp --------- 1342 
 26.11.2010 17:29    C:\Users\***\AppData\Local\Temp\~DFFB93.tmp --------- 16384 
 25.11.2010 21:37    C:\Users\***\AppData\Local\Temp\STSD1D0.tmp --------- 132 
 25.11.2010 21:37    C:\Users\***\AppData\Local\Temp\~DF903F.tmp --------- 16384 
 25.11.2010 21:36    C:\Users\***\AppData\Local\Temp\MAR191C.tmp --------- 1285 
 25.11.2010 21:36    C:\Users\***\AppData\Local\Temp\MARE90.tmp --------- 1342 
 25.11.2010 21:35    C:\Users\***\AppData\Local\Temp\~DF9504.tmp --------- 16384 
 24.11.2010 19:14    C:\Users\***\AppData\Local\Temp\STS5F4F.tmp --------- 132 
 24.11.2010 19:14    C:\Users\***\AppData\Local\Temp\~DF63D.tmp --------- 16384 
 24.11.2010 19:13    C:\Users\***\AppData\Local\Temp\MAR68A2.tmp --------- 1285 
 24.11.2010 19:13    C:\Users\***\AppData\Local\Temp\MAR5FCB.tmp --------- 1342 
 24.11.2010 19:11    C:\Users\***\AppData\Local\Temp\~DFBC77.tmp --------- 16384 
 23.11.2010 20:56    C:\Users\***\AppData\Local\Temp\STSB7CA.tmp --------- 132 
 23.11.2010 20:56    C:\Users\***\AppData\Local\Temp\~DF3B8B.tmp --------- 16384 
 23.11.2010 20:55    C:\Users\***\AppData\Local\Temp\MAR983.tmp --------- 1285 
 23.11.2010 20:55    C:\Users\***\AppData\Local\Temp\~DFD684.tmp --------- 16384 
 23.11.2010 20:55    C:\Users\***\AppData\Local\Temp\MARFA56.tmp --------- 1342 
 23.11.2010 00:42    C:\Users\***\AppData\Local\Temp\BBEE.tmp --------- 311248 
 23.11.2010 00:41    C:\Users\***\AppData\Local\Temp\STS60D5.tmp --------- 132 
 23.11.2010 00:41    C:\Users\***\AppData\Local\Temp\~DF121D.tmp --------- 16384 
 23.11.2010 00:40    C:\Users\***\AppData\Local\Temp\MAR31AB.tmp --------- 1285 
 23.11.2010 00:40    C:\Users\***\AppData\Local\Temp\MAR2599.tmp --------- 1342 
 23.11.2010 00:38    C:\Users\***\AppData\Local\Temp\~DFA42A.tmp --------- 16384 
 22.11.2010 19:23    C:\Users\***\AppData\Local\Temp\D96D.tmp --------- 311248 
 22.11.2010 19:20    C:\Users\***\AppData\Local\Temp\STSCE95.tmp --------- 132 
 22.11.2010 19:20    C:\Users\***\AppData\Local\Temp\~DF40C0.tmp --------- 16384 
 22.11.2010 19:20    C:\Users\***\AppData\Local\Temp\MAR6162.tmp --------- 1285 
 22.11.2010 19:20    C:\Users\***\AppData\Local\Temp\~DF9685.tmp --------- 16384 
 22.11.2010 19:20    C:\Users\***\AppData\Local\Temp\MAR5CEF.tmp --------- 1342 
 21.11.2010 19:32    C:\Users\***\AppData\Local\Temp\2246.tmp --------- 311248 
 21.11.2010 13:43    C:\Users\***\AppData\Local\Temp\FlashPlayerUpdate.exe --------- 2827728 
 21.11.2010 12:40    C:\Users\***\AppData\Local\Temp\STS6680.tmp --------- 132 
 21.11.2010 12:40    C:\Users\***\AppData\Local\Temp\~DFF5F9.tmp --------- 16384 
 21.11.2010 12:39    C:\Users\***\AppData\Local\Temp\MAR958B.tmp --------- 1285 
 21.11.2010 12:39    C:\Users\***\AppData\Local\Temp\MAR8535.tmp --------- 1342 
 21.11.2010 12:38    C:\Users\***\AppData\Local\Temp\~DF8C23.tmp --------- 16384 
 21.11.2010 01:38    C:\Users\***\AppData\Local\Temp\STS7E35.tmp --------- 132 
 21.11.2010 01:37    C:\Users\***\AppData\Local\Temp\~DF457B.tmp --------- 16384 
 21.11.2010 01:37    C:\Users\***\AppData\Local\Temp\MAR35C1.tmp --------- 1285 
 21.11.2010 01:37    C:\Users\***\AppData\Local\Temp\MAR2712.tmp --------- 1342 
 21.11.2010 01:35    C:\Users\***\AppData\Local\Temp\~DFFCFB.tmp --------- 16384 
 17.11.2010 22:23    C:\Users\***\AppData\Local\Temp\STSBC0F.tmp --------- 132 
 17.11.2010 22:22    C:\Users\***\AppData\Local\Temp\~DFCD95.tmp --------- 16384 
 17.11.2010 22:22    C:\Users\***\AppData\Local\Temp\MARD49D.tmp --------- 1285 
 17.11.2010 22:21    C:\Users\***\AppData\Local\Temp\MARBBEE.tmp --------- 1342 
 17.11.2010 22:20    C:\Users\***\AppData\Local\Temp\~DFAD1C.tmp --------- 16384 
 17.11.2010 19:00    C:\Users\***\AppData\Local\Temp\STS5428.tmp --------- 132 
 17.11.2010 19:00    C:\Users\***\AppData\Local\Temp\~DF920D.tmp --------- 16384 
 17.11.2010 18:59    C:\Users\***\AppData\Local\Temp\MARFA08.tmp --------- 1285 
 17.11.2010 18:59    C:\Users\***\AppData\Local\Temp\MARF41E.tmp --------- 1342 
 17.11.2010 18:57    C:\Users\***\AppData\Local\Temp\~DFB9DA.tmp --------- 16384 
 16.11.2010 20:55    C:\Users\***\AppData\Local\Temp\STS3B1D.tmp --------- 132 
 16.11.2010 20:55    C:\Users\***\AppData\Local\Temp\~DF579.tmp --------- 16384 
 16.11.2010 20:55    C:\Users\***\AppData\Local\Temp\MARAB0E.tmp --------- 1285 
 16.11.2010 20:55    C:\Users\***\AppData\Local\Temp\MAR91C3.tmp --------- 1342 
 16.11.2010 20:52    C:\Users\***\AppData\Local\Temp\~DFFBD7.tmp --------- 16384 
 15.11.2010 19:50    C:\Users\***\AppData\Local\Temp\STS163F.tmp --------- 132 
 15.11.2010 19:50    C:\Users\***\AppData\Local\Temp\~DF3B2C.tmp --------- 16384 
 15.11.2010 19:49    C:\Users\***\AppData\Local\Temp\MARC294.tmp --------- 1285 
 15.11.2010 19:49    C:\Users\***\AppData\Local\Temp\MARBB43.tmp --------- 1342 
 15.11.2010 19:46    C:\Users\***\AppData\Local\Temp\~DF56E4.tmp --------- 16384 
 14.11.2010 17:49    C:\Users\***\AppData\Local\Temp\STS7149.tmp --------- 132 
 14.11.2010 17:49    C:\Users\***\AppData\Local\Temp\~DFB0C.tmp --------- 16384 
 14.11.2010 17:48    C:\Users\***\AppData\Local\Temp\MARFA94.tmp --------- 1285 
 14.11.2010 17:48    C:\Users\***\AppData\Local\Temp\MARF3EF.tmp --------- 1342 
 14.11.2010 17:45    C:\Users\***\AppData\Local\Temp\~DF28DE.tmp --------- 16384 
 14.11.2010 12:53    C:\Users\***\AppData\Local\Temp\STSB52D.tmp --------- 132 
 14.11.2010 12:53    C:\Users\***\AppData\Local\Temp\~DF1F00.tmp --------- 16384 
 14.11.2010 12:52    C:\Users\***\AppData\Local\Temp\MARB7BB.tmp --------- 1285 
 14.11.2010 12:52    C:\Users\***\AppData\Local\Temp\MAR929D.tmp --------- 1342 
 14.11.2010 12:50    C:\Users\***\AppData\Local\Temp\~DFCF56.tmp --------- 16384 
 14.11.2010 11:02    C:\Users\***\AppData\Local\Temp\STSC4C6.tmp --------- 132 
 14.11.2010 11:02    C:\Users\***\AppData\Local\Temp\~DF8FA9.tmp --------- 16384 
 14.11.2010 11:01    C:\Users\***\AppData\Local\Temp\MAR9952.tmp --------- 1285 
 14.11.2010 11:01    C:\Users\***\AppData\Local\Temp\MAR8334.tmp --------- 1342 
 14.11.2010 10:59    C:\Users\***\AppData\Local\Temp\~DF518E.tmp --------- 16384 
 13.11.2010 20:47    C:\Users\***\AppData\Local\Temp\STSC10E.tmp --------- 132 
 13.11.2010 20:47    C:\Users\***\AppData\Local\Temp\~DF1CDA.tmp --------- 16384 
 13.11.2010 20:46    C:\Users\***\AppData\Local\Temp\MAR203D.tmp --------- 1285 
 13.11.2010 20:46    C:\Users\***\AppData\Local\Temp\MAR1C75.tmp --------- 1342 
 13.11.2010 20:44    C:\Users\***\AppData\Local\Temp\~DF7681.tmp --------- 16384 
 13.11.2010 14:10    C:\Users\***\AppData\Local\Temp\STS2D19.tmp --------- 132 
 13.11.2010 14:10    C:\Users\***\AppData\Local\Temp\~DFA28F.tmp --------- 16384 
 13.11.2010 14:10    C:\Users\***\AppData\Local\Temp\MAR4624.tmp --------- 1285 
 13.11.2010 14:09    C:\Users\***\AppData\Local\Temp\MAR3E96.tmp --------- 1342 
 13.11.2010 14:09    C:\Users\***\AppData\Local\Temp\~DFD72.tmp --------- 16384 
 12.11.2010 18:11    C:\Users\***\AppData\Local\Temp\STSCDBA.tmp --------- 132 
 12.11.2010 18:11    C:\Users\***\AppData\Local\Temp\~DF4B06.tmp --------- 16384 
 12.11.2010 18:11    C:\Users\***\AppData\Local\Temp\MAR35A1.tmp --------- 1285 
 12.11.2010 18:11    C:\Users\***\AppData\Local\Temp\MAR311D.tmp --------- 1342 
 12.11.2010 18:09    C:\Users\***\AppData\Local\Temp\~DFC60C.tmp --------- 16384 
 11.11.2010 20:26    C:\Users\***\AppData\Local\Temp\STSF21C.tmp --------- 132 
 11.11.2010 20:26    C:\Users\***\AppData\Local\Temp\~DF5B6F.tmp --------- 16384 
 11.11.2010 20:26    C:\Users\***\AppData\Local\Temp\MAR6873.tmp --------- 1285 
 11.11.2010 20:26    C:\Users\***\AppData\Local\Temp\MAR5456.tmp --------- 1342 
 11.11.2010 20:24    C:\Users\***\AppData\Local\Temp\~DFC09F.tmp --------- 16384 
 10.11.2010 18:45    C:\Users\***\AppData\Local\Temp\STS9608.tmp --------- 132 
 10.11.2010 18:45    C:\Users\***\AppData\Local\Temp\~DF8964.tmp --------- 16384 
 10.11.2010 18:44    C:\Users\***\AppData\Local\Temp\MARB7DA.tmp --------- 1285 
 10.11.2010 18:44    C:\Users\***\AppData\Local\Temp\MARB376.tmp --------- 1342 
 10.11.2010 18:43    C:\Users\***\AppData\Local\Temp\~DFD555.tmp --------- 16384 
 09.11.2010 21:43    C:\Users\***\AppData\Local\Temp\STS3A52.tmp --------- 132 
 09.11.2010 21:43    C:\Users\***\AppData\Local\Temp\~DFED46.tmp --------- 16384 
 09.11.2010 21:43    C:\Users\***\AppData\Local\Temp\MAR4FA6.tmp --------- 1285 
 09.11.2010 21:42    C:\Users\***\AppData\Local\Temp\MAR45B6.tmp --------- 1342 
 09.11.2010 21:42    C:\Users\***\AppData\Local\Temp\~DFC3B7.tmp --------- 16384 
 08.11.2010 18:56    C:\Users\***\AppData\Local\Temp\STS64CB.tmp --------- 132 
 08.11.2010 18:56    C:\Users\***\AppData\Local\Temp\~DFA1BD.tmp --------- 16384 
 08.11.2010 18:54    C:\Users\***\AppData\Local\Temp\MARCBE6.tmp --------- 1285 
 08.11.2010 18:54    C:\Users\***\AppData\Local\Temp\MARC0B1.tmp --------- 1342 
 08.11.2010 18:53    C:\Users\***\AppData\Local\Temp\~DF5071.tmp --------- 16384 
 07.11.2010 11:31    C:\Users\***\AppData\Local\Temp\STSF94D.tmp --------- 132 
 07.11.2010 11:31    C:\Users\***\AppData\Local\Temp\~DFA6A.tmp --------- 16384 
 07.11.2010 11:30    C:\Users\***\AppData\Local\Temp\MAR6C4A.tmp --------- 1285 
 07.11.2010 11:30    C:\Users\***\AppData\Local\Temp\MAR672B.tmp --------- 1342 
 07.11.2010 11:28    C:\Users\***\AppData\Local\Temp\~DF25C6.tmp --------- 16384 
 06.11.2010 15:52    C:\Users\***\AppData\Local\Temp\STS28DB.tmp --------- 132 
 06.11.2010 15:50    C:\Users\***\AppData\Local\Temp\DIOE45B.tmp --------- 47122 
 06.11.2010 15:49    C:\Users\***\AppData\Local\Temp\DIO938.tmp --------- 47122 
 06.11.2010 15:49    C:\Users\***\AppData\Local\Temp\DIOC5E3.tmp --------- 47122 
 06.11.2010 12:56    C:\Users\***\AppData\Local\Temp\~DF8687.tmp --------- 16384 
 06.11.2010 12:55    C:\Users\***\AppData\Local\Temp\MARE1C7.tmp --------- 1285 
 06.11.2010 12:55    C:\Users\***\AppData\Local\Temp\MARDB9F.tmp --------- 1342 
 06.11.2010 12:53    C:\Users\***\AppData\Local\Temp\~DF6633.tmp --------- 16384 
 05.11.2010 22:12    C:\Users\***\AppData\Local\Temp\STS2DF.tmp --------- 132 
 05.11.2010 22:12    C:\Users\***\AppData\Local\Temp\~DFF921.tmp --------- 16384 
 05.11.2010 22:12    C:\Users\***\AppData\Local\Temp\MAR733C.tmp --------- 1285 
 05.11.2010 22:12    C:\Users\***\AppData\Local\Temp\MAR5022.tmp --------- 1342 
 05.11.2010 22:10    C:\Users\***\AppData\Local\Temp\~DFD5A4.tmp --------- 16384 
 05.11.2010 16:56    C:\Users\***\AppData\Local\Temp\STSB876.tmp --------- 132 
 05.11.2010 16:56    C:\Users\***\AppData\Local\Temp\~DFB213.tmp --------- 16384 
 05.11.2010 16:55    C:\Users\***\AppData\Local\Temp\MAR1B5.tmp --------- 1285 
 05.11.2010 16:55    C:\Users\***\AppData\Local\Temp\MARFA74.tmp --------- 1342 
 05.11.2010 16:55    C:\Users\***\AppData\Local\Temp\~DF6882.tmp --------- 16384 
 04.11.2010 21:17    C:\Users\***\AppData\Local\Temp\STS84BA.tmp --------- 132 
 04.11.2010 21:17    C:\Users\***\AppData\Local\Temp\~DF7156.tmp --------- 16384 
 04.11.2010 21:17    C:\Users\***\AppData\Local\Temp\MAR43C4.tmp --------- 1285 
 04.11.2010 21:17    C:\Users\***\AppData\Local\Temp\MAR401B.tmp --------- 1342 
 04.11.2010 21:14    C:\Users\***\AppData\Local\Temp\~DF39B9.tmp --------- 16384 
 03.11.2010 19:11    C:\Users\***\AppData\Local\Temp\STS7E82.tmp --------- 132 
 03.11.2010 19:11    C:\Users\***\AppData\Local\Temp\~DFEA9F.tmp --------- 16384 
 03.11.2010 19:10    C:\Users\***\AppData\Local\Temp\MARC909.tmp --------- 1285 
 03.11.2010 19:10    C:\Users\***\AppData\Local\Temp\MARB395.tmp --------- 1342 
 03.11.2010 19:08    C:\Users\***\AppData\Local\Temp\~DF77D9.tmp --------- 16384 
 02.11.2010 23:20    C:\Users\***\AppData\Local\Temp\xtraz_log.txt --------- 12527 
 02.11.2010 21:31    C:\Users\***\AppData\Local\Temp\02B673~1.exe --------- 13542560 
 02.11.2010 21:25    C:\Users\***\AppData\Local\Temp\STS3478.tmp --------- 132 
 02.11.2010 21:25    C:\Users\***\AppData\Local\Temp\~DFA902.tmp --------- 16384 
 02.11.2010 21:25    C:\Users\***\AppData\Local\Temp\~DF7DB0.tmp --------- 16384 
 02.11.2010 21:24    C:\Users\***\AppData\Local\Temp\MARA6E9.tmp --------- 1285 
 02.11.2010 21:24    C:\Users\***\AppData\Local\Temp\MAR9C4E.tmp --------- 1342 
 01.11.2010 13:09    C:\Users\***\AppData\Local\Temp\STSDE3E.tmp --------- 132 
 01.11.2010 13:08    C:\Users\***\AppData\Local\Temp\~DF7222.tmp --------- 16384 
 01.11.2010 13:08    C:\Users\***\AppData\Local\Temp\MARF4DA.tmp --------- 1285 
 01.11.2010 13:08    C:\Users\***\AppData\Local\Temp\MARF076.tmp --------- 1342 
 01.11.2010 13:07    C:\Users\***\AppData\Local\Temp\~DFB846.tmp --------- 16384 
 31.10.2010 21:24    C:\Users\***\AppData\Local\Temp\STSDDE1.tmp --------- 132 
 31.10.2010 21:24    C:\Users\***\AppData\Local\Temp\~DF40AF.tmp --------- 16384 
 31.10.2010 21:24    C:\Users\***\AppData\Local\Temp\MAR60D5.tmp --------- 1285 
 31.10.2010 21:24    C:\Users\***\AppData\Local\Temp\MAR499C.tmp --------- 1342 
 31.10.2010 21:23    C:\Users\***\AppData\Local\Temp\~DF25B3.tmp --------- 16384 
 31.10.2010 11:53    C:\Users\***\AppData\Local\Temp\STS9369.tmp --------- 132 
 31.10.2010 11:53    C:\Users\***\AppData\Local\Temp\~DF67E9.tmp --------- 16384 
 31.10.2010 11:52    C:\Users\***\AppData\Local\Temp\MARD578.tmp --------- 1285 
 31.10.2010 11:52    C:\Users\***\AppData\Local\Temp\MARCFFB.tmp --------- 1342 
 31.10.2010 11:51    C:\Users\***\AppData\Local\Temp\~DF52C4.tmp --------- 16384 
 30.10.2010 21:40    C:\Users\***\AppData\Local\Temp\STS795B.tmp --------- 132 
 30.10.2010 21:00    C:\Users\***\AppData\Local\Temp\DIO21B8.tmp --------- 47122 
 30.10.2010 21:00    C:\Users\***\AppData\Local\Temp\DIOCCF4.tmp --------- 47122 
 30.10.2010 20:59    C:\Users\***\AppData\Local\Temp\DIO7525.tmp --------- 47122 
 30.10.2010 18:13    C:\Users\***\AppData\Local\Temp\~DF2AE2.tmp --------- 16384 
 30.10.2010 18:12    C:\Users\***\AppData\Local\Temp\MAR674C.tmp --------- 1285 
 30.10.2010 18:12    C:\Users\***\AppData\Local\Temp\MAR4F57.tmp --------- 1342 
 30.10.2010 18:11    C:\Users\***\AppData\Local\Temp\~DF4B23.tmp --------- 16384 
 30.10.2010 12:13    C:\Users\***\AppData\Local\Temp\STSA64D.tmp --------- 132 
 30.10.2010 12:13    C:\Users\***\AppData\Local\Temp\~DF2D21.tmp --------- 16384 
 30.10.2010 12:11    C:\Users\***\AppData\Local\Temp\MAR2A5B.tmp --------- 1285 
 30.10.2010 12:11    C:\Users\***\AppData\Local\Temp\MAR2146.tmp --------- 1342 
 30.10.2010 12:11    C:\Users\***\AppData\Local\Temp\~DF4632.tmp --------- 16384 
 29.10.2010 18:16    C:\Users\***\AppData\Local\Temp\STS5C62.tmp --------- 132 
 29.10.2010 18:15    C:\Users\***\AppData\Local\Temp\~DF607D.tmp --------- 16384 
 29.10.2010 18:15    C:\Users\***\AppData\Local\Temp\~DF2132.tmp --------- 16384 
 29.10.2010 18:15    C:\Users\***\AppData\Local\Temp\MARA1EA.tmp --------- 1285 
 29.10.2010 18:15    C:\Users\***\AppData\Local\Temp\MAR999F.tmp --------- 1342 
 28.10.2010 20:40    C:\Users\***\AppData\Local\Temp\STSD9FA.tmp --------- 132 
 28.10.2010 20:40    C:\Users\***\AppData\Local\Temp\~DFD2F.tmp --------- 16384 
 28.10.2010 20:40    C:\Users\***\AppData\Local\Temp\~DFF308.tmp --------- 16384 
 28.10.2010 20:39    C:\Users\***\AppData\Local\Temp\MAR66EE.tmp --------- 1285 
 28.10.2010 20:39    C:\Users\***\AppData\Local\Temp\MAR59E3.tmp --------- 1342 
 27.10.2010 18:12    C:\Users\***\AppData\Local\Temp\STS6529.tmp --------- 132 
 27.10.2010 18:12    C:\Users\***\AppData\Local\Temp\~DFC5CC.tmp --------- 16384 
 27.10.2010 18:11    C:\Users\***\AppData\Local\Temp\~DFECFF.tmp --------- 16384 
 27.10.2010 18:09    C:\Users\***\AppData\Local\Temp\MAR2349.tmp --------- 1285 
 27.10.2010 18:09    C:\Users\***\AppData\Local\Temp\MARED89.tmp --------- 1342 
 26.10.2010 19:59    C:\Users\***\AppData\Local\Temp\STSDD16.tmp --------- 132 
 26.10.2010 19:58    C:\Users\***\AppData\Local\Temp\~DF7B7F.tmp --------- 16384 
 26.10.2010 19:57    C:\Users\***\AppData\Local\Temp\MAR5A9F.tmp --------- 1285 
 26.10.2010 19:57    C:\Users\***\AppData\Local\Temp\MAR40F8.tmp --------- 1342 
 26.10.2010 19:56    C:\Users\***\AppData\Local\Temp\~DF3358.tmp --------- 16384 
 25.10.2010 17:58    C:\Users\***\AppData\Local\Temp\STSC533.tmp --------- 132 
 25.10.2010 17:58    C:\Users\***\AppData\Local\Temp\~DF3056.tmp --------- 16384 
 25.10.2010 17:55    C:\Users\***\AppData\Local\Temp\MAR5447.tmp --------- 1285 
 25.10.2010 17:55    C:\Users\***\AppData\Local\Temp\MAR3E28.tmp --------- 1342 
 25.10.2010 17:53    C:\Users\***\AppData\Local\Temp\~DFF1D1.tmp --------- 16384 
 24.10.2010 20:13    C:\Users\***\AppData\Local\Temp\STS58CA.tmp --------- 132 
 24.10.2010 20:13    C:\Users\***\AppData\Local\Temp\~DF265E.tmp --------- 16384 
 24.10.2010 20:12    C:\Users\***\AppData\Local\Temp\MAR7F6C.tmp --------- 1285 
 24.10.2010 20:12    C:\Users\***\AppData\Local\Temp\MAR7731.tmp --------- 1342 
 24.10.2010 20:10    C:\Users\***\AppData\Local\Temp\~DF9AC2.tmp --------- 16384 
 24.10.2010 17:00    C:\Users\***\AppData\Local\Temp\STS3B0D.tmp --------- 132 
 24.10.2010 17:00    C:\Users\***\AppData\Local\Temp\~DF8BE2.tmp --------- 16384 
 24.10.2010 16:59    C:\Users\***\AppData\Local\Temp\MARBF7A.tmp --------- 1285 
 24.10.2010 16:59    C:\Users\***\AppData\Local\Temp\MARAACF.tmp --------- 1342 
 24.10.2010 16:59    C:\Users\***\AppData\Local\Temp\~DF5408.tmp --------- 16384 
 24.10.2010 12:52    C:\Users\***\AppData\Local\Temp\STSBE6F.tmp --------- 132 
 24.10.2010 12:52    C:\Users\***\AppData\Local\Temp\~DFFDF3.tmp --------- 16384 
 24.10.2010 12:52    C:\Users\***\AppData\Local\Temp\~DFC287.tmp --------- 16384 
 24.10.2010 12:51    C:\Users\***\AppData\Local\Temp\MARFB11.tmp --------- 1285 
 24.10.2010 12:51    C:\Users\***\AppData\Local\Temp\MARF150.tmp --------- 1342 
 23.10.2010 15:31    C:\Users\***\AppData\Local\Temp\STS938C.tmp --------- 132 
 23.10.2010 14:21    C:\Users\***\AppData\Local\Temp\DIO6CA9.tmp --------- 47122 
 23.10.2010 14:05    C:\Users\***\AppData\Local\Temp\~DFD536.tmp --------- 16384 
 23.10.2010 14:05    C:\Users\***\AppData\Local\Temp\DIO2BA5.tmp --------- 47122 
 23.10.2010 14:04    C:\Users\***\AppData\Local\Temp\DIO5764.tmp --------- 47122 
 23.10.2010 14:04    C:\Users\***\AppData\Local\Temp\MAR2F98.tmp --------- 1285 
 23.10.2010 14:04    C:\Users\***\AppData\Local\Temp\MAR18AF.tmp --------- 1342 
 23.10.2010 14:02    C:\Users\***\AppData\Local\Temp\~DF5B57.tmp --------- 16384 
 23.10.2010 13:58    C:\Users\***\AppData\Local\Temp\STS7040.tmp --------- 186 
 23.10.2010 13:58    C:\Users\***\AppData\Local\Temp\DIO6928.tmp --------- 47122 
 23.10.2010 12:00    C:\Users\***\AppData\Local\Temp\DIO7CDF.tmp --------- 47122 
 23.10.2010 11:59    C:\Users\***\AppData\Local\Temp\DIO2C3F.tmp --------- 47122 
 23.10.2010 11:59    C:\Users\***\AppData\Local\Temp\DIO8F47.tmp --------- 47122 
 23.10.2010 11:53    C:\Users\***\AppData\Local\Temp\~DF82B8.tmp --------- 16384 
 23.10.2010 11:52    C:\Users\***\AppData\Local\Temp\MAR5DF8.tmp --------- 1285 
 23.10.2010 11:52    C:\Users\***\AppData\Local\Temp\MAR57C0.tmp --------- 1342 
 23.10.2010 11:50    C:\Users\***\AppData\Local\Temp\~DFD04A.tmp --------- 16384 
 23.10.2010 11:41    C:\Users\***\AppData\Local\Temp\MAR1861.tmp --------- 1285 
 23.10.2010 11:41    C:\Users\***\AppData\Local\Temp\MAR1563.tmp --------- 1342 
 23.10.2010 11:38    C:\Users\***\AppData\Local\Temp\~DF2DE2.tmp --------- 16384 
 23.10.2010 10:16    C:\Users\***\AppData\Local\Temp\STS7FE9.tmp --------- 132 
 23.10.2010 10:16    C:\Users\***\AppData\Local\Temp\~DF795C.tmp --------- 16384 
 23.10.2010 10:15    C:\Users\***\AppData\Local\Temp\MAR9D1A.tmp --------- 1285 
 23.10.2010 10:15    C:\Users\***\AppData\Local\Temp\MAR9867.tmp --------- 1342 
 23.10.2010 10:12    C:\Users\***\AppData\Local\Temp\~DFAE3A.tmp --------- 16384 
 22.10.2010 23:17    C:\Users\***\AppData\Local\Temp\STS28E4.tmp --------- 132 
 22.10.2010 23:17    C:\Users\***\AppData\Local\Temp\~DF8C85.tmp --------- 16384 
 22.10.2010 23:16    C:\Users\***\AppData\Local\Temp\MAR782C.tmp --------- 1285 
 22.10.2010 23:16    C:\Users\***\AppData\Local\Temp\MAR7251.tmp --------- 1342 
 22.10.2010 23:16    C:\Users\***\AppData\Local\Temp\~DF77EF.tmp --------- 16384 
 22.10.2010 16:57    C:\Users\***\AppData\Local\Temp\STS84D9.tmp --------- 132 
 22.10.2010 16:57    C:\Users\***\AppData\Local\Temp\~DFCB13.tmp --------- 16384 
 22.10.2010 16:56    C:\Users\***\AppData\Local\Temp\~DFEB2C.tmp --------- 16384 
 22.10.2010 16:55    C:\Users\***\AppData\Local\Temp\MAR363D.tmp --------- 1285 
 22.10.2010 16:55    C:\Users\***\AppData\Local\Temp\MAR1B4.tmp --------- 1342 
 21.10.2010 23:04    C:\Users\***\AppData\Local\Temp\STSDAAB.tmp --------- 132 
 21.10.2010 23:03    C:\Users\***\AppData\Local\Temp\DIOE3ED.tmp --------- 47122 
 21.10.2010 23:02    C:\Users\***\AppData\Local\Temp\~DFA15C.tmp --------- 16384 
 21.10.2010 23:02    C:\Users\***\AppData\Local\Temp\DIO4678.tmp --------- 47122 
 21.10.2010 22:58    C:\Users\***\AppData\Local\Temp\STSA643.tmp --------- 132 
 21.10.2010 22:55    C:\Users\***\AppData\Local\Temp\DIOEB4.tmp --------- 47122 
 21.10.2010 20:11    C:\Users\***\AppData\Local\Temp\STSD115.tmp --------- 132 
 21.10.2010 20:11    C:\Users\***\AppData\Local\Temp\MAR45B7.tmp --------- 1285 
 21.10.2010 20:11    C:\Users\***\AppData\Local\Temp\MAR3B6A.tmp --------- 1342 
 21.10.2010 20:10    C:\Users\***\AppData\Local\Temp\~DF7529.tmp --------- 16384 
 20.10.2010 18:23    C:\Users\***\AppData\Local\Temp\STS8067.tmp --------- 132 
 20.10.2010 18:23    C:\Users\***\AppData\Local\Temp\~DF2EAC.tmp --------- 16384 
 20.10.2010 18:23    C:\Users\***\AppData\Local\Temp\~DF892C.tmp --------- 16384 
 20.10.2010 18:23    C:\Users\***\AppData\Local\Temp\MARDE1F.tmp --------- 1285 
 20.10.2010 18:22    C:\Users\***\AppData\Local\Temp\MARC1B8.tmp --------- 1342 
 19.10.2010 20:09    C:\Users\***\AppData\Local\Temp\STS3285.tmp --------- 132 
 19.10.2010 20:09    C:\Users\***\AppData\Local\Temp\~DFC505.tmp --------- 16384 
 19.10.2010 20:09    C:\Users\***\AppData\Local\Temp\~DF4361.tmp --------- 16384 
 19.10.2010 20:09    C:\Users\***\AppData\Local\Temp\MAR9656.tmp --------- 1285 
 19.10.2010 20:09    C:\Users\***\AppData\Local\Temp\MAR8AD1.tmp --------- 1342 
 18.10.2010 21:22    C:\Users\***\AppData\Local\Temp\STSB6A2.tmp --------- 132 
 18.10.2010 21:21    C:\Users\***\AppData\Local\Temp\~DFABF3.tmp --------- 16384 
 18.10.2010 21:21    C:\Users\***\AppData\Local\Temp\MAR32E4.tmp --------- 1285 
 18.10.2010 21:21    C:\Users\***\AppData\Local\Temp\MAR2C4D.tmp --------- 1342 
 18.10.2010 21:19    C:\Users\***\AppData\Local\Temp\~DF1150.tmp --------- 16384 
 18.10.2010 21:13    C:\Users\***\AppData\Local\Temp\STS516A.tmp --------- 132 
 18.10.2010 21:13    C:\Users\***\AppData\Local\Temp\~DF238F.tmp --------- 16384 
 18.10.2010 21:12    C:\Users\***\AppData\Local\Temp\MAR8382.tmp --------- 1285 
 18.10.2010 21:12    C:\Users\***\AppData\Local\Temp\MAR7E53.tmp --------- 1342 
 18.10.2010 21:11    C:\Users\***\AppData\Local\Temp\~DF338F.tmp --------- 16384 
 18.10.2010 17:33    C:\Users\***\AppData\Local\Temp\STS4431.tmp --------- 132 
 18.10.2010 17:33    C:\Users\***\AppData\Local\Temp\~DFBD88.tmp --------- 16384 
 18.10.2010 17:32    C:\Users\***\AppData\Local\Temp\MAR6BAE.tmp --------- 1285 
 18.10.2010 17:32    C:\Users\***\AppData\Local\Temp\MAR5D0E.tmp --------- 1342 
 18.10.2010 17:31    C:\Users\***\AppData\Local\Temp\~DF42B9.tmp --------- 16384 
 17.10.2010 12:50    C:\Users\***\AppData\Local\Temp\STSE984.tmp --------- 132 
 17.10.2010 12:49    C:\Users\***\AppData\Local\Temp\~DF4AED.tmp --------- 16384 
 17.10.2010 12:49    C:\Users\***\AppData\Local\Temp\MAR3D8D.tmp --------- 1285 
 17.10.2010 12:49    C:\Users\***\AppData\Local\Temp\MAR26C1.tmp --------- 1342 
 17.10.2010 12:48    C:\Users\***\AppData\Local\Temp\~DFA7FB.tmp --------- 16384 
 16.10.2010 15:54    C:\Users\***\AppData\Local\Temp\STS4940.tmp --------- 132 
 16.10.2010 15:54    C:\Users\***\AppData\Local\Temp\~DFA863.tmp --------- 16384 
 16.10.2010 15:53    C:\Users\***\AppData\Local\Temp\~DFD65.tmp --------- 16384 
 16.10.2010 15:53    C:\Users\***\AppData\Local\Temp\MARCD3F.tmp --------- 1285 
 16.10.2010 15:53    C:\Users\***\AppData\Local\Temp\MARBF97.tmp --------- 1342 
 15.10.2010 19:28    C:\Users\***\AppData\Local\Temp\STS34C6.tmp --------- 132 
 15.10.2010 19:27    C:\Users\***\AppData\Local\Temp\~DF8D3B.tmp --------- 16384 
 15.10.2010 19:27    C:\Users\***\AppData\Local\Temp\~DFEEB9.tmp --------- 16384 
 15.10.2010 19:27    C:\Users\***\AppData\Local\Temp\MARFDEE.tmp --------- 1285 
 15.10.2010 19:27    C:\Users\***\AppData\Local\Temp\MARF890.tmp --------- 1342 
 14.10.2010 20:02    C:\Users\***\AppData\Local\Temp\STS4D65.tmp --------- 132 
 14.10.2010 20:02    C:\Users\***\AppData\Local\Temp\~DF277.tmp --------- 16384 
 14.10.2010 20:01    C:\Users\***\AppData\Local\Temp\MAR5ABD.tmp --------- 1285 
 14.10.2010 20:01    C:\Users\***\AppData\Local\Temp\MAR4E1F.tmp --------- 1342 
 14.10.2010 20:00    C:\Users\***\AppData\Local\Temp\~DFA005.tmp --------- 16384 
 13.10.2010 17:44    C:\Users\***\AppData\Local\Temp\STS8AB2.tmp --------- 132 
 13.10.2010 17:44    C:\Users\***\AppData\Local\Temp\~DFF58F.tmp --------- 16384 
 13.10.2010 17:44    C:\Users\***\AppData\Local\Temp\MAR2E13.tmp --------- 1285 
 13.10.2010 17:44    C:\Users\***\AppData\Local\Temp\MAR2941.tmp --------- 1342 
 13.10.2010 17:43    C:\Users\***\AppData\Local\Temp\~DFCC92.tmp --------- 16384 
 12.10.2010 20:08    C:\Users\***\AppData\Local\Temp\au-descriptor-1.6.0_22-b04.xml --------- 7771 
 12.10.2010 20:07    C:\Users\***\AppData\Local\Temp\STS77EE.tmp --------- 132 
 12.10.2010 20:07    C:\Users\***\AppData\Local\Temp\~DFDAB4.tmp --------- 16384 
 12.10.2010 20:06    C:\Users\***\AppData\Local\Temp\MARD4EB.tmp --------- 1285 
 12.10.2010 20:06    C:\Users\***\AppData\Local\Temp\MARC705.tmp --------- 1342 
 12.10.2010 20:03    C:\Users\***\AppData\Local\Temp\~DFA724.tmp --------- 16384 
 11.10.2010 17:37    C:\Users\***\AppData\Local\Temp\STS7713.tmp --------- 132 
 11.10.2010 17:36    C:\Users\***\AppData\Local\Temp\~DF724D.tmp --------- 16384 
 11.10.2010 17:36    C:\Users\***\AppData\Local\Temp\MAR8805.tmp --------- 1285 
 11.10.2010 17:35    C:\Users\***\AppData\Local\Temp\MAR819D.tmp --------- 1342 
 11.10.2010 17:33    C:\Users\***\AppData\Local\Temp\~DF3AE9.tmp --------- 16384 
 10.10.2010 20:00    C:\Users\***\AppData\Local\Temp\STS76F4.tmp --------- 132 
 10.10.2010 20:00    C:\Users\***\AppData\Local\Temp\~DF17FF.tmp --------- 16384 
 10.10.2010 19:59    C:\Users\***\AppData\Local\Temp\MAR5042.tmp --------- 1285 
 10.10.2010 19:59    C:\Users\***\AppData\Local\Temp\MAR2CBA.tmp --------- 1342 
 10.10.2010 19:57    C:\Users\***\AppData\Local\Temp\~DFBFD5.tmp --------- 16384 
 10.10.2010 11:26    C:\Users\***\AppData\Local\Temp\STS4D94.tmp --------- 132 
 10.10.2010 11:26    C:\Users\***\AppData\Local\Temp\~DF83E5.tmp --------- 16384 
 10.10.2010 11:25    C:\Users\***\AppData\Local\Temp\MAR3497.tmp --------- 1285 
 10.10.2010 11:25    C:\Users\***\AppData\Local\Temp\MAR2950.tmp --------- 1342 
 10.10.2010 11:23    C:\Users\***\AppData\Local\Temp\~DFC713.tmp --------- 16384 
 09.10.2010 17:16    C:\Users\***\AppData\Local\Temp\STSBC3E.tmp --------- 132 
 09.10.2010 17:16    C:\Users\***\AppData\Local\Temp\~DF4B44.tmp --------- 16384 
 09.10.2010 17:15    C:\Users\***\AppData\Local\Temp\MARD02A.tmp --------- 1285 
 09.10.2010 17:15    C:\Users\***\AppData\Local\Temp\MARCB49.tmp --------- 1342 
 09.10.2010 17:14    C:\Users\***\AppData\Local\Temp\~DFFD8E.tmp --------- 16384 
 09.10.2010 14:31    C:\Users\***\AppData\Local\Temp\STS384F.tmp --------- 132 
 09.10.2010 14:31    C:\Users\***\AppData\Local\Temp\~DF5B34.tmp --------- 16384 
 09.10.2010 14:30    C:\Users\***\AppData\Local\Temp\MAR9685.tmp --------- 1285 
 09.10.2010 14:30    C:\Users\***\AppData\Local\Temp\MAR7EB0.tmp --------- 1342 
 09.10.2010 14:28    C:\Users\***\AppData\Local\Temp\~DFF557.tmp --------- 16384 
 08.10.2010 17:02    C:\Users\***\AppData\Local\Temp\STS8D.tmp --------- 132 
 08.10.2010 17:02    C:\Users\***\AppData\Local\Temp\~DFC2DB.tmp --------- 16384 
 08.10.2010 17:01    C:\Users\***\AppData\Local\Temp\~DF589C.tmp --------- 16384 
 08.10.2010 17:00    C:\Users\***\AppData\Local\Temp\MAR4B14.tmp --------- 1285 
 08.10.2010 17:00    C:\Users\***\AppData\Local\Temp\MAR3C92.tmp --------- 1342 
 07.10.2010 20:25    C:\Users\***\AppData\Local\Temp\STS872B.tmp --------- 132 
 07.10.2010 20:25    C:\Users\***\AppData\Local\Temp\~DFB740.tmp --------- 16384 
 07.10.2010 20:24    C:\Users\***\AppData\Local\Temp\MAR58DA.tmp --------- 1285 
 07.10.2010 20:24    C:\Users\***\AppData\Local\Temp\MAR52EF.tmp --------- 1342 
 07.10.2010 20:22    C:\Users\***\AppData\Local\Temp\~DF4E90.tmp --------- 16384 
 06.10.2010 16:10    C:\Users\***\AppData\Local\Temp\STS6F56.tmp --------- 132 
 06.10.2010 16:10    C:\Users\***\AppData\Local\Temp\~DF4F69.tmp --------- 16384 
 06.10.2010 16:10    C:\Users\***\AppData\Local\Temp\MARF5D3.tmp --------- 1285 
 06.10.2010 16:10    C:\Users\***\AppData\Local\Temp\MARD70C.tmp --------- 1342 
 06.10.2010 16:07    C:\Users\***\AppData\Local\Temp\~DF6648.tmp --------- 16384 
 05.10.2010 20:06    C:\Users\***\AppData\Local\Temp\STS4318.tmp --------- 132 
 05.10.2010 20:06    C:\Users\***\AppData\Local\Temp\~DF487D.tmp --------- 16384 
 05.10.2010 20:05    C:\Users\***\AppData\Local\Temp\MAR8BCB.tmp --------- 1285 
 05.10.2010 20:05    C:\Users\***\AppData\Local\Temp\MAR77EE.tmp --------- 1342 
 05.10.2010 20:02    C:\Users\***\AppData\Local\Temp\~DF3A06.tmp --------- 16384 
 04.10.2010 17:59    C:\Users\***\AppData\Local\Temp\STS9CBC.tmp --------- 132 
----------------------------------------

 
C:\Program Files

 02.02.2011 16:32    C:\Program Files\Malwarebytes' Anti-Malware --------- 4096 
 02.02.2011 00:27    C:\Program Files\Mobile Partner --------- 40960 
 29.01.2011 19:24    C:\Program Files\Spyware Doctor --------- 28672 
 29.01.2011 19:24    C:\Program Files\Common Files --------- 4096 
 29.01.2011 17:39    C:\Program Files\DivX --------- 8192 
 29.01.2011 14:51    C:\Program Files\WinRAR --------- 4096 
 23.01.2011 23:17    C:\Program Files\7-Zip --------- 4096 
 14.01.2011 00:26    C:\Program Files\Conduit --------- 0 
 14.01.2011 00:26    C:\Program Files\ConduitEngine --------- 4096 
 14.01.2011 00:26    C:\Program Files\Elf_1.13 --------- 4096 
 07.01.2011 23:23    C:\Program Files\FinalTorrent --------- 4096 
 07.01.2011 23:23    C:\Program Files\Yahoo --------- 0 
 07.01.2011 23:23    C:\Program Files\Surf Canyon --------- 4096 
 07.01.2011 23:23    C:\Program Files\PriceGong --------- 0 
 06.01.2011 13:05    C:\Program Files\ICQ7.2 --------- 16384 
 30.12.2010 20:11    C:\Program Files\Picasa2 --------- 4096 
 15.12.2010 20:45    C:\Program Files\Windows Mail --------- 4096 
 15.12.2010 20:45    C:\Program Files\Internet Explorer --------- 4096 
 03.11.2010 19:07    C:\Program Files\ICQ6Toolbar --------- 4096 
 02.11.2010 21:33    C:\Program Files\InstallShield Installation Information --------- 12288 
 14.10.2010 19:48    C:\Program Files\Windows Media Player --------- 4096 
 14.08.2010 15:28    C:\Program Files\Movie Maker --------- 4096 
 26.06.2010 02:03    C:\Program Files\Microsoft.NET --------- 0 
 11.04.2010 02:08    C:\Program Files\Windows Portable Devices --------- 0 
 10.04.2010 02:39    C:\Program Files\Windows Calendar --------- 0 
 10.04.2010 02:39    C:\Program Files\Windows Sidebar --------- 4096 
 10.04.2010 02:39    C:\Program Files\Windows Collaboration --------- 4096 
 10.04.2010 02:39    C:\Program Files\Windows Journal --------- 4096 
 10.04.2010 02:39    C:\Program Files\Windows Photo Gallery --------- 4096 
 10.04.2010 02:39    C:\Program Files\Windows Defender --------- 4096 
 28.02.2010 13:12    C:\Program Files\JRE --------- 0 
 28.02.2010 13:12    C:\Program Files\OpenOffice.org 3 --------- 4096 
 28.02.2010 13:09    C:\Program Files\Java --------- 4096 
 04.02.2010 00:06    C:\Program Files\Google --------- 4096 
 03.01.2010 17:18    C:\Program Files\WexTech --------- 0 
 03.01.2010 17:14    C:\Program Files\Borland --------- 0 
 03.01.2010 17:14    C:\Program Files\Corel --------- 0 
 09.12.2009 19:33    C:\Program Files\Norton 360 --------- 16384 
 04.12.2009 21:54    C:\Program Files\Google BAE --------- 0 
 01.11.2009 13:00    C:\Program Files\Avira --------- 0 
 21.04.2009 10:09    C:\Program Files\HP --------- 4096 
 21.04.2009 10:00    C:\Program Files\Hewlett-Packard --------- 0 
 16.04.2009 23:37    C:\Program Files\S.N.Safe&Software --------- 0 
 15.04.2009 19:52    C:\Program Files\Enigma Software Group --------- 0 
 19.03.2009 20:48    C:\Program Files\desktop.ini --------- 174 
 08.03.2009 16:35    C:\Program Files\EA GAMES --------- 0 
 18.02.2009 23:43    C:\Program Files\Lexware --------- 0 
 18.02.2009 23:40    C:\Program Files\Haufe --------- 0 
 15.02.2009 18:54    C:\Program Files\YOU DON'T KNOW JACK© 3 - Abw„rts --------- 4096 
 15.02.2009 18:45    C:\Program Files\DAEMON Tools Toolbar --------- 4096 
 15.02.2009 18:45    C:\Program Files\DAEMON Tools Lite --------- 4096 
 21.12.2008 23:54    C:\Program Files\TT-Viewer --------- 4096 
 21.12.2008 14:52    C:\Program Files\D-Link --------- 0 
 19.12.2008 23:18    C:\Program Files\Xvid --------- 4096 
 10.12.2007 03:45    C:\Program Files\Symantec --------- 0 
 10.12.2007 03:40    C:\Program Files\Sony --------- 8192 
 10.12.2007 03:39    C:\Program Files\InterVideo --------- 0 
 10.12.2007 03:32    C:\Program Files\Sony Corporation --------- 0 
 10.12.2007 03:29    C:\Program Files\Roxio --------- 4096 
 22.11.2007 11:14    C:\Program Files\Skype --------- 0 
 22.11.2007 11:11    C:\Program Files\Microsoft Small Business --------- 0 
 22.11.2007 11:11    C:\Program Files\Microsoft Office --------- 4096 
 22.11.2007 11:09    C:\Program Files\Microsoft SQL Server --------- 0 
 22.11.2007 11:08    C:\Program Files\BFG --------- 0 
 22.11.2007 11:07    C:\Program Files\Adobe --------- 0 
 22.11.2007 11:07    C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 8192 
 22.11.2007 11:05    C:\Program Files\Microsoft Works --------- 4096 
 22.11.2007 11:05    C:\Program Files\Microsoft Visual Studio --------- 0 
 22.11.2007 09:53    C:\Program Files\Apoint --------- 4096 
 22.11.2007 09:52    C:\Program Files\CONEXANT --------- 0 
 22.11.2007 09:43    C:\Program Files\Realtek --------- 0 
 22.11.2007 09:38    C:\Program Files\Intel --------- 0 
 22.11.2007 09:14    C:\Program Files\MSXML 4.0 --------- 0 
 21.11.2007 16:19    C:\Program Files\Windows NT --------- 4096 
 21.11.2007 16:19    C:\Program Files\Gemeinsame Dateien --------- 0 
 02.11.2006 14:01    C:\Program Files\Uninstall Information --------- 0 
 02.11.2006 13:37    C:\Program Files\Microsoft Games --------- 4096 
 02.11.2006 13:37    C:\Program Files\MSBuild --------- 0 
 02.11.2006 13:37    C:\Program Files\Reference Assemblies --------- 0 
----------------------------------------

 
C:\ProgramData\..

***   
desktop.ini   
Administrator   
Default   
All Users   
Default User   
Public   
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

::1        localhost

----------------------------------------

 

Abbildname                    PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                  0            24 K
System                          4 Services                  0        21.272 K
smss.exe                      460 Services                  0          584 K
csrss.exe                      528 Services                  0        4.680 K
wininit.exe                    580 Services                  0        3.348 K
csrss.exe                      588 Console                    1        8.660 K
services.exe                  628 Services                  0        6.076 K
lsass.exe                      640 Services                  0        1.916 K
lsm.exe                        652 Services                  0        3.648 K
winlogon.exe                  700 Console                    1        4.864 K
svchost.exe                    860 Services                  0        5.804 K
svchost.exe                    944 Services                  0        6.292 K
svchost.exe                    984 Services                  0        39.280 K
svchost.exe                  1084 Services                  0        10.764 K
svchost.exe                  1120 Services                  0        69.800 K
svchost.exe                  1164 Services                  0        23.816 K
audiodg.exe                  1264 Services                  0        12.696 K
svchost.exe                  1288 Services                  0        4.204 K
SLsvc.exe                    1308 Services                  0        3.876 K
svchost.exe                  1364 Services                  0        10.416 K
svchost.exe                  1552 Services                  0        13.248 K
ccSvcHst.exe                  1672 Services                  0        4.312 K
spoolsv.exe                  1832 Services                  0        7.408 K
sched.exe                    1864 Services                  0          976 K
svchost.exe                  1888 Services                  0        12.112 K
avguard.exe                    504 Services                  0        2.216 K
svchost.exe                  1072 Services                  0        8.316 K
ICQ Service.exe              1400 Services                  0        5.004 K
iviRegMgr.exe                1460 Services                  0        2.928 K
sqlservr.exe                  496 Services                  0        10.368 K
NSUService.exe                2064 Services                  0        8.784 K
avshadow.exe                  2072 Services                  0        3.452 K
svchost.exe                  2216 Services                  0        4.340 K
svchost.exe                  2248 Services                  0        5.832 K
VESMgr.exe                    2292 Services                  0        8.724 K
VCSW.exe                      2348 Services                  0        5.080 K
svchost.exe                  2400 Services                  0        3.384 K
SearchIndexer.exe            2436 Services                  0        17.976 K
XAudio.exe                    2488 Services                  0        2.292 K
YahooAUService.exe            2516 Services                  0        6.368 K
VzCdbSvc.exe                  2664 Services                  0        4.528 K
VzFw.exe                      2816 Services                  0        5.056 K
VESMgrSub.exe                2868 Console                    1        7.372 K
WUDFHost.exe                  2984 Services                  0        4.340 K
SPMgr.exe                    4088 Console                    1        7.500 K
dwm.exe                      2112 Console                    1        52.764 K
taskeng.exe                    332 Console                    1        10.648 K
MSASCui.exe                  2684 Console                    1        7.372 K
Apoint.exe                    2912 Console                    1        5.028 K
ISBMgr.exe                    3204 Console                    1        5.056 K
GoogleDesktop.exe            1788 Console                    1        6.656 K
MarketingTools.exe            2316 Console                    1        3.240 K
ccApp.exe                    3528 Console                    1        2.124 K
hpwuSchd2.exe                3232 Console                    1        2.672 K
avgnt.exe                    3604 Console                    1        3.736 K
jusched.exe                  3976 Console                    1        5.812 K
LxUpdateManager.exe          2080 Console                    1        12.696 K
DivXUpdate.exe                2056 Console                    1        8.276 K
DDMService.exe                2260 Console                    1        3.568 K
PicasaMediaDetector.exe      3160 Console                    1        4.296 K
LANUtil.exe                  2096 Console                    1        8.684 K
GoogleToolbarNotifier.exe    3460 Console                    1        4.672 K
ehtray.exe                    3964 Console                    1        1.168 K
wmpnscfg.exe                  3588 Console                    1        4.040 K
wmpnetwk.exe                  1384 Services                  0        9.392 K
Remind32.exe                  1036 Console                    1        2.460 K
alarm.exe                    3512 Console                    1        5.728 K
dad9.exe                      2580 Console                    1        5.616 K
hpqtra08.exe                  3644 Console                    1        8.820 K
rundll32.exe                  1048 Console                    1        4.856 K
soffice.exe                  4080 Console                    1        2.332 K
ehmsas.exe                    4136 Console                    1        3.840 K
ApMsgFwd.exe                  4536 Console                    1        2.516 K
ApntEx.exe                    4736 Console                    1        3.148 K
soffice.bin                  4796 Console                    1        8.620 K
hpqste08.exe                  4876 Console                    1        13.012 K
taskeng.exe                  5880 Console                    1        4.132 K
sdclt.exe                    5576 Console                    1        7.544 K
svchost.exe                  5848 Services                  0        4.844 K
symlcsvc.exe                  1244 Services                  0          316 K
svchost.exe                  3888 Services                  0        3.468 K
mobsync.exe                  5504 Console                    1        6.616 K
explorer.exe                  5240 Console                    1        51.724 K
WinRAR.exe                    3536 Console                    1        13.180 K
SearchProtocolHost.exe        5692 Services                  0        8.140 K
SearchFilterHost.exe          4564 Services                  0        5.116 K
cmd.exe                        832 Console                    1        3.580 K
conime.exe                    5160 Console                    1        3.388 K
dllhost.exe                  5468 Console                    1        4.140 K
tasklist.exe                  5716 Console                    1        4.636 K
WmiPrvSE.exe                  3908 Services                  0        5.688 K

 
***** Ende des Scans 04.02.2011 um 13:55:22,24 ***
zu 6.

Code:

2007 Microsoft Office system        Microsoft Corporation        21.11.2007        491MB        12.0.4518.1014
7-Zip 9.20                22.01.2011        3,54MB       
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        16.12.2008        14,0MB       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        20.11.2010                10.1.102.64
Adobe Reader 8.1.0 - Deutsch        Adobe Systems Incorporated        21.11.2007        99,5MB        8.1.0
AirPlus G        D-Link        20.12.2008        0,83MB        1.0.22
Alps Pointing-device for VAIO                21.11.2007        2,78MB       
AnswerWorks Runtime                02.01.2010        4,00KB       
Atlantis - Sky Patrol (remove only)                16.12.2008        54,6MB       
Avira AntiVir Personal - Free Antivirus        Avira GmbH        15.01.2011        158,1MB        10.0.0.609
Big Fish Games Center                16.12.2008        139,9MB       
Big Fish Games Sudoku (remove only)                16.12.2008        139,9MB       
Browser Address Error Redirector                16.12.2008               
Business Contact Manager für Outlook 2007        Microsoft Corporation        21.11.2007        29,0MB        3.0.5828.0
CCleaner        Piriform        03.02.2011        3,48MB        3.03
Click to Disc        Sony Corporation        09.12.2007        62,1MB        1.0.00.11080
Click to Disc Editor        Sony Corporation        09.12.2007        155,4MB        1.0.00
Conduit Engine        Conduit Ltd.        13.01.2011        4,23MB       
Corel Applications                02.01.2010               
DAEMON Tools Toolbar        DT Soft Ltd        14.02.2009        2,84MB        1.0.7.0088
DivX Converter        DivX, Inc.        28.01.2011        52,6MB        6.5
DivX-Setup        DivX, LLC        28.01.2011        3,14MB        2.3.0.20
Elf 1.13 Toolbar        Elf 1.13        13.01.2011        4,30MB        6.3.0.26
FinalTorrent 2010        Bitberry Software        06.01.2011        6,41MB       
Google Desktop        Google        20.08.2010        18,1MB        5.9.1005.12335
Google Earth        Google        21.11.2007        33,3MB        4.2.198.2451
Google Talk (remove only)                16.12.2008        3,71MB       
Google Toolbar for Internet Explorer        Google Inc.        01.12.2010        7,48MB        6.6.1124.846
Haufe iDesk-Browser        Haufe        17.02.2009        18,7MB        8.07.16.5590
Haufe iDesk-Service        Haufe        17.02.2009        44,9MB        8.08.20.5622
HDAUDIO SoftV92 Data Fax Modem with SmartCP                21.11.2007        1,02MB       
HP Customer Participation Program 8.0        HP        20.04.2009        210MB        8.0
HP Imaging Device Functions 8.0        HP        20.04.2009        2,46MB        8.0
HP OCR Software 8.0        HP        20.04.2009        2,45MB        8.0
HP Photosmart Essential        HP        20.04.2009        10,2MB        1.12.0.46
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B        HP        20.04.2009        42,0MB        8.0
HP Solution Center 8.0        HP        20.04.2009        2,45MB        8.0
HP Update        Hewlett-Packard        20.04.2009        3,57MB        4.000.005.006
HPSSupply        Ihr Firmenname        20.04.2009        0,96MB        2.1.3.0000
ICQ Toolbar        ICQ        20.12.2008                3.0.0
ICQ7.2        ICQ        01.11.2010        51,7MB        7.2
Java(TM) 6 Update 18        Sun Microsystems, Inc.        27.02.2010        97,1MB        6.0.180
Java(TM) 6 Update 2        Sun Microsystems, Inc.        21.11.2007        168,1MB        1.6.0.20
Lexware Info Service        Lexware GmbH & Co. KG        10.04.2010        10,4MB        2.61.00.0033
LiveUpdate 3.2 (Symantec Corporation)        Symantec Corporation        16.12.2008        13,8MB        3.2.0.43
Mahjong Towers Eternity EU (remove only)                16.12.2008        15,7MB       
Malwarebytes' Anti-Malware        Malwarebytes Corporation        01.02.2011        4,82MB       
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        14.02.2009        37,0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        11.02.2009        37,0MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        08.01.2011        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        08.01.2011        24,5MB        4.0.30319
Microsoft Office 2003 Web Components        Microsoft Corporation        21.11.2007        21,7MB        11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        21.11.2007        7,23MB        12.0.4518.1014
Microsoft Office Small Business Connectivity Components        Microsoft Corporation        21.11.2007        0,15MB        2.0.7024.0
Microsoft SQL Server 2005        Microsoft Corporation        21.11.2007        42,6MB       
Microsoft SQL Server Native Client        Microsoft Corporation        21.11.2007        2,59MB        9.00.2047.00
Microsoft SQL Server VSS Writer        Microsoft Corporation        21.11.2007        0,68MB        9.00.2047.00
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        17.02.2009        0,41MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        31.10.2009        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        15.01.2011        0,58MB        9.0.30729.4148
Mobile Partner        Huawei Technologies Co.,Ltd        01.02.2011        25,6MB        16.002.03.01.40
Move Media Player        Move Networks        08.03.2010               
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        21.11.2007        47,00KB        4.20.9841.0
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        21.11.2007        1,28MB        4.20.9848.0
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        21.12.2008        34,00KB        4.20.9849.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        21.12.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        27.11.2009        1,34MB        4.20.9876.0
Mystery Case Files - Prime Suspects (remove only)                16.12.2008        39,4MB       
Need for Speed™ Most Wanted                07.03.2009        2.913MB       
Norton 360 (Symantec Corporation)        Symantec Corporation        16.12.2008        47,2MB        1.2.0.10
NVIDIA Drivers                17.03.2009               
OpenMG Limited Patch 4.7-07-15-19-01                16.12.2008               
OpenMG Secure Module 4.7.00        Sony Corporation        09.12.2007                4.7.00.12140
OpenOffice.org 3.2        OpenOffice.org        27.02.2010        371MB        3.2.9483
Picasa 3        Google, Inc.        29.12.2010        93,6MB        3.8
PriceGong 2.1.0        PriceGong        06.01.2011        0,75MB        2.1.0
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        21.11.2007        15,3MB        6.0.1.5449
Registry Reviver        ReviverSoft        03.02.2011        26,4MB       
Roxio Easy Media Creator Home        Roxio        09.12.2007        75,2MB        9.1.095
Setting Utility Series        Sony Corporation        21.11.2007        17,9MB        3.1.00.09240
Skype™ 3.5        Skype Technologies S.A.        21.11.2007        31,9MB        3.5.234
Sony Video Shared Library        Sony Corporation        09.12.2007        3,95MB        3.3.00
Steuer 2008        Lexware        17.02.2009        146,6MB        15.00.00.0033
Steuer 2009        Lexware GmbH & Co. KG        10.04.2010        359MB        16.00.00.0039
Steuer Hilfesammlung        Haufe Mediengruppe        17.02.2009        114,8MB        15.0.0.0
Surf Canyon Search Engine Assistant        Surf Canyon        06.01.2011        0,31MB        3.1.2
Technotrend Viewer        CM&V        20.12.2008        10,3MB       
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        21.11.2007        23,2MB        9.00.2047.00
VAIO Content Folder Setting        Sony Corporation        09.12.2007        6,69MB        1.0.01.09270
VAIO Content Metadata Intelligent Analyzing Manager        Sony Corporation        09.12.2007        13,6MB        2.1.00.09284
VAIO Content Metadata Manager Setting        Sony Corporation        09.12.2007        2,85MB        2.1.00.09281
VAIO Content Metadata XML Interface Library        Sony Corporation        09.12.2007        1,54MB        2.1.00.09202
VAIO Control Center        Sony Corporation        21.11.2007        1,41MB        2.1.00.09190
VAIO Data Restore Tool        Sony Corporation        09.12.2007        6,50MB        1.0.03.10030
VAIO DVD Menu Data Basic        Sony Corporation        09.12.2007        543MB        1.0.00.08130
VAIO Entertainment Platform        Sony Corporation        09.12.2007        16,5MB        3.0.00.06280
VAIO Event Service        Sony Corporation        21.11.2007        5,75MB        3.3.00.11020
VAIO Launcher        Sony Corporation        09.12.2007        5,81MB        1.1.00.09190
Vaio Marketing Tools        Sony        16.12.2008        0,34MB       
VAIO Media 6.0        Sony Corporation        09.12.2007        8,98MB        6.0.10
VAIO Media AC3 Decoder 1.0                16.12.2008        0,79MB       
VAIO Media Content Collection 6.0        Sony Corporation        09.12.2007        30,1MB       
VAIO Media Integrated Server 6.1        Sony Corporation        09.12.2007        30,1MB       
VAIO Media Redistribution 6.0        Sony Corporation        09.12.2007        37,5MB        6.0.10
VAIO Media Registration Tool 6.0        Sony Corporation        09.12.2007        2,09MB        6.0.10
VAIO Movie Story        Sony Corporation        09.12.2007        48,6MB        1.1.00.10160
VAIO Movie Story Template Data        Sony Corporation        09.12.2007        401MB        1.1.00.09281
VAIO MusicBox        Sony Corporation        09.12.2007        11,2MB        1.1.01.09240
VAIO MusicBox Sample Music        Sony Corporation        09.12.2007        0,54MB        1.0.01.09210
VAIO Original Function Setting        Sony Corporation        09.12.2007        5,29MB        1.2.00.11100
VAIO Power Management        Sony Corporation        21.11.2007        12,4MB        2.3.01.10310
VAIO Smart Network        Sony Corporation        09.12.2007        24,2MB        1.2.00.09200
VAIO Update 3        Sony Corporation        09.12.2007        3,60MB        3.0.02.05280
VAIO Wallpaper Contents        Sony Corporation        21.11.2007        116,6MB        1.0.00.09200
Virtual Villagers (remove only)                16.12.2008        20,0MB       
WinDVD for VAIO        InterVideo Inc.        09.12.2007        95,7MB        8.0-B8.411
WinRAR                28.01.2011        3,79MB       
Xvid 1.1.3 final uninstall        Xvid team (Koepi)        18.12.2008        0,77MB        1.1
Yahoo! Software Update                06.01.2011        0,68MB       
Yahoo! Toolbar                06.01.2011        5,20MB       
YOU DON'T KNOW JACK® 3 - Abwärts!                14.02.2009        167,0MB
so jetzt habe ich alle Files angehängt.
Vielen Dank für deine Hilfe.
Wie geht es jetzt weiter?

Gruß Chaos

kira 04.02.2011 16:45
1.
- zwei gleichzeitig installierte und aktivierte Antivirenprogramme: AntiVir PersonalEdition Classic & Norton Anti-Virus
- Beide Scanner haben nämlich nur ein Ziel, dein System sinnvoll gegen Schädlingen zu prüfen/schützen.
Da aber laufen beide parallel, sie behindern sich gegenseitig und auch eine eine gewaltige Belastung für dein System! Die Folge kann ein Crash sein, oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Mehr AV Programme bedeutet nicht mehr Sicherheit!
Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen!!

Falls Du für Avira entscheidest:
Norton Antivirus vollständig zu deinstallieren - gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen
oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de

2.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Tipps für die Suche nach Dateien
Code:
C:\Users\***\AppData\Roaming\Libxml\packres.exe
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Code:
File name:
<<Dateiname>>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
   
VT Community

goodware/badware
 Safety score: 100.0%
Compact
Print results
Antivirus    Version    Last Update    Result
AhnLab-V3    2010.10.22.00    2010.10.21    -
AntiVir    7.10.13.15    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.22    -
Authentium    5.2.0.5    2010.10.22    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
usw........
...über 40 Virenscannern...also Geduld!!

3.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
R3 - URLSearchHook: (no name) - - (no file)
4.
Zitat:
**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
gib in der Suchleiste unter dem Windows Start Button folgendes ein:
Code:
%temp%
Inhalt markieren und löschen:
- anschließend den Papierkorb leeren

5.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

chaos2009 07.02.2011 22:16
Hallo

Danke schon jetzt für die guten Arbeitsanweisungen.

zu 1. Ich habe mit der angegebenen Software Norten deinstalliert. Was auch funktioniert hat laut diesem Programm.

zu 2. entweder ich bin zu ungeduldig aber auch nach einer halben Stunde hat sich nichts getan. Unten links beim Internet Explorer war ein gelbes Dreieck mit Fehler immer eingeblendet.

zu 3. konnte ich ohne Probleme ausführen

zu 4. Temp dateien habe ich alle gelöscht und den Papierkorp gelert.

zu. 5. CCleaner habe ich ausgeführ wie es beschrieben wurde und das System ohne Probleme neugestartet

zu 6. im neuen Thread.

Vielen Dank für die Hilfe und das super Forum ihr seit klasse

chaos2009 07.02.2011 22:19
zu 6.

[code]

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:15:18, on 07.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Anni\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13585 bytes
--- --- ---



wie geht es denn jetzt weiter? kann man das system nochmals wiederbeleben ohne neuinstallation?
Vielen dank für die Hilfe
Gruß chaos

chaos2009 07.02.2011 23:05
Nachtrag
zu 2. Antivir hat es als malware erkannt und ich habe es dann löschen lassen.

chaos2009 07.02.2011 23:34
Ich habe Malware noch upgedatet und folgenden Log bekommen

Code:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5706

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

07.02.2011 23:31:06
mbam-log-2011-02-07 (23-31-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 282399
Laufzeit: 1 Stunde(n), 8 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Vielen Dank für die Hilfe

kira 08.02.2011 08:44
1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
O4 - HKCU\..\Run: [Dvdreal] C:\Users\Anni\AppData\Roaming\Libxml\packres.exe
2.
Einiges solltest deinstallieren, oder/und mit HJT fixen, entweder weil sie "Browser/Systembremser", oder eben wegen ihrer Spionagetechnologie unerwünscht sind bzw stellt für das System Risiko dar (Toolbars sind meistens nicht nötig):
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
Code:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
3.
Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
Java aktualisieren `Start→ Systemsteuereung→ Java→ Aktualisierung...(Update 23 schon fällig!)

4.
den Java-Cache leeren - wie unter Punkt 7. u. 8. beschrieben *klick
über Systemsteuerung -> Java...

5.
Adobe Reader aktualisieren :
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

6.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
  • `Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
  • `Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
  • für jedes Benutzerkonto bitte durchführen
  • anschließend den Papierkorb leeren

7.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

8.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Nod32 durch
- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

9.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

** Gibt es weitere Auffälligkeiten/Probleme mit dem Rechner?

chaos2009 14.02.2011 19:40
Hallo
vielen dank für die hilfreichen Arbeitsanleitungen und Arbeitsschritte.
Ich habe alle Punkte abgearbeitet mit folgendem Ergebnis.

zu 1. diesen Punkt habe ich nicht mehr gefunden nachdem Antivir es als Malware entdeckt hat. Ich habe das Logfile nochmals angehängt.

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:48:38, on 13.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Anni\Desktop\HijackThis.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files\Elf_1.13\prxtbElf_.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 13574 bytes
--- --- ---


zu 2. Ich habe die Punkte die ich noch gefunden habe fixen lassen. Vorher habe ich diverse Toolbaren deinstalliert.

zu 3 - 6. Diese Schritte habe ich durchgeführt ohne Probleme.

zu 7. Das System ist wieder ohne Probleme gestartet.

zu 8. Der online Suchlauf hat keine Bedrohung festgestellt.

zu 9. Das Logfile von Hijackthis


HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:19:31, on 14.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\conime.exe
C:\Users\Anni\Desktop\HijackThis.exe
C:\Program Files\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 11798 bytes
--- --- ---



So finde ich persönlich den Rechner von der Freundin etwas langsam, es hat sich aber durch die Aktionen schon sehr viel verbessert.
Die Reaktionszeit bis sich ein Programm öffnet ist auch manchmal nichts für meine Geduld.

Vielen lieben Dank für die hilfe.
Ist der Rechner nun wieder sauber?
Was gibts noch zu tun?

Gruß chaos

kira 17.02.2011 03:47
1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
O18 - Protocol: haufereader - (no CLSID) - (no file)
2.
Empfehlungen/Vorschläge:
Wie lange dauert die Startvorgang? Wenn du auf der Stelle ein schnelleres System haben möchtest:
- Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
- Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.
"Start -> Alle Programme-> Zubehör-> Ausführen" .. und gibst Du "msconfig" (ohne "") ein ->OK
it-academy.cc
Laden von Programmen beim Start von Windows Vista verhindern
- Bei allem Häkchen weg was nicht starten soll, aber immer nur einen deaktivieren (Haken weg), also Schrittweise -> Neustart...
- Wird noch nach dem nächsten Neustart ein Hinweisfenster erscheinen, da ist ein Haken setzen : `Meldung nicht mehr anzeigen und dieses Programm beim Windows-Star nicht mehr starten`
(Du kannst es jederzeit Rückgängig machen wenn du den Haken wieder reinmachst.)
- Falls Du mal brauchst, manueller Start jederzeit möglich
- Autostart-Einträge die Du nicht findest, kannst mit HJT fixen - Unter 04_Sektion - (*HijackThis Tutorial in German*):
Alle Programme, Browser etc schließen→ HijackTis starten→ "Do a system scan only" anklicken→ Eintrag auswählen→ "Fix checked"klicken→ PC neu aufstarten
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
Du solltest nicht deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
Da es ist immer Benutzerspezifisch, ein allgemein gültiges Rezept gibt es nicht, finde über Google die Grundfunktionen der einzelnen Programme heraus!
Gleich ein paar Vorschläge:
Code:
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3.
mit HijackThis fixen:
Code:
08-09 und 018 Einträge - alle
016 auch - sind ActiveX Komponente, bei Bedarf wird erneut installiert, ansonsten sind nur Risikofaktoren:-> Warum ist Active X gefährlich?
4.
auch mit HijackThis fixen:
Code:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
5.
- Überflüssige Dienste belasten nur den Prozessor und Arbeitsspeicher, daher ist es empfehlenswert solche Dienste ganz einfach abschalten:
Code:
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
- unter `Systemsteuerung - Verwaltung - Dienste oder "Ausführen"-> gibst Du in das Dialogfenster den Befehl services.msc -> Ok
mit der rechten Maustaste auf den Dienstnamen klicken→ wähle `Eigenschaften`→ `Starttyp`→ Deaktiviert, damit wird der Dienst ruhiggestellt. Den Dienst erst dann nur starten, wenn ein Programm ihn benötigt.
- auf keinen Fall Grafiktreibers, Firewall und Anti-Viren-Programmen abschalten!!
! Ich würde an eurer Stelle fleißig nach Sony/Vaio-Funktionen suchen und was nicht unbedingt nötig deaktivieren

6.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

chaos2009 26.02.2011 16:10
Hallo Coverflow

danke nochmals für deine Hilfe und die Zeit die du für mich inverstiertst.

Punkte 1, 3-6 habe ich durchgeführt und keine Probleme damit gehabt.

zu Punkt zwei ich habe die Software nachgeschaut und meine Bekannte meinte sie benötigt diese. Genau so hat sich mich auch keine VIO Service ausschalten lassen. Sie findet ihren PC nicht zu langsam.

Meinst du, dass nach dem letzten Scan der PC wieder fit ist?

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:54:09, on 26.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Anni\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\AAVUpdateManager\aavus.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10820 bytes
--- --- ---


Sorry nochmal dass ich mich erst jetzt wieder gemeldet habe aber ich bekomme irgendwie keine Emails wenn du einen neuen Beitrag geschrieben hast.
Tut mir leid für diese Zeitverzögerung.
Sind noch Schritte durchzuführen oder darf Sie mit Ihrem PC wieder ins Netz?

Gruß Chaos

kira 27.02.2011 09:05
Zitat:
Zitat von chaos2009 (Beitrag 624734)

zu Punkt zwei ich habe die Software nachgeschaut und meine Bekannte meinte sie benötigt diese.
- Die Programme bleiben erhalten, nur laufen nicht ständig mit! Also bis auf Vaio könnt ihr ganz ruhig die Anwendungen aus dem Autostart herausnehmen!

- Das Logfile welches du gepostet hast, ist alt:
Code:
Scan saved at 13:42:51, on 04.02.2011
Du musst es löschen und ein neues erstellen, wichtig auch, dass Du als Admin das Tool HijackThis startest:
Rechtsklick auf HijackThis-> als Administrator auswählen

chaos2009 27.02.2011 12:49
Hallo Coverflow,

vielen Dank für die schnelle Antwort.

Ich habe jetzt auch OpenOffice aus dem Autostart genommen und startet wenn man es benötigt akzeptabel.
Im Autostart ist noch ein Desktop.ini sonst ist der Ordner leer.

Zum log File bei mir steht oben folgendes.
Siehe mein Post vom 26.2.11 um 16:10
Code:
Scan saved at 15:54:09, on 26.02.2011
Ich habe jetzt nochmal ein neues erstellt nach dem ich OO aus dem Autostart genommen habe hier folgendes log-File.

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:40:29, on 27.02.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\Anni\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: IE BHO Utility - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\ccwin9.exe
O4 - Global Startup: CorelCENTRAL-Benachrichtigungsfunktionen.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O18 - Protocol: haufereader - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\AAVUpdateManager\aavus.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10580 bytes
--- --- ---

Ist der PC wieder fit??
Vielen Dank
Gruß Chaos2009


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:29 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131