Ergebnis 1 bis 9 von 9

Thema: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

  1. #1
    Einsteiger
    Registriert seit
    05.07.2010
    Beiträge
    5

    Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    Hallo,

    da ich in letzter Zeit immer wieder Verbindungsabbrüche hatte (ich gehe mit dem Laptop via WLAN ins Internet, Browser: Opera 10.60 Antivirus: Avira Antivir Personal ver. 10), habe ich mit HiJackThis einen Scan durchgegführt.

    Folgendes kam zu Tage:

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:31:57 PM, on 7/5/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Opera 10 Beta\opera.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Screenpresso] "C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Startup: ac'tivAid.lnk = C:\Program Files\ac'tivAid\ac'tivAid.ahk
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    
    --
    End of file - 6898 bytes
    Eine Auswertung bei HiJackThis.de sagte mir folgender Eintrag sei schädlich:

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

    Meine Frage lautet also, stimmt das? Und wenn ja, wie werde ich es los? Vielen Dank im voraus für eure Hilfe!

    Hier die Liste abgearbeitet:

    RSIT log.txt

    Code:
    Logfile of random's system information tool 1.07 (written by random/random)
    Run by Thomas at 2010-07-05 17:04:07
    Microsoft® Windows Vista™ Home Basic  Service Pack 2
    System drive C: has 6 GB (6%) free of 105 GB
    Total RAM: 2039 MB (61% free)
    
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:04:10 PM, on 7/5/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Users\Thomas\Desktop\RSIT.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\Thomas.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Screenpresso] "C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Startup: ac'tivAid.lnk = C:\Program Files\ac'tivAid\ac'tivAid.ahk
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    
    --
    End of file - 6707 bytes
    
    ======Scheduled tasks folder======
    
    C:\Windows\tasks\User_Feed_Synchronization-{ED1C368C-2F06-4AC1-9A5B-1C19F1C8CDF1}.job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
    "IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-09-12 141848]
    "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-09-12 154136]
    "Persistence"=C:\Windows\system32\igfxpers.exe [2007-09-12 129560]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
    "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
    "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
    "Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
    "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-12-18 76304]
    "Launch LgDeviceAgent"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2009-05-04 354312]
    "Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2009-05-04 2817544]
    "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2010-03-12 49208]
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    ""= []
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
    "Screenpresso"=C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe [2010-06-30 3968000]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
    C:\Program Files\Dealio\DealioAU.exe []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
    C:\Program Files\avmwlanstick\FRITZWLANMini.exe [2007-02-02 283136]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClipIncSrvTray]
    C:\Program Files\Tobit ClipInc\Player\ClipIncTray.exe []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
    C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE [2007-04-12 182272]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    C:\Program Files\RocketDock\RocketDock.exe []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
    C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
    C:\Program Files\InterVideo\DVD Check\DVDCheck.exe []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk]
    C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE  []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE  []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]
    C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe  []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
    C:\Windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico -user_logon []
    
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    
    C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    ac'tivAid.lnk - C:\Program Files\ac'tivAid\ac'tivAid.ahk
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\Windows\system32\igfxdev.dll [2007-08-24 204800]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "BindDirectlyToPropertySetStorage"=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a43c170-af20-11dd-8198-001eec1c7a16}]
    shell\AutoRun\command - G:\pushinst.exe
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4cf6d7c-d5c9-11dd-bac1-001eec1c7a16}]
    shell\AutoRun\command - G:\_AUTORUN\AUTORUN.EXE
    shell\instDX\command - G:\directX\dxsetup.exe
    shell\readme\command - notepad Liesmich.txt
    
    
    ======File associations======
    
    .js - edit - C:\Windows\System32\Notepad.exe %1
    .js - open - C:\Windows\System32\WScript.exe "%1" %*
    
    ======List of files/folders created in the last 1 months======
    
    2010-07-05 17:04:07 ----D---- C:\rsit
    2010-07-05 15:57:23 ----D---- C:\Users\Thomas\AppData\Roaming\Malwarebytes
    2010-07-05 15:57:10 ----D---- C:\ProgramData\Malwarebytes
    2010-07-05 15:57:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-07-05 13:50:45 ----D---- C:\Program Files\HiJackThis
    2010-07-01 22:22:22 ----D---- C:\PROGRAMME
    2010-06-24 09:24:35 ----A---- C:\Windows\system32\PresentationHostProxy.dll
    2010-06-24 09:24:35 ----A---- C:\Windows\system32\PresentationHost.exe
    2010-06-24 09:24:35 ----A---- C:\Windows\system32\netfxperf.dll
    2010-06-24 09:24:35 ----A---- C:\Windows\system32\mscoree.dll
    2010-06-24 09:24:35 ----A---- C:\Windows\system32\dfshim.dll
    2010-06-24 00:31:59 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
    2010-06-24 00:31:59 ----A---- C:\Windows\system32\Apphlpdm.dll
    2010-06-20 12:38:52 ----D---- C:\Program Files\Common Files\Adobe AIR
    2010-06-10 19:06:29 ----A---- C:\Windows\system32\mshtml.dll
    2010-06-10 19:06:28 ----A---- C:\Windows\system32\ieframe.dll
    2010-06-10 19:06:27 ----A---- C:\Windows\system32\iertutil.dll
    2010-06-10 19:06:26 ----A---- C:\Windows\system32\wininet.dll
    2010-06-10 19:06:26 ----A---- C:\Windows\system32\urlmon.dll
    2010-06-10 19:06:26 ----A---- C:\Windows\system32\occache.dll
    2010-06-10 19:06:26 ----A---- C:\Windows\system32\msfeeds.dll
    2010-06-10 19:06:26 ----A---- C:\Windows\system32\iedkcs32.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\mstime.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\msfeedssync.exe
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\msfeedsbs.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\jsproxy.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\ieUnatt.exe
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\ieui.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\iesysprep.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\iesetup.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\iernonce.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\iepeers.dll
    2010-06-10 19:06:25 ----A---- C:\Windows\system32\ie4uinit.exe
    2010-06-10 19:06:02 ----A---- C:\Windows\system32\asycfilt.dll
    2010-06-10 19:05:57 ----A---- C:\Windows\system32\atmlib.dll
    2010-06-10 19:05:57 ----A---- C:\Windows\system32\atmfd.dll
    
    ======List of files/folders modified in the last 1 months======
    
    2010-07-05 17:04:10 ----D---- C:\Windows\Prefetch
    2010-07-05 17:04:09 ----D---- C:\Windows\Temp
    2010-07-05 16:55:04 ----D---- C:\Program Files\ac'tivAid
    2010-07-05 16:54:13 ----D---- C:\Windows\system32\drivers
    2010-07-05 16:52:20 ----D---- C:\Windows\ModemLogs
    2010-07-05 16:39:52 ----D---- C:\Program Files
    2010-07-05 16:06:24 ----D---- C:\Windows\system32\Tasks
    2010-07-05 16:06:11 ----D---- C:\Program Files\UB
    2010-07-05 16:05:50 ----D---- C:\Windows
    2010-07-05 16:05:46 ----D---- C:\Program Files\Shogun - Total War
    2010-07-05 16:04:55 ----D---- C:\Program Files\CPUID
    2010-07-05 16:04:54 ----D---- C:\Windows\System32
    2010-07-05 15:57:10 ----HD---- C:\ProgramData
    2010-07-05 15:32:25 ----SHD---- C:\System Volume Information
    2010-07-05 13:50:48 ----SHD---- C:\Windows\Installer
    2010-07-05 11:34:13 ----D---- C:\Users\Thomas\AppData\Roaming\vlc
    2010-07-05 11:25:36 ----D---- C:\Program Files\Mozilla Firefox
    2010-07-01 21:52:56 ----D---- C:\Program Files\XnView
    2010-07-01 16:25:26 ----D---- C:\Program Files\Opera 10 Beta
    2010-06-30 19:06:36 ----D---- C:\Users\Thomas\AppData\Roaming\HpUpdate
    2010-06-28 15:35:38 ----D---- C:\Users\Thomas\AppData\Roaming\Skype
    2010-06-28 15:34:05 ----D---- C:\Users\Thomas\AppData\Roaming\skypePM
    2010-06-25 23:43:05 ----D---- C:\Users\Thomas\AppData\Roaming\Media Player Classic
    2010-06-25 12:47:08 ----RSD---- C:\Windows\assembly
    2010-06-25 12:47:08 ----D---- C:\Windows\Microsoft.NET
    2010-06-25 12:10:45 ----D---- C:\Windows\system32\de-DE
    2010-06-25 12:10:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2010-06-25 12:10:02 ----D---- C:\Windows\inf
    2010-06-25 12:06:32 ----D---- C:\Windows\system32\en-US
    2010-06-25 12:06:29 ----D---- C:\Program Files\Microsoft.NET
    2010-06-24 09:40:57 ----D---- C:\Windows\AppPatch
    2010-06-24 09:25:32 ----D---- C:\Windows\winsxs
    2010-06-24 09:24:47 ----D---- C:\Windows\system32\catroot
    2010-06-24 09:24:26 ----D---- C:\Windows\system32\catroot2
    2010-06-20 12:38:52 ----D---- C:\Program Files\Common Files
    2010-06-20 12:38:31 ----D---- C:\Users\Thomas\AppData\Roaming\Adobe
    2010-06-20 12:38:31 ----D---- C:\ProgramData\Adobe
    2010-06-20 12:38:01 ----D---- C:\Program Files\EurobetPoker
    2010-06-11 18:32:41 ----D---- C:\Windows\system32\migration
    2010-06-11 18:32:41 ----D---- C:\Program Files\Windows Mail
    2010-06-11 18:32:41 ----D---- C:\Program Files\Internet Explorer
    2010-06-10 22:06:05 ----D---- C:\Windows\system32\wbem
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
    R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
    R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
    R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x32.sys [2010-03-30 20968]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
    R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
    R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 188416]
    R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
    R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
    R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-19 984064]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-19 208896]
    R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008]
    R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
    R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
    R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
    R3 seehcri;Sony Ericsson seehcri Device Driver; C:\Windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
    R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-19 660480]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
    S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2007-01-25 4352]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
    S3 BCM43XV;Broadcom Extensible 802.11-Netzwerkadaptertreiber; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
    S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
    S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
    S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
    S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
    S3 cpuz130;cpuz130; \??\C:\Users\Thomas\AppData\Local\Temp\cpuz130\cpuz_x32.sys []
    S3 cpuz132;cpuz132; \??\C:\Program Files\CPUID\PC Wizard 2010\pcwiz32.sys []
    S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
    S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
    S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-09-17 27672]
    S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
    S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2009-10-18 13224]
    S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2009-10-18 25512]
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-02-22 159232]
    S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
    S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-24 1899008]
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
    S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
    S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
    S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
    S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]
    S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
    S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
    S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\Windows\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
    S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
    S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
    S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976]
    S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS); C:\Windows\system32\DRIVERS\s217nd5.sys [2007-11-02 24872]
    S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s217obex.sys [2007-11-02 100008]
    S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM); C:\Windows\system32\DRIVERS\s217unic.sys [2007-11-02 105896]
    S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
    S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
    S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
    S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
    S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
    S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
    S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
    S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys []
    S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
    S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
    S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
    S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
    S4 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
    S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
    R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2007-12-05 144688]
    R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
    R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
    S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
    S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
    S3 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]
    S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
    S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
    S4 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
    S4 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
    S4 SQLBrowser;SQL Server-Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2006-04-14 240416]
    S4 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2009-12-17 185640]
    
    -----------------EOF-----------------

    RSIT info.txt

    Code:
    info.txt logfile of random's system information tool 1.06 2010-07-05 17:04:12
    
    ======Uninstall list======
    
    7-Zip 9.10 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
    Abloadtool 2.0-->"C:\Program Files\Java\jre6\bin\javaw.exe" -jar "C:\Program Files\Abloadtool\uninstaller\uninstaller.jar"
    ac'tivAid v1.3.1-->C:\Program Files\AutoHotkey\AutoHotkey.exe "C:\Program Files\ac'tivAid\ac'tivAid.ahk" uninstall
    ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Application Installer 4.00.B13-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x7 
    Ashampoo Burning Studio 2009-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 2009\unins000.exe"
    Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
    AutoHotkey 1.0.48.05-->C:\Program Files\AutoHotkey\uninst.exe
    Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
    Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
    Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x7 UNINST
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IcV30D5a.INF
    CPUID CPU-Z 1.54-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
    Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
    DH Driver Cleaner Professional Edition-->C:\Program Files\Driver Cleaner Pro\Uninstall.exe
    EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x7 -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x7 UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x7 UNINST
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\DEU\USE_G\DOCUNINS.EXE
    EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
    ESU for Microsoft Vista-->MsiExec.exe /I{019C7A94-5569-41F9-8536-C60976BA6DF0}
    EurobetPoker (remove only)-->"C:\Program Files\EurobetPoker\uninstall.exe"
    EuroPoker-->"C:\Program Files\Europoker\unins000.exe"
    Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall
    FastStone Photo Resizer 1.4-->C:\Program Files\FastStone Photo Resizer\uninst.exe
    FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
    foobar2000 v1.0-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
    Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
    Free FLV Converter V 6.7.4-->"C:\Program Files\Free FLV Converter\unins000.exe"
    Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
    Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\Free YouTube to MP3 Converter\unins000.exe"
    Freez FLV to MP3 Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Haushaltsbuch 3.1-->MsiExec.exe /I{10075C48-4DEB-464F-95CF-FD8DED94E983}
    HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
    Heroes of Might and Magic® IV-->C:\Windows\IsUn0407.exe -f"C:\Program Files\3DO\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
    Holdem Manager-->MsiExec.exe /I{42DE940E-8037-4266-9FBF-5A3AEDA39E96}
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
    HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
    HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9  -removeonly
    HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
    HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}\setup.exe" -l0x9  -removeonly
    HP Help and Support-->MsiExec.exe /I{584B0895-8EF3-4175-8E80-1B68BFA04636}
    HP Notebook Accessories Product Tour-->MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
    HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 -removeonly uninst
    HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
    HP User Guides 0077-->MsiExec.exe /I{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}
    HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
    HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
    HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
    HxD Hex Editor Version 1.7.6.5-->"C:\Program Files\HxD\unins000.exe"
    ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
    Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
    Intel(R) Network Connections Drivers-->Prounstl.exe
    Intel(R) Programm für Prozessor-IDs-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
    Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
    Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    K-Lite Mega Codec Pack 4.4.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Logitech GamePanel Software 3.02.173-->MsiExec.exe /X{EB731227-8AC5-4889-ACE9-7D87864A9F19}
    Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 -removeonly
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MansionPoker-->"C:\Program Files\MansionPoker\_MansionPoker.exe" /uninstall
    Media Player Classic - Home Cinema v. 1.3.1249.0-->"C:\Program Files\MPC HomeCinema\unins000.exe"
    Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
    Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
    Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
    Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
    Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
    Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
    Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
    Microsoft ODBC .NET Data Provider-->MsiExec.exe /I{6868B3BD-0642-442C-A542-28716AA6DD2D}
    Microsoft Rechner-Plus-->MsiExec.exe /I{437C19B3-7E20-4E39-B868-CA6BAA820E1C}
    Microsoft Small Basic v0.3.1-->MsiExec.exe /I{6E255CF0-10FF-4F2B-B6E2-BD03872C1F60}
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
    Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
    Microsoft SQL Server Native Client-->MsiExec.exe /I{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}
    Microsoft SQL Server VSS Writer-->MsiExec.exe /I{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    Mozilla Firefox (3.6.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    NetBeans IDE 6.5.1-->"C:\Program Files\NetBeans 6.5.1\uninstall.exe"
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
    OpenOffice.org 3.2-->MsiExec.exe /I{2217B0B4-35CB-48C6-B640-864DF2F30F99}
    Opera 10.60-->MsiExec.exe /X{1D2C96C3-A3F3-49E7-B839-95279DED837F}
    Paint.NET v3.5.4-->MsiExec.exe /X{053B3DA8-91B5-4682-A130-715412A1A252}
    Paragon Drive Copy 9.0 Personal Special Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{334B6B44-2C7F-4AC0-A215-E780541CE033}\Setup.exe" -l0x9 
    PartyPoker-->"C:\Programs\PartyGaming\PartyPoker\Uninstall.exe" "C:\Programs\PartyGaming\PartyPoker\install.log"
    PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7 
    PC Wizard 2008.1.871-->"C:\Program Files\PC Wizard 2008\unins000.exe"
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    pdfsam-->C:\Program Files\pdfsam\uninstall.exe
    PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe"
    PDF-XChange Shell Extentions-->"C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\Shell Extentions\unins000.exe"
    PeG-ACW July 2008-->"C:\Program Files\PeG-ACW\unins000.exe"
    PeG-NAP August 2008-->"C:\Program Files\PeG-NAP\unins000.exe"
    PeG-WW1 July 2008-->"C:\Program Files\PeG-WW1\unins000.exe"
    PeG-WW2 August 2008-->"C:\Program Files\PeG-WW2\unins000.exe"
    PeG-WW2 Western Europe August 2008-->"C:\Program Files\PeG-WW2_Western_EUR\unins000.exe"
    PeG-WW2-Pacific August 2008-->"C:\Program Files\PeG-WW2-PAC\unins000.exe"
    PG2 UK102-textfileconverter-->C:\WINDOWS\st6unst.exe -n "c:\Users\Thomas\Desktop\PG2ME\deuconverter\ST6UNST.LOG"  
    PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
    PokerRoom.com (remove only)-->"C:\Program Files\PokerRoom.com\uninstall.exe"
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
    PokerStove version 1.23-->"C:\Program Files\PokerStove\unins000.exe"
    PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224}
    QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
    Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
    Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
    Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
    Setometer-->MsiExec.exe /I{F98D4409-8E47-45D3-A2AD-A9356324ACC2}
    Sierra Utilities-->.\sutil32.exe uninstall
    Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
    Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
    Sony Ericsson Media Manager 1.1-->MsiExec.exe /X{7E910FDA-CBBE-4451-8728-235E6A4DE162}
    Sony Ericsson PC Suite 6.009.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
    SQLite ODBC Driver (remove only)-->C:\Program Files\SQLite ODBC Driver\Uninstall.exe
    ST Wiederherstellungs- & Sicherungsprogramme-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x7  -uninst  -removeonly
    Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
    Titan Poker-->"C:\Poker\Titan Poker\_SetupPoker_29ebeb.exe" /uninstall
    Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
    Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
    Vista Default Settings-->MsiExec.exe /I{FF46E334-6F35-49C3-B60A-034969BE25AB}
    Visual C++ 9.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}
    Visual C++ 9.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{0138F525-6C8A-333F-A105-14AE030B9A54}
    VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    WinUAE 1.5.0-->C:\Program Files\WinUAE\uninstall_winuae.exe
    WSEX Poker 4.0.0-->"C:\Program Files\WSEX Poker\unins000.exe"
    Xilisoft Download YouTube Video-->C:\Program Files\Xilisoft\Download YouTube Video\Uninstall.exe
    XMind-->C:\Program Files\XMind\uninstall.exe
    XnView 1.97.4-->"C:\Program Files\XnView\unins000.exe"
    
    ======Security center information======
    
    AS: Windows-Defender
    
    ======System event log======
    
    Computer Name: Thomas-Notebook
    Event Code: 4371
    Message: Windows-Wartung hat begonnen, den Status des Pakets KB905866(Update) von Installiert(Installed) in Nicht vorhanden(Absent) zu ändern.
    Record Number: 143187
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20091016171811.000000-000
    Event Type: Informationen
    User: THOMAS-NOTEBOOK\Thomas
    
    Computer Name: Thomas-Notebook
    Event Code: 4371
    Message: Windows-Wartung hat begonnen, den Status des Pakets KB905866(Update) von Installiert(Installed) in Nicht vorhanden(Absent) zu ändern.
    Record Number: 143186
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20091016171811.000000-000
    Event Type: Informationen
    User: THOMAS-NOTEBOOK\Thomas
    
    Computer Name: Thomas-Notebook
    Event Code: 4371
    Message: Windows-Wartung hat begonnen, den Status des Pakets KB905866(Update) von Installiert(Installed) in Nicht vorhanden(Absent) zu ändern.
    Record Number: 143185
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20091016171811.000000-000
    Event Type: Informationen
    User: THOMAS-NOTEBOOK\Thomas
    
    Computer Name: Thomas-Notebook
    Event Code: 4371
    Message: Windows-Wartung hat begonnen, den Status des Pakets KB905866(Update) von Installiert(Installed) in Nicht vorhanden(Absent) zu ändern.
    Record Number: 143184
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20091016171810.000000-000
    Event Type: Informationen
    User: THOMAS-NOTEBOOK\Thomas
    
    Computer Name: Thomas-Notebook
    Event Code: 4371
    Message: Windows-Wartung hat begonnen, den Status des Pakets KB905866(Update) von Aufgelöst(Resolved) in Installiert(Installed) zu ändern.
    Record Number: 143183
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20091016171810.000000-000
    Event Type: Informationen
    User: THOMAS-NOTEBOOK\Thomas
    
    =====Application event log=====
    
    Computer Name: Thomas-Notebook
    Event Code: 0
    Message: 2010-05-09 19:02:35 CEST ERROR:  duplicate key value violates unique constraint "uniqueserial"
    2010-05-09 19:02:35 CEST STATEMENT:  EXECUTE PKHEXECUTE(548610545107,9,to_timestamp('04/28/2010 18:07:00','MM/DD/YYYY HH24:MI:SS'),970,9,5,3,3,3,3,3,13,39,16,20,40,57,3,60,60,60,60,32,32,32,1,2,False,2,0,0,0,13,13,14,5,-1,-1,0); select currval('pokerhands_pokerhand_id_seq')
    
    Record Number: 167538
    Source Name: PostgreSQL
    Time Written: 20100509170235.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 0
    Message: 2010-05-09 19:02:35 CEST ERROR:  duplicate key value violates unique constraint "uniqueserial"
    2010-05-09 19:02:35 CEST STATEMENT:  EXECUTE PKHEXECUTE(548610545106,9,to_timestamp('04/28/2010 18:06:00','MM/DD/YYYY HH24:MI:SS'),970,9,5,2,0,0,0,10,10,18,21,0,0,78,2,40,0,0,0,0,-1,-1,2,-1,False,-1,0,0,0,10,-1,-1,0,-1,-1,0); select currval('pokerhands_pokerhand_id_seq')
    
    Record Number: 167537
    Source Name: PostgreSQL
    Time Written: 20100509170235.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 0
    Message: 2010-05-09 19:02:35 CEST ERROR:  duplicate key value violates unique constraint "uniqueserial"
    2010-05-09 19:02:35 CEST STATEMENT:  EXECUTE PKHEXECUTE(548610545105,9,to_timestamp('04/28/2010 18:06:00','MM/DD/YYYY HH24:MI:SS'),970,9,4,2,0,0,0,6,30,33,3,0,0,272,8,160,0,0,0,0,-1,-1,2,-1,False,-1,0,0,0,7,-1,-1,-1,0,-1,0); select currval('pokerhands_pokerhand_id_seq')
    
    Record Number: 167536
    Source Name: PostgreSQL
    Time Written: 20100509170235.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 0
    Message: 2010-05-09 19:02:35 CEST ERROR:  duplicate key value violates unique constraint "uniqueserial"
    2010-05-09 19:02:35 CEST STATEMENT:  EXECUTE PKHEXECUTE(548610545104,9,to_timestamp('04/28/2010 18:05:00','MM/DD/YYYY HH24:MI:SS'),970,9,5,0,0,0,0,5,0,0,0,0,0,90,0,0,0,0,0,-1,-1,-1,-1,-1,False,-1,0,0,0,-1,-1,-1,-1,5,-1,0); select currval('pokerhands_pokerhand_id_seq')
    
    Record Number: 167535
    Source Name: PostgreSQL
    Time Written: 20100509170235.000000-000
    Event Type: Fehler
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 0
    Message: 2010-05-09 19:02:35 CEST ERROR:  duplicate key value violates unique constraint "uniqueserial"
    2010-05-09 19:02:35 CEST STATEMENT:  EXECUTE PKHEXECUTE(548610545103,9,to_timestamp('04/28/2010 18:04:00','MM/DD/YYYY HH24:MI:SS'),970,9,5,3,3,3,3,4,6,19,13,48,17,428,22,450,450,450,450,32,32,32,2,2,False,2,0,0,0,13,13,13,-1,3,5,0); select currval('pokerhands_pokerhand_id_seq')
    
    Record Number: 167534
    Source Name: PostgreSQL
    Time Written: 20100509170235.000000-000
    Event Type: Fehler
    User: 
    
    =====Security event log=====
    
    Computer Name: Thomas-Notebook
    Event Code: 4647
    Message: Benutzerinitiierte Abmeldung:
    
    Antragsteller:
    	Sicherheits-ID:		S-1-5-21-3708519843-3629216694-3793819806-1006
    	Kontoname:		Thomas
    	Kontodomäne:		THOMAS-NOTEBOOK
    	Anmelde-ID:		0x2c944
    
    Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
    Record Number: 34613
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090320000412.899356-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 5038
    Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
    
    Dateiname:	\Device\HarddiskVolume1\Windows\System32\drivers\ssmdrv.sys	
    Record Number: 34612
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090319205737.983956-000
    Event Type: Überwachung gescheitert
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 4905
    Message: Es wurde versucht, die Registrierung einer Sicherheitsereignisquelle aufzuheben.
    
    Antragsteller:
    	Sicherheits-ID:	S-1-5-18
    	Kontoname:	THOMAS-NOTEBOOK$
    	Kontodomäne:	WORKGROUP
    	Anmelde-ID:	0x3e7
    
    Prozess:
    	Prozess-ID:	0xc24
    	Prozessname:	C:\Windows\System32\VSSVC.exe
    
    Ereignisquelle:
    	Quellenname:	VSSAudit
    	Ereignisquellen-ID:	0x14371eb
    Record Number: 34611
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090319205411.746956-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 4904
    Message: Es wurde versucht, eine Sicherheitsereignisquelle zu registrieren.
    
    Antragsteller:
    	Sicherheits-ID:	S-1-5-18
    	Kontoname:	THOMAS-NOTEBOOK$
    	Kontodomäne:	WORKGROUP
    	Anmelde-ID:	0x3e7
    
    Prozess:
    	Prozess-ID:	0xc24
    	Prozessname:	C:\Windows\System32\VSSVC.exe
    
    Ereignisquelle:
    	Quellenname:	VSSAudit
    	Ereignisquellen-ID:	0x14371eb
    Record Number: 34610
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090319205411.746956-000
    Event Type: Überwachung erfolgreich
    User: 
    
    Computer Name: Thomas-Notebook
    Event Code: 5038
    Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.
    
    Dateiname:	\Device\HarddiskVolume1\Windows\System32\drivers\avgntflt.sys	
    Record Number: 34609
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090319205337.094956-000
    Event Type: Überwachung gescheitert
    User: 
    
    ======Environment variables======
    
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=x86
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
    "PROCESSOR_REVISION"=0e0c
    "NUMBER_OF_PROCESSORS"=2
    "PLATFORM"=BNB
    "OnlineServices"=Online-Dienste
    "RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    
    -----------------EOF-----------------

    GMER 1. Durchlauf

    Code:
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-05 19:18:39
    Windows 6.0.6002 Service Pack 2
    Running: u98rdc6e.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\kwtyipow.sys
    
    
    ---- System - GMER 1.0.15 ----
    
    INT 0x62        ?                                                                                                     85FADBF8
    INT 0x62        ?                                                                                                     85FADBF8
    INT 0x62        ?                                                                                                     85FADBF8
    INT 0x72        ?                                                                                                     8467FBF8
    INT 0x82        ?                                                                                                     8467FBF8
    INT 0x92        ?                                                                                                     8467FBF8
    
    ---- Kernel code sections - GMER 1.0.15 ----
    
    ?               System32\drivers\qvde.sys                                                                             Das System kann den angegebenen Pfad nicht finden. !
    ?               System32\Drivers\spjs.sys                                                                             Das System kann den angegebenen Pfad nicht finden. !
    .text           USBPORT.SYS!DllUnload                                                                                 8CFCB41B 5 Bytes  JMP 85FAD1D8 
    
    ---- Kernel IAT/EAT - GMER 1.0.15 ----
    
    IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                             [806966D2] \SystemRoot\System32\Drivers\spjs.sys
    IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                              [80696040] \SystemRoot\System32\Drivers\spjs.sys
    IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                      [806967FC] \SystemRoot\System32\Drivers\spjs.sys
    IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                             [806960BE] \SystemRoot\System32\Drivers\spjs.sys
    IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                       [8069613C] \SystemRoot\System32\Drivers\spjs.sys
    IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                    [806A6048] \SystemRoot\System32\Drivers\spjs.sys
    
    ---- Devices - GMER 1.0.15 ----
    
    Device          \FileSystem\Ntfs \Ntfs                                                                                850111F8
    Device          \FileSystem\udfs \UdfsCdRom                                                                           85F901F8
    Device          \FileSystem\udfs \UdfsDisk                                                                            85F901F8
    
    AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    
    Device          \Driver\volmgr \Device\VolMgrControl                                                                  8500D1F8
    Device          \Driver\netbt \Device\NetBT_Tcpip_{B04412BA-8E46-45D3-97A2-51C8C096A4CA}                              871D8500
    Device          \Driver\usbuhci \Device\USBPDO-0                                                                      85FB91F8
    Device          \Driver\usbehci \Device\USBPDO-1                                                                      85FB71F8
    Device          \Driver\volmgr \Device\HarddiskVolume1                                                                8500D1F8
    
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    
    Device          \Driver\volmgr \Device\HarddiskVolume2                                                                8500D1F8
    
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    
    Device          \Driver\cdrom \Device\CdRom0                                                                          8601C1F8
    Device          \Driver\volmgr \Device\HarddiskVolume3                                                                8500D1F8
    
    AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
    
    Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                           8500F1F8
    Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4                                                           8500F1F8
    Device          \Driver\atapi \Device\Ide\IdePort0                                                                    8500F1F8
    Device          \Driver\atapi \Device\Ide\IdePort1                                                                    8500F1F8
    Device          \Driver\atapi \Device\Ide\IdePort2                                                                    8500F1F8
    Device          \Driver\msahci \Device\Ide\PciIde1Channel0                                                            850101F8
    Device          \Driver\netbt \Device\NetBt_Wins_Export                                                               871D8500
    Device          \Driver\Smb \Device\NetbiosSmb                                                                        8739C1F8
    Device          \Driver\iScsiPrt \Device\RaidPort0                                                                    8601B1F8
    Device          \Driver\netbt \Device\NetBT_Tcpip_{F9BF8E88-B7D8-480C-BD67-4B514515EB74}                              871D8500
    Device          \Driver\netbt \Device\NetBT_Tcpip_{454D81E5-FFA1-4F55-AFFD-A53C4AF2ECD1}                              871D8500
    Device          \Driver\usbuhci \Device\USBFDO-0                                                                      85FB91F8
    Device          \Driver\usbehci \Device\USBFDO-1                                                                      85FB71F8
    
    ---- Registry - GMER 1.0.15 ----
    
    Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6                           
    Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                    771343423
    Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                    285507792
    Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                    1
    Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                      
    Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                   0
    Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                0x00 0x7C 0xAA 0x22 ...
    Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)       
    Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)  
    Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                       0
    Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                    0x00 0x7C 0xAA 0x22 ...
    Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                 
    Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL                 2055D2A33B6FC409644D88FE4FF1F09DBAE0FCAAD7B8F779458F8F81DDD5A732C87C01CA7AB407402CF1E25F5F0E9152083B24256B9FFDEDC4C4965151B81F5C460F9B8A5117C86F2FF953C9F9174E0EAAD1DC1783A8871950392B0D36A274970B59E7B75C5C5D3AA0EAE4394D1C132A38079DC182CF3CAA7D4DCD5A3E1D27084ED78C7D40BC3B5AF880087B8EA4F21408F3C0B8CC8964632796DE329D29D9E38A3C94D72261011AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555C038D530D6EB3452FC87E21AA7EEEBD0CEC7503E7E7CE9C5F16939E8EC1D3887103841154866BF42DD80D96253424C948043A869AE83B0130FBB76E463D705982432B22DFA04EC6175A0087C1FEC77048928790AD97806ABF2D49BF151B745A99DB3536C27E1BDD9313428D95AA5E84EFADFA697BEBF5C516E5C56A806EC86B634C1B6B2CE21F7FBC8BC573FD598BDB82B88F6DA23324CDD982BB479D49CF8CA5E11D632F65105A6B5ED1A4466E33B9736F296F14A9A92BDCDD02DA616607208D71011F4287A74D23431D6D6679AC558F62593CD7F3A0EEF2D109647A544E924A15CA6556E15F50AC322D5373544EAF813D8E2369243C30B98DEAE4562C97EE6804ABD03DA8F60692D91C67AB1DBD68
    
    ---- EOF - GMER 1.0.15 ----


    GMER 2. Durchlauf

    Code:
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-05 20:27:58
    Windows 6.0.6002 Service Pack 2
    Running: u98rdc6e.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\kwtyipow.sys
    
    
    ---- Modules - GMER 1.0.15 ----
    
    Module   \SystemRoot\System32\Drivers\spmx.sys                                                                                                                                        8068B000-8078B000 (1048576 bytes)
    Module   \SystemRoot\system32\drivers\hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)                                                                        826A9000-826AE000 (20480 bytes)
    Module   \SystemRoot\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                      82730000-82739000 (36864 bytes)
    Module   \SystemRoot\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation)                                                                              8B80A000-8BE35000 (6467584 bytes)
    Module   \SystemRoot\system32\DRIVERS\NETw5v32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation)                                                                               8C40B000-8C794000 (3706880 bytes)
    Module   \SystemRoot\system32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation)                                                                       8BF6F000-8BF96000 (159744 bytes)
    Module   \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.)                                                    8C400000-8C405000 (20480 bytes)
    Module   \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)                                                                                           8BFA1000-8BFD1000 (196608 bytes)
    Module   \SystemRoot\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.)                                                      8C407000-8C40A000 (12288 bytes)
    Module   \SystemRoot\system32\DRIVERS\teamviewervpn.sys (TeamViewerVPN Network Adapter/TeamViewer GmbH)                                                                               883F9000-88400000 (28672 bytes)
    Module   \SystemRoot\system32\DRIVERS\seehcri.sys (seehcri Driver/Sony Ericsson Mobile Communications)                                                                                88000000-88006000 (24576 bytes)
    Module   \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation)                                                                              87FD4000-87FDE000 (40960 bytes)
    Module   \SystemRoot\system32\drivers\CHDRT32.sys (High Definition Audio Function Driver/Conexant Systems Inc.)                                                                       8CA05000-8CA38000 (208896 bytes)
    Module   \SystemRoot\system32\DRIVERS\HSXHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.)                                                                                      8CA8A000-8CAC8000 (253952 bytes)
    Module   \SystemRoot\system32\DRIVERS\HSX_DPV.sys (HSF_DP driver/Conexant Systems, Inc.)                                                                                              8CAC8000-8CBCB000 (1060864 bytes)
    Module   \SystemRoot\system32\DRIVERS\HSX_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.)                                                                                           8CC05000-8CCBA000 (741376 bytes)
    Module   \SystemRoot\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation)                                                                                               8CD13000-8CD1B000 (32768 bytes)
    Module   \SystemRoot\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                                   8CE1C000-8CE22000 (24576 bytes)
    Module   \SystemRoot\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH)                                                                                   8CE7F000-8CEA1000 (139264 bytes)
    Module   \SystemRoot\System32\Drivers\LUsbFilt.Sys (Logitech USB Filter Driver./Logitech, Inc.)                                                                                       8CEA1000-8CEA7000 (24576 bytes)
    Module   \SystemRoot\system32\DRIVERS\LHidFilt.Sys (Logitech HID Filter Driver./Logitech, Inc.)                                                                                       8CEA7000-8CEAF000 (32768 bytes)
    Module   \SystemRoot\system32\DRIVERS\LMouFilt.Sys (Logitech Mouse Filter Driver./Logitech, Inc.)                                                                                     8CEB7000-8CEBF000 (32768 bytes)
    Module   \??\C:\Program_Files\Avira\AntiVir_Desktop\avgio.sys (Avira AntiVir Support for Minifilter/Avira GmbH)                                                                       8CEBF000-8CEC1000 (8192 bytes)
    Module   \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation)                                                                                            95090000-95099000 (36864 bytes)
    Module   \SystemRoot\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                               8CF52000-8CF67000 (86016 bytes)
    Module   \SystemRoot\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation)                                                                      A8993000-A89AC000 (102400 bytes)
    Module   \??\C:\Windows\system32\drivers\cpuz133_x32.sys (CPUID Driver/Windows (R) Win 7 DDK provider)                                                                                A9A5C000-A9A65000 (36864 bytes)
    Module   \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant)                                                                                          A9A65000-A9A69000 (16384 bytes)
    Module   \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)               A9B47000-A9B51000 (40960 bytes)
    Module   \SystemRoot\system32\DRIVERS\xaudio.sys (Modem Audio Device Driver/Conexant Systems, Inc.)                                                                                   A9B5D000-A9B65000 (32768 bytes)
    Module   \??\C:\Users\Thomas\AppData\Local\Temp\kwtyipow.sys (GMER)                                                                                                                   A9B65000-A9B7C000 (94208 bytes)
    
    ---- Processes - GMER 1.0.15 ----
    
    Process  C:\Users\Thomas\Desktop\u98rdc6e.exe                                                                                                                                         156
    Library  C:\Users\Thomas\Desktop\u98rdc6e.exe                                                                                                                                         0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      256
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     284
    Library  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     0x00400000
    Library  C:\Program Files\PostgreSQL\8.3\bin\SSLEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x10000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x00160000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libintl-8.dll (LGPLed libintl for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                                0x61CC0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libiconv-2.dll (LGPLed libiconv for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                              0x66000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll (Kerberos v5 - MIT GSS / Kerberos v5 distribution/Massachusetts Institute of Technology.)                                    0x1C000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll (COM_ERR - Common Error Handler for MIT Kerberos v5 / GSS distribution/Massachusetts Institute of Technology.)              0x00260000
    Library  C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll (Kerberos v5 support - internal support code for MIT Kerberos v5 /GSS distribution/Massachusetts Institute of Technology.)  0x00270000
    Library  C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll (GSSAPI - GSS API implementation for Kerberos 5 mechanism/Massachusetts Institute of Technology.)                           0x00280000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll                                                                                                                              0x002B0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\iconv.dll (LGPLed libiconv for Windows NT/2000/XP and Windows 95/98/ME/Free Software Foundation)                                         0x012E0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll                                                                                                                                0x003B0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     328
    Library  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     0x00400000
    Library  C:\Program Files\PostgreSQL\8.3\bin\SSLEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x10000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x00160000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libintl-8.dll (LGPLed libintl for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                                0x61CC0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libiconv-2.dll (LGPLed libiconv for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                              0x66000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll (Kerberos v5 - MIT GSS / Kerberos v5 distribution/Massachusetts Institute of Technology.)                                    0x1C000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll (COM_ERR - Common Error Handler for MIT Kerberos v5 / GSS distribution/Massachusetts Institute of Technology.)              0x00260000
    Library  C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll (Kerberos v5 support - internal support code for MIT Kerberos v5 /GSS distribution/Massachusetts Institute of Technology.)  0x00270000
    Library  C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll (GSSAPI - GSS API implementation for Kerberos 5 mechanism/Massachusetts Institute of Technology.)                           0x00280000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll                                                                                                                              0x002B0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\iconv.dll (LGPLed libiconv for Windows NT/2000/XP and Windows 95/98/ME/Free Software Foundation)                                         0x012E0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll                                                                                                                                0x003B0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     400
    Library  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     0x00400000
    Library  C:\Program Files\PostgreSQL\8.3\bin\SSLEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x10000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x00050000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libintl-8.dll (LGPLed libintl for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                                0x61CC0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libiconv-2.dll (LGPLed libiconv for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                              0x66000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll (Kerberos v5 - MIT GSS / Kerberos v5 distribution/Massachusetts Institute of Technology.)                                    0x1C000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll (COM_ERR - Common Error Handler for MIT Kerberos v5 / GSS distribution/Massachusetts Institute of Technology.)              0x00160000
    Library  C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll (Kerberos v5 support - internal support code for MIT Kerberos v5 /GSS distribution/Massachusetts Institute of Technology.)  0x00170000
    Library  C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll (GSSAPI - GSS API implementation for Kerberos 5 mechanism/Massachusetts Institute of Technology.)                           0x00180000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll                                                                                                                              0x00300000
    Library  C:\Program Files\PostgreSQL\8.3\bin\iconv.dll (LGPLed libiconv for Windows NT/2000/XP and Windows 95/98/ME/Free Software Foundation)                                         0x012E0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll                                                                                                                                0x001B0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search-Indexerstellung/Microsoft Corporation)                                                                       404
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  C:\Windows\system32\vsstrace.dll (Microsoft® Volumeschattenkopie-DLL zum Nachverfolgen von Anforderungsprozessen/Generatoren/Microsoft Corporation)                          0x72900000
    
    Process  C:\Windows\system32\csrss.exe (Client-Server-Laufzeitprozess/Microsoft Corporation)                                                                                          456
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\wininit.exe (Windows-Startanwendung/Microsoft Corporation)                                                                                               500
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\csrss.exe (Client-Server-Laufzeitprozess/Microsoft Corporation)                                                                                          512
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\services.exe (Anwendung für Dienste und Controller/Microsoft Corporation)                                                                                544
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation)                                                                                       556
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\lsm.exe (Lokaler Sitzungs-Manager-Dienst/Microsoft Corporation)                                                                                          564
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.)                                                                                          596
    Library  C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.)                                                                                          0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\winlogon.exe (Windows-Anmeldeanwendung/Microsoft Corporation)                                                                                            616
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     732
    Library  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     0x00400000
    Library  C:\Program Files\PostgreSQL\8.3\bin\SSLEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x10000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x00050000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libintl-8.dll (LGPLed libintl for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                                0x61CC0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libiconv-2.dll (LGPLed libiconv for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                              0x66000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll (Kerberos v5 - MIT GSS / Kerberos v5 distribution/Massachusetts Institute of Technology.)                                    0x1C000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll (COM_ERR - Common Error Handler for MIT Kerberos v5 / GSS distribution/Massachusetts Institute of Technology.)              0x00260000
    Library  C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll (Kerberos v5 support - internal support code for MIT Kerberos v5 /GSS distribution/Massachusetts Institute of Technology.)  0x00270000
    Library  C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll (GSSAPI - GSS API implementation for Kerberos 5 mechanism/Massachusetts Institute of Technology.)                           0x00280000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll                                                                                                                              0x002B0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\iconv.dll (LGPLed libiconv for Windows NT/2000/XP and Windows 95/98/ME/Free Software Foundation)                                         0x012E0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll                                                                                                                                0x003B0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\PostgreSQL\8.3\lib\plugins\plugin_debugger.dll                                                                                                              0x016C0000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      748
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Program Files\Windows Defender\MSASCui.exe (Windows Defender User Interface/Microsoft Corporation)                                                                        824
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      828
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      864
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      924
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      956
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  c:\windows\system32\tabsvc.dll (Microsoft Tablet PC-Eingabedienst/Microsoft Corporation)                                                                                     0x74310000
    Library  c:\windows\system32\l2gpstore.dll (Policy Storage dll/Microsoft Corporation)                                                                                                 0x74020000
    Library  C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  C:\Windows\System32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation)                                                                                                0x72CB0000
    
    Process  C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.)                                                             972
    Library  C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.)                                                             0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      984
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  C:\Windows\system32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation)                                                                                                0x72CB0000
    Library  C:\Windows\system32\vsstrace.dll (Microsoft® Volumeschattenkopie-DLL zum Nachverfolgen von Anforderungsprozessen/Generatoren/Microsoft Corporation)                          0x72900000
    Library  C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation)                                                                                          0x718F0000
    Library  C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation)                                                                                 0x6F700000
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    
    Process  C:\Program Files\Windows Sidebar\sidebar.exe (Windows-Sidebar/Microsoft Corporation)                                                                                         1028
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Windows\system32\igdumd32.dll (LDDM User Mode Driver for Intel(R) Graphics Technology/Intel Corporation)                                                                  0x04230000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\AUDIODG.EXE (Windows Graphisolierung für Audiogeräte /Microsoft Corporation)                                                                             1056
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\CnxtAp32.dll (Conexant Audio Processing Objects/Conexant Systems Inc.)                                                                                   0x70AD0000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      1072
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\SLsvc.exe (Microsoft-Softwarelizenzierungsdienst/Microsoft Corporation)                                                                                  1088
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\wbem\wmiprvse.exe (WMI Provider Host/Microsoft Corporation)                                                                                              1112
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      1140
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  c:\windows\system32\webclnt.dll (Web DAV-Dienst-DLL/Microsoft Corporation)                                                                                                   0x72D80000
    Library  c:\windows\system32\upnphost.dll (UPnP-Gerätehost/Microsoft Corporation)                                                                                                     0x71290000
    Library  C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation)                                                                                          0x718F0000
    
    Process  C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech SetPoint Event Manager (UNICODE)/Logitech, Inc.)                                                                   1180
    Library  C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech SetPoint Event Manager (UNICODE)/Logitech, Inc.)                                                                   0x00400000
    Library  C:\Windows\system32\KemUtil.dll (Logitech Utility (UNICODE)/Logitech, Inc.)                                                                                                  0x10700000
    Library  C:\Program Files\Logitech\SetPoint\SetPointCOM.dll (Logitech Utility (UNICODE)/Logitech, Inc.)                                                                               0x12A00000
    Library  C:\Windows\system32\kemutb.dll (Logitech Ultimate Toolbox (UNICODE)/Logitech, Inc.)                                                                                          0x10800000
    Library  C:\Windows\system32\KemWnd.dll (Logitech Windows Utilities Support (UNICODE)/Logitech, Inc.)                                                                                 0x10B00000
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    Library  C:\Windows\system32\KemXML.dll (Logitech XML Support (UNICODE)/Logitech, Inc.)                                                                                               0x10900000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll (Logitech SetPoint User Interface (UNICODE)/Logitech, Inc.)                                                          0x02900000
    Library  C:\Program Files\Logitech\SetPoint\WebBrowserSupport.dll (Logitech Web Browser Support (UNICODE)/Logitech, Inc.)                                                             0x1F900000
    Library  C:\Program Files\Logitech\SetPoint\IMHook.dll (Logitech Instant Messenger Hook (UNICODE)/Logitech, Inc.)                                                                     0x12300000
    Library  C:\Program Files\Logitech\SetPoint\Macros\MacroAppSwitch.dll (Logitech Application Switch Support/Logitech, Inc.)                                                            0x10000000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KhalApi.dll (Logitech KHAL Client Interface/Logitech, Inc.)                                                                     0x01B00000
    Library  C:\Program Files\Common Files\LogiShrd\bluetooth\LBTServ.dll (Logitech Bluetooth API/Logitech, Inc.)                                                                         0x01C40000
    Library  C:\Program Files\Logitech\SetPoint\kgame.dll (Logitech Gaming Support (UNICODE)/Logitech, Inc.)                                                                              0x10E00000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Program Files\Logitech\SetPoint\LCabHandler.dll (Handlers Cab files with device files (UNICODE)/Logitech, Inc.)                                                           0x10A00000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      1256
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  c:\windows\system32\vsstrace.dll (Microsoft® Volumeschattenkopie-DLL zum Nachverfolgen von Anforderungsprozessen/Generatoren/Microsoft Corporation)                          0x72900000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  c:\windows\system32\ACTIVEDS.dll (ADs Router-Ebene-DLL/Microsoft Corporation)                                                                                                0x72CB0000
    Library  C:\Windows\system32\ndptsp.tsp (NDIS-Proxy-TAPI-Dienstanbieter/Microsoft Corporation)                                                                                        0x6E930000
    
    Process  C:\Windows\System32\spoolsv.exe (Spoolersubsystem-Anwendung/Microsoft Corporation)                                                                                           1460
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  C:\Windows\System32\E_FLBCDE.DLL (EPSON Bi-directional Monitor/SEIKO EPSON CORPORATION)                                                                                      0x00340000
    Library  C:\Windows\System32\pdfcmnnt.dll                                                                                                                                             0x10000000
    Library  C:\Windows\System32\usbmon.dll (Standard-DLL für dynamischen Druckanschlussmonitor/Microsoft Corporation)                                                                    0x70280000
    
    Process  C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                            1484
    Library  C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                            0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Avira\AntiVir Desktop\schedr.dll (avschdr Dynamic Link Library/Avira GmbH)                                                                                  0x10000000
    Library  C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll (Event Logger/Avira GmbH)                                                                                                0x00960000
    Library  C:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH)                                                                               0x73020000
    Library  C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                           0x00E70000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      1524
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation)                                                                                          0x718F0000
    
    Process  C:\Windows\System32\igfxtray.exe (igfxTray Module/Intel Corporation)                                                                                                         1620
    Library  C:\Windows\System32\igfxtray.exe (igfxTray Module/Intel Corporation)                                                                                                         0x00400000
    Library  C:\Windows\System32\hccutils.DLL (hccutils Module/Intel Corporation)                                                                                                         0x10000000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                         0x01A50000
    Library  C:\Windows\System32\igfxres.dll (igfxres Module/Intel Corporation)                                                                                                           0x01BA0000
    Library  C:\Windows\System32\igfxress.dll (igfxress Module/Intel Corporation)                                                                                                         0x02200000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    
    Process  C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                  1716
    Library  C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                  0x01370000
    Library  C:\Program Files\Avira\AntiVir Desktop\libdb44.dll (Berkeley DB 4.4 DLL/Sleepycat Software)                                                                                  0x13000000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Avira\AntiVir Desktop\AVEvtLog.dll (Event Logger/Avira GmbH)                                                                                                0x10000000
    Library  C:\Program Files\Avira\AntiVir Desktop\guardmsg.dll (AVGuard Messages (Deutsch)/Avira GmbH)                                                                                  0x00310000
    Library  C:\Program Files\Avira\AntiVir Desktop\cfglib.dll (Antivirus configuration library/Avira GmbH)                                                                               0x73020000
    Library  C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll                                                                                                                           0x00D10000
    Library  C:\Program Files\Avira\AntiVir Desktop\AVPREF.DLL (Prefix DLL/Avira GmbH)                                                                                                    0x00360000
    Library  C:\Program Files\Avira\AntiVir Desktop\avsmtp.dll (Antivirus email sender library/Avira GmbH)                                                                                0x72670000
    Library  C:\Program Files\Avira\AntiVir Desktop\AVGIO.DLL (On-access scan support/Avira GmbH)                                                                                         0x01010000
    Library  C:\Windows\system32\FLTLIB.DLL (Filterbibliothek/Microsoft Corporation)                                                                                                      0x72690000
    Library  C:\Program Files\Avira\AntiVir Desktop\aecore.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x01240000
    Library  C:\Program Files\Avira\AntiVir Desktop\aevdf.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                              0x01280000
    Library  C:\Program Files\Avira\AntiVir Desktop\aescript.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                           0x02610000
    Library  C:\Program Files\Avira\AntiVir Desktop\aescn.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                              0x01300000
    Library  C:\Program Files\Avira\AntiVir Desktop\aesbx.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                              0x014F0000
    Library  C:\Program Files\Avira\AntiVir Desktop\aerdl.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                              0x02370000
    Library  C:\Program Files\Avira\AntiVir Desktop\aepack.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x02530000
    Library  C:\Program Files\Avira\AntiVir Desktop\unacev2.dll (UNACE Dynamic Link Library/ACE Compression Software)                                                                     0x025A0000
    Library  C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                           0x01560000
    Library  C:\Program Files\Avira\AntiVir Desktop\aeheur.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x02D50000
    Library  C:\Program Files\Avira\AntiVir Desktop\aehelp.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                             0x02760000
    Library  C:\Program Files\Avira\AntiVir Desktop\aegen.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                              0x02850000
    Library  C:\Program Files\Avira\AntiVir Desktop\aeemu.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                              0x028B0000
    Library  C:\Program Files\Avira\AntiVir Desktop\aebb.dll (AntiVir Engine Module for Windows/Avira GmbH)                                                                               0x00F00000
    Library  C:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                              0x01350000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      1748
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (SQL Server Windows NT/Microsoft Corporation)                                                          1796
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH)                                                                                 1944
    Library  C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (AntiVir shadow copy service/Avira GmbH)                                                                                 0x00400000
    Library  C:\Windows\system32\vsstrace.dll (Microsoft® Volumeschattenkopie-DLL zum Nachverfolgen von Anforderungsprozessen/Generatoren/Microsoft Corporation)                          0x72900000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                              0x10000000
    
    Process  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     1968
    Library  C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Server/PostgreSQL Global Development Group)                                                                     0x00400000
    Library  C:\Program Files\PostgreSQL\8.3\bin\SSLEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x10000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\LIBEAY32.dll (OpenSSL Shared Library/The OpenSSL Project, http://www.openssl.org/)                                                       0x00180000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libintl-8.dll (LGPLed libintl for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                                0x61CC0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libiconv-2.dll (LGPLed libiconv for Windows NT/2000/XP/Vista and Windows 95/98/ME/Free Software Foundation)                              0x66000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\krb5_32.dll (Kerberos v5 - MIT GSS / Kerberos v5 distribution/Massachusetts Institute of Technology.)                                    0x1C000000
    Library  C:\Program Files\PostgreSQL\8.3\bin\comerr32.dll (COM_ERR - Common Error Handler for MIT Kerberos v5 / GSS distribution/Massachusetts Institute of Technology.)              0x00060000
    Library  C:\Program Files\PostgreSQL\8.3\bin\k5sprt32.dll (Kerberos v5 support - internal support code for MIT Kerberos v5 /GSS distribution/Massachusetts Institute of Technology.)  0x00070000
    Library  C:\Program Files\PostgreSQL\8.3\bin\gssapi32.dll (GSSAPI - GSS API implementation for Kerberos 5 mechanism/Massachusetts Institute of Technology.)                           0x00280000
    Library  C:\Program Files\PostgreSQL\8.3\bin\libxml2.dll                                                                                                                              0x002B0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\iconv.dll (LGPLed libiconv for Windows NT/2000/XP and Windows 95/98/ME/Free Software Foundation)                                         0x012E0000
    Library  C:\Program Files\PostgreSQL\8.3\bin\zlib1.dll                                                                                                                                0x003B0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      2044
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    
    Process  C:\Windows\system32\wbem\wmiprvse.exe (WMI Provider Host/Microsoft Corporation)                                                                                              2116
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard)                                                                  2188
    Library  c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard)                                                                  0x008E0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll (HP Active Support Library/Hewlett-Packard)                       0x711E0000
    
    Process  C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech KHAL Main Process/Logitech, Inc.)                                                                        2256
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Logitech KHAL Main Process/Logitech, Inc.)                                                                        0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALAPI.DLL (Logitech KHAL Client Interface/Logitech, Inc.)                                                                     0x10000000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Common Files\LogiShrd\bluetooth\LBTServ.dll (Logitech Bluetooth API/Logitech, Inc.)                                                                         0x003D0000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL (Logitech KHAL Keyboard Interface/Logitech, Inc.)                                                                  0x008C0000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL (Logitech KHAL Mouse Interface/Logitech, Inc.)                                                                       0x00900000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL (Logitech KHAL HID++ Interface/Logitech, Inc.)                                                                      0x018E0000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL (Logitech KHAL Mouse Filter Interface/Logitech, Inc.)                                                               0x02080000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.DLL (Logitech KHAL HID Filter Interface/Logitech, Inc.)                                                                 0x020B0000
    Library  C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.DLL (Logitech KHAL USB Filter Interface/Logitech, Inc.)                                                                 0x020E0000
    
    Process  C:\Windows\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation)                                                                                                         2272
    Library  C:\Windows\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation)                                                                                                         0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                         0x10000000
    Library  C:\Windows\system32\igfxdev.dll (igfxdev Module/Intel Corporation)                                                                                                           0x003B0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Windows\System32\hkcmd.exe (hkcmd Module/Intel Corporation)                                                                                                               2288
    Library  C:\Windows\System32\hkcmd.exe (hkcmd Module/Intel Corporation)                                                                                                               0x00400000
    Library  C:\Windows\System32\hccutils.DLL (hccutils Module/Intel Corporation)                                                                                                         0x10000000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                         0x003D0000
    Library  C:\Windows\System32\igfxres.dll (igfxres Module/Intel Corporation)                                                                                                           0x01840000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Windows\System32\igfxpers.exe (persistence Module/Intel Corporation)                                                                                                      2416
    Library  C:\Windows\System32\igfxpers.exe (persistence Module/Intel Corporation)                                                                                                      0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                         0x10000000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Windows\WindowsMobile\wmdSync.exe (User session Windows Mobile device handler/Microsoft Corporation)                                                                      2448
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech GamePanel Agent/Logitech Inc.)                                                                           2536
    Library  C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech GamePanel Agent/Logitech Inc.)                                                                           0x00400000
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.)                                                                              2648
    Library  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics TouchPad Enhancements/Synaptics, Inc.)                                                                              0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\SynCOM.dll (SynCOM/Synaptics, Inc.)                                                                                                                      0x10000000
    Library  C:\Windows\system32\SynTPAPI.dll (SynTPAPI/Synaptics, Inc.)                                                                                                                  0x63010000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    
    Process  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Quick Launch Buttons/ Hewlett-Packard Development Company, L.P.)                                       2672
    Library  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Quick Launch Buttons/ Hewlett-Packard Development Company, L.P.)                                       0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL (QLB Database Handler/Hewlett-Packard Development Company, L.P.)                                     0x10000000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Windows\system32\conime.exe (Console IME/Microsoft Corporation)                                                                                                           2736
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (HPWAMain Module/Hewlett-Packard Development Company, L.P.)                                              2748
    Library  C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (HPWAMain Module/Hewlett-Packard Development Company, L.P.)                                              0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                     2784
    Library  C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Antivirus System Tray Tool/Avira GmbH)                                                                                     0x00400000
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll (Antivirus Control Center Common Worker Library/Avira GmbH)                                                              0x6E940000
    Library  c:\program files\avira\antivir desktop\cfglib.dll (Antivirus configuration library/Avira GmbH)                                                                               0x73020000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  c:\program files\avira\antivir desktop\ccgen.dll (Control Center General Plugin/Avira GmbH)                                                                                  0x10000000
    Library  c:\program files\avira\antivir desktop\ccgenrc.dll (Control Center General Plugin Resources/Avira GmbH)                                                                      0x005D0000
    Library  c:\program files\avira\antivir desktop\ccguard.dll (Control Center Guard Plugin/Avira GmbH)                                                                                  0x01BA0000
    Library  c:\program files\avira\antivir desktop\ccgrdrc.dll (Control Center Guard Plugin Resources/Avira GmbH)                                                                        0x01B10000
    Library  c:\program files\avira\antivir desktop\ccgrdw.dll (Control Center Guard Worker Plugin/Avira GmbH)                                                                            0x6D6E0000
    Library  C:\Program Files\Avira\AntiVir Desktop\avipc.dll (AVIRA IPC Library/Avira GmbH)                                                                                              0x01B40000
    Library  c:\program files\avira\antivir desktop\ccupdate.dll (Control Center Updater Plugin/Avira GmbH)                                                                               0x01C60000
    Library  c:\program files\avira\antivir desktop\ccupdrc.dll (Control Center Updater Plugin Resources/Avira GmbH)                                                                      0x01C40000
    Library  c:\program files\avira\antivir desktop\cclic.dll (Control Center License Plugin/Avira GmbH)                                                                                  0x01CC0000
    Library  c:\program files\avira\antivir desktop\cclicrc.dll (Control Center License Plugin Resources/Avira GmbH)                                                                      0x01D10000
    Library  c:\program files\avira\antivir desktop\ccmsg.dll (Control Center Message Plugin/Avira GmbH)                                                                                  0x01D30000
    Library  c:\program files\avira\antivir desktop\ccmsgrc.dll (Control Center MSG Plugin Resources/Avira GmbH)                                                                          0x01EB0000
    Library  C:\Program Files\Avira\AntiVir Desktop\rcimage.dll (Avira AntiVir PersonalEdition Classic Master Resource File (English)/Avira GmbH)                                         0x024E0000
    Library  c:\program files\avira\antivir desktop\ccmainrc.dll (Control Center Resources/Avira GmbH)                                                                                    0x01F40000
    
    Process  C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech G-series Profiler/Logitech Inc.)                                                        2816
    Library  C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech G-series Profiler/Logitech Inc.)                                                        0x00400000
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    Library  C:\Windows\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation)                                                                                            0x70D50000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDRes.dll (Logitech G-series Resource Library/Logitech Inc.)                                                 0x10000000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\GamePanel Software\LCD Manager\LgLcdApi.dll (Logitech LCD API DLL/Logitech Inc.)                                                                   0x044C0000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    
    Process  C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (hpwuSchd Application/Hewlett-Packard)                                                                                  2828
    Library  C:\Program Files\Hp\HP Software Update\hpwuschd2.exe (hpwuSchd Application/Hewlett-Packard)                                                                                  0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Windows\system32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)                                                                                      3084
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    
    Process  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Pointing Device Helper/Synaptics, Inc.)                                                                          3528
    Library  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Pointing Device Helper/Synaptics, Inc.)                                                                          0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Windows\system32\taskeng.exe (Aufgabenplanungsmodul/Microsoft Corporation)                                                                                                3640
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Windows\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation)                                                                                            0x70D50000
    Library  C:\Windows\system32\igfxTMM.dll                                                                                                                                              0x10000000
    Library  C:\Windows\system32\igfxdev.dll (igfxdev Module/Intel Corporation)                                                                                                           0x02640000
    Library  C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                         0x00F20000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    
    Process  C:\Windows\system32\Dwm.exe (Desktopfenster-Manager/Microsoft Corporation)                                                                                                   3744
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    
    Process  C:\Windows\Explorer.EXE (Windows-Explorer/Microsoft Corporation)                                                                                                             3776
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\PROGRA~1\WI4EB4~1\wmpband.dll (Windows Media Player auf der Taskleiste/Microsoft Corporation)                                                                             0x6FCF0000
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    Library  C:\Windows\system32\MSACM32.dll (Microsoft ACM-Audiofilter/Microsoft Corporation)                                                                                            0x70D50000
    Library  C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation)                                                                                          0x718F0000
    Library  C:\Windows\system32\wscntfy.dll (Windows-Sicherheitscenter-Benachrichtigungsanwendung/Microsoft Corporation)                                                                 0x6CE40000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation)                                                                                                         0x03AC0000
    Library  C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes' Anti-Malware/Malwarebytes Corporation)                                                                0x10000000
    Library  C:\Program Files\Avira\AntiVir Desktop\shlext.dll (AntiVirus context menu/Avira GmbH)                                                                                        0x031F0000
    Library  C:\Program Files\Notepad++\nppcm.dll (Context Handler Menu for Notepad++/Burgaud.com)                                                                                        0x1C000000
    Library  C:\Program Files\XnView\ShellEx\XnViewShellExt.dll                                                                                                                           0x07D80000
    Library  C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll (SEIKO EPSON CORPORATION)                                                                              0x037B0000
    Library  C:\Program Files\7-Zip\7-zip.dll (7-Zip Shell Extension/Igor Pavlov)                                                                                                         0x03850000
    Library  C:\Windows\system32\CmdLineExt.dll (SecuROM Context-Menu for Explorer./Sony DADC Austria AG.)                                                                                0x03870000
    
    Process  C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Module to process WiFi messages./Hewlett-Packard Development Company, L.P.)                              3808
    Library  C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Module to process WiFi messages./Hewlett-Packard Development Company, L.P.)                              0x00400000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    
    Process  C:\Program Files\Windows Sidebar\sidebar.exe (Windows-Sidebar/Microsoft Corporation)                                                                                         3980
    Library  C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation)                                                                                                    0x718E0000
    Library  C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation)                                                                                     0x761E0000
    Library  C:\Program Files\Logitech\SetPoint\lgscroll.dll (Logitech Scroll Enabler (UNICODE)/Logitech, Inc.)                                                                           0x10100000
    Library  C:\Program Files\Logitech\SetPoint\GameHook.dll (Logitech Gaming Hook (UNICODE)/Logitech, Inc.)                                                                              0x10D00000
    Library  C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation)                                                                                   0x74FA0000
    Library  C:\Windows\system32\igdumd32.dll (LDDM User Mode Driver for Intel(R) Graphics Technology/Intel Corporation)                                                                  0x05260000
    
    ---- Services - GMER 1.0.15 ----
    
    Service  C:\Program Files\Avira\AntiVir Desktop\sched.exe (Antivirus Scheduler/Avira GmbH)                                                                                            [AUTO] AntiVirSchedulerService
    Service  C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Antivirus On-Access Service/Avira GmbH)                                                                                  [AUTO] AntiVirService
    Service  C:\??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys                                                                                                                       [SYSTEM] avgio
    Service  C:\Windows\system32\DRIVERS\avgntflt.sys (Avira Minifilter Driver/Avira GmbH)                                                                                                [AUTO] avgntflt
    Service  C:\Windows\system32\DRIVERS\avipbb.sys (Avira Driver for Security Enhancement/Avira GmbH)                                                                                    [SYSTEM] avipbb
    Service  C:\Windows\system32\drivers\avmeject.sys (AVM CD-Eject Filter Driver/AVM Berlin)                                                                                             [MANUAL] avmeject
    Service  C:\Windows\system32\DRIVERS\b57nd60x.sys (Broadcom NetXtreme Gigabit Ethernet NDIS6.0 Driver./Broadcom Corporation)                                                          [MANUAL] b57nd60x
    Service  C:\Windows\system32\DRIVERS\bcmwl6.sys (BCM 802.11g Network Adapter wireless driver/Broadcom Corporation)                                                                    [MANUAL] BCM43XV
    Service  C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation)                                                                       [MANUAL] bowser
    Service  C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.)                                                [MANUAL] BrFiltLo
    Service  C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.)                                                [MANUAL] BrFiltUp
    Service  C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.)                                                                                 [MANUAL] BrUsbSer
    Service  C:\Windows\system32\drivers\CHDRT32.sys (High Definition Audio Function Driver/Conexant Systems Inc.)                                                                        [MANUAL] CnxtHdAudService
    Service  C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Com for QLB software/Hewlett-Packard Development Company, L.P.)                                        [MANUAL] Com4Qlb
    Service  C:\Users\Thomas\AppData\Local\Temp\cpuz130\cpuz_x32.sys                                                                                                                      [MANUAL] cpuz130
    Service  C:\Program Files\CPUID\PC Wizard 2010\pcwiz32.sys                                                                                                                            [MANUAL] cpuz132
    Service  C:\??\C:\Windows\system32\drivers\cpuz133_x32.sys                                                                                                                            [AUTO] cpuz133
    Service  C:\Windows\system32\DRIVERS\CVirtA.sys (Cisco Systems VPN Adapter/Cisco Systems, Inc.)                                                                                       [MANUAL] CVirtA
    Service  C:\Windows\system32\DRIVERS\e100b325.sys (Intel(R) PRO/100 Adapter NDIS 5.1 driver/Intel Corporation)                                                                        [MANUAL] E100B
    Service  C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation)                                                            [MANUAL] E1G60
    Service                                                                                                                                                                               eabusb
    Service  C:\??\C:\Windows\system32\DRIVERS\ENTECH.sys                                                                                                                                 [MANUAL] ENTECH
    Service  C:\Windows\system32\DRIVERS\fwlanusb.sys (fwlanusb.sys/AVM GmbH)                                                                                                             [MANUAL] FWLANUSB
    Service  C:\Windows\system32\DRIVERS\ggflt.sys (SEMC USB Flash Driver Filter/Sony Ericsson Mobile Communications)                                                                     [MANUAL] ggflt
    Service  C:\Windows\system32\DRIVERS\ggsemc.sys (SEMC USB Flash Driver/Sony Ericsson Mobile Communications)                                                                           [MANUAL] ggsemc
    Service  C:\Windows\system32\DRIVERS\cpqbttn.sys (HP Tablet PC Key Button HID Driver/Hewlett-Packard Development Company, L.P.)                                                       [MANUAL] HBtnKey
    Service  C:\Windows\system32\drivers\CHDART.sys (High Definition Audio Function Driver/Conexant Systems Inc.)                                                                         [MANUAL] HdAudAddService
    Service  C:\Windows\system32\drivers\hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)                                                                         [BOOT] hotcore3
    Service  c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard)                                                                  [AUTO] HP Health Check Service
    Service  C:\Windows\system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.)                                                     [MANUAL] HpqKbFiltr
    Service  C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.)                                                             [AUTO] hpqwmiex
    Service  C:\Windows\system32\DRIVERS\VSTAZL3.SYS (HSF_HWAZL WDM driver/Conexant Systems, Inc.)                                                                                        [MANUAL] HSFHWAZL
    Service  C:\Windows\system32\DRIVERS\HSX_DPV.sys (HSF_DP driver/Conexant Systems, Inc.)                                                                                               [MANUAL] HSF_DPV
    Service  C:\Windows\system32\DRIVERS\HSXHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.)                                                                                       [MANUAL] HSXHWAZL
    Service  C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation)                                                                               [MANUAL] ialm
    Service  C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation)                                                      [MANUAL] IDriverT
    Service  C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation)                                                                               [MANUAL] igfx
    Service  system32\DRIVERS\ipinip.sys                                                                                                                                                  [MANUAL] IpInIp
    Service  C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech Bluetooth Service/Logitech, Inc.)                                                                     [MANUAL] LBTServ
    Service  C:\Windows\system32\DRIVERS\LHidFilt.Sys (Logitech HID Filter Driver./Logitech, Inc.)                                                                                        [MANUAL] LHidFilt
    Service                                                                                                                                                                               LHidKe
    Service  C:\Windows\system32\DRIVERS\LMouFilt.Sys (Logitech Mouse Filter Driver./Logitech, Inc.)                                                                                      [MANUAL] LMouFilt
    Service  C:\Windows\System32\Drivers\LUsbFilt.Sys (Logitech USB Filter Driver./Logitech, Inc.)                                                                                        [MANUAL] LUsbFilt
    Service  C:\Windows\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant)                                                                                           [AUTO] mdmxsdk
    Service                                                                                                                                                                               MSDTC Bridge 3.0.0.0
    Service                                                                                                                                                                               MSDTC Bridge 4.0.0.0
    Service  C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation)                                                                               [MANUAL] mssmbios
    Service  C:\Windows\system32\DRIVERS\NETw4v32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation)                                                                                [MANUAL] NETw4v32
    Service  C:\Windows\system32\DRIVERS\NETw5v32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation)                                                                                [MANUAL] NETw5v32
    Service  system32\DRIVERS\nwlnkflt.sys                                                                                                                                                [MANUAL] NwlnkFlt
    Service  system32\DRIVERS\nwlnkfwd.sys                                                                                                                                                [MANUAL] NwlnkFwd
    Service                                                                                                                                                                               Outlook
    Service  C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (pg_ctl - starts/stops/restarts the PostgreSQL server/PostgreSQL Global Development Group)                                    [AUTO] pgsql-8.3
    Service  C:\Windows\system32\DRIVERS\psi_mf.sys (Secunia PSI Driver/Secunia)                                                                                                          [MANUAL] PSI
    Service  C:\Windows\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions)                                                                       [BOOT] PxHelp20
    Service  C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Radeon Kernel Mode Driver/ATI Technologies Inc.)                                                                               [MANUAL] R300
    Service  C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation)                                                                                                [SYSTEM] RDPENCDD
    Service  C:\Windows\system32\DRIVERS\s217bus.sys (Sony Ericsson Device 217 Driver/MCCI Corporation)                                                                                   [MANUAL] s217bus
    Service  C:\Windows\system32\DRIVERS\s217mdfl.sys (Sony Ericsson Device 217 USB WMC Modem Filter Driver/MCCI Corporation)                                                             [MANUAL] s217mdfl
    Service  C:\Windows\system32\DRIVERS\s217mdm.sys (Sony Ericsson Device 217 USB WMC Modem WDM Driver/MCCI Corporation)                                                                 [MANUAL] s217mdm
    Service  C:\Windows\system32\DRIVERS\s217mgmt.sys (Sony Ericsson Device 217 USB WMC Device Management Driver/MCCI Corporation)                                                        [MANUAL] s217mgmt
    Service  C:\Windows\system32\DRIVERS\s217nd5.sys (Sony Ericsson Device 217 USB Ethernet Emulation (NDIS 5 Miniport)/MCCI Corporation)                                                 [MANUAL] s217nd5
    Service  C:\Windows\system32\DRIVERS\s217obex.sys (Sony Ericsson Device 217 USB WMC OBEX Interface Device Driver/MCCI Corporation)                                                    [MANUAL] s217obex
    Service  C:\Windows\system32\DRIVERS\s217unic.sys (Sony Ericsson Device 217 USB Ethernet Emulation/MCCI)                                                                              [MANUAL] s217unic
    Service  C:\Windows\system32\DRIVERS\s616bus.sys (Sony Ericsson Device 616 Driver/MCCI Corporation)                                                                                   [MANUAL] s616bus
    Service  C:\Windows\system32\DRIVERS\s616mdfl.sys (Sony Ericsson Device 616 USB WMC Modem Filter Driver/MCCI Corporation)                                                             [MANUAL] s616mdfl
    Service  C:\Windows\system32\DRIVERS\s616mdm.sys (Sony Ericsson Device 616 USB WMC Modem WDM Driver/MCCI Corporation)                                                                 [MANUAL] s616mdm
    Service  C:\Windows\system32\DRIVERS\s616mgmt.sys (Sony Ericsson Device 616 USB WMC Device Management Driver/MCCI Corporation)                                                        [MANUAL] s616mgmt
    Service  C:\Windows\system32\DRIVERS\s616nd5.sys (Sony Ericsson Device 616 USB Ethernet Emulation (NDIS 5 Miniport)/MCCI Corporation)                                                 [MANUAL] s616nd5
    Service  C:\Windows\system32\DRIVERS\s616obex.sys (Sony Ericsson Device 616 USB WMC OBEX Interface Device Driver/MCCI Corporation)                                                    [MANUAL] s616obex
    Service  C:\Windows\system32\DRIVERS\s616unic.sys (Sony Ericsson Device 616 USB Ethernet Emulation/MCCI Corporation)                                                                  [MANUAL] s616unic
    Service  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys                                                                                             [MANUAL] SANDRA
    Service   (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)                                                      [AUTO] secdrv
    Service  C:\Windows\system32\DRIVERS\seehcri.sys (seehcri Driver/Sony Ericsson Mobile Communications)                                                                                 [MANUAL] seehcri
    Service                                                                                                                                                                               ServiceModelEndpoint 3.0.0.0
    Service                                                                                                                                                                               ServiceModelOperation 3.0.0.0
    Service                                                                                                                                                                               ServiceModelService 3.0.0.0
    Service  C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation)                                                                         [MANUAL] sffp_sd
    Service                                                                                                                                                                               SMSvcHost 3.0.0.0
    Service                                                                                                                                                                               SMSvcHost 4.0.0.0
    Service  C:\Windows\System32\Drivers\sptd.sys                                                                                                                                         [BOOT] sptd
    Service  C:\Windows\system32\DRIVERS\ssmdrv.sys (AVIRA SnapShot Driver/Avira GmbH)                                                                                                    [SYSTEM] ssmdrv
    Service  c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (SureThing Labelflash Disc Printer Service Module/MicroVision Development, Inc.)                                 [MANUAL] stllssvr
    Service  C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)                                                                                            [MANUAL] SynTP
    Service  C:\Windows\system32\DRIVERS\tapvpn.sys (TAP-Win32 Virtual Network Driver/The OpenVPN Project)                                                                                [MANUAL] tapvpn
    Service  C:\Windows\system32\DRIVERS\teamviewervpn.sys (TeamViewerVPN Network Adapter/TeamViewer GmbH)                                                                                [MANUAL] teamviewervpn
    Service  C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation)                                                                                    [MANUAL] vga
    Service  C:\Windows\system32\DRIVERS\HSX_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.)                                                                                            [MANUAL] winachsf
    Service                                                                                                                                                                               Windows Workflow Foundation 3.0.0.0
    Service                                                                                                                                                                               WSearchIdxPi
    Service  C:\Windows\system32\DRIVERS\xaudio.sys (Modem Audio Device Driver/Conexant Systems, Inc.)                                                                                    [AUTO] XAudio
    Service  C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.)                                                                                          [AUTO] XAudioService
    
    ---- EOF - GMER 1.0.15 ----


    OTL.txt

    Code:
    OTL logfile created on: 7/5/2010 8:35:13 PM - Run 1
    OTL by OldTimer - Version 3.2.7.1     Folder = C:\Users\Thomas\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
     
    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): c:\pagefile.sys 3057 3057 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 102.55 Gb Total Space | 18.01 Gb Free Space | 17.56% Space Free | Partition Type: NTFS
    Drive D: | 4.38 Gb Total Space | 1.27 Gb Free Space | 28.92% Space Free | Partition Type: UDF
    Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.89% Space Free | Partition Type: NTFS
    Drive F: | 7.68 Gb Total Space | 1.39 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: THOMAS-NOTEBOOK
    Current User Name: Thomas
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
     
    ========== Processes (SafeList) ==========
     
    PRC - [2010/07/05 16:17:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
    PRC - [2010/06/30 19:00:27 | 003,968,000 | ---- | M] (LearnPulse) -- C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe
    PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera 10 Beta\opera.exe
    PRC - [2010/05/04 06:30:19 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    PRC - [2010/04/01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/12/10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
    PRC - [2009/09/25 20:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files\AutoHotkey\AutoHotkey.exe
    PRC - [2009/05/04 11:48:54 | 000,354,312 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    PRC - [2009/05/04 11:47:06 | 002,817,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2009/02/19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
    PRC - [2006/11/02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
    PRC - [2006/04/14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
     
     
    ========== Modules (SafeList) ==========
     
    MOD - [2010/07/05 16:17:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
    MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2009/03/30 06:42:16 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4016_none_d0893820442e7fe4\msvcr80.dll
    MOD - [2009/02/19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2009/02/19 00:26:28 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
    MOD - [2008/01/19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
     
     
    ========== Win32 Services (SafeList) ==========
     
    SRV - [2010/04/01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/12/17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
    SRV - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
    SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
    SRV - [2009/02/19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/03/05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
    SRV - [2006/04/14 11:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
    SRV - [2006/04/14 11:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2006/04/14 11:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2005/10/14 04:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys -- (SANDRA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz32.sys -- (cpuz132)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Thomas\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
    DRV - [2010/03/01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/11/09 19:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV - [2009/10/18 11:56:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2009/10/18 11:56:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/04/11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2009/03/24 13:03:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
    DRV - [2009/02/13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2008/12/29 17:49:04 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/12/01 13:47:00 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hotcore3.sys -- (hotcore3)
    DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/03/29 12:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/03/27 21:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/03/03 06:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/01/23 23:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapvpn.sys -- (tapvpn)
    DRV - [2008/01/09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
    DRV - [2007/11/02 10:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)
    DRV - [2007/11/02 10:22:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mgmt.sys -- (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)
    DRV - [2007/11/02 10:22:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217obex.sys -- (s217obex)
    DRV - [2007/11/02 10:22:38 | 000,024,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217nd5.sys -- (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)
    DRV - [2007/11/02 10:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdm.sys -- (s217mdm)
    DRV - [2007/11/02 10:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
    DRV - [2007/11/02 10:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217mdfl.sys -- (s217mdfl)
    DRV - [2007/10/31 13:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/08/24 14:39:56 | 001,899,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2007/08/24 14:39:56 | 001,899,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2007/07/10 01:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/19 22:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/19 22:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/06/19 22:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2007/04/03 08:59:42 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616unic.sys -- (s616unic) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM)
    DRV - [2007/04/03 08:59:42 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616obex.sys -- (s616obex)
    DRV - [2007/04/03 08:59:42 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616nd5.sys -- (s616nd5) Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS)
    DRV - [2007/04/03 08:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt) Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM)
    DRV - [2007/04/03 08:59:38 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdm.sys -- (s616mdm)
    DRV - [2007/04/03 08:59:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mdfl.sys -- (s616mdfl)
    DRV - [2007/04/03 08:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
    DRV - [2007/02/22 05:24:48 | 000,159,232 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2007/01/25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
    DRV - [2007/01/25 20:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
    DRV - [2007/01/18 12:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 11:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/11/02 09:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2006/11/02 09:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2006/06/28 11:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
    FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
    FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
    FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
    FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
    FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
    FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13
    FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.4.3
    FF - prefs.js..network.proxy.http: "localhost"
    FF - prefs.js..network.proxy.http_port: 9666
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.socks: "localhost"
    FF - prefs.js..network.proxy.socks_port: 9050
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.ssl: "localhost"
    FF - prefs.js..network.proxy.ssl_port: 9666
     
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 21:19:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 21:19:40 | 000,000,000 | ---D | M]
     
    [2008/09/01 06:07:56 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions
    [2010/07/05 11:25:34 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions
    [2010/06/29 09:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2010/06/13 10:12:46 | 000,000,000 | ---D | M] (WebMail Notifier) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
    [2010/03/20 00:05:53 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
    [2009/11/19 11:45:34 | 000,000,000 | ---D | M] (RefControl) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
    [2010/06/29 09:32:40 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2009/03/28 20:41:56 | 000,000,000 | ---D | M] (Smiley Xtra) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{759F3C3E-A3FC-474b-A6F0-66B14404AA07}
    [2010/01/10 00:24:09 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
    [2010/04/16 20:54:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2009/07/13 22:51:45 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
    [2010/05/01 22:45:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/04/16 20:54:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2009/10/18 11:40:08 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
    [2010/04/16 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\firegestures@xuldev.org
    [2010/04/21 22:22:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\foxmarks@kei.com
    [2010/04/16 20:54:30 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\4fqo6yb1.default\extensions\isreaditlater@ideashower.com
    [2010/07/03 23:59:44 | 000,001,535 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\4fqo6yb1.default\searchplugins\ixquick---deutsch.xml
    [2010/07/03 23:59:44 | 000,002,802 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Mozilla\FireFox\Profiles\4fqo6yb1.default\searchplugins\ixquick-ssl-pictures---deutsch.xml
    [2010/07/05 11:25:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/11/22 21:04:59 | 000,056,576 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    [1999/12/31 17:00:00 | 000,163,608 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
    [2010/01/21 19:50:35 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
    [2010/01/21 19:50:35 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
    [2010/01/21 19:50:35 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
    [2010/01/21 19:50:35 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
    [2010/01/21 19:50:35 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
     
    O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1       localhost
    O1 - Hosts: ::1             localhost
    O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Screenpresso] C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe (LearnPulse)
    O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ac'tivAid.lnk = C:\Program Files\ac'tivAid\ac'tivAid.ahk ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM ()
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - Unable to obtain root file information for disk F:\
    O33 - MountPoints2\{3a43c170-af20-11dd-8198-001eec1c7a16}\Shell - "" = AutoRun
    O33 - MountPoints2\{3a43c170-af20-11dd-8198-001eec1c7a16}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
    O33 - MountPoints2\{f4cf6d7c-d5c9-11dd-bac1-001eec1c7a16}\Shell - "" = AutoRun
    O33 - MountPoints2\{f4cf6d7c-d5c9-11dd-bac1-001eec1c7a16}\Shell\AutoRun\command - "" = G:\_AUTORUN\AUTORUN.EXE -- File not found
    O33 - MountPoints2\{f4cf6d7c-d5c9-11dd-bac1-001eec1c7a16}\Shell\instDX\command - "" = G:\directX\dxsetup.exe -- File not found
    O33 - MountPoints2\{f4cf6d7c-d5c9-11dd-bac1-001eec1c7a16}\Shell\readme\command - "" = notepad Liesmich.txt
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2010/07/05 19:30:58 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/07/05 17:04:07 | 000,000,000 | ---D | C] -- C:\rsit
    [2010/07/05 16:16:57 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
    [2010/07/05 15:57:23 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
    [2010/07/05 15:57:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/07/05 15:57:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/07/05 15:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/05 15:57:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/07/05 15:44:19 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Thomas\Desktop\mbam-setup-1.46.exe
    [2010/07/05 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
    [2010/07/01 22:22:22 | 000,000,000 | ---D | C] -- C:\PROGRAMME
    [2010/06/28 11:24:35 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\aab
    [2010/06/24 09:24:35 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2010/06/24 09:24:35 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2010/06/24 09:24:35 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
    [2010/06/24 00:31:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2010/06/24 00:31:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2010/06/20 12:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2010/06/10 22:02:57 | 000,020,968 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz133_x32.sys
    [2010/06/10 19:06:26 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/06/10 19:06:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/06/10 19:06:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/06/10 19:06:25 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/06/10 19:06:25 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/06/10 19:06:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/06/10 19:06:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/06/10 19:06:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/06/10 19:06:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/06/10 19:06:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/06/10 19:06:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/06/10 19:06:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/06/10 19:06:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/06/10 19:06:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/06/10 19:06:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/06/10 19:06:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
    [2010/06/10 19:05:57 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/06/10 19:05:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/06/10 19:05:49 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2010/07/05 20:35:45 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ED1C368C-2F06-4AC1-9A5B-1C19F1C8CDF1}.job
    [2010/07/05 20:34:14 | 003,932,160 | -HS- | M] () -- C:\Users\Thomas\ntuser.dat
    [2010/07/05 20:30:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/07/05 20:30:10 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/07/05 20:30:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/07/05 20:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/07/05 20:29:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/07/05 20:29:02 | 000,524,288 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
    [2010/07/05 20:29:02 | 000,065,536 | -HS- | M] () -- C:\Users\Thomas\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
    [2010/07/05 20:28:58 | 001,787,998 | -H-- | M] () -- C:\Users\Thomas\AppData\Local\IconCache.db
    [2010/07/05 19:30:36 | 257,494,420 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/07/05 16:44:51 | 000,293,928 | ---- | M] () -- C:\Users\Thomas\Desktop\opera6d.adr
    [2010/07/05 16:41:56 | 001,376,832 | ---- | M] () -- C:\Users\Thomas\Desktop\sar_15_sfx.exe
    [2010/07/05 16:31:57 | 000,006,899 | ---- | M] () -- C:\Users\Thomas\Desktop\hijackthis2
    [2010/07/05 16:17:21 | 000,002,097 | ---- | M] () -- C:\Users\Thomas\Desktop\hjtscanlist.zip
    [2010/07/05 16:17:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas\Desktop\OTL.exe
    [2010/07/05 16:14:52 | 000,293,376 | ---- | M] () -- C:\Users\Thomas\Desktop\u98rdc6e.exe
    [2010/07/05 16:12:44 | 000,824,681 | ---- | M] () -- C:\Users\Thomas\Desktop\RSIT.exe
    [2010/07/05 15:57:15 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/07/05 15:45:28 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Thomas\Desktop\mbam-setup-1.46.exe
    [2010/07/05 13:49:59 | 001,402,880 | ---- | M] () -- C:\Users\Thomas\Desktop\HiJackThis.msi
    [2010/07/05 11:33:02 | 000,052,224 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/04 18:44:33 | 000,059,168 | ---- | M] () -- C:\Users\Thomas\Desktop\1278259832318.jpg
    [2010/07/04 17:34:26 | 000,903,719 | ---- | M] () -- C:\Users\Thomas\Desktop\rohan-wk.zip
    [2010/07/04 17:12:51 | 001,238,765 | ---- | M] () -- C:\Users\Thomas\Desktop\axis-slovakia-revised.zip
    [2010/07/04 17:12:24 | 000,043,296 | ---- | M] () -- C:\Users\Thomas\Desktop\carstvo-bylgarija.zip
    [2010/07/04 17:10:34 | 000,042,089 | ---- | M] () -- C:\Users\Thomas\Desktop\hungariancampaign.zip
    [2010/07/04 11:01:50 | 000,197,482 | ---- | M] () -- C:\Users\Thomas\Desktop\ssd.png
    [2010/07/04 10:54:17 | 000,222,852 | ---- | M] () -- C:\Users\Thomas\Desktop\2010-07-04 10h53_59.png
    [2010/07/03 22:28:29 | 002,028,262 | ---- | M] () -- C:\Users\Thomas\Desktop\coolguy.gif
    [2010/07/02 19:24:26 | 000,978,362 | ---- | M] () -- C:\Users\Thomas\Desktop\uk.zip
    [2010/07/02 15:27:49 | 000,000,814 | ---- | M] () -- C:\Users\Thomas\Desktop\1680x1050_20100702.dsv
    [2010/07/01 21:52:55 | 000,001,546 | ---- | M] () -- C:\Users\Thomas\Desktop\XnView.lnk
    [2010/07/01 16:25:27 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
    [2010/06/28 15:33:56 | 000,002,339 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2010/06/27 22:46:39 | 000,000,292 | ---- | M] () -- C:\Users\Thomas\Desktop\free.m3u
    [2010/06/25 12:10:03 | 001,646,592 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/06/25 12:10:03 | 000,699,228 | ---- | M] () -- C:\Windows\System32\perfh007.dat
    [2010/06/25 12:10:03 | 000,653,936 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/06/25 12:10:03 | 000,155,398 | ---- | M] () -- C:\Windows\System32\perfc007.dat
    [2010/06/25 12:10:03 | 000,126,126 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/06/11 18:36:39 | 000,443,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2010/07/05 19:30:36 | 257,494,420 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/07/05 16:44:51 | 000,293,928 | ---- | C] () -- C:\Users\Thomas\Desktop\opera6d.adr
    [2010/07/05 16:41:56 | 001,376,832 | ---- | C] () -- C:\Users\Thomas\Desktop\sar_15_sfx.exe
    [2010/07/05 16:31:57 | 000,006,899 | ---- | C] () -- C:\Users\Thomas\Desktop\hijackthis2
    [2010/07/05 16:17:21 | 000,002,097 | ---- | C] () -- C:\Users\Thomas\Desktop\hjtscanlist.zip
    [2010/07/05 16:14:52 | 000,293,376 | ---- | C] () -- C:\Users\Thomas\Desktop\u98rdc6e.exe
    [2010/07/05 16:12:44 | 000,824,681 | ---- | C] () -- C:\Users\Thomas\Desktop\RSIT.exe
    [2010/07/05 15:57:15 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/07/05 13:49:59 | 001,402,880 | ---- | C] () -- C:\Users\Thomas\Desktop\HiJackThis.msi
    [2010/07/04 18:44:33 | 000,059,168 | ---- | C] () -- C:\Users\Thomas\Desktop\1278259832318.jpg
    [2010/07/04 17:34:26 | 000,903,719 | ---- | C] () -- C:\Users\Thomas\Desktop\rohan-wk.zip
    [2010/07/04 17:12:47 | 001,238,765 | ---- | C] () -- C:\Users\Thomas\Desktop\axis-slovakia-revised.zip
    [2010/07/04 17:12:24 | 000,043,296 | ---- | C] () -- C:\Users\Thomas\Desktop\carstvo-bylgarija.zip
    [2010/07/04 17:10:34 | 000,042,089 | ---- | C] () -- C:\Users\Thomas\Desktop\hungariancampaign.zip
    [2010/07/04 11:01:39 | 000,197,482 | ---- | C] () -- C:\Users\Thomas\Desktop\ssd.png
    [2010/07/04 10:54:16 | 000,222,852 | ---- | C] () -- C:\Users\Thomas\Desktop\2010-07-04 10h53_59.png
    [2010/07/03 22:28:29 | 002,028,262 | ---- | C] () -- C:\Users\Thomas\Desktop\coolguy.gif
    [2010/07/02 19:24:22 | 000,978,362 | ---- | C] () -- C:\Users\Thomas\Desktop\uk.zip
    [2010/07/02 15:27:49 | 000,000,814 | ---- | C] () -- C:\Users\Thomas\Desktop\1680x1050_20100702.dsv
    [2010/07/01 21:52:55 | 000,001,546 | ---- | C] () -- C:\Users\Thomas\Desktop\XnView.lnk
    [2010/06/27 22:46:39 | 000,000,292 | ---- | C] () -- C:\Users\Thomas\Desktop\free.m3u
    [2010/01/19 20:28:16 | 000,000,235 | ---- | C] () -- C:\Windows\SIERRA.INI
    [2009/11/23 21:44:03 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
    [2009/06/20 22:57:25 | 000,000,089 | ---- | C] () -- C:\Windows\ULead32.ini
    [2009/06/04 21:36:02 | 000,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
    [2009/06/04 21:36:01 | 004,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
    [2009/06/04 21:36:01 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2009/05/26 23:02:42 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/02/05 23:08:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2009/01/05 10:07:18 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2009/01/05 10:07:15 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2009/01/05 10:07:15 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2009/01/05 10:07:13 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2009/01/05 10:07:10 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
    [2008/12/29 17:49:03 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
    [2008/11/27 01:46:12 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
    [2008/11/17 18:25:52 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2008/11/17 18:22:07 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini
    [2008/10/19 13:57:28 | 004,762,112 | ---- | C] () -- C:\Windows\System32\NCMedia.dll
    [2008/10/19 13:57:28 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
    [2008/08/12 19:00:38 | 000,000,392 | ---- | C] () -- C:\Windows\ODBC.INI
    [2008/06/18 15:59:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2007/08/24 14:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
    [2007/08/24 14:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/11/28 22:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
     
    ========== LOP Check ==========
     
    [2009/03/29 10:15:11 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ac'tivAid
    [2008/12/05 01:33:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Ashampoo
    [2008/12/05 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Auslogics
    [2008/12/29 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools
    [2008/12/29 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
    [2008/12/29 19:02:44 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Pro
    [2009/02/08 12:37:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\EPSON
    [2010/05/13 00:28:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\foobar2000
    [2008/11/22 21:05:20 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Foxit
    [2009/10/08 22:36:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\FreeFLVConverter
    [2008/07/31 00:23:06 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Hewlett Packard
    [2008/09/12 12:23:15 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ImgBurn
    [2008/12/25 11:42:28 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\InterVideo
    [2009/02/05 23:10:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\jpg-Illuminator
    [2009/05/12 10:58:12 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Leadertech
    [2008/11/01 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mael
    [2008/11/29 22:47:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Mp3tag
    [2008/11/29 22:38:51 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Notepad++
    [2008/11/17 15:18:25 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
    [2010/05/29 15:11:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Opera
    [2008/08/11 11:03:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\PeerNetworking
    [2009/12/22 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\postgresql
    [2008/12/11 23:38:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\RadioRipper
    [2008/11/30 01:23:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\RapidSolution
    [2008/08/11 11:25:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SampleView
    [2008/12/18 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ScreenSeven
    [2009/10/18 11:47:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Sony
    [2009/03/29 18:59:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\SumatraPDF
    [2009/11/10 15:27:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\supertuxkart
    [2010/01/09 22:37:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\TeamViewer
    [2009/12/24 01:01:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Tobit
    [2010/05/16 19:16:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Tracker Software
    [2010/03/14 19:12:27 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\UB
    [2008/09/20 17:00:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Xilisoft Corporation
    [2008/12/06 08:27:22 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\XnView
    [2010/07/05 20:29:03 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/07/05 20:35:45 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{ED1C368C-2F06-4AC1-9A5B-1C19F1C8CDF1}.job
     
    ========== Purity Check ==========
     
     
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B0A96209
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C05A8628
    < End of report >


    OTL Extras.txt

    Code:
    OTL Extras logfile created on: 7/5/2010 8:35:13 PM - Run 1
    OTL by OldTimer - Version 3.2.7.1     Folder = C:\Users\Thomas\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy
     
    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
    Paging file location(s): c:\pagefile.sys 3057 3057 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 102.55 Gb Total Space | 18.01 Gb Free Space | 17.56% Space Free | Partition Type: NTFS
    Drive D: | 4.38 Gb Total Space | 1.27 Gb Free Space | 28.92% Space Free | Partition Type: UDF
    Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.89% Space Free | Partition Type: NTFS
    Drive F: | 7.68 Gb Total Space | 1.39 Gb Free Space | 18.09% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: THOMAS-NOTEBOOK
    Current User Name: Thomas
    Logged in as Administrator.
     
    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera 10 Beta\Opera.exe (Opera Software)
     
    ========== Shell Spawning ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Opera 10 Beta\opera.exe" (Opera Software)
    https [open] -- "C:\Program Files\Opera 10 Beta\opera.exe" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Betrachten mit XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Mp3tag] -- "C:\Program Files\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3708519843-3629216694-3793819806-1006]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00A03D52-42DE-4704-BD36-C60FF47E83E9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
    "{0A03B43B-B004-494B-9D03-10D02E34AC9A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{144A40CC-4F5F-4590-8561-BB35253C036F}" = lport=143 | protocol=6 | dir=in | name=imap | 
    "{161535CA-12DD-4CF1-A344-F2182D1A3D60}" = lport=993 | protocol=6 | dir=in | name=imap_b | 
    "{2ABC05C3-0084-49B4-9214-585EC76961D1}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
    "{33AEFEF9-0B57-4F3D-B081-E8262094E3BF}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
    "{459CB0F2-A3AA-4967-A37B-328030498FC8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\wnt500x86\rpcsandrasrv.exe | 
    "{5A113BF6-D551-46BB-90E2-75EC625F7B62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{789FD4EA-6AF9-411D-9C66-F00F4E8F4C08}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
    "{C878FCD5-4DDD-4FCA-B0E5-D5C298153E6F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
    "{CD0FB763-DF2B-47C0-8023-32F2D566E6A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{CD600071-F63E-4045-8FD1-C4F128DFAF99}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
    "{CFE302A6-41D4-4405-804F-0F4DD53F5200}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
    "{E0933550-3AC9-4D80-B616-50F384802F1E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
    "{E48C7417-F609-4E41-B70E-C1149C6382BC}" = lport=587 | protocol=6 | dir=in | name=imap_c | 
    "{ED3E34AD-13B9-408C-ADE6-BEF569FDF514}" = lport=5432 | protocol=6 | dir=in | name=postgresql | 
    "{EDA4E29D-A169-4ED5-AB4B-518C5B36319E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04B12446-B659-415F-A020-EC143C20FE52}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{092A7185-5081-4ABD-96A3-51D029B1F032}" = protocol=6 | dir=in | app=c:\program files\postgresql\8.3\bin\postgres.exe | 
    "{0C92C6EC-C73E-4EB1-B6D0-EAC40D2FF0FA}" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\unoinfo.exe | 
    "{0DDD5708-DBC6-458C-B70A-C290FEC24C72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{15ACB053-93DC-480A-B626-D2A76F5EEE87}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
    "{1883C697-65D9-430D-94DD-FD9BE4F0A8D9}" = protocol=6 | dir=in | app=c:\program files\holdem manager\hmimport.exe | 
    "{18F39624-0190-4452-B8B5-95CDE069853F}" = protocol=6 | dir=in | app=c:\program files\opera 10 beta\opera.exe | 
    "{1F0BE900-38B6-40F9-9685-5B1414E788F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{2A100349-AE9A-4492-A3DB-BBDF5C40D5D8}" = protocol=17 | dir=in | app=c:\program files\holdem manager\hmimport.exe | 
    "{2D63730E-0F15-4B0E-9D7F-06A39E27FB41}" = protocol=6 | dir=in | app=c:\program files\7-zip\7zfm.exe | 
    "{32DE1CEC-760A-4C18-A8E4-00FA32433AC4}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
    "{33CB2A8E-2A63-4926-8AE9-C3E6B1EB289F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{3CB5D97A-6B5E-4BB5-B82D-1537845F9E9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{3E0ACFA9-D452-4D3C-B09C-6E645943AC68}" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\unopkg.com | 
    "{3EB3ED89-06DB-4A97-A7DB-35A4B05DA2B8}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
    "{3FFF68FE-7E47-424F-AB38-B00FFDA70DFD}" = protocol=17 | dir=in | app=c:\program files\rvg software\holdem manager\hmimport.exe | 
    "{408C6B47-B21E-487A-91CD-08A1110595C3}" = protocol=17 | dir=in | app=c:\program files\opera 10 beta\opera.exe | 
    "{42A7100C-F7E5-4613-A7D8-E79DDBFF11C6}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
    "{44EC1130-0E43-44A0-A588-79EB48071066}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
    "{46DDACEC-72E8-4E30-8357-CDF5424D878E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{479DF800-ED4E-4E5F-8C86-37ABE30722C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{4981AFC8-325D-426E-951D-0604A363D21A}" = protocol=17 | dir=in | app=c:\program files\pokerace hud\pahud.exe | 
    "{4BF81851-7FF7-4139-8D0F-EE15CD54B2AD}" = protocol=6 | dir=in | app=c:\program files\full tilt poker\updater.exe | 
    "{517A41D7-BB18-469E-B189-7F3363E8887B}" = protocol=6 | dir=in | app=c:\program files\eurobetpoker\starteurobetpoker.exe | 
    "{53F1FD56-953E-4669-A018-52D23E20CA8E}" = protocol=17 | dir=in | app=c:\program files\openoffice.org 3\program\unopkg.exe | 
    "{5514DE5F-4EB8-4DF9-932B-0D32001DDE21}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
    "{57E36F5E-8209-467A-9EB1-158493D6D8AF}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
    "{5B431C9B-F192-498F-9DA4-0A4E5312C906}" = protocol=6 | dir=in | app=c:\program files\full tilt poker\fulltiltpoker.exe | 
    "{600E9FD3-1971-4DEF-9AFF-7FBB786B6407}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
    "{60B27405-BD96-49A2-836F-D630E1B5BEE1}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
    "{617F3485-FDF5-4CB2-8EFB-285B8B1C0F7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{6454C3FF-5494-4FE5-B6E3-E3CBC75B82D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{6A11B79C-D3F3-4AAA-A50B-01639694F20C}" = protocol=6 | dir=in | app=c:\program files\eurobetpoker\eurobetpoker.exe | 
    "{6B1B722C-374D-4AE0-9B96-31C2F801EC54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{71FD8939-4572-4674-977F-7D250D83699D}" = protocol=17 | dir=in | app=c:\program files\postgresql\8.3\bin\pgadmin3.exe | 
    "{743A1660-F71D-4350-94C7-96894CF7A189}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
    "{74CE0C41-57A6-4A8F-9632-3043AD749F9A}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe | 
    "{74FA9E7C-1F5B-492B-A9FD-BB534BBE88EE}" = protocol=17 | dir=in | app=c:\program files\postgresql\8.3\bin\postgres.exe | 
    "{760EC771-64AA-417E-8C56-C2300741B9CE}" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\unoinfo.exe | 
    "{7676D07B-DFA0-46C0-8F0C-A77EC817CCC6}" = protocol=6 | dir=in | app=c:\program files\rvg software\holdem manager\hmimport.exe | 
    "{8133772C-393F-4BB8-8E03-2016B1ECF458}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
    "{846F2F7D-D5BD-4A27-831A-FCD4017FD4D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{89BD12B5-483B-47A4-A0A3-F514B86A4F5E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
    "{8B5E1481-7CF1-4829-888E-D90FA3192FEC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
    "{9404A704-9947-4B70-8782-3AD9B3CA16AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{952A4E21-1612-4084-9E0E-921AFF80CF7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{99A24B4F-4D4D-449D-87BE-A8499C584A01}" = protocol=17 | dir=in | app=c:\program files\full tilt poker\fulltiltpoker.exe | 
    "{9C3C8EFF-AD45-4BB4-9C08-8F47992DB26A}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
    "{9CF0608A-1585-4EB9-A239-CB90A4978242}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{9D09A779-4F2E-4774-8889-25677E8DB170}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{A1969300-18BC-403D-A00A-D492F646DF09}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{A276D851-8A6E-4DD5-B771-498F2B96633F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
    "{A35AB167-4B43-4EF9-9DB8-6078112CBFFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{A5127B41-3FF0-484E-A107-83FB84BC2AEE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
    "{A622271B-6A7F-47D9-AD08-361FB3929963}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{A6ECAB71-FD89-4F20-A4FE-3BF50162E4FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{AA0F3F35-8DDD-471B-91F8-579A63706457}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{AAB9F410-ED7A-43EF-9622-E71B09B2A958}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{AAE26AF6-222B-4639-A1D8-A19D09508496}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{AB4B6327-B2C9-4243-B3EF-0C2539247A03}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
    "{B043B985-E9D8-4EFC-AA22-1A7E1D1643A5}" = protocol=17 | dir=in | app=c:\program files\7-zip\7zfm.exe | 
    "{B0D6B436-4A5A-4CF8-B8EB-334E7061BC7F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
    "{B11A75AC-7D23-4365-A074-55B11B21307D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{B2D4F973-BEB5-46E5-9B60-75AA7140F6D7}" = protocol=17 | dir=in | app=c:\program files\opera 10 beta\opera.exe | 
    "{B868DAEC-1C5B-4ADD-8A15-D4DE0EB2AF04}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{BB8C2308-B94E-4745-BCA8-6EEEF028C2CE}" = protocol=17 | dir=in | app=c:\program files\eurobetpoker\starteurobetpoker.exe | 
    "{BE79E7C2-A07B-4FC4-A06E-32962425BD33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{BFB8762F-31F4-42CE-BC86-53092EB9E403}" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\unopkg.exe | 
    "{BFEFB197-B4D7-4373-9087-3DF66602DE00}" = protocol=17 | dir=in | app=c:\program files\full tilt poker\updater.exe | 
    "{C0666865-3E69-4679-8C26-24063C330994}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{C69164A6-A59F-421E-8FAB-9AF8B3853677}" = protocol=17 | dir=in | app=c:\program files\eurobetpoker\eurobetpoker.exe | 
    "{C72C33F2-C028-49B1-B34F-CCAEF4204DB3}" = protocol=6 | dir=in | app=c:\program files\opera 10 beta\opera.exe | 
    "{C7668F75-5A90-4A59-9923-2B9CF6ED843E}" = protocol=6 | dir=in | app=c:\program files\openoffice.org 3\program\unopkg.com | 
    "{CCB63BC1-6D81-40D9-A655-7553AA270D55}" = protocol=6 | dir=in | app=c:\program files\postgresql\8.3\bin\pgadmin3.exe | 
    "{CCC6F821-4DB2-4BD1-BC03-69F2D67C4E2B}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
    "{D3B0B13D-A9E0-491F-9CB2-FEC7F1C58836}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe | 
    "{D8E6A750-117E-4F60-8869-EC13D52C8A40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{D9C08205-37DB-4BBA-B144-2A59BC818A86}" = protocol=6 | dir=in | app=c:\program files\pokerace hud\pahud.exe | 
    "{DAFED145-577B-4031-9BF9-F49534BAC22C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{DF9A6EF5-6A93-47F9-94E9-988E5FAE97F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{E1EB8184-961F-4EAE-AC12-267A13966BD2}" = protocol=6 | dir=in | app=c:\program files\eurobetpoker\updateeurobetpoker.exe | 
    "{E699A312-B4FD-41A2-A6C9-0514AAD207E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{EE9EEE5B-AF29-41B0-A9A7-40501D08A841}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
    "{EF566B41-6D9D-41D3-8731-71C6B05C9822}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
    "{F5E6E13E-4C60-4A68-BEA8-9EDC3D860FA4}" = protocol=17 | dir=in | app=c:\program files\eurobetpoker\updateeurobetpoker.exe | 
    "{F99F5B52-D166-4213-92D1-0D49A577A651}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
    "{FC30CEFF-09D3-44DB-BFA9-CC5FFFC2FB94}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe | 
    "{FE4F6148-B7F2-4064-82A9-00D6C0A96C9E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
    "TCP Query User{06F86099-9498-488F-B161-39E214034567}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
    "TCP Query User{110DA080-D579-47C6-8704-5FD5459EFBA4}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
    "TCP Query User{11D0BD2A-DFE8-4EE0-B0D8-C3DC4E4B9592}C:\program files\3do\heroes3\heroes3.exe" = protocol=6 | dir=in | app=c:\program files\3do\heroes3\heroes3.exe | 
    "TCP Query User{11E54BBB-16DC-4808-ABDF-7BFC6E7F433B}C:\users\thomas\temp\teamviewer3\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\thomas\temp\teamviewer3\teamviewer.exe | 
    "TCP Query User{14E3C155-97DA-41F4-94B6-E43A09A671EF}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
    "TCP Query User{1BE15CAC-EAD8-49A9-93C2-E6917F09F653}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
    "TCP Query User{31FB19B9-8324-4850-AB4E-78DECEBD7C54}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
    "TCP Query User{5168FCBE-49D6-4214-85F1-929E972957C5}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
    "TCP Query User{5A9292AB-90C0-4646-99A2-D87CF8D41B52}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
    "TCP Query User{5CF36F03-E2F3-4497-8423-47C66890B8D7}C:\program files\java\jre6\launch4j-tmp\abloadtool.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\abloadtool.exe | 
    "TCP Query User{6A9EF3D4-493E-4D2A-A760-64D46B668998}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
    "TCP Query User{6D61EADB-BB51-4E1A-AC3C-24477368FF0D}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
    "TCP Query User{7B3852D8-C664-4C68-BC17-D5961A537DCA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "TCP Query User{91466CB4-DAFF-414A-A4E4-B243644E2A73}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
    "TCP Query User{A0F87518-79A8-4D79-8D32-6FF013005508}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
    "TCP Query User{A8808EA4-3B63-419D-AE7A-6A8334A5B884}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
    "TCP Query User{BC9B6E3C-2259-4179-997A-73499DA57954}C:\users\thomas\desktop\pg2me\suitepg2.exe" = protocol=6 | dir=in | app=c:\users\thomas\desktop\pg2me\suitepg2.exe | 
    "TCP Query User{BF3C1781-EDA3-4D9C-BB37-E490F6924D2F}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
    "TCP Query User{CE2DD118-C077-4086-B81D-930511AB7C32}C:\program files\3do\heroes of might and magic iv\heroes4g.exe" = protocol=6 | dir=in | app=c:\program files\3do\heroes of might and magic iv\heroes4g.exe | 
    "TCP Query User{E1102385-9A6F-4189-A6C8-5B9D37579CA9}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
    "TCP Query User{E2BAEB93-6253-4907-B313-0005B2C3831A}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
    "TCP Query User{E581D90E-6879-4AE2-9A9A-1E32B4D0FD32}C:\program files\radioripper\radioripper.exe" = protocol=6 | dir=in | app=c:\program files\radioripper\radioripper.exe | 
    "TCP Query User{F0647E4D-D204-4256-B444-6217EAAED7AE}C:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe | 
    "TCP Query User{FE000DAA-F7CE-484B-B76D-780E1276BB46}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
    "UDP Query User{0BA643E3-4A1A-45E2-A2B4-AA6F7FF88B46}C:\program files\radioripper\radioripper.exe" = protocol=17 | dir=in | app=c:\program files\radioripper\radioripper.exe | 
    "UDP Query User{26B86E0E-D37B-4763-8946-E61D156C5686}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
    "UDP Query User{31932DF5-5737-4F41-8D9F-B991F08B7CD1}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
    "UDP Query User{3725F808-8447-42B7-8083-D4C7FFBF25E7}C:\program files\3do\heroes of might and magic iv\heroes4g.exe" = protocol=17 | dir=in | app=c:\program files\3do\heroes of might and magic iv\heroes4g.exe | 
    "UDP Query User{38DA924D-9495-4F63-B704-F24EE4427E0F}C:\users\thomas\temp\teamviewer3\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\thomas\temp\teamviewer3\teamviewer.exe | 
    "UDP Query User{4115F62B-DC45-4343-80A3-E938FF588416}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
    "UDP Query User{423702D0-21BD-456C-969C-FAC1381EB0CC}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
    "UDP Query User{5A063E08-8A63-4D04-BE22-FCF742DEA6F9}C:\program files\java\jre6\launch4j-tmp\abloadtool.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\abloadtool.exe | 
    "UDP Query User{664111B8-2392-496D-8511-54C120801F89}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
    "UDP Query User{66E1CDFA-B223-42BD-ABD9-A78973CD6DE3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
    "UDP Query User{724A9DC8-D89F-41AE-98B2-5F8A4C2F35C0}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
    "UDP Query User{757BE00E-A719-4EF2-9BE2-604E4B45F12F}C:\program files\3do\heroes3\heroes3.exe" = protocol=17 | dir=in | app=c:\program files\3do\heroes3\heroes3.exe | 
    "UDP Query User{7D7BF88D-23ED-49FA-89BC-E916E71DFF51}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
    "UDP Query User{83792D3E-FA9E-421C-ACF7-3426CB328105}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
    "UDP Query User{AD05D0BA-8401-443A-AA64-E350B5186205}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
    "UDP Query User{B0ACF67C-82F0-4DFD-871E-8BA04B0C212C}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
    "UDP Query User{B2402023-0C87-4082-A12F-1700B3E3DB37}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
    "UDP Query User{BF7165D2-F438-40EB-914D-BE1B46F70583}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
    "UDP Query User{D45AFEBC-3033-44B4-AE2D-2275D351615A}C:\users\thomas\desktop\pg2me\suitepg2.exe" = protocol=17 | dir=in | app=c:\users\thomas\desktop\pg2me\suitepg2.exe | 
    "UDP Query User{E0E0BFF6-3CB7-47B1-B7FD-EA5F9E6D9A51}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
    "UDP Query User{E804EA51-5E2D-4569-8A93-3E520597CB88}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
    "UDP Query User{F859BA17-15C1-45B9-BA60-3A48A41ECF7A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
    "UDP Query User{F8DD710B-6AB7-46EF-9592-66D1975D0715}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
    "UDP Query User{FDB1CD60-AF66-4386-9ED8-B6286D9C66F2}C:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
    "{019C7A94-5569-41F9-8536-C60976BA6DF0}" = ESU for Microsoft Vista
    "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
    "{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
    "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{10075C48-4DEB-464F-95CF-FD8DED94E983}" = Haushaltsbuch 3.1
    "{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
    "{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extentions
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
    "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
    "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
    "{334B6B44-2C7F-4AC0-A215-E780541CE033}" = Paragon Drive Copy 9.0 Personal Special Edition
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
    "{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
    "{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
    "{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
    "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
    "{6868B3BD-0642-442C-A542-28716AA6DD2D}" = Microsoft ODBC .NET Data Provider
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6E255CF0-10FF-4F2B-B6E2-BD03872C1F60}" = Microsoft Small Basic v0.3.1
    "{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B13
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{7E910FDA-CBBE-4451-8728-235E6A4DE162}" = Sony Ericsson Media Manager 1.1
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
    "{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
    "{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
    "{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
    "{B51C3024-333B-4FB6-B1EC-49ECE2DE6056}" = HP User Guides 0077
    "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
    "{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
    "{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
    "{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
    "{EB731227-8AC5-4889-ACE9-7D87864A9F19}" = Logitech GamePanel Software 3.02.173
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "{F98D4409-8E47-45D3-A2AD-A9356324ACC2}" = Setometer
    "{FF46E334-6F35-49C3-B60A-034969BE25AB}" = Vista Default Settings
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.10 beta
    "Abloadtool 2.0" = Abloadtool 2.0
    "ac'tivAid" = ac'tivAid v1.3.1
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "CCleaner" = CCleaner (remove only)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
    "Defraggler" = Defraggler
    "Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
    "EPSON Printer and Utilities" = EPSON-Drucker-Software
    "EPSON Scanner" = EPSON Scan
    "EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
    "EurobetPoker" = EurobetPoker (remove only)
    "EuroPoker_is1" = EuroPoker
    "Everest Poker" = Everest Poker (Remove Only)
    "FastStone Photo Resizer" = FastStone Photo Resizer 1.4
    "FLAC" = FLAC 1.2.1b (remove only)
    "foobar2000" = foobar2000 v1.0
    "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
    "Free FLV Converter_is1" = Free FLV Converter V 6.7.4
    "Free YouTube Download_is1" = Free YouTube Download 2.2
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
    "Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Heroes of Might and Magic IV" = Heroes of Might and Magic® IV
    "HijackThis" = HijackThis 2.0.2
    "HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.6.5
    "ImgBurn" = ImgBurn
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mansion Poker" = MansionPoker
    "Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
    "Mp3tag" = Mp3tag v2.43
    "nbi-nb-base-6.5.1.0.200903060201" = NetBeans IDE 6.5.1
    "Notepad++" = Notepad++
    "OpenAL" = OpenAL
    "PartyPoker" = PartyPoker
    "PC Wizard 2008_is1" = PC Wizard 2008.1.871
    "pdfsam" = pdfsam
    "PeG-ACW_is1" = PeG-ACW July 2008
    "PeG-NAP_is1" = PeG-NAP August 2008
    "PeG-WW1_is1" = PeG-WW1 July 2008
    "PeG-WW2 Western Europe_is1" = PeG-WW2 Western Europe August 2008
    "PeG-WW2_is1" = PeG-WW2 August 2008
    "PeG-WW2-PAC_is1" = PeG-WW2-Pacific August 2008
    "PokerRoom.com" = PokerRoom.com (remove only)
    "PokerStars" = PokerStars
    "PROSet" = Intel(R) Network Connections Drivers
    "Secunia PSI" = Secunia PSI
    "Sierra Utilities" = Sierra Utilities
    "SQLite ODBC Driver" = SQLite ODBC Driver (remove only)
    "ST6UNST #1" = PG2 UK102-textfileconverter
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "SystemRequirementsLab" = System Requirements Lab
    "TeamViewer 5" = TeamViewer 5
    "Titan Poker" = Titan Poker
    "Uninstall_is1" = Uninstall 1.0.0.1
    "Update Service" = Update Service
    "VLC media player" = VLC media player 1.0.5
    "WinUAE" = WinUAE 1.5.0
    "wpex4AppId_is1" = WSEX Poker 4.0.0
    "Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
    "XMind" = XMind
    "XnView_is1" = XnView 1.97.4
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "FAZ-News" = FAZ-News
    "Scientific Calculator" = Scientific Calculator
    "Screenpresso" = Screenpresso
    "Universal Currency Converter" = Universal Currency Converter
    "WinDirStat" = WinDirStat 1.1.2
     
    ========== Last 10 Event Log Errors ==========
     
    [ Application Events ]
    Error - 7/5/2010 2:31:09 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:09 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:10 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:10 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:11 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:11 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:12 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:12 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:13 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:13 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:14 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:14 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:15 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:15 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:17 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:17 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:18 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:18 CEST FATAL:  role "SYSTEM" does not exist 
     
    Error - 7/5/2010 2:31:19 PM | Computer Name = Thomas-Notebook | Source = PostgreSQL | ID = 0
    Description = 2010-07-05 20:31:19 CEST FATAL:  role "SYSTEM" does not exist 
     
    [ System Events ]
    Error - 6/29/2010 4:38:33 AM | Computer Name = Thomas-Notebook | Source = Service Control Manager | ID = 7011
    Description = 
     
    Error - 6/30/2010 3:36:22 AM | Computer Name = Thomas-Notebook | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am 30.06.2010 um 01:46:12 unerwartet heruntergefahren.
     
    Error - 7/1/2010 4:40:16 AM | Computer Name = Thomas-Notebook | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am 01.07.2010 um 02:37:57 unerwartet heruntergefahren.
     
    Error - 7/1/2010 8:14:44 PM | Computer Name = Thomas-Notebook | Source = Service Control Manager | ID = 7011
    Description = 
     
    Error - 7/2/2010 2:06:37 AM | Computer Name = Thomas-Notebook | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am 02.07.2010 um 02:20:41 unerwartet heruntergefahren.
     
    Error - 7/4/2010 1:43:51 AM | Computer Name = Thomas-Notebook | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am 04.07.2010 um 03:24:41 unerwartet heruntergefahren.
     
    Error - 7/4/2010 7:43:01 AM | Computer Name = Thomas-Notebook | Source = DCOM | ID = 10010
    Description = 
     
    Error - 7/5/2010 10:52:41 AM | Computer Name = Thomas-Notebook | Source = DCOM | ID = 10010
    Description = 
     
    Error - 7/5/2010 1:30:57 PM | Computer Name = Thomas-Notebook | Source = EventLog | ID = 6008
    Description = Das System wurde zuvor am 05.07.2010 um 19:29:10 unerwartet heruntergefahren.
     
    Error - 7/5/2010 1:30:53 PM | Computer Name = Thomas-Notebook | Source = volsnap | ID = 393241
    Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
     nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
     oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
     auswählen.
     
     
    < End of report >


    Sophos

    Code:
    Sophos Anti-Rootkit Version 1.5.4  (c) 2009 Sophos Plc
    Started logging on 05.07.2010 at 20:45:47
    User "Thomas" on computer "THOMAS-NOTEBOOK"
    Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
    Info:	Starting process scan.
    Info:	Starting registry scan.
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Hidden:	registry item \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed
    Info:	Starting disk scan of C: (NTFS).
    Hidden:	file C:\Windows\System32\drivers\sptd.sys
    Info:	Starting disk scan of E: (NTFS).
    Info:	Starting disk scan of F: (NTFS).
    Stopped logging on 05.07.2010 at 22:00:46


    HJTScanlist.bat

    Code:
     
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                            º                                    º 
                                        hjtscanlist v2.0              
                            º                                    º 
                            $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
    
    Microsoft Windows [Version 6.0.6002]
     
     
    C:
    
           C:\pagefile.sys ---------    
      07/05/2010 08:40 PM     C:\Program Files --------- 65536   
      07/05/2010 07:30 PM     C:\Windows --------- 32768   
      07/05/2010 07:30 PM     C:\System Volume Information --------- 24576   
      07/05/2010 05:04 PM     C:\rsit --------- 0   
      07/05/2010 03:57 PM     C:\ProgramData --------- 12288   
      07/01/2010 10:22 PM     C:\PROGRAMME --------- 0   
      05/18/2010 06:47 PM     C:\pcwdbg.log --------- 2589   
      05/16/2010 01:34 AM     C:\OngameGrab.txt --------- 474323   
      04/02/2010 06:28 PM     C:\Intel --------- 4096   
      03/14/2010 07:08 PM     C:\Poker Application --------- 0   
      02/28/2010 06:23 PM     C:\Programs --------- 0   
      02/28/2010 05:05 PM     C:\Poker --------- 0   
      12/30/2009 11:48 PM     C:\DAGGER --------- 4096   
      11/18/2009 11:00 PM     C:\Users --------- 4096   
      09/02/2009 07:24 PM     C:\HP Update.msi --------- 1726976   
      09/02/2009 07:24 PM     C:\1031.MST --------- 90624   
      05/27/2009 12:32 AM     C:\boot --------- 4096   
      04/11/2009 08:36 AM     C:\bootmgr --------- 333257   
      03/30/2009 10:27 AM     C:\found.000 --------- 0   
      02/12/2009 03:09 PM     C:\SWSetup --------- 4096   
      01/31/2009 11:44 AM     C:\PerfLogs --------- 0   
      12/03/2008 07:09 PM     C:\1280x800_20081203.dsv --------- 1085   
      11/23/2008 12:20 AM     C:\$Recycle.Bin --------- 4096   
      10/19/2008 01:21 PM     C:\DVDVideoSoft --------- 0   
      09/16/2008 07:49 AM     C:\IO.SYS --------- 0   
      09/16/2008 07:49 AM     C:\MSDOS.SYS --------- 0   
      07/31/2008 12:31 AM     C:\System.sav --------- 0   
      11/07/2007 09:12 AM     C:\VC_RED.MSI --------- 232960   
      11/07/2007 09:09 AM     C:\VC_RED.cab --------- 1442522   
      11/07/2007 09:03 AM     C:\install.res.1041.dll --------- 81424   
      11/07/2007 09:03 AM     C:\install.res.1042.dll --------- 79888   
      11/07/2007 09:03 AM     C:\install.res.1033.dll --------- 91152   
      11/07/2007 09:03 AM     C:\install.res.1040.dll --------- 95248   
      11/07/2007 09:03 AM     C:\install.exe --------- 562688   
      11/07/2007 09:03 AM     C:\install.res.1031.dll --------- 96272   
      11/07/2007 09:03 AM     C:\install.res.1028.dll --------- 76304   
      11/07/2007 09:03 AM     C:\install.res.1036.dll --------- 97296   
      11/07/2007 09:03 AM     C:\install.res.3082.dll --------- 96272   
      11/07/2007 09:03 AM     C:\install.res.2052.dll --------- 75792   
      11/07/2007 09:00 AM     C:\eula.1042.txt --------- 17734   
      11/07/2007 09:00 AM     C:\eula.1041.txt --------- 118   
      11/07/2007 09:00 AM     C:\eula.1040.txt --------- 17734   
      11/07/2007 09:00 AM     C:\eula.1036.txt --------- 17734   
      11/07/2007 09:00 AM     C:\eula.1033.txt --------- 10134   
      11/07/2007 09:00 AM     C:\eula.1031.txt --------- 17734   
      11/07/2007 09:00 AM     C:\eula.1028.txt --------- 17734   
      11/07/2007 09:00 AM     C:\eula.2052.txt --------- 17734   
      11/07/2007 09:00 AM     C:\eula.3082.txt --------- 17734   
      11/07/2007 09:00 AM     C:\vcredist.bmp --------- 5686   
      11/07/2007 09:00 AM     C:\globdata.ini --------- 1110   
      11/07/2007 09:00 AM     C:\install.ini --------- 843   
      11/06/2007 06:59 AM     C:\C_USERPART --------- 0   
      11/06/2007 06:37 AM     C:\hp --------- 0   
      11/09/2006 06:46 PM     C:\Dokumente und Einstellungen --------- 0   
      11/02/2006 02:59 PM     C:\Documents and Settings --------- 0   
    ----------------------------------------
    
     
    C:\Windows
    
      07/05/2010 10:06 PM     C:\Windows\bootstat.dat --------- 67584   
      07/05/2010 10:05 PM     C:\Windows\bthservsdp.dat --------- 12   
      07/05/2010 10:05 PM     C:\Windows\WindowsUpdate.log --------- 1962262   
      07/05/2010 07:30 PM     C:\Windows\MEMORY.DMP --------- 257494420   
      05/16/2010 11:21 AM     C:\Windows\win.ini --------- 1005   
      04/13/2010 08:35 AM     C:\Windows\ntbtlog.txt --------- 244758   
      03/04/2010 08:34 PM     C:\Windows\PFRO.log --------- 107330   
      01/19/2010 08:29 PM     C:\Windows\SIERRA.INI --------- 235   
      12/15/2009 08:45 PM     C:\Windows\setupact.log --------- 67046   
      11/26/2009 04:01 AM     C:\Windows\msxml4-KB973688-enu.LOG --------- 296284   
      11/23/2009 09:44 PM     C:\Windows\HMHud.INI --------- 0   
      11/12/2009 11:13 PM     C:\Windows\DPINST.LOG --------- 90668   
      11/09/2009 11:50 PM     C:\Windows\DirectX.log --------- 310067   
      06/20/2009 10:57 PM     C:\Windows\ULead32.ini --------- 89   
      06/12/2009 01:02 PM     C:\Windows\LDPINST.LOG --------- 10513   
      06/04/2009 09:36 PM     C:\Windows\hotcore3.log --------- 23   
      05/12/2009 10:57 AM     C:\Windows\KE.log --------- 86   
      05/12/2009 10:57 AM     C:\Windows\KB893803v2.log --------- 550   
      04/13/2009 02:36 PM     C:\Windows\ie8_main.log --------- 57412   
      04/11/2009 08:27 AM     C:\Windows\explorer.exe --------- 2926592   
      02/17/2009 05:32 PM     C:\Windows\VPNUnInstall.MIF --------- 1594   
      02/08/2009 12:21 AM     C:\Windows\BGInfo.bmp --------- 4096054   
      12/18/2008 11:42 PM     C:\Windows\KHALMNPR.Exe --------- 76304   
      11/17/2008 06:22 PM     C:\Windows\CDE DX7400DEFGIPS.ini --------- 25   
      11/12/2008 03:52 PM     C:\Windows\msxml4-KB954430-enu.LOG --------- 286862   
      11/10/2008 02:13 PM     C:\Windows\avmfwlanci.log --------- 12650   
      11/05/2008 04:45 PM     C:\Windows\Setup1.exe --------- 286720   
      11/05/2008 04:45 PM     C:\Windows\ST6UNST.EXE --------- 73216   
      10/29/2008 08:03 PM     C:\Windows\ODBC.INI --------- 392   
      10/29/2008 08:03 PM     C:\Windows\ODBCINST.INI --------- 537   
      10/09/2008 05:22 AM     C:\Windows\WindowsShell.Manifest --------- 749   
      10/09/2008 05:20 AM     C:\Windows\DtcInstall.log --------- 4853   
      09/13/2008 01:07 PM     C:\Windows\VPNInstall.MIF --------- 1594   
      09/01/2008 06:07 AM     C:\Windows\nsreg.dat --------- 0   
      08/05/2008 09:48 AM     C:\Windows\msxml4-KB941833-enu.LOG --------- 261120   
      08/04/2008 10:07 PM     C:\Windows\msxml4-KB936181-enu.LOG --------- 265196   
      07/31/2008 12:26 AM     C:\Windows\HPQLB.LOG --------- 7094   
      07/31/2008 12:24 AM     C:\Windows\bcmwl.log --------- 9904   
      07/31/2008 12:21 AM     C:\Windows\log.log --------- 188   
      07/30/2008 11:53 PM     C:\Windows\TSSysprep.log --------- 5767   
      01/19/2008 09:33 AM     C:\Windows\regedit.exe --------- 134656   
      01/19/2008 09:33 AM     C:\Windows\notepad.exe --------- 151040   
      01/19/2008 09:33 AM     C:\Windows\HelpPane.exe --------- 498176   
      01/19/2008 09:33 AM     C:\Windows\fveupdate.exe --------- 13312   
      01/19/2008 09:33 AM     C:\Windows\bfsvc.exe --------- 58880   
      11/06/2007 05:09 PM     C:\Windows\SETUPAPI.LOG --------- 1054   
      11/06/2007 01:17 PM     C:\Windows\csup.txt --------- 10   
      11/06/2007 06:58 AM     C:\Windows\xpsp1hfm.log --------- 1387   
      08/20/2007 10:01 PM     C:\Windows\install89874.log --------- 4008   
      11/02/2006 02:49 PM     C:\Windows\setuperr.log --------- 0   
      11/02/2006 02:34 PM     C:\Windows\WMSysPr9.prx --------- 316640   
      11/02/2006 02:33 PM     C:\Windows\twunk_16.exe --------- 49680   
      11/02/2006 02:33 PM     C:\Windows\twain_32.dll --------- 50688   
      11/02/2006 02:33 PM     C:\Windows\twunk_32.exe --------- 31232   
      11/02/2006 02:33 PM     C:\Windows\twain.dll --------- 94784   
      11/02/2006 11:45 AM     C:\Windows\winhlp32.exe --------- 9216   
      11/02/2006 11:45 AM     C:\Windows\hh.exe --------- 14848   
      11/02/2006 09:46 AM     C:\Windows\mib.bin --------- 43131   
      11/02/2006 08:46 AM     C:\Windows\WMPrfDeu.prx --------- 33820   
      10/09/2006 04:55 PM     C:\Windows\biwlandrvvistaver.dll --------- 7168   
      09/19/2006 01:41 PM     C:\Windows\HomeBasic.xml --------- 8286   
      09/18/2006 11:46 PM     C:\Windows\system.ini --------- 219   
      09/18/2006 11:43 PM     C:\Windows\_default.pif --------- 707   
      09/18/2006 11:43 PM     C:\Windows\winhelp.exe --------- 256192   
      09/18/2006 11:30 PM     C:\Windows\msdfmap.ini --------- 1405   
      11/17/1998 01:44 PM     C:\Windows\IsUn0407.exe --------- 328704   
      10/29/1998 04:45 PM     C:\Windows\IsUninst.exe --------- 306688   
    ----------------------------------------
    
     
    C:\Windows\System
    
     07/31/2008 12:30 AM      C:\Windows\System\hpsysdrv.dat --------- 44 
     11/02/2006 02:33 PM      C:\Windows\System\mciseq.drv --------- 25264 
     11/02/2006 02:33 PM      C:\Windows\System\mciwave.drv --------- 28160 
     11/02/2006 02:33 PM      C:\Windows\System\avifile.dll --------- 109456 
     11/02/2006 02:33 PM      C:\Windows\System\mciavi.drv --------- 73376 
     11/02/2006 02:33 PM      C:\Windows\System\avicap.dll --------- 69584 
     11/02/2006 02:33 PM      C:\Windows\System\msvideo.dll --------- 126912 
     11/02/2006 09:10 AM      C:\Windows\System\OLESVR.DLL --------- 24064 
     11/02/2006 09:10 AM      C:\Windows\System\WFWNET.DRV --------- 12704 
     11/02/2006 09:10 AM      C:\Windows\System\COMMDLG.DLL --------- 32816 
     11/02/2006 09:10 AM      C:\Windows\System\TIMER.DRV --------- 4048 
     11/02/2006 09:10 AM      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
     11/02/2006 09:10 AM      C:\Windows\System\mmtask.tsk --------- 1152 
     11/02/2006 09:10 AM      C:\Windows\System\mouse.drv --------- 2032 
     11/02/2006 09:10 AM      C:\Windows\System\vga.drv --------- 2176 
     11/02/2006 09:10 AM      C:\Windows\System\sound.drv --------- 1744 
     11/02/2006 09:10 AM      C:\Windows\System\keyboard.drv --------- 2000 
     11/02/2006 09:10 AM      C:\Windows\System\SHELL.DLL --------- 5120 
     11/02/2006 09:10 AM      C:\Windows\System\system.drv --------- 3360 
     09/18/2006 11:43 PM      C:\Windows\System\ver.dll --------- 9008 
     09/18/2006 11:43 PM      C:\Windows\System\olecli.dll --------- 82944 
     09/18/2006 11:43 PM      C:\Windows\System\lzexpand.dll --------- 9936 
     09/18/2006 11:35 PM      C:\Windows\System\stdole.tlb --------- 5532 
    ----------------------------------------
    
     
    C:\Windows\System32
    
     07/05/2010 10:06 PM     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3296  
     07/05/2010 10:06 PM     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3296  
     07/05/2010 07:32 PM     C:\Windows\system32\catroot2 --------- 8192  
     07/05/2010 04:54 PM     C:\Windows\system32\drivers --------- 81920  
     07/05/2010 04:06 PM     C:\Windows\system32\Tasks --------- 4096  
     06/25/2010 12:10 PM     C:\Windows\system32\de-DE --------- 262144  
     06/25/2010 12:10 PM     C:\Windows\system32\perfh009.dat --------- 653936  
     06/25/2010 12:10 PM     C:\Windows\system32\perfc009.dat --------- 126126  
     06/25/2010 12:10 PM     C:\Windows\system32\perfh007.dat --------- 699228  
     06/25/2010 12:10 PM     C:\Windows\system32\perfc007.dat --------- 155398  
     06/25/2010 12:10 PM     C:\Windows\system32\PerfStringBackup.INI --------- 1646592  
     06/25/2010 12:06 PM     C:\Windows\system32\en-US --------- 8192  
     06/24/2010 09:24 AM     C:\Windows\system32\catroot --------- 0  
     06/11/2010 06:36 PM     C:\Windows\system32\FNTCACHE.DAT --------- 443080  
     06/11/2010 06:32 PM     C:\Windows\system32\migration --------- 0  
     06/10/2010 10:06 PM     C:\Windows\system32\wbem --------- 61440  
     05/29/2010 01:23 PM     C:\Windows\system32\WDI --------- 8192  
     05/28/2010 09:37 PM     C:\Windows\system32\mrt.exe --------- 32472008  
     05/26/2010 07:06 PM     C:\Windows\system32\atmlib.dll --------- 34304  
     05/26/2010 04:47 PM     C:\Windows\system32\atmfd.dll --------- 289792  
     05/21/2010 02:14 PM     C:\Windows\system32\MpSigStub.exe --------- 221568  
     05/04/2010 07:59 AM     C:\Windows\system32\wininet.dll --------- 916480  
     05/04/2010 07:59 AM     C:\Windows\system32\urlmon.dll --------- 1209344  
     05/04/2010 07:58 AM     C:\Windows\system32\occache.dll --------- 206848  
     05/04/2010 07:56 AM     C:\Windows\system32\mstime.dll --------- 611840  
     05/04/2010 07:56 AM     C:\Windows\system32\mshtml.dll --------- 5950976  
     05/04/2010 07:56 AM     C:\Windows\system32\msfeedsbs.dll --------- 55296  
     05/04/2010 07:56 AM     C:\Windows\system32\msfeeds.dll --------- 599040  
     05/04/2010 07:55 AM     C:\Windows\system32\jsproxy.dll --------- 25600  
     05/04/2010 07:55 AM     C:\Windows\system32\inetcpl.cpl --------- 1469440  
     05/04/2010 07:55 AM     C:\Windows\system32\ieui.dll --------- 164352  
     05/04/2010 07:55 AM     C:\Windows\system32\iesysprep.dll --------- 109056  
     05/04/2010 07:55 AM     C:\Windows\system32\iertutil.dll --------- 1985536  
     05/04/2010 07:55 AM     C:\Windows\system32\iesetup.dll --------- 71680  
     05/04/2010 07:55 AM     C:\Windows\system32\iernonce.dll --------- 55808  
     05/04/2010 07:55 AM     C:\Windows\system32\iepeers.dll --------- 184320  
     05/04/2010 07:55 AM     C:\Windows\system32\ieframe.dll --------- 11076096  
     05/04/2010 07:55 AM     C:\Windows\system32\iedkcs32.dll --------- 387584  
     05/04/2010 06:31 AM     C:\Windows\system32\ieUnatt.exe --------- 133632  
     05/04/2010 06:30 AM     C:\Windows\system32\ie4uinit.exe --------- 173056  
     05/04/2010 06:30 AM     C:\Windows\system32\msfeedssync.exe --------- 13312  
     05/04/2010 06:30 AM     C:\Windows\system32\mshtml.tlb --------- 1638912  
     05/01/2010 04:13 PM     C:\Windows\system32\win32k.sys --------- 2037248  
     04/25/2010 11:22 AM     C:\Windows\system32\Adobe --------- 0  
     04/23/2010 04:13 PM     C:\Windows\system32\tzres.dll --------- 2048  
     04/16/2010 06:43 PM     C:\Windows\system32\Apphlpdm.dll --------- 28672  
     04/16/2010 04:39 PM     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
     04/05/2010 07:01 PM     C:\Windows\system32\asycfilt.dll --------- 67072  
     03/18/2010 01:16 PM     C:\Windows\system32\msvcr100_clr0400.dll --------- 771424  
     03/10/2010 10:30 AM     C:\Windows\system32\DOErrors.log --------- 52  
     03/05/2010 04:01 PM     C:\Windows\system32\vbscript.dll --------- 420352  
     02/18/2010 04:07 PM     C:\Windows\system32\ntkrnlpa.exe --------- 3600776  
     02/18/2010 04:07 PM     C:\Windows\system32\ntoskrnl.exe --------- 3548040  
     02/18/2010 03:30 PM     C:\Windows\system32\iphlpsvc.dll --------- 200704  
     02/12/2010 12:32 PM     C:\Windows\system32\browserchoice.exe --------- 293376  
     01/29/2010 05:40 PM     C:\Windows\system32\inetcomm.dll --------- 738816  
     01/25/2010 02:00 PM     C:\Windows\system32\secproc_ssp_isv.dll --------- 152576  
     01/25/2010 02:00 PM     C:\Windows\system32\secproc_ssp.dll --------- 152064  
     01/25/2010 02:00 PM     C:\Windows\system32\secproc_isv.dll --------- 471552  
     01/25/2010 02:00 PM     C:\Windows\system32\secproc.dll --------- 471552  
     01/25/2010 01:58 PM     C:\Windows\system32\msdrm.dll --------- 332288  
     01/25/2010 10:21 AM     C:\Windows\system32\RMActivate_ssp_isv.exe --------- 346624  
     01/25/2010 10:21 AM     C:\Windows\system32\RMActivate_isv.exe --------- 526336  
     01/25/2010 10:21 AM     C:\Windows\system32\RMActivate_ssp.exe --------- 347136  
     01/25/2010 10:21 AM     C:\Windows\system32\RMActivate.exe --------- 518144  
     01/21/2010 05:05 PM     C:\Windows\system32\l3codeca.acm --------- 62464  
     01/15/2010 07:30 PM     C:\Windows\system32\TubeFinder.exe --------- 315392  
     01/13/2010 07:34 PM     C:\Windows\system32\cabview.dll --------- 98304  
     01/06/2010 05:39 PM     C:\Windows\system32\gameux.dll --------- 1696256  
     12/23/2009 01:33 PM     C:\Windows\system32\wintrust.dll --------- 172032  
     12/04/2009 08:30 PM     C:\Windows\system32\tsbyuv.dll --------- 12288  
     12/04/2009 08:29 PM     C:\Windows\system32\quartz.dll --------- 1314816  
     12/04/2009 08:28 PM     C:\Windows\system32\msyuv.dll --------- 22528  
     12/04/2009 08:28 PM     C:\Windows\system32\msvidc32.dll --------- 31744  
     12/04/2009 08:28 PM     C:\Windows\system32\msvfw32.dll --------- 123904  
     12/04/2009 08:28 PM     C:\Windows\system32\msrle32.dll --------- 13312  
     12/04/2009 08:28 PM     C:\Windows\system32\mciavi32.dll --------- 82944  
     12/04/2009 08:28 PM     C:\Windows\system32\iyuv_32.dll --------- 50176  
     12/04/2009 08:27 PM     C:\Windows\system32\avifil32.dll --------- 91136  
     12/04/2009 09:19 AM     C:\Windows\system32\jscript.dll --------- 726528  
     11/29/2009 11:48 PM     C:\Windows\system32\spool --------- 4096  
     11/17/2009 02:10 PM     C:\Windows\system32\Macromed --------- 0  
     11/10/2009 03:26 PM     C:\Windows\system32\wrap_oal.dll --------- 409600  
     11/10/2009 03:26 PM     C:\Windows\system32\OpenAL32.dll --------- 114688  
     11/10/2009 09:27 AM     C:\Windows\system32\jupdate-1.6.0_17-b04.log --------- 3596  
     11/08/2009 10:55 AM     C:\Windows\system32\dfshim.dll --------- 1130824  
     11/08/2009 10:55 AM     C:\Windows\system32\mscoree.dll --------- 297808  
     11/08/2009 10:55 AM     C:\Windows\system32\PresentationHostProxy.dll --------- 99176  
     11/08/2009 10:55 AM     C:\Windows\system32\netfxperf.dll --------- 49472  
     11/08/2009 10:55 AM     C:\Windows\system32\PresentationHost.exe --------- 295264  
     11/03/2009 11:43 PM     C:\Windows\system32\nshhttp.dll --------- 24064  
     11/03/2009 11:42 PM     C:\Windows\system32\httpapi.dll --------- 30720  
     11/03/2009 05:44 AM     C:\Windows\system32\pt-BR --------- 0  
     11/03/2009 05:44 AM     C:\Windows\system32\bg-BG --------- 0  
     11/03/2009 05:44 AM     C:\Windows\system32\it-IT --------- 0  
     11/03/2009 05:44 AM     C:\Windows\system32\he-IL --------- 0  
     11/03/2009 05:44 AM     C:\Windows\system32\pt-PT --------- 0  
     11/03/2009 05:44 AM     C:\Windows\system32\pl-PL --------- 0  
     11/03/2009 05:44 AM     C:\Windows\system32\ko-KR --------- 0  
     11/03/2009 05:44 AM     C:\Windows\system32\uk-UA --------- 0  
    ----------------------------------------
    
     
    C:\Windows\Prefetch
    
     07/05/2010 10:09 PM     C:\Windows\Prefetch\HPHC_SERVICE.EXE-B8B935C8.pf --------- 40774  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 6946  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\CONIME.EXE-B273009A.pf --------- 14558  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 17510  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 30844  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf --------- 15642  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 24940  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\POSTGRES.EXE-BAB6CF3A.pf --------- 31158  
     07/05/2010 10:09 PM     C:\Windows\Prefetch\7ZG.EXE-2A7D43BC.pf --------- 16504  
     07/05/2010 10:08 PM     C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 29022  
     07/05/2010 10:08 PM     C:\Windows\Prefetch\OPERA.EXE-418733A8.pf --------- 177650  
     07/05/2010 10:08 PM     C:\Windows\Prefetch\WERCON.EXE-FE5CD389.pf --------- 231368  
     07/05/2010 10:08 PM     C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf --------- 11322  
     07/05/2010 10:08 PM     C:\Windows\Prefetch\HPQTOASTER.EXE-3B718527.pf --------- 32710  
     07/05/2010 10:08 PM     C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 17888  
     07/05/2010 10:08 PM     C:\Windows\Prefetch\SYNTPHELPER.EXE-4B6F43CF.pf --------- 13644  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\AVWSC.EXE-877F4F63.pf --------- 31330  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\WSCTOOL.EXE-62432C7E.pf --------- 23830  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\RUNDLL32.EXE-4F40557C.pf --------- 60072  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\SVCHOST.EXE-F03E4D6B.pf --------- 28938  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\MOBSYNC.EXE-D8BC6ED2.pf --------- 23856  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf --------- 18466  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf --------- 29554  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\LOGITECHUPDATE.EXE-C21595C9.pf --------- 17240  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\ReadyBoot --------- 4096  
     07/05/2010 10:07 PM     C:\Windows\Prefetch\LULNCHR.EXE-8F9D089F.pf --------- 9844  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 1392662  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 866096  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 2794964  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\AgRobust.db --------- 308516  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 114794  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 30562  
     07/05/2010 10:05 PM     C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf --------- 21248  
     07/05/2010 10:04 PM     C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf --------- 15196  
     07/05/2010 10:03 PM     C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 21936  
     07/05/2010 10:00 PM     C:\Windows\Prefetch\SCRNSAVE.SCR-225A7D32.pf --------- 15170  
     07/05/2010 09:53 PM     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3708519843-3629216694-3793819806-1006.db --------- 1470547  
     07/05/2010 09:53 PM     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3708519843-3629216694-3793819806-1006.db --------- 1770687  
     07/05/2010 08:52 PM     C:\Windows\Prefetch\SDCLT.EXE-2D2C4DDD.pf --------- 1262  
     07/05/2010 08:47 PM     C:\Windows\Prefetch\JGHVJG.EXE-70363710.pf --------- 40020  
     07/05/2010 08:46 PM     C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 36440  
     07/05/2010 08:46 PM     C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 17650  
     07/05/2010 08:44 PM     C:\Windows\Prefetch\SARGUI.EXE-39E1C84D.pf --------- 21028  
     07/05/2010 08:44 PM     C:\Windows\Prefetch\MSASCUI.EXE-6465DB72.pf --------- 39250  
     07/05/2010 08:43 PM     C:\Windows\Prefetch\FIREWALLCONTROLPANEL.EXE-7F212016.pf --------- 36098  
     07/05/2010 08:43 PM     C:\Windows\Prefetch\RUNDLL32.EXE-34B17D05.pf --------- 25340  
     07/05/2010 08:43 PM     C:\Windows\Prefetch\FIREWALLSETTINGS.EXE-59D9DF16.pf --------- 22768  
     07/05/2010 08:42 PM     C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf --------- 45354  
     07/05/2010 08:40 PM     C:\Windows\Prefetch\HELPER.EXE-09378A4E.pf --------- 31314  
     07/05/2010 08:40 PM     C:\Windows\Prefetch\SAR_15_SFX.EXE-F7CEAE0D.pf --------- 48098  
     07/05/2010 08:38 PM     C:\Windows\Prefetch\NOTEPAD.EXE-3D2AFDB4.pf --------- 20500  
     07/05/2010 08:35 PM     C:\Windows\Prefetch\GUARDGUI.EXE-C8C5CF5F.pf --------- 16294  
     07/05/2010 08:34 PM     C:\Windows\Prefetch\OTL.EXE-A1AD7EB9.pf --------- 35468  
     07/05/2010 08:31 PM     C:\Windows\Prefetch\SVCHOST.EXE-F59CA9BD.pf --------- 19726  
     07/05/2010 08:31 PM     C:\Windows\Prefetch\DLLHOST.EXE-6732F47C.pf --------- 25246  
     07/05/2010 08:27 PM     C:\Windows\Prefetch\U98RDC6E.EXE-A738B568.pf --------- 699480  
     07/05/2010 08:25 PM     C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf --------- 9862  
     07/05/2010 07:31 PM     C:\Windows\Prefetch\KHALMNPR.EXE-D00C1916.pf --------- 19596  
     07/05/2010 06:10 PM     C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 17594  
     07/05/2010 06:10 PM     C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 76172  
     07/05/2010 06:09 PM     C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf --------- 12202  
     07/05/2010 06:00 PM     C:\Windows\Prefetch\Layout.ini --------- 1700226  
     07/05/2010 05:04 PM     C:\Windows\Prefetch\THOMAS.EXE-7E5E16FC.pf --------- 109980  
     07/05/2010 05:04 PM     C:\Windows\Prefetch\RSIT.EXE-9CE06ED0.pf --------- 26616  
     07/05/2010 04:59 PM     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf --------- 39644  
     07/05/2010 04:58 PM     C:\Windows\Prefetch\RUNDLL32.EXE-05119E88.pf --------- 50808  
     07/05/2010 04:55 PM     C:\Windows\Prefetch\SETPOINT.EXE-0DC90A4C.pf --------- 8220  
     07/05/2010 04:39 PM     C:\Windows\Prefetch\AU_.EXE-E41E99AC.pf --------- 88134  
     07/05/2010 04:39 PM     C:\Windows\Prefetch\UNINST.EXE-3B7245AD.pf --------- 29456  
     07/05/2010 04:30 PM     C:\Windows\Prefetch\HIJACKTHIS.EXE-74A0D72A.pf --------- 68594  
     07/05/2010 04:06 PM     C:\Windows\Prefetch\CASINOUNINSTALL.EXE-53DD3658.pf --------- 30300  
     07/05/2010 04:06 PM     C:\Windows\Prefetch\PCALUA.EXE-5EB8CBC1.pf --------- 2574  
     07/05/2010 04:05 PM     C:\Windows\Prefetch\ISUN0407.EXE-E0680D8F.pf --------- 33436  
     07/05/2010 04:05 PM     C:\Windows\Prefetch\DLLHOST.EXE-928474CF.pf --------- 26322  
     07/05/2010 04:04 PM     C:\Windows\Prefetch\_IU14D2N.TMP-A9DC89F1.pf --------- 31500  
     07/05/2010 04:04 PM     C:\Windows\Prefetch\UNINS000.EXE-617F2DDA.pf --------- 25522  
     07/05/2010 04:03 PM     C:\Windows\Prefetch\SHOGUN TOTAL WAR_UNINST.EXE-D06B1C96.pf --------- 17674  
     07/05/2010 03:57 PM     C:\Windows\Prefetch\MBAM.EXE-CD3441D7.pf --------- 73806  
     07/05/2010 03:57 PM     C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf --------- 31648  
     07/05/2010 03:57 PM     C:\Windows\Prefetch\MBAMGUI.EXE-00780130.pf --------- 11182  
     07/05/2010 03:57 PM     C:\Windows\Prefetch\MBAM-SETUP-1.46.TMP-05D7557F.pf --------- 31398  
     07/05/2010 03:57 PM     C:\Windows\Prefetch\MBAM-SETUP-1.46.EXE-6B7F1A2B.pf --------- 21452  
     07/05/2010 03:49 PM     C:\Windows\Prefetch\AVSCAN.EXE-1FDA38F3.pf --------- 177020  
     07/05/2010 03:45 PM     C:\Windows\Prefetch\RUNDLL32.EXE-E447C111.pf --------- 27608  
     07/05/2010 03:36 PM     C:\Windows\Prefetch\RUNDLL32.EXE-55E08E47.pf --------- 66740  
     07/05/2010 03:34 PM     C:\Windows\Prefetch\RUNDLL32.EXE-2ECED942.pf --------- 66852  
     07/05/2010 03:30 PM     C:\Windows\Prefetch\SSVAGENT.EXE-C80F109D.pf --------- 16324  
     07/05/2010 03:30 PM     C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf --------- 46542  
     07/05/2010 03:22 PM     C:\Windows\Prefetch\AVCONFIG.EXE-25BB6BD8.pf --------- 81798  
     07/05/2010 03:20 PM     C:\Windows\Prefetch\WSCRIPT.EXE-65A9658F.pf --------- 36086  
     07/05/2010 03:03 PM     C:\Windows\Prefetch\RUNDLL32.EXE-AC32A13D.pf --------- 35166  
     07/05/2010 02:55 PM     C:\Windows\Prefetch\AgCx_SC1.db --------- 801101  
     07/05/2010 02:54 PM     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 279890  
     07/05/2010 01:50 PM     C:\Windows\Prefetch\MSIEXEC.EXE-B5AFA339.pf --------- 50556  
     07/05/2010 01:49 PM     C:\Windows\Prefetch\HIJACKTHIS.EXE-4187566C.pf --------- 30758  
     07/05/2010 01:43 PM     C:\Windows\Prefetch\AVNOTIFY.EXE-4291C867.pf --------- 61946  
     07/05/2010 01:43 PM     C:\Windows\Prefetch\UPDATE.EXE-3FBE35E6.pf --------- 280358  
     07/05/2010 01:42 PM     C:\Windows\Prefetch\AVCENTER.EXE-087DA68F.pf --------- 117046  
     07/05/2010 11:33 AM     C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf --------- 168670  
     07/05/2010 11:17 AM     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 45730  
     07/05/2010 11:15 AM     C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 275278  
     07/05/2010 11:15 AM     C:\Windows\Prefetch\RUNDLL32.EXE-B2C95A54.pf --------- 48962  
     07/05/2010 11:15 AM     C:\Windows\Prefetch\RUNDLL32.EXE-87CE0127.pf --------- 49898  
     07/05/2010 11:12 AM     C:\Windows\Prefetch\MPCMDRUN.EXE-BB72ED6F.pf --------- 3854  
     07/04/2010 10:47 PM     C:\Windows\Prefetch\RUNDLL32.EXE-43CF017E.pf --------- 49718  
     07/04/2010 07:35 PM     C:\Windows\Prefetch\PG2UK220.EXE-5F453DD2.pf --------- 146824  
     07/04/2010 07:35 PM     C:\Windows\Prefetch\HXD.EXE-6EB5CCA9.pf --------- 39920  
     07/04/2010 07:24 PM     C:\Windows\Prefetch\PDFXCVIEW.EXE-4DCBED2C.pf --------- 79432  
     07/04/2010 05:36 PM     C:\Windows\Prefetch\PG2GRAPHSWITCHER.EXE-BE79C07D.pf --------- 19826  
     07/04/2010 11:02 AM     C:\Windows\Prefetch\ABLOADTOOL.EXE-AF922A76.pf --------- 177704  
     07/04/2010 11:01 AM     C:\Windows\Prefetch\ABLOADTOOL.EXE-525F97D3.pf --------- 12816  
     07/04/2010 11:01 AM     C:\Windows\Prefetch\PAINTDOTNET.EXE-A48207C8.pf --------- 116940  
     07/04/2010 10:21 AM     C:\Windows\Prefetch\SUITEPG2.EXE-D02E6948.pf --------- 52800  
     07/04/2010 12:10 AM     C:\Windows\Prefetch\RUNDLL32.EXE-A30060F9.pf --------- 30880  
     07/03/2010 10:32 AM     C:\Windows\Prefetch\DFRGNTFS.EXE-4F838A89.pf --------- 88464  
     07/03/2010 10:32 AM     C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf --------- 18750  
     07/03/2010 08:20 AM     C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 3786  
     01/23/2010 05:29 PM     C:\Windows\Prefetch\AgCx_SC2.db --------- 944964  
     10/08/2009 08:22 PM     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3708519843-3629216694-3793819806-1006.snp.db --------- 2678201  
     07/30/2008 11:58 PM     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 417324  
     07/30/2008 11:06 PM     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  
    ----------------------------------------
    
     
    C:\Windows\Tasks
    
     07/05/2010 10:06 PM     C:\Windows\Tasks\SA.DAT --------- 6  
     07/05/2010 10:05 PM     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32566  
     07/05/2010 10:05 PM     C:\Windows\Tasks\User_Feed_Synchronization-{ED1C368C-2F06-4AC1-9A5B-1C19F1C8CDF1}.job --------- 420  
    ----------------------------------------
    
     
    C:\Windows\Temp
    
     07/05/2010 11:12 AM     C:\Windows\Temp\MpCmdRun.log --------- 144804  
     07/04/2010 06:14 PM     C:\Windows\Temp\coinlog.log --------- 2416  
     07/02/2010 08:13 AM     C:\Windows\Temp\MpSigStub.log --------- 171066  
     06/25/2010 12:11 PM     C:\Windows\Temp\dd_dotNetFx40LP_Client_x86de_decompression_log.txt --------- 1445  
     06/25/2010 12:11 PM     C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20100625_121019061.html --------- 250808  
     06/25/2010 12:11 PM     C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20100625_121019061-MSI_netfx_CoreLP_x86.msi.txt --------- 1244082  
     06/25/2010 12:10 PM     C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_4.0.30319 --------- 0  
     06/25/2010 12:10 PM     C:\Windows\Temp\dd_dotNetFx40_Client_x86_decompression_log.txt --------- 1416  
     06/25/2010 12:10 PM     C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20100625_120531606.html --------- 578880  
     06/25/2010 12:10 PM     C:\Windows\Temp\dd_SetupUtility.txt --------- 660  
     06/25/2010 12:10 PM     C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20100625_120531606-MSI_netfx_Core_x86.msi.txt --------- 3617504  
     06/25/2010 12:05 PM     C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319 --------- 0  
     06/10/2010 10:09 PM     C:\Windows\Temp\NetFxUpdate_v1.1.4322.log --------- 9986  
     05/29/2010 04:36 PM     C:\Windows\Temp\AVSETUP_4c012597 --------- 0  
     05/02/2010 12:14 PM     C:\Windows\Temp\TMP0000004B7BE15DD6CD444B32 --------- 524288  
     03/10/2010 10:27 AM     C:\Windows\Temp\CPSSMasterCatalog.ini --------- 415  
     12/24/2009 04:21 PM     C:\Windows\Temp\fwtsqmfile01.sqm --------- 632  
     12/23/2009 11:57 AM     C:\Windows\Temp\fwtsqmfile00.sqm --------- 632  
     12/23/2009 11:06 AM     C:\Windows\Temp\tfxz --------- 0  
    ----------------------------------------
    
     
    C:\Users\Thomas\AppData\Local\Temp
    
     07/05/2010 10:07 PM     C:\Users\Thomas\AppData\Local\Temp\WPDNSE --------- 0  
     07/05/2010 10:06 PM     C:\Users\Thomas\AppData\Local\Temp\VGXE4B3.tmp --------- 525  
     07/05/2010 10:06 PM     C:\Users\Thomas\AppData\Local\Temp\Thomas.bmp --------- 31832  
     07/05/2010 10:06 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4191.tmp --------- 16384  
     07/05/2010 10:00 PM     C:\Users\Thomas\AppData\Local\Temp\sarscan.log --------- 1255  
     07/05/2010 09:41 PM     C:\Users\Thomas\AppData\Local\Temp\samples.sar --------- 620810  
     07/05/2010 08:42 PM     C:\Users\Thomas\AppData\Local\Temp\VGXEA0F.tmp --------- 525  
     07/05/2010 08:30 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF71A.tmp --------- 525  
     07/05/2010 08:30 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4B3F.tmp --------- 16384  
     07/05/2010 08:25 PM     C:\Users\Thomas\AppData\Local\Temp\VGX3BC8.tmp --------- 525  
     07/05/2010 08:18 PM     C:\Users\Thomas\AppData\Local\Temp\VGX1F3.tmp --------- 525  
     07/05/2010 08:18 PM     C:\Users\Thomas\AppData\Local\Temp\~DFC169.tmp --------- 16384  
     07/05/2010 07:31 PM     C:\Users\Thomas\AppData\Local\Temp\VGX8507.tmp --------- 525  
     07/05/2010 07:23 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF842.tmp --------- 525  
     07/05/2010 04:55 PM     C:\Users\Thomas\AppData\Local\Temp\VGX2F1A.tmp --------- 525  
     07/05/2010 04:55 PM     C:\Users\Thomas\AppData\Local\Temp\~DF2F11.tmp --------- 16384  
     07/05/2010 04:06 PM     C:\Users\Thomas\AppData\Local\Temp\{f495cf99-7f8d-4941-9f91-81826ac879fa} --------- 0  
     07/05/2010 03:57 PM     C:\Users\Thomas\AppData\Local\Temp\~DF2D2.tmp --------- 65536  
     07/05/2010 03:53 PM     C:\Users\Thomas\AppData\Local\Temp\VGX2606.tmp --------- 525  
     07/05/2010 03:53 PM     C:\Users\Thomas\AppData\Local\Temp\~DF702B.tmp --------- 16384  
     07/04/2010 05:00 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF527.tmp --------- 525  
     07/04/2010 05:00 PM     C:\Users\Thomas\AppData\Local\Temp\~DF57CB.tmp --------- 16384  
     07/04/2010 11:09 AM     C:\Users\Thomas\AppData\Local\Temp\hsperfdata_Thomas --------- 0  
     07/04/2010 10:53 AM     C:\Users\Thomas\AppData\Local\Temp\screenshots --------- 4096  
     07/04/2010 07:44 AM     C:\Users\Thomas\AppData\Local\Temp\VGXEBF.tmp --------- 525  
     07/04/2010 07:44 AM     C:\Users\Thomas\AppData\Local\Temp\~DF515D.tmp --------- 16384  
     07/04/2010 03:25 AM     C:\Users\Thomas\AppData\Local\Temp\~DF61CE.tmp --------- 512  
     07/04/2010 03:25 AM     C:\Users\Thomas\AppData\Local\Temp\~DF61BA.tmp --------- 16384  
     07/03/2010 06:34 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4E2E.tmp --------- 525  
     07/03/2010 06:33 PM     C:\Users\Thomas\AppData\Local\Temp\~DFBD06.tmp --------- 16384  
     07/03/2010 08:12 AM     C:\Users\Thomas\AppData\Local\Temp\VGX43B3.tmp --------- 525  
     07/03/2010 08:12 AM     C:\Users\Thomas\AppData\Local\Temp\~DFB0BA.tmp --------- 16384  
     07/02/2010 06:17 PM     C:\Users\Thomas\AppData\Local\Temp\VGX89C7.tmp --------- 525  
     07/02/2010 06:17 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB625.tmp --------- 16384  
     07/02/2010 03:22 PM     C:\Users\Thomas\AppData\Local\Temp\VGX39E4.tmp --------- 525  
     07/02/2010 03:22 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1C14.tmp --------- 16384  
     07/02/2010 09:13 AM     C:\Users\Thomas\AppData\Local\Temp\java_install_reg.log --------- 8316  
     07/02/2010 08:08 AM     C:\Users\Thomas\AppData\Local\Temp\VGX36D8.tmp --------- 525  
     07/02/2010 08:07 AM     C:\Users\Thomas\AppData\Local\Temp\~DF676D.tmp --------- 16384  
     07/01/2010 10:00 PM     C:\Users\Thomas\AppData\Local\Temp\tmp385A.tmp.zip --------- 2137883  
     07/01/2010 09:55 PM     C:\Users\Thomas\AppData\Local\Temp\tmp385A.tmp --------- 0  
     07/01/2010 10:41 AM     C:\Users\Thomas\AppData\Local\Temp\VGX3AAE.tmp --------- 525  
     07/01/2010 10:40 AM     C:\Users\Thomas\AppData\Local\Temp\~DFE9CB.tmp --------- 16384  
     06/30/2010 07:05 PM     C:\Users\Thomas\AppData\Local\Temp\HpUpdate --------- 0  
     06/30/2010 07:00 PM     C:\Users\Thomas\AppData\Local\Temp\screenpressoInstall.exe --------- 3968000  
     06/30/2010 05:57 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFE2C.tmp --------- 525  
     06/30/2010 05:57 PM     C:\Users\Thomas\AppData\Local\Temp\~DF73A6.tmp --------- 16384  
     06/30/2010 05:03 PM     C:\Users\Thomas\AppData\Local\Temp\VGX3D6.tmp --------- 525  
     06/30/2010 05:03 PM     C:\Users\Thomas\AppData\Local\Temp\~DFF735.tmp --------- 16384  
     06/30/2010 09:59 AM     C:\Users\Thomas\AppData\Local\Temp\VGXFCB5.tmp --------- 525  
     06/30/2010 09:59 AM     C:\Users\Thomas\AppData\Local\Temp\~DF963C.tmp --------- 16384  
     06/30/2010 09:37 AM     C:\Users\Thomas\AppData\Local\Temp\~DFBC47.tmp --------- 16384  
     06/29/2010 01:51 PM     C:\Users\Thomas\AppData\Local\Temp\YM+Zsj3O.mpg.part --------- 0  
     06/29/2010 09:30 AM     C:\Users\Thomas\AppData\Local\Temp\VGX1D30.tmp --------- 525  
     06/29/2010 09:30 AM     C:\Users\Thomas\AppData\Local\Temp\~DFE6B8.tmp --------- 16384  
     06/29/2010 01:50 AM     C:\Users\Thomas\AppData\Local\Temp\~DFC261.tmp --------- 512  
     06/29/2010 01:50 AM     C:\Users\Thomas\AppData\Local\Temp\~DFC256.tmp --------- 16384  
     06/28/2010 09:10 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFEC8.tmp --------- 525  
     06/28/2010 09:10 PM     C:\Users\Thomas\AppData\Local\Temp\~DFBA48.tmp --------- 16384  
     06/28/2010 03:51 PM     C:\Users\Thomas\AppData\Local\Temp\jar_cache3771833306505615983.tmp --------- 38854  
     06/28/2010 09:31 AM     C:\Users\Thomas\AppData\Local\Temp\VGXF9B9.tmp --------- 525  
     06/28/2010 09:31 AM     C:\Users\Thomas\AppData\Local\Temp\~DF55D6.tmp --------- 16384  
     06/27/2010 07:33 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF1EC.tmp --------- 525  
     06/27/2010 07:33 PM     C:\Users\Thomas\AppData\Local\Temp\~DF678.tmp --------- 16384  
     06/27/2010 11:34 AM     C:\Users\Thomas\AppData\Local\Temp\VGX952.tmp --------- 525  
     06/27/2010 11:34 AM     C:\Users\Thomas\AppData\Local\Temp\~DFCCE4.tmp --------- 16384  
     06/27/2010 06:22 AM     C:\Users\Thomas\AppData\Local\Temp\VGX7F8B.tmp --------- 525  
     06/27/2010 06:22 AM     C:\Users\Thomas\AppData\Local\Temp\~DF7C82.tmp --------- 16384  
     06/26/2010 11:07 AM     C:\Users\Thomas\AppData\Local\Temp\VGX815F.tmp --------- 525  
     06/26/2010 11:07 AM     C:\Users\Thomas\AppData\Local\Temp\~DFE4C8.tmp --------- 16384  
     06/25/2010 03:09 PM     C:\Users\Thomas\AppData\Local\Temp\tmp.feed --------- 34662  
     06/25/2010 12:01 PM     C:\Users\Thomas\AppData\Local\Temp\VGXA034.tmp --------- 525  
     06/25/2010 12:01 PM     C:\Users\Thomas\AppData\Local\Temp\~DF2F69.tmp --------- 16384  
     06/24/2010 07:26 PM     C:\Users\Thomas\AppData\Local\Temp\VGXA218.tmp --------- 525  
     06/24/2010 07:26 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6384.tmp --------- 16384  
     06/24/2010 09:45 AM     C:\Users\Thomas\AppData\Local\Temp\VGX72BF.tmp --------- 525  
     06/24/2010 09:44 AM     C:\Users\Thomas\AppData\Local\Temp\~DFC943.tmp --------- 16384  
     06/24/2010 09:29 AM     C:\Users\Thomas\AppData\Local\Temp\OlgrC3TI.html.part --------- 0  
     06/24/2010 09:29 AM     C:\Users\Thomas\AppData\Local\Temp\h8DL1bJZ.html.part --------- 0  
     06/24/2010 09:28 AM     C:\Users\Thomas\AppData\Local\Temp\bO64ThiX.html.part --------- 0  
     06/24/2010 09:28 AM     C:\Users\Thomas\AppData\Local\Temp\AkbjpnIk.html.part --------- 0  
     06/24/2010 09:28 AM     C:\Users\Thomas\AppData\Local\Temp\+GssT9Er.html.part --------- 0  
     06/24/2010 09:27 AM     C:\Users\Thomas\AppData\Local\Temp\YC3phbEO.html.part --------- 0  
     06/24/2010 09:27 AM     C:\Users\Thomas\AppData\Local\Temp\YCfaDciW.html.part --------- 0  
     06/24/2010 09:27 AM     C:\Users\Thomas\AppData\Local\Temp\0h_rIXYv.html.part --------- 0  
     06/24/2010 09:27 AM     C:\Users\Thomas\AppData\Local\Temp\PWyjek_T.html.part --------- 0  
     06/24/2010 09:19 AM     C:\Users\Thomas\AppData\Local\Temp\VGX86BB.tmp --------- 525  
     06/24/2010 09:19 AM     C:\Users\Thomas\AppData\Local\Temp\~DF4F59.tmp --------- 16384  
     06/23/2010 09:20 PM     C:\Users\Thomas\AppData\Local\Temp\VGX76F.tmp --------- 525  
     06/23/2010 09:20 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD8AA.tmp --------- 16384  
     06/23/2010 06:26 PM     C:\Users\Thomas\AppData\Local\Temp\VGX35FD.tmp --------- 525  
     06/23/2010 06:26 PM     C:\Users\Thomas\AppData\Local\Temp\~DFED23.tmp --------- 16384  
     06/21/2010 08:09 PM     C:\Users\Thomas\AppData\Local\Temp\VGX27AB.tmp --------- 525  
     06/21/2010 08:09 PM     C:\Users\Thomas\AppData\Local\Temp\~DFE303.tmp --------- 16384  
     06/20/2010 10:39 PM     C:\Users\Thomas\AppData\Local\Temp\VGX32B3.tmp --------- 525  
     06/20/2010 10:39 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4C29.tmp --------- 16384  
     06/20/2010 08:56 AM     C:\Users\Thomas\AppData\Local\Temp\VGX27F9.tmp --------- 525  
     06/20/2010 08:56 AM     C:\Users\Thomas\AppData\Local\Temp\~DF38C3.tmp --------- 16384  
     06/19/2010 11:05 AM     C:\Users\Thomas\AppData\Local\Temp\VGXEFD.tmp --------- 525  
     06/19/2010 11:05 AM     C:\Users\Thomas\AppData\Local\Temp\~DFD1FF.tmp --------- 16384  
     06/19/2010 12:51 AM     C:\Users\Thomas\AppData\Local\Temp\hMBE6k2K.wmv.part --------- 0  
     06/19/2010 12:25 AM     C:\Users\Thomas\AppData\Local\Temp\VGX45F4.tmp --------- 525  
     06/19/2010 12:25 AM     C:\Users\Thomas\AppData\Local\Temp\~DFFDF6.tmp --------- 16384  
     06/17/2010 07:15 PM     C:\Users\Thomas\AppData\Local\Temp\VGXBB.tmp --------- 525  
     06/17/2010 07:15 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA1BF.tmp --------- 16384  
     06/16/2010 10:42 PM     C:\Users\Thomas\AppData\Local\Temp\VGX1238.tmp --------- 525  
     06/16/2010 10:42 PM     C:\Users\Thomas\AppData\Local\Temp\~DF88EC.tmp --------- 16384  
     06/16/2010 04:35 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4A1.tmp --------- 525  
     06/16/2010 04:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DFC9C4.tmp --------- 16384  
     06/15/2010 10:51 PM     C:\Users\Thomas\AppData\Local\Temp\VGX972F.tmp --------- 525  
     06/15/2010 10:51 PM     C:\Users\Thomas\AppData\Local\Temp\~DFDED2.tmp --------- 16384  
     06/15/2010 07:45 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9B0.tmp --------- 525  
     06/15/2010 07:45 PM     C:\Users\Thomas\AppData\Local\Temp\~DF930B.tmp --------- 16384  
     06/15/2010 07:07 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4F86.tmp --------- 525  
     06/15/2010 07:07 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1CF.tmp --------- 16384  
     06/14/2010 06:35 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFDBE.tmp --------- 525  
     06/14/2010 06:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DF2793.tmp --------- 16384  
     06/13/2010 10:58 PM     C:\Users\Thomas\AppData\Local\Temp\VGX7CCD.tmp --------- 525  
     06/13/2010 10:57 PM     C:\Users\Thomas\AppData\Local\Temp\~DFCF25.tmp --------- 16384  
     06/13/2010 08:13 AM     C:\Users\Thomas\AppData\Local\Temp\VGXF48B.tmp --------- 525  
     06/13/2010 08:13 AM     C:\Users\Thomas\AppData\Local\Temp\~DF99BB.tmp --------- 16384  
     06/12/2010 05:00 PM     C:\Users\Thomas\AppData\Local\Temp\VGX1B9A.tmp --------- 525  
     06/12/2010 05:00 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8207.tmp --------- 16384  
     06/11/2010 11:23 PM     C:\Users\Thomas\AppData\Local\Temp\VGXB099.tmp --------- 525  
     06/11/2010 11:23 PM     C:\Users\Thomas\AppData\Local\Temp\~DFBF3F.tmp --------- 16384  
     06/11/2010 06:40 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9165.tmp --------- 525  
     06/11/2010 06:39 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD8C2.tmp --------- 16384  
     06/10/2010 10:08 PM     C:\Users\Thomas\AppData\Local\Temp\NetFxUpdate_v1.1.4322.log --------- 1547  
     06/10/2010 10:07 PM     C:\Users\Thomas\AppData\Local\Temp\NDP1.1sp1-KB979906-X86 --------- 0  
     06/10/2010 10:06 PM     C:\Users\Thomas\AppData\Local\Temp\FixitPatchRegistration.log --------- 22  
     06/10/2010 06:52 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9240.tmp --------- 525  
     06/10/2010 06:52 PM     C:\Users\Thomas\AppData\Local\Temp\~DFC104.tmp --------- 16384  
     06/09/2010 10:56 PM     C:\Users\Thomas\AppData\Local\Temp\VGX943.tmp --------- 525  
     06/09/2010 10:56 PM     C:\Users\Thomas\AppData\Local\Temp\~DFBE1B.tmp --------- 16384  
     06/09/2010 08:11 PM     C:\Users\Thomas\AppData\Local\Temp\VGXAAAF.tmp --------- 525  
     06/09/2010 08:11 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6133.tmp --------- 16384  
     06/09/2010 01:34 PM     C:\Users\Thomas\AppData\Local\Temp\VGXAC9.tmp --------- 525  
     06/09/2010 01:34 PM     C:\Users\Thomas\AppData\Local\Temp\~DFAD89.tmp --------- 16384  
     06/08/2010 07:24 PM     C:\Users\Thomas\AppData\Local\Temp\VGX7963.tmp --------- 525  
     06/08/2010 07:24 PM     C:\Users\Thomas\AppData\Local\Temp\~DF3E68.tmp --------- 16384  
     06/07/2010 07:20 PM     C:\Users\Thomas\AppData\Local\Temp\VGX47F7.tmp --------- 525  
     06/07/2010 07:20 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1D6B.tmp --------- 16384  
     06/06/2010 03:28 PM     C:\Users\Thomas\AppData\Local\Temp\VGX1209.tmp --------- 525  
     06/06/2010 03:28 PM     C:\Users\Thomas\AppData\Local\Temp\~DF7750.tmp --------- 16384  
     06/06/2010 05:33 AM     C:\Users\Thomas\AppData\Local\Temp\~DFC9C1.tmp --------- 16384  
     06/05/2010 09:51 PM     C:\Users\Thomas\AppData\Local\Temp\VGX5C42.tmp --------- 525  
     06/05/2010 09:51 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1F5A.tmp --------- 16384  
     06/05/2010 09:24 AM     C:\Users\Thomas\AppData\Local\Temp\VGX9693.tmp --------- 525  
     06/05/2010 09:24 AM     C:\Users\Thomas\AppData\Local\Temp\~DF270B.tmp --------- 16384  
     06/05/2010 02:04 AM     C:\Users\Thomas\AppData\Local\Temp\VGX97EB.tmp --------- 525  
     06/05/2010 02:04 AM     C:\Users\Thomas\AppData\Local\Temp\~DF7357.tmp --------- 16384  
     06/04/2010 06:28 AM     C:\Users\Thomas\AppData\Local\Temp\VGX163E.tmp --------- 525  
     06/04/2010 06:27 AM     C:\Users\Thomas\AppData\Local\Temp\~DFC28C.tmp --------- 16384  
     06/03/2010 10:50 AM     C:\Users\Thomas\AppData\Local\Temp\VGXE61A.tmp --------- 525  
     06/03/2010 10:50 AM     C:\Users\Thomas\AppData\Local\Temp\~DFCE92.tmp --------- 16384  
     06/03/2010 01:11 AM     C:\Users\Thomas\AppData\Local\Temp\VGX5D4C.tmp --------- 525  
     06/03/2010 01:11 AM     C:\Users\Thomas\AppData\Local\Temp\~DF3D2A.tmp --------- 16384  
     05/31/2010 07:59 PM     C:\Users\Thomas\AppData\Local\Temp\SkypeSetup.exe --------- 22966568  
     05/31/2010 06:51 PM     C:\Users\Thomas\AppData\Local\Temp\VGXB74.tmp --------- 525  
     05/31/2010 06:51 PM     C:\Users\Thomas\AppData\Local\Temp\~DFF8FA.tmp --------- 16384  
     05/31/2010 12:30 AM     C:\Users\Thomas\AppData\Local\Temp\~DF7256.tmp --------- 512  
     05/31/2010 12:30 AM     C:\Users\Thomas\AppData\Local\Temp\~DF7246.tmp --------- 16384  
     05/30/2010 05:22 AM     C:\Users\Thomas\AppData\Local\Temp\VGX5D1C.tmp --------- 525  
     05/30/2010 05:22 AM     C:\Users\Thomas\AppData\Local\Temp\~DF985C.tmp --------- 16384  
     05/29/2010 04:32 PM     C:\Users\Thomas\AppData\Local\Temp\dd_vcredistUI59E8.txt --------- 11622  
     05/29/2010 04:32 PM     C:\Users\Thomas\AppData\Local\Temp\dd_vcredistMSI59E8.txt --------- 417882  
     05/29/2010 01:23 PM     C:\Users\Thomas\AppData\Local\Temp\VGX94BF.tmp --------- 525  
     05/29/2010 01:22 PM     C:\Users\Thomas\AppData\Local\Temp\~DF5ECF.tmp --------- 16384  
     05/29/2010 08:48 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6849.tmp --------- 16384  
     05/29/2010 08:48 AM     C:\Users\Thomas\AppData\Local\Temp\VGX3552.tmp --------- 525  
     05/28/2010 07:24 PM     C:\Users\Thomas\AppData\Local\Temp\~DF15BB.tmp --------- 16384  
     05/28/2010 07:20 PM     C:\Users\Thomas\AppData\Local\Temp\VGXC8D9.tmp --------- 525  
     05/28/2010 01:00 AM     C:\Users\Thomas\AppData\Local\Temp\~DF26C8.tmp --------- 512  
     05/28/2010 01:00 AM     C:\Users\Thomas\AppData\Local\Temp\~DF26B4.tmp --------- 16384  
     05/27/2010 06:27 PM     C:\Users\Thomas\AppData\Local\Temp\Qg_kMPay.jpg.part --------- 0  
     05/27/2010 06:24 PM     C:\Users\Thomas\AppData\Local\Temp\Eh+yPzIh.html.part --------- 0  
     05/27/2010 06:22 PM     C:\Users\Thomas\AppData\Local\Temp\VGX81FD.tmp --------- 525  
     05/27/2010 06:22 PM     C:\Users\Thomas\AppData\Local\Temp\~DF652D.tmp --------- 16384  
     05/26/2010 08:57 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9FF6.tmp --------- 525  
     05/26/2010 08:56 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4A5F.tmp --------- 16384  
     05/26/2010 01:30 AM     C:\Users\Thomas\AppData\Local\Temp\~DFB470.tmp --------- 512  
     05/26/2010 01:30 AM     C:\Users\Thomas\AppData\Local\Temp\~DFB45C.tmp --------- 16384  
     05/25/2010 07:54 PM     C:\Users\Thomas\AppData\Local\Temp\VGXCBF5.tmp --------- 525  
     05/25/2010 07:53 PM     C:\Users\Thomas\AppData\Local\Temp\~DF36CE.tmp --------- 16384  
     05/24/2010 07:19 AM     C:\Users\Thomas\AppData\Local\Temp\VGXF99A.tmp --------- 525  
     05/24/2010 07:19 AM     C:\Users\Thomas\AppData\Local\Temp\~DF8999.tmp --------- 16384  
     05/23/2010 03:51 PM     C:\Users\Thomas\AppData\Local\Temp\VGXE7DE.tmp --------- 525  
     05/23/2010 03:51 PM     C:\Users\Thomas\AppData\Local\Temp\~DF593B.tmp --------- 16384  
     05/23/2010 11:26 AM     C:\Users\Thomas\AppData\Local\Temp\VGXECDD.tmp --------- 525  
     05/23/2010 11:26 AM     C:\Users\Thomas\AppData\Local\Temp\~DF9777.tmp --------- 16384  
     05/22/2010 06:11 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF9D8.tmp --------- 525  
     05/22/2010 06:11 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB721.tmp --------- 16384  
     05/22/2010 06:45 AM     C:\Users\Thomas\AppData\Local\Temp\VGXF508.tmp --------- 525  
     05/22/2010 06:45 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6C69.tmp --------- 16384  
     05/22/2010 12:04 AM     C:\Users\Thomas\AppData\Local\Temp\VGX5427.tmp --------- 525  
     05/22/2010 12:03 AM     C:\Users\Thomas\AppData\Local\Temp\~DFE05D.tmp --------- 16384  
     05/21/2010 08:39 PM     C:\Users\Thomas\AppData\Local\Temp\VGXD70C.tmp --------- 525  
     05/21/2010 08:39 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9031.tmp --------- 16384  
     05/20/2010 07:24 PM     C:\Users\Thomas\AppData\Local\Temp\VGX13FC.tmp --------- 525  
     05/20/2010 07:24 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8BD1.tmp --------- 16384  
     05/19/2010 09:27 PM     C:\Users\Thomas\AppData\Local\Temp\VGX54E2.tmp --------- 525  
     05/19/2010 09:27 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9B25.tmp --------- 16384  
     05/18/2010 06:47 PM     C:\Users\Thomas\AppData\Local\Temp\~PCW9265.tmp --------- 2367  
     05/18/2010 06:46 PM     C:\Users\Thomas\AppData\Local\Temp\~DFDC6F.tmp --------- 16384  
     05/18/2010 06:46 PM     C:\Users\Thomas\AppData\Local\Temp\~$pcwjb.tmp --------- 444  
     05/18/2010 06:46 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA7F4.tmp --------- 49152  
     05/18/2010 06:46 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFF04.tmp --------- 16384  
     05/18/2010 06:33 AM     C:\Users\Thomas\AppData\Local\Temp\VGXD68.tmp --------- 525  
     05/18/2010 06:33 AM     C:\Users\Thomas\AppData\Local\Temp\~DFCD55.tmp --------- 16384  
     05/17/2010 07:38 PM     C:\Users\Thomas\AppData\Local\Temp\VGX6A94.tmp --------- 525  
     05/17/2010 07:37 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6BAB.tmp --------- 16384  
     05/16/2010 06:22 PM     C:\Users\Thomas\AppData\Local\Temp\~DF7938.tmp --------- 49152  
     05/16/2010 06:22 PM     C:\Users\Thomas\AppData\Local\Temp\~DFF6F6.tmp --------- 16384  
     05/16/2010 06:22 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD475.tmp --------- 49152  
     05/16/2010 02:43 PM     C:\Users\Thomas\AppData\Local\Temp\VGX5908.tmp --------- 525  
     05/16/2010 02:42 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8CD2.tmp --------- 16384  
     05/16/2010 07:15 AM     C:\Users\Thomas\AppData\Local\Temp\VGX5E64.tmp --------- 525  
     05/16/2010 07:14 AM     C:\Users\Thomas\AppData\Local\Temp\~DF8F8D.tmp --------- 16384  
     05/15/2010 10:48 PM     C:\Users\Thomas\AppData\Local\Temp\VGX335E.tmp --------- 525  
     05/15/2010 10:48 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB135.tmp --------- 16384  
     05/14/2010 08:28 PM     C:\Users\Thomas\AppData\Local\Temp\VGX91C3.tmp --------- 525  
     05/14/2010 08:28 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6BC1.tmp --------- 16384  
     05/13/2010 06:05 AM     C:\Users\Thomas\AppData\Local\Temp\VGX3DAB.tmp --------- 525  
     05/13/2010 06:04 AM     C:\Users\Thomas\AppData\Local\Temp\~DFF9E1.tmp --------- 16384  
     05/12/2010 09:54 PM     C:\Users\Thomas\AppData\Local\Temp\VGX847A.tmp --------- 525  
     05/12/2010 09:54 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6153.tmp --------- 16384  
     05/11/2010 08:11 PM     C:\Users\Thomas\AppData\Local\Temp\VGX3BC7.tmp --------- 525  
     05/11/2010 08:11 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFE06.tmp --------- 16384  
     05/10/2010 06:31 PM     C:\Users\Thomas\AppData\Local\Temp\VGX336E.tmp --------- 525  
     05/10/2010 06:31 PM     C:\Users\Thomas\AppData\Local\Temp\~DFC059.tmp --------- 16384  
     05/09/2010 10:00 PM     C:\Users\Thomas\AppData\Local\Temp\fla74F2.tmp --------- 4964140  
     05/09/2010 08:38 AM     C:\Users\Thomas\AppData\Local\Temp\VGXFFB2.tmp --------- 525  
     05/09/2010 08:38 AM     C:\Users\Thomas\AppData\Local\Temp\~DF643D.tmp --------- 16384  
     05/08/2010 09:24 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFA93.tmp --------- 525  
     05/08/2010 09:24 PM     C:\Users\Thomas\AppData\Local\Temp\~DF682C.tmp --------- 16384  
     05/08/2010 09:23 AM     C:\Users\Thomas\AppData\Local\Temp\VGX65F3.tmp --------- 525  
     05/08/2010 09:23 AM     C:\Users\Thomas\AppData\Local\Temp\~DFF4F.tmp --------- 16384  
     05/07/2010 09:21 PM     C:\Users\Thomas\AppData\Local\Temp\VGX8A44.tmp --------- 525  
     05/07/2010 09:21 PM     C:\Users\Thomas\AppData\Local\Temp\~DF5A13.tmp --------- 16384  
     05/06/2010 11:16 PM     C:\Users\Thomas\AppData\Local\Temp\VGX499C.tmp --------- 525  
     05/06/2010 11:16 PM     C:\Users\Thomas\AppData\Local\Temp\~DF7349.tmp --------- 16384  
     05/05/2010 09:30 PM     C:\Users\Thomas\AppData\Local\Temp\VGX23F4.tmp --------- 525  
     05/05/2010 09:29 PM     C:\Users\Thomas\AppData\Local\Temp\~DF819C.tmp --------- 16384  
     05/05/2010 01:18 PM     C:\Users\Thomas\AppData\Local\Temp\VGX6AE2.tmp --------- 525  
     05/05/2010 01:18 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4E10.tmp --------- 16384  
     05/04/2010 06:47 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9339.tmp --------- 525  
     05/04/2010 06:46 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB16A.tmp --------- 16384  
     05/03/2010 09:40 PM     C:\Users\Thomas\AppData\Local\Temp\s7BE+gSJ.html.part --------- 0  
     05/03/2010 09:40 PM     C:\Users\Thomas\AppData\Local\Temp\3NYC2PsI.html.part --------- 0  
     05/03/2010 07:31 PM     C:\Users\Thomas\AppData\Local\Temp\VGX78B7.tmp --------- 525  
     05/03/2010 07:31 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8E74.tmp --------- 16384  
     05/02/2010 12:34 PM     C:\Users\Thomas\AppData\Local\Temp\VGX3439.tmp --------- 525  
     05/02/2010 12:33 PM     C:\Users\Thomas\AppData\Local\Temp\~DFC5DB.tmp --------- 16384  
     05/02/2010 09:09 AM     C:\Users\Thomas\AppData\Local\Temp\VGX1728.tmp --------- 525  
     05/02/2010 09:09 AM     C:\Users\Thomas\AppData\Local\Temp\~DFCD2D.tmp --------- 16384  
     05/02/2010 08:11 AM     C:\Users\Thomas\AppData\Local\Temp\~DF35F8.tmp --------- 16384  
     05/01/2010 01:57 AM     C:\Users\Thomas\AppData\Local\Temp\VGXF056.tmp --------- 525  
     05/01/2010 01:56 AM     C:\Users\Thomas\AppData\Local\Temp\~DF7252.tmp --------- 16384  
     04/29/2010 08:18 PM     C:\Users\Thomas\AppData\Local\Temp\VGXDA18.tmp --------- 525  
     04/29/2010 08:18 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8991.tmp --------- 16384  
     04/28/2010 09:19 PM     C:\Users\Thomas\AppData\Local\Temp\VGX8E3A.tmp --------- 525  
     04/28/2010 09:18 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFDEE.tmp --------- 16384  
     04/27/2010 10:07 PM     C:\Users\Thomas\AppData\Local\Temp\ZU7ZyJXz.jpg.part --------- 0  
     04/27/2010 08:09 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF67E.tmp --------- 525  
     04/27/2010 08:08 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9DDC.tmp --------- 16384  
     04/26/2010 07:14 PM     C:\Users\Thomas\AppData\Local\Temp\VGXBE30.tmp --------- 525  
     04/26/2010 07:14 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFC6D.tmp --------- 16384  
     04/25/2010 11:18 AM     C:\Users\Thomas\AppData\Local\Temp\VGX6F93.tmp --------- 525  
     04/25/2010 11:18 AM     C:\Users\Thomas\AppData\Local\Temp\~DFD4EB.tmp --------- 16384  
     04/25/2010 11:09 AM     C:\Users\Thomas\AppData\Local\Temp\izpack1140527371307776237.log --------- 1508  
     04/25/2010 11:09 AM     C:\Users\Thomas\AppData\Local\Temp\izpack7877030087917761313.log --------- 1508  
     04/25/2010 08:35 AM     C:\Users\Thomas\AppData\Local\Temp\VGXC58F.tmp --------- 525  
     04/25/2010 08:34 AM     C:\Users\Thomas\AppData\Local\Temp\~DF657C.tmp --------- 16384  
     04/24/2010 02:29 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9BA2.tmp --------- 525  
     04/24/2010 02:28 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA1FB.tmp --------- 16384  
     04/24/2010 12:08 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4920.tmp --------- 525  
     04/24/2010 12:08 PM     C:\Users\Thomas\AppData\Local\Temp\~DF21E9.tmp --------- 16384  
     04/24/2010 10:01 AM     C:\Users\Thomas\AppData\Local\Temp\VGX6891.tmp --------- 525  
     04/24/2010 10:01 AM     C:\Users\Thomas\AppData\Local\Temp\~DFA546.tmp --------- 16384  
     04/24/2010 01:56 AM     C:\Users\Thomas\AppData\Local\Temp\VGX6D52.tmp --------- 525  
     04/24/2010 01:56 AM     C:\Users\Thomas\AppData\Local\Temp\~DFE643.tmp --------- 16384  
     04/22/2010 07:13 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF0A4.tmp --------- 525  
     04/22/2010 07:12 PM     C:\Users\Thomas\AppData\Local\Temp\~DF7D0D.tmp --------- 16384  
     04/21/2010 09:08 PM     C:\Users\Thomas\AppData\Local\Temp\VGX7D2A.tmp --------- 525  
     04/21/2010 09:07 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA7F5.tmp --------- 16384  
     04/21/2010 02:18 PM     C:\Users\Thomas\AppData\Local\Temp\VGXA505.tmp --------- 525  
     04/21/2010 02:17 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA7E4.tmp --------- 16384  
     04/21/2010 12:23 AM     C:\Users\Thomas\AppData\Local\Temp\VGX72CE.tmp --------- 525  
     04/21/2010 12:22 AM     C:\Users\Thomas\AppData\Local\Temp\~DF2F5.tmp --------- 16384  
     04/20/2010 05:36 PM     C:\Users\Thomas\AppData\Local\Temp\VGX115E.tmp --------- 525  
     04/20/2010 05:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFA18.tmp --------- 16384  
     04/19/2010 07:15 PM     C:\Users\Thomas\AppData\Local\Temp\VGXDE3E.tmp --------- 525  
     04/19/2010 07:14 PM     C:\Users\Thomas\AppData\Local\Temp\~DF46E3.tmp --------- 16384  
     04/18/2010 09:31 PM     C:\Users\Thomas\AppData\Local\Temp\VGX1BE8.tmp --------- 525  
     04/18/2010 09:30 PM     C:\Users\Thomas\AppData\Local\Temp\~DFDA41.tmp --------- 16384  
     04/18/2010 07:20 PM     C:\Users\Thomas\AppData\Local\Temp\fla5C64.tmp --------- 5603064  
     04/18/2010 05:20 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9897.tmp --------- 525  
     04/18/2010 05:19 PM     C:\Users\Thomas\AppData\Local\Temp\~DF7787.tmp --------- 16384  
     04/18/2010 09:42 AM     C:\Users\Thomas\AppData\Local\Temp\VGX3F40.tmp --------- 525  
     04/18/2010 09:41 AM     C:\Users\Thomas\AppData\Local\Temp\~DF9C2E.tmp --------- 16384  
     04/17/2010 09:26 PM     C:\Users\Thomas\AppData\Local\Temp\VGX7B95.tmp --------- 525  
     04/17/2010 09:26 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB96F.tmp --------- 16384  
     04/17/2010 07:12 AM     C:\Users\Thomas\AppData\Local\Temp\VGX4B80.tmp --------- 525  
     04/17/2010 07:11 AM     C:\Users\Thomas\AppData\Local\Temp\~DF9322.tmp --------- 16384  
     04/16/2010 07:07 PM     C:\Users\Thomas\AppData\Local\Temp\VGXE501.tmp --------- 525  
     04/16/2010 07:07 PM     C:\Users\Thomas\AppData\Local\Temp\~DFAFA7.tmp --------- 16384  
     04/16/2010 04:23 AM     C:\Users\Thomas\AppData\Local\Temp\VGX96A3.tmp --------- 525  
     04/16/2010 04:22 AM     C:\Users\Thomas\AppData\Local\Temp\~DFB2D7.tmp --------- 16384  
     04/15/2010 11:00 PM     C:\Users\Thomas\AppData\Local\Temp\VGX6FE1.tmp --------- 525  
     04/15/2010 10:59 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1917.tmp --------- 16384  
     04/15/2010 07:18 PM     C:\Users\Thomas\AppData\Local\Temp\VGXC0CE.tmp --------- 525  
     04/15/2010 07:18 PM     C:\Users\Thomas\AppData\Local\Temp\~DFCB08.tmp --------- 16384  
     04/14/2010 08:51 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4FF.tmp --------- 525  
     04/14/2010 08:50 PM     C:\Users\Thomas\AppData\Local\Temp\~DFAE24.tmp --------- 16384  
     04/13/2010 08:37 AM     C:\Users\Thomas\AppData\Local\Temp\VGXF8EE.tmp --------- 525  
     04/13/2010 08:37 AM     C:\Users\Thomas\AppData\Local\Temp\~DF9D37.tmp --------- 16384  
     04/12/2010 06:44 PM     C:\Users\Thomas\AppData\Local\Temp\VGX7E62.tmp --------- 525  
     04/12/2010 06:44 PM     C:\Users\Thomas\AppData\Local\Temp\~DF530A.tmp --------- 16384  
     04/11/2010 09:10 PM     C:\Users\Thomas\AppData\Local\Temp\Temp1_anhaenge_11_04_2010.zip --------- 4096  
     04/11/2010 09:45 AM     C:\Users\Thomas\AppData\Local\Temp\VGX1F71.tmp --------- 525  
     04/11/2010 09:45 AM     C:\Users\Thomas\AppData\Local\Temp\~DFCF51.tmp --------- 16384  
     04/10/2010 08:54 PM     C:\Users\Thomas\AppData\Local\Temp\VGXD509.tmp --------- 525  
     04/10/2010 08:54 PM     C:\Users\Thomas\AppData\Local\Temp\~DFF45D.tmp --------- 16384  
     04/10/2010 07:12 AM     C:\Users\Thomas\AppData\Local\Temp\VGXBEDB.tmp --------- 525  
     04/10/2010 07:12 AM     C:\Users\Thomas\AppData\Local\Temp\~DF62F4.tmp --------- 16384  
     04/09/2010 08:04 PM     C:\Users\Thomas\AppData\Local\Temp\VGX6F17.tmp --------- 525  
     04/09/2010 08:04 PM     C:\Users\Thomas\AppData\Local\Temp\~DFEF1A.tmp --------- 16384  
     04/08/2010 07:11 PM     C:\Users\Thomas\AppData\Local\Temp\VGXD20D.tmp --------- 525  
     04/08/2010 07:11 PM     C:\Users\Thomas\AppData\Local\Temp\~DF50E.tmp --------- 16384  
     04/08/2010 12:04 AM     C:\Users\Thomas\AppData\Local\Temp\VGX2D18.tmp --------- 525  
     04/08/2010 12:04 AM     C:\Users\Thomas\AppData\Local\Temp\~DFABFA.tmp --------- 16384  
     04/07/2010 06:48 PM     C:\Users\Thomas\AppData\Local\Temp\VGX76E3.tmp --------- 525  
     04/07/2010 06:48 PM     C:\Users\Thomas\AppData\Local\Temp\~DFC7D.tmp --------- 16384  
     04/07/2010 04:25 AM     C:\Users\Thomas\AppData\Local\Temp\VGX81FC.tmp --------- 525  
     04/07/2010 04:24 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6AB6.tmp --------- 16384  
     04/06/2010 09:11 PM     C:\Users\Thomas\AppData\Local\Temp\VGX51B7.tmp --------- 525  
     04/06/2010 09:11 PM     C:\Users\Thomas\AppData\Local\Temp\~DF664E.tmp --------- 16384  
     04/05/2010 11:55 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1687.tmp --------- 512  
     04/05/2010 11:55 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1673.tmp --------- 16384  
     04/05/2010 08:07 AM     C:\Users\Thomas\AppData\Local\Temp\VGX9896.tmp --------- 525  
     04/05/2010 08:07 AM     C:\Users\Thomas\AppData\Local\Temp\~DF21AD.tmp --------- 16384  
     04/04/2010 10:35 PM     C:\Users\Thomas\AppData\Local\Temp\fla970E.tmp --------- 9933582  
     04/04/2010 10:29 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4642.tmp --------- 525  
     04/04/2010 10:28 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD0D4.tmp --------- 16384  
     04/04/2010 02:14 PM     C:\Users\Thomas\AppData\Local\Temp\tmpAE96.tmp --------- 0  
     04/04/2010 02:13 PM     C:\Users\Thomas\AppData\Local\Temp\PdnMsiInstall.log --------- 378  
     04/04/2010 02:13 PM     C:\Users\Thomas\AppData\Local\Temp\PdnSetupNgenInstall.log --------- 11963  
     04/04/2010 02:13 PM     C:\Users\Thomas\AppData\Local\Temp\CFG10C2.tmp --------- 123  
     04/04/2010 02:12 PM     C:\Users\Thomas\AppData\Local\Temp\CFG3533.tmp --------- 123  
     04/04/2010 02:10 PM     C:\Users\Thomas\AppData\Local\Temp\tmp93C6.tmp --------- 0  
     04/04/2010 02:05 PM     C:\Users\Thomas\AppData\Local\Temp\VGXC7FF.tmp --------- 525  
     04/04/2010 02:04 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6FB2.tmp --------- 16384  
     04/04/2010 10:37 AM     C:\Users\Thomas\AppData\Local\Temp\VGXFC19.tmp --------- 525  
     04/04/2010 10:36 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6111.tmp --------- 16384  
     04/03/2010 07:41 PM     C:\Users\Thomas\AppData\Local\Temp\VGX2AE.tmp --------- 525  
     04/03/2010 07:40 PM     C:\Users\Thomas\AppData\Local\Temp\~DF3B99.tmp --------- 16384  
     04/02/2010 12:51 PM     C:\Users\Thomas\AppData\Local\Temp\rXzfYAqE.html.part --------- 0  
     04/02/2010 10:07 AM     C:\Users\Thomas\AppData\Local\Temp\VGX1.tmp --------- 525  
     04/02/2010 10:06 AM     C:\Users\Thomas\AppData\Local\Temp\~DFD3F1.tmp --------- 16384  
     04/01/2010 08:47 PM     C:\Users\Thomas\AppData\Local\Temp\VGXB4BD.tmp --------- 525  
     04/01/2010 08:46 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB61B.tmp --------- 16384  
     04/01/2010 02:00 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6DB1.tmp --------- 512  
     04/01/2010 02:00 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6D9D.tmp --------- 16384  
     03/31/2010 08:21 PM     C:\Users\Thomas\AppData\Local\Temp\VGXD190.tmp --------- 525  
     03/31/2010 08:21 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD9DE.tmp --------- 16384  
     03/31/2010 01:20 AM     C:\Users\Thomas\AppData\Local\Temp\~DFE98A.tmp --------- 512  
     03/31/2010 01:20 AM     C:\Users\Thomas\AppData\Local\Temp\~DFE976.tmp --------- 16384  
     03/30/2010 08:26 PM     C:\Users\Thomas\AppData\Local\Temp\VGX24AF.tmp --------- 525  
     03/30/2010 08:26 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD806.tmp --------- 16384  
     03/29/2010 10:10 PM     C:\Users\Thomas\AppData\Local\Temp\QduDEXRA.mpg.part --------- 0  
     03/29/2010 08:35 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFE7.tmp --------- 525  
     03/29/2010 08:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9BE2.tmp --------- 16384  
     03/28/2010 07:13 PM     C:\Users\Thomas\AppData\Local\Temp\VGX7399.tmp --------- 525  
     03/28/2010 07:13 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1F70.tmp --------- 16384  
     03/28/2010 09:29 AM     C:\Users\Thomas\AppData\Local\Temp\VGXDE3D.tmp --------- 525  
     03/28/2010 09:29 AM     C:\Users\Thomas\AppData\Local\Temp\~DFA844.tmp --------- 16384  
     03/27/2010 10:12 PM     C:\Users\Thomas\AppData\Local\Temp\VGX208A.tmp --------- 525  
     03/27/2010 10:11 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA22F.tmp --------- 16384  
     03/27/2010 01:46 AM     C:\Users\Thomas\AppData\Local\Temp\VGX3E76.tmp --------- 525  
     03/27/2010 01:45 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6397.tmp --------- 16384  
     03/27/2010 01:41 AM     C:\Users\Thomas\AppData\Local\Temp\VGXEEB1.tmp --------- 525  
     03/27/2010 01:40 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6D8F.tmp --------- 16384  
     03/25/2010 09:15 PM     C:\Users\Thomas\AppData\Local\Temp\VGXE2FE.tmp --------- 525  
     03/25/2010 09:15 PM     C:\Users\Thomas\AppData\Local\Temp\~DF220E.tmp --------- 16384  
     03/24/2010 08:56 PM     C:\Users\Thomas\AppData\Local\Temp\VGX58B9.tmp --------- 525  
     03/24/2010 08:56 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4004.tmp --------- 16384  
     03/23/2010 08:33 PM     C:\Users\Thomas\AppData\Local\Temp\VGX8EC7.tmp --------- 525  
     03/23/2010 08:33 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4623.tmp --------- 16384  
     03/22/2010 08:34 PM     C:\Users\Thomas\AppData\Local\Temp\VGX8870.tmp --------- 525  
     03/22/2010 08:33 PM     C:\Users\Thomas\AppData\Local\Temp\~DFE2CE.tmp --------- 16384  
     03/21/2010 11:23 AM     C:\Users\Thomas\AppData\Local\Temp\+evQMSXP.htm.part --------- 0  
     03/21/2010 11:22 AM     C:\Users\Thomas\AppData\Local\Temp\0SEY6Fs0.wmv.part --------- 0  
     03/21/2010 09:46 AM     C:\Users\Thomas\AppData\Local\Temp\VGXD529.tmp --------- 525  
     03/21/2010 09:46 AM     C:\Users\Thomas\AppData\Local\Temp\~DF2546.tmp --------- 16384  
     03/20/2010 10:06 PM     C:\Users\Thomas\AppData\Local\Temp\VGX5EC2.tmp --------- 525  
     03/20/2010 10:06 PM     C:\Users\Thomas\AppData\Local\Temp\~DF985A.tmp --------- 16384  
     03/20/2010 09:20 AM     C:\Users\Thomas\AppData\Local\Temp\VGX8E4A.tmp --------- 525  
     03/20/2010 09:19 AM     C:\Users\Thomas\AppData\Local\Temp\~DFAD97.tmp --------- 16384  
     03/19/2010 10:05 PM     C:\Users\Thomas\AppData\Local\Temp\VGX5E93.tmp --------- 525  
     03/19/2010 10:05 PM     C:\Users\Thomas\AppData\Local\Temp\~DF51DB.tmp --------- 16384  
     03/18/2010 11:29 PM     C:\Users\Thomas\AppData\Local\Temp\wmplog02.sqm --------- 1408  
     03/18/2010 11:14 PM     C:\Users\Thomas\AppData\Local\Temp\~DFC13A.tmp --------- 16384  
     03/18/2010 11:14 PM     C:\Users\Thomas\AppData\Local\Temp\~DF5B90.tmp --------- 294912  
     03/18/2010 11:03 PM     C:\Users\Thomas\AppData\Local\Temp\~DF168.tmp --------- 16384  
     03/18/2010 11:02 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB1D8.tmp --------- 16384  
     03/18/2010 11:02 PM     C:\Users\Thomas\AppData\Local\Temp\~DF7719.tmp --------- 16384  
     03/18/2010 11:02 PM     C:\Users\Thomas\AppData\Local\Temp\wmplog01.sqm --------- 1284  
     03/18/2010 11:01 PM     C:\Users\Thomas\AppData\Local\Temp\~DFE572.tmp --------- 16384  
     03/18/2010 11:00 PM     C:\Users\Thomas\AppData\Local\Temp\~DF63.tmp --------- 16384  
     03/18/2010 10:59 PM     C:\Users\Thomas\AppData\Local\Temp\FreeFLV --------- 0  
     03/18/2010 10:59 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9C25.tmp --------- 294912  
     03/16/2010 09:19 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9C0F.tmp --------- 525  
     03/16/2010 09:18 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4417.tmp --------- 16384  
     03/15/2010 10:29 PM     C:\Users\Thomas\AppData\Local\Temp\f_WiMEuH.html.part --------- 0  
     03/15/2010 09:22 PM     C:\Users\Thomas\AppData\Local\Temp\VGX59A3.tmp --------- 525  
     03/15/2010 09:21 PM     C:\Users\Thomas\AppData\Local\Temp\~DF11E3.tmp --------- 16384  
     03/14/2010 07:29 PM     C:\Users\Thomas\AppData\Local\Temp\is-65CMG.tmp --------- 0  
     03/14/2010 11:06 AM     C:\Users\Thomas\AppData\Local\Temp\VGX97DB.tmp --------- 525  
     03/14/2010 11:05 AM     C:\Users\Thomas\AppData\Local\Temp\~DF638F.tmp --------- 16384  
     03/13/2010 07:52 PM     C:\Users\Thomas\AppData\Local\Temp\VGX1525.tmp --------- 525  
     03/13/2010 07:52 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9797.tmp --------- 16384  
     03/13/2010 08:40 AM     C:\Users\Thomas\AppData\Local\Temp\VGX227D.tmp --------- 525  
     03/13/2010 08:40 AM     C:\Users\Thomas\AppData\Local\Temp\~DFA2D6.tmp --------- 16384  
     03/13/2010 02:55 AM     C:\Users\Thomas\AppData\Local\Temp\~DF295E.tmp --------- 512  
     03/13/2010 02:55 AM     C:\Users\Thomas\AppData\Local\Temp\~DF294A.tmp --------- 16384  
     03/11/2010 08:43 PM     C:\Users\Thomas\AppData\Local\Temp\VGXD5B5.tmp --------- 525  
     03/11/2010 08:43 PM     C:\Users\Thomas\AppData\Local\Temp\~DF249A.tmp --------- 16384  
     03/11/2010 01:35 AM     C:\Users\Thomas\AppData\Local\Temp\~DFC28D.tmp --------- 512  
     03/11/2010 01:35 AM     C:\Users\Thomas\AppData\Local\Temp\~DFC279.tmp --------- 16384  
     03/10/2010 10:36 PM     C:\Users\Thomas\AppData\Local\Temp\VGX3E47.tmp --------- 525  
     03/10/2010 10:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFC56.tmp --------- 16384  
     03/09/2010 07:54 PM     C:\Users\Thomas\AppData\Local\Temp\VGXA9B6.tmp --------- 525  
     03/09/2010 07:54 PM     C:\Users\Thomas\AppData\Local\Temp\~DF80D4.tmp --------- 16384  
     03/07/2010 09:55 AM     C:\Users\Thomas\AppData\Local\Temp\VGXC947.tmp --------- 525  
     03/07/2010 09:54 AM     C:\Users\Thomas\AppData\Local\Temp\~DFED16.tmp --------- 16384  
     03/06/2010 10:28 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFF73.tmp --------- 525  
     03/06/2010 10:28 PM     C:\Users\Thomas\AppData\Local\Temp\~DF81BB.tmp --------- 16384  
     03/06/2010 07:55 AM     C:\Users\Thomas\AppData\Local\Temp\VGX9AB8.tmp --------- 525  
     03/06/2010 07:54 AM     C:\Users\Thomas\AppData\Local\Temp\~DF5C92.tmp --------- 16384  
     03/04/2010 08:36 PM     C:\Users\Thomas\AppData\Local\Temp\VGX81FB.tmp --------- 525  
     03/04/2010 08:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9A2F.tmp --------- 16384  
     03/02/2010 08:22 PM     C:\Users\Thomas\AppData\Local\Temp\7zSCDAA.tmp --------- 0  
     03/02/2010 08:06 PM     C:\Users\Thomas\AppData\Local\Temp\VGX2C0E.tmp --------- 525  
     03/02/2010 08:06 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD4B1.tmp --------- 16384  
     03/02/2010 01:35 AM     C:\Users\Thomas\AppData\Local\Temp\~DFF60F.tmp --------- 512  
     03/02/2010 01:35 AM     C:\Users\Thomas\AppData\Local\Temp\~DFF5FB.tmp --------- 16384  
     02/28/2010 07:01 PM     C:\Users\Thomas\AppData\Local\Temp\Temp1_facampclu.zip --------- 4096  
     02/28/2010 06:23 PM     C:\Users\Thomas\AppData\Local\Temp\SmartInstaller_Log.txt --------- 915  
     02/28/2010 06:23 PM     C:\Users\Thomas\AppData\Local\Temp\en_US --------- 0  
     02/28/2010 06:23 PM     C:\Users\Thomas\AppData\Local\Temp\PartyGaming --------- 4096  
     02/28/2010 06:23 PM     C:\Users\Thomas\AppData\Local\Temp\PartyGaming.zip --------- 7543985  
     02/28/2010 06:23 PM     C:\Users\Thomas\AppData\Local\Temp\pPokerSetup.exe --------- 5868823  
     02/28/2010 06:21 PM     C:\Users\Thomas\AppData\Local\Temp\Flash_2K_XP_Vista.zip --------- 1992362  
     02/28/2010 06:21 PM     C:\Users\Thomas\AppData\Local\Temp\en_US.zip --------- 767366  
     02/28/2010 06:20 PM     C:\Users\Thomas\AppData\Local\Temp\PG --------- 4096  
     02/28/2010 06:20 PM     C:\Users\Thomas\AppData\Local\Temp\Low --------- 0  
     02/28/2010 05:05 PM     C:\Users\Thomas\AppData\Local\Temp\titanpokeren.cab --------- 7958439  
     02/28/2010 12:31 PM     C:\Users\Thomas\AppData\Local\Temp\VGX6F2.tmp --------- 525  
     02/28/2010 12:30 PM     C:\Users\Thomas\AppData\Local\Temp\~DFF4A4.tmp --------- 16384  
     02/28/2010 05:19 AM     C:\Users\Thomas\AppData\Local\Temp\VGXC744.tmp --------- 525  
     02/28/2010 05:18 AM     C:\Users\Thomas\AppData\Local\Temp\~DF1137.tmp --------- 16384  
     02/27/2010 10:28 PM     C:\Users\Thomas\AppData\Local\Temp\VGX5907.tmp --------- 525  
     02/27/2010 10:28 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1BA5.tmp --------- 16384  
     02/25/2010 08:34 PM     C:\Users\Thomas\AppData\Local\Temp\VGX3F60.tmp --------- 525  
     02/25/2010 08:34 PM     C:\Users\Thomas\AppData\Local\Temp\~DFF4C9.tmp --------- 16384  
     02/24/2010 09:57 PM     C:\Users\Thomas\AppData\Local\Temp\VGX20F7.tmp --------- 525  
     02/24/2010 09:56 PM     C:\Users\Thomas\AppData\Local\Temp\~DF7BF2.tmp --------- 16384  
     02/23/2010 08:31 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFDED.tmp --------- 525  
     02/23/2010 08:31 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1AE9.tmp --------- 16384  
     02/22/2010 08:57 PM     C:\Users\Thomas\AppData\Local\Temp\VGX2847.tmp --------- 525  
     02/22/2010 08:57 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8204.tmp --------- 16384  
     02/18/2010 08:02 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9387.tmp --------- 525  
     02/18/2010 08:02 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFB42.tmp --------- 16384  
     02/17/2010 10:20 PM     C:\Users\Thomas\AppData\Local\Temp\VGX254B.tmp --------- 525  
     02/17/2010 10:19 PM     C:\Users\Thomas\AppData\Local\Temp\~DF5BD2.tmp --------- 16384  
     02/13/2010 10:45 PM     C:\Users\Thomas\AppData\Local\Temp\VGX6C3.tmp --------- 525  
     02/13/2010 10:45 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1A57.tmp --------- 16384  
     02/12/2010 11:48 PM     C:\Users\Thomas\AppData\Local\Temp\fla9CC6.tmp --------- 6508631  
     02/12/2010 08:58 PM     C:\Users\Thomas\AppData\Local\Temp\VGXF1AE.tmp --------- 525  
     02/12/2010 08:58 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8C06.tmp --------- 16384  
     02/11/2010 08:07 PM     C:\Users\Thomas\AppData\Local\Temp\VGXCA50.tmp --------- 525  
     02/11/2010 08:07 PM     C:\Users\Thomas\AppData\Local\Temp\~DFAC58.tmp --------- 16384  
     02/10/2010 10:29 PM     C:\Users\Thomas\AppData\Local\Temp\flaA00.tmp --------- 161634852  
     02/10/2010 10:18 PM     C:\Users\Thomas\AppData\Local\Temp\VGX5B49.tmp --------- 525  
     02/10/2010 10:18 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6971.tmp --------- 16384  
     02/10/2010 01:38 PM     C:\Users\Thomas\AppData\Local\Temp\VGXE677.tmp --------- 525  
     02/10/2010 01:38 PM     C:\Users\Thomas\AppData\Local\Temp\~DF21B2.tmp --------- 16384  
     02/09/2010 07:33 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4D16.tmp --------- 525  
     02/09/2010 07:32 PM     C:\Users\Thomas\AppData\Local\Temp\~DFCA74.tmp --------- 16384  
     02/08/2010 07:15 PM     C:\Users\Thomas\AppData\Local\Temp\VGXA073.tmp --------- 525  
     02/08/2010 07:14 PM     C:\Users\Thomas\AppData\Local\Temp\~DFE1CD.tmp --------- 16384  
     02/07/2010 04:46 PM     C:\Users\Thomas\AppData\Local\Temp\VGXFA74.tmp --------- 525  
     02/07/2010 04:45 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD39C.tmp --------- 16384  
     02/07/2010 09:52 AM     C:\Users\Thomas\AppData\Local\Temp\VGX6A75.tmp --------- 525  
     02/07/2010 09:52 AM     C:\Users\Thomas\AppData\Local\Temp\~DFFE0F.tmp --------- 16384  
     02/06/2010 01:39 PM     C:\Users\Thomas\AppData\Local\Temp\VGX52EF.tmp --------- 525  
     02/06/2010 01:38 PM     C:\Users\Thomas\AppData\Local\Temp\~DFE59D.tmp --------- 16384  
     02/06/2010 10:04 AM     C:\Users\Thomas\AppData\Local\Temp\VGX3BD7.tmp --------- 525  
     02/06/2010 10:04 AM     C:\Users\Thomas\AppData\Local\Temp\~DFA910.tmp --------- 16384  
     02/05/2010 07:09 PM     C:\Users\Thomas\AppData\Local\Temp\VGXD2B9.tmp --------- 525  
     02/05/2010 07:09 PM     C:\Users\Thomas\AppData\Local\Temp\~DFAB37.tmp --------- 16384  
     02/05/2010 04:15 PM     C:\Users\Thomas\AppData\Local\Temp\dd_vcredistUI4E1F.txt --------- 14566  
     02/05/2010 04:15 PM     C:\Users\Thomas\AppData\Local\Temp\dd_vcredistMSI4E1F.txt --------- 413534  
     02/05/2010 04:01 PM     C:\Users\Thomas\AppData\Local\Temp\AbbyyMsiLog.txt --------- 1393  
     02/05/2010 03:53 PM     C:\Users\Thomas\AppData\Local\Temp\CFGA0F7.tmp --------- 123  
     02/05/2010 09:12 AM     C:\Users\Thomas\AppData\Local\Temp\VGX9D67.tmp --------- 525  
     02/05/2010 09:11 AM     C:\Users\Thomas\AppData\Local\Temp\~DF5467.tmp --------- 16384  
     02/04/2010 11:27 AM     C:\Users\Thomas\AppData\Local\Temp\VGXE906.tmp --------- 525  
     02/04/2010 11:27 AM     C:\Users\Thomas\AppData\Local\Temp\~DFDF8.tmp --------- 16384  
     02/03/2010 10:01 PM     C:\Users\Thomas\AppData\Local\Temp\flaA285.tmp --------- 161634852  
     02/03/2010 07:26 PM     C:\Users\Thomas\AppData\Local\Temp\VGX4B9F.tmp --------- 525  
     02/03/2010 07:26 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8E68.tmp --------- 16384  
     02/02/2010 07:51 PM     C:\Users\Thomas\AppData\Local\Temp\VGXA514.tmp --------- 525  
     02/02/2010 07:50 PM     C:\Users\Thomas\AppData\Local\Temp\~DFDB5B.tmp --------- 16384  
     02/01/2010 09:06 PM     C:\Users\Thomas\AppData\Local\Temp\VGX8C47.tmp --------- 525  
     02/01/2010 09:06 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9B2C.tmp --------- 16384  
     01/31/2010 09:27 AM     C:\Users\Thomas\AppData\Local\Temp\VGX3976.tmp --------- 525  
     01/31/2010 09:27 AM     C:\Users\Thomas\AppData\Local\Temp\~DF6CDE.tmp --------- 16384  
     01/30/2010 09:57 PM     C:\Users\Thomas\AppData\Local\Temp\VGX312D.tmp --------- 525  
     01/30/2010 09:57 PM     C:\Users\Thomas\AppData\Local\Temp\~DFDB5D.tmp --------- 16384  
     01/29/2010 09:37 PM     C:\Users\Thomas\AppData\Local\Temp\VGX9D57.tmp --------- 525  
     01/29/2010 09:37 PM     C:\Users\Thomas\AppData\Local\Temp\~DF466.tmp --------- 16384  
     01/28/2010 08:10 PM     C:\Users\Thomas\AppData\Local\Temp\VGXCE27.tmp --------- 525  
     01/28/2010 08:10 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA11F.tmp --------- 16384  
     01/27/2010 10:10 PM     C:\Users\Thomas\AppData\Local\Temp\VGX818D.tmp --------- 525  
     01/27/2010 10:09 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8CE8.tmp --------- 16384  
     01/26/2010 07:33 PM     C:\Users\Thomas\AppData\Local\Temp\VGX584C.tmp --------- 525  
     01/26/2010 07:33 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB6C8.tmp --------- 16384  
     01/25/2010 06:39 PM     C:\Users\Thomas\AppData\Local\Temp\VGX3E28.tmp --------- 525  
     01/25/2010 06:39 PM     C:\Users\Thomas\AppData\Local\Temp\~DF6A4.tmp --------- 16384  
     01/24/2010 05:30 PM     C:\Users\Thomas\AppData\Local\Temp\VGX93F5.tmp --------- 525  
     01/24/2010 05:29 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1CF5.tmp --------- 16384  
     01/24/2010 07:59 AM     C:\Users\Thomas\AppData\Local\Temp\VGX54C3.tmp --------- 525  
     01/24/2010 07:58 AM     C:\Users\Thomas\AppData\Local\Temp\~DF12B1.tmp --------- 16384  
     01/23/2010 09:42 PM     C:\Users\Thomas\AppData\Local\Temp\VGX138.tmp --------- 525  
     01/23/2010 09:42 PM     C:\Users\Thomas\AppData\Local\Temp\~DF730C.tmp --------- 16384  
     01/23/2010 05:34 PM     C:\Users\Thomas\AppData\Local\Temp\VGXACD1.tmp --------- 525  
     01/23/2010 05:34 PM     C:\Users\Thomas\AppData\Local\Temp\~DF52CE.tmp --------- 16384  
     01/21/2010 08:00 PM     C:\Users\Thomas\AppData\Local\Temp\pGhgRHLV.bz2.part --------- 10147780  
     01/20/2010 09:41 PM     C:\Users\Thomas\AppData\Local\Temp\VGX779F.tmp --------- 525  
     01/20/2010 09:41 PM     C:\Users\Thomas\AppData\Local\Temp\~DFD71D.tmp --------- 16384  
     01/19/2010 02:32 PM     C:\Users\Thomas\AppData\Local\Temp\VGX77ED.tmp --------- 525  
     01/19/2010 02:32 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4229.tmp --------- 16384  
     01/17/2010 10:49 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4620.tmp --------- 16384  
     01/17/2010 10:43 PM     C:\Users\Thomas\AppData\Local\Temp\~DF8F18.tmp --------- 16384  
     01/17/2010 10:42 PM     C:\Users\Thomas\AppData\Local\Temp\~DF646.tmp --------- 16384  
     01/17/2010 10:42 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9A22.tmp --------- 16384  
     01/17/2010 10:42 PM     C:\Users\Thomas\AppData\Local\Temp\~DF147F.tmp --------- 16384  
     01/17/2010 10:41 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9852.tmp --------- 16384  
     01/17/2010 10:41 PM     C:\Users\Thomas\AppData\Local\Temp\~DF4909.tmp --------- 16384  
     01/17/2010 10:41 PM     C:\Users\Thomas\AppData\Local\Temp\~DFA54D.tmp --------- 16384  
     01/17/2010 10:41 PM     C:\Users\Thomas\AppData\Local\Temp\~DF5BDC.tmp --------- 16384  
     01/17/2010 10:40 PM     C:\Users\Thomas\AppData\Local\Temp\~DFAA7F.tmp --------- 16384  
     01/17/2010 10:40 PM     C:\Users\Thomas\AppData\Local\Temp\~DFEB6A.tmp --------- 16384  
     01/17/2010 10:39 PM     C:\Users\Thomas\AppData\Local\Temp\~DFF5C.tmp --------- 16384  
     01/17/2010 10:39 PM     C:\Users\Thomas\AppData\Local\Temp\~DF5E01.tmp --------- 16384  
     01/17/2010 10:38 PM     C:\Users\Thomas\AppData\Local\Temp\~DFE64.tmp --------- 16384  
     01/17/2010 10:38 PM     C:\Users\Thomas\AppData\Local\Temp\~DF56E1.tmp --------- 16384  
     01/17/2010 10:38 PM     C:\Users\Thomas\AppData\Local\Temp\~DF181.tmp --------- 16384  
     01/17/2010 10:37 PM     C:\Users\Thomas\AppData\Local\Temp\~DF56CF.tmp --------- 16384  
     01/17/2010 10:37 PM     C:\Users\Thomas\AppData\Local\Temp\~DF9E26.tmp --------- 16384  
     01/17/2010 10:37 PM     C:\Users\Thomas\AppData\Local\Temp\~DF466D.tmp --------- 16384  
     01/17/2010 10:36 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB75E.tmp --------- 16384  
     01/17/2010 10:36 PM     C:\Users\Thomas\AppData\Local\Temp\~DF689D.tmp --------- 16384  
     01/17/2010 10:36 PM     C:\Users\Thomas\AppData\Local\Temp\~DFB800.tmp --------- 16384  
     01/17/2010 10:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DFFAF8.tmp --------- 16384  
     01/17/2010 10:35 PM     C:\Users\Thomas\AppData\Local\Temp\~DF43C3.tmp --------- 16384  
     01/17/2010 10:35 PM     C:\Users\Thomas\AppData\Local\Temp\wmplog00.sqm --------- 1284  
     01/17/2010 10:32 PM     C:\Users\Thomas\AppData\Local\Temp\~DFEAC2.tmp --------- 16384  
     01/17/2010 10:32 PM     C:\Users\Thomas\AppData\Local\Temp\~DF1AFE.tmp --------- 294912  
     01/17/2010 10:31 PM     C:\Users\Thomas\AppData\Local\Temp\~DF68E9.tmp --------- 294912  
     12/18/2008 01:34 PM     C:\Users\Thomas\AppData\Local\Temp\xmtThumb.ils --------- 206397  
    ----------------------------------------
    
     
    C:\Program Files
    
     07/05/2010 10:06 PM     C:\Program Files\ac'tivAid --------- 4096  
     07/05/2010 08:40 PM     C:\Program Files\Sophos --------- 0  
     07/05/2010 04:06 PM     C:\Program Files\UB --------- 0  
     07/05/2010 04:05 PM     C:\Program Files\Shogun - Total War --------- 12288  
     07/05/2010 04:04 PM     C:\Program Files\CPUID --------- 0  
     07/05/2010 03:57 PM     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
     07/05/2010 01:50 PM     C:\Program Files\HiJackThis --------- 0  
     07/05/2010 11:25 AM     C:\Program Files\Mozilla Firefox --------- 28672  
     07/01/2010 09:52 PM     C:\Program Files\XnView --------- 4096  
     07/01/2010 04:25 PM     C:\Program Files\Opera 10 Beta --------- 4096  
     06/25/2010 12:06 PM     C:\Program Files\Microsoft.NET --------- 0  
     06/20/2010 12:38 PM     C:\Program Files\Common Files --------- 4096  
     06/20/2010 12:38 PM     C:\Program Files\EurobetPoker --------- 28672  
     06/11/2010 06:32 PM     C:\Program Files\Windows Mail --------- 4096  
     06/11/2010 06:32 PM     C:\Program Files\Internet Explorer --------- 4096  
     05/29/2010 11:00 AM     C:\Program Files\Holdem Manager --------- 28672  
     05/16/2010 07:26 PM     C:\Program Files\Tracker Software --------- 4096  
     05/16/2010 11:32 AM     C:\Program Files\Full Tilt Poker --------- 8192  
     05/16/2010 11:20 AM     C:\Program Files\Everest Poker --------- 4096  
     04/04/2010 02:13 PM     C:\Program Files\Paint.NET --------- 16384  
     03/14/2010 07:31 PM     C:\Program Files\WSEX Poker --------- 8192  
     03/14/2010 07:25 PM     C:\Program Files\Europoker --------- 16384  
     03/11/2010 08:28 PM     C:\Program Files\Movie Maker --------- 0  
     03/09/2010 10:33 PM     C:\Program Files\PokerRoom.com --------- 4096  
     02/05/2010 04:36 PM     C:\Program Files\OpenOffice.org 3 --------- 4096  
     02/05/2010 03:54 PM     C:\Program Files\Poker Grapher --------- 0  
     02/04/2010 05:37 PM     C:\Program Files\AutoHotkey --------- 4096  
     01/19/2010 08:05 PM     C:\Program Files\foobar2000 --------- 4096  
     01/19/2010 07:56 PM     C:\Program Files\Free FLV Converter --------- 8192  
     01/03/2010 10:57 PM     C:\Program Files\MansionPoker --------- 12288  
     01/03/2010 01:42 PM     C:\Program Files\PokerStove --------- 4096  
     01/01/2010 10:16 PM     C:\Program Files\AAAA --------- 20480  
     01/01/2010 08:49 PM     C:\Program Files\RVG Software --------- 0  
     12/30/2009 11:48 PM     C:\Program Files\DOSBox-0.73 --------- 4096  
     12/24/2009 10:57 AM     C:\Program Files\ThreatFire --------- 12288  
     12/22/2009 08:39 PM     C:\Program Files\Winamp --------- 0  
     12/22/2009 06:39 PM     C:\Program Files\Auslogics --------- 0  
     12/21/2009 09:58 PM     C:\Program Files\TeamViewer --------- 0  
     12/17/2009 12:06 AM     C:\Program Files\MPC HomeCinema --------- 8192  
     12/13/2009 01:43 PM     C:\Program Files\PeG-WW2 --------- 0  
     11/18/2009 11:45 PM     C:\Program Files\XMind --------- 4096  
     11/18/2009 10:58 PM     C:\Program Files\PostgreSQL --------- 0  
     11/15/2009 12:55 AM     C:\Program Files\Free YouTube to MP3 Converter --------- 4096  
     11/10/2009 09:31 PM     C:\Program Files\Unknown Horizons --------- 0  
     11/10/2009 03:26 PM     C:\Program Files\OpenAL --------- 0  
     11/10/2009 09:27 AM     C:\Program Files\Java --------- 4096  
     11/03/2009 05:44 AM     C:\Program Files\Windows Portable Devices --------- 0  
     11/01/2009 09:41 PM     C:\Program Files\stderr.txt --------- 738  
     10/28/2009 11:35 PM     C:\Program Files\Windows Media Player --------- 4096  
     10/26/2009 11:15 PM     C:\Program Files\DVDVideoSoft --------- 4096  
     10/18/2009 11:56 AM     C:\Program Files\Sony Ericsson --------- 4096  
     10/18/2009 11:44 AM     C:\Program Files\Sony --------- 0  
     10/12/2009 09:05 PM     C:\Program Files\userdata --------- 4096  
     09/27/2009 10:42 AM     C:\Program Files\QuickTime --------- 4096  
     09/27/2009 10:40 AM     C:\Program Files\Apple Software Update --------- 4096  
     09/02/2009 07:25 PM     C:\Program Files\Hp --------- 0  
     07/13/2009 08:52 PM     C:\Program Files\PokerStars --------- 8192  
     07/11/2009 05:46 PM     C:\Program Files\Notepad++ --------- 4096  
     07/11/2009 02:03 PM     C:\Program Files\B2BPOKER --------- 0  
     07/11/2009 07:31 AM     C:\Program Files\Skype --------- 0  
     07/10/2009 10:09 PM     C:\Program Files\InstallShield Installation Information --------- 8192  
     06/25/2009 11:54 AM     C:\Program Files\Opera --------- 0  
     06/04/2009 09:34 PM     C:\Program Files\Paragon Software --------- 0  
     05/27/2009 10:35 PM     C:\Program Files\Abloadtool --------- 4096  
     05/27/2009 12:24 AM     C:\Program Files\Windows Calendar --------- 0  
     05/27/2009 12:24 AM     C:\Program Files\Windows Sidebar --------- 4096  
     05/27/2009 12:24 AM     C:\Program Files\Windows Collaboration --------- 0  
     05/27/2009 12:23 AM     C:\Program Files\Windows Photo Gallery --------- 4096  
     05/27/2009 12:23 AM     C:\Program Files\Windows Defender --------- 4096  
     05/26/2009 11:24 PM     C:\Program Files\lame --------- 0  
     05/26/2009 10:34 PM     C:\Program Files\Logitech --------- 0  
     04/27/2009 10:50 PM     C:\Program Files\SpeedFan --------- 4096  
     04/10/2009 09:43 PM     C:\Program Files\Trend Micro --------- 0  
     04/08/2009 11:06 PM     C:\Program Files\Avanquest update --------- 4096  
     04/07/2009 11:45 AM     C:\Program Files\NetBeans 6.5.1 --------- 8192  
     04/07/2009 11:41 AM     C:\Program Files\Sun --------- 0  
     04/07/2009 11:12 AM     C:\Program Files\Secunia --------- 0  
     04/03/2009 06:13 PM     C:\Program Files\Defraggler --------- 4096  
     03/30/2009 01:05 PM     C:\Program Files\Foxit Software --------- 0  
     03/29/2009 10:40 AM     C:\Program Files\Microsoft --------- 0  
     03/29/2009 10:19 AM     C:\Program Files\Mp3tag --------- 0  
     03/27/2009 03:40 PM     C:\Program Files\pdfsam --------- 4096  
     03/25/2009 03:45 PM     C:\Program Files\Driver Cleaner Pro --------- 16384  
     03/25/2009 03:40 PM     C:\Program Files\CCleaner --------- 0  
     03/22/2009 07:39 PM     C:\Program Files\SystemRequirementsLab --------- 0  
     03/20/2009 09:42 AM     C:\Program Files\Avira --------- 0  
     03/03/2009 10:51 PM     C:\Program Files\PC Wizard 2008 --------- 4096  
     02/12/2009 03:11 PM     C:\Program Files\Hewlett-Packard --------- 4096  
     02/07/2009 11:54 PM     C:\Program Files\WinDirStat --------- 4096  
     02/07/2009 11:04 PM     C:\Program Files\Microsoft Rechner-Plus --------- 0  
     02/05/2009 11:11 PM     C:\Program Files\PC Inspector File Recovery --------- 4096  
     02/05/2009 11:10 PM     C:\Program Files\JPG-Illuminator --------- 0  
     02/05/2009 11:09 PM     C:\Program Files\PDFCreator --------- 4096  
     02/01/2009 10:29 PM     C:\Program Files\mp3DirectCut --------- 0  
     01/20/2009 12:59 AM     C:\Program Files\3DO --------- 0  
     01/19/2009 09:52 PM     C:\Program Files\7-Zip --------- 4096  
     01/19/2009 02:25 AM     C:\Program Files\WinAce --------- 8192  
     01/12/2009 07:25 PM     C:\Program Files\FLAC --------- 4096  
     01/05/2009 10:07 AM     C:\Program Files\K-Lite Codec Pack --------- 4096  
     12/05/2008 01:30 AM     C:\Program Files\Ashampoo --------- 0  
     12/03/2008 06:45 PM     C:\Program Files\dsksve8 --------- 4096  
     11/30/2008 01:11 AM     C:\Program Files\PixiePack Codec Pack --------- 0  
     11/30/2008 01:04 AM     C:\Program Files\Euchler --------- 0  
     11/30/2008 12:56 AM     C:\Program Files\SiSoftware --------- 0  
     11/28/2008 02:12 PM     C:\Program Files\Intel Corporation --------- 0  
     11/17/2008 06:30 PM     C:\Program Files\epson --------- 0  
     11/14/2008 05:22 PM     C:\Program Files\FastStone Photo Resizer --------- 4096  
     11/10/2008 11:35 PM     C:\Program Files\WorldOfGoo --------- 4096  
     11/10/2008 02:12 PM     C:\Program Files\avmwlanstick --------- 0  
     11/01/2008 03:30 PM     C:\Program Files\HxD --------- 0  
     10/29/2008 07:59 PM     C:\Program Files\SQLite ODBC Driver --------- 0  
     10/19/2008 01:57 PM     C:\Program Files\Smallvideosoft --------- 0  
     10/19/2008 01:48 PM     C:\Program Files\Search Settings --------- 0  
     10/18/2008 02:17 PM     C:\Program Files\DOSBox-0.72 --------- 4096  
     10/17/2008 05:52 PM     C:\Program Files\arena --------- 0  
     10/17/2008 07:48 AM     C:\Program Files\WinUAE --------- 4096  
     10/09/2008 05:22 AM     C:\Program Files\desktop.ini --------- 174  
     09/28/2008 07:54 PM     C:\Program Files\PeG-WW2-PAC --------- 0  
     09/28/2008 09:42 AM     C:\Program Files\PeG-ACW --------- 0  
     09/26/2008 10:15 AM     C:\Program Files\PeG-WW2_Western_EUR --------- 0  
     09/25/2008 08:21 AM     C:\Program Files\QS --------- 0  
     09/20/2008 04:55 PM     C:\Program Files\Xilisoft --------- 0  
     09/05/2008 04:47 AM     C:\Program Files\Setometer --------- 0  
     08/14/2008 07:24 PM     C:\Program Files\VideoLAN --------- 0  
     08/11/2008 03:38 PM     C:\Program Files\ImgBurn --------- 0  
     08/05/2008 09:49 AM     C:\Program Files\CONEXANT --------- 4096  
     08/04/2008 10:06 PM     C:\Program Files\MSXML 4.0 --------- 0  
     07/31/2008 12:23 AM     C:\Program Files\Broadcom --------- 0  
     07/31/2008 12:22 AM     C:\Program Files\Macrovision Corp --------- 0  
     11/06/2007 07:00 AM     C:\Program Files\Synaptics --------- 0  
     11/06/2007 06:58 AM     C:\Program Files\Roxio --------- 0  
     11/06/2007 06:45 AM     C:\Program Files\Microsoft SQL Server --------- 0  
     11/06/2007 06:15 AM     C:\Program Files\Intel --------- 0  
     11/09/2006 06:46 PM     C:\Program Files\Windows NT --------- 4096  
     11/09/2006 06:46 PM     C:\Program Files\Gemeinsame Dateien --------- 0  
     11/02/2006 02:58 PM     C:\Program Files\Uninstall Information --------- 0  
     11/02/2006 02:35 PM     C:\Program Files\Microsoft Games --------- 4096  
     11/02/2006 02:35 PM     C:\Program Files\Reference Assemblies --------- 0  
     11/02/2006 02:35 PM     C:\Program Files\MSBuild --------- 0  
    ----------------------------------------
    
     
    C:\ProgramData\.. 
    
    Thomas    
    holdemmanager    
    desktop.ini    
    Default    
    Default User    
    All Users    
    Public    
    ----------------------------------------
    
     
    C:\Windows\system32\drivers\etc\hosts
    
    127.0.0.1       localhost
    ::1             localhost
    
    ----------------------------------------
    
     
    
    Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
    ========================= ======== ================ =========== ===============
    System Idle Process              0 Services                   0            24 K
    System                           4 Services                   0         1.380 K
    smss.exe                       384 Services                   0           668 K
    csrss.exe                      456 Services                   0         4.792 K
    wininit.exe                    500 Services                   0         3.516 K
    csrss.exe                      512 Console                    1        14.264 K
    services.exe                   544 Services                   0         6.156 K
    lsass.exe                      556 Services                   0         7.604 K
    lsm.exe                        568 Services                   0         3.388 K
    winlogon.exe                   608 Console                    1         4.992 K
    svchost.exe                    748 Services                   0         5.364 K
    svchost.exe                    832 Services                   0         5.744 K
    svchost.exe                    884 Services                   0        35.576 K
    svchost.exe                    924 Services                   0        10.676 K
    svchost.exe                    956 Services                   0        53.168 K
    svchost.exe                    972 Services                   0        23.016 K
    audiodg.exe                   1052 Services                   0         9.076 K
    svchost.exe                   1072 Services                   0         4.148 K
    SLsvc.exe                     1088 Services                   0         6.480 K
    svchost.exe                   1128 Services                   0        11.568 K
    svchost.exe                   1264 Services                   0        12.948 K
    spoolsv.exe                   1472 Services                   0         8.036 K
    sched.exe                     1496 Services                   0         1.360 K
    svchost.exe                   1536 Services                   0        19.084 K
    avguard.exe                   1716 Services                   0        32.800 K
    svchost.exe                   1760 Services                   0         2.992 K
    sqlservr.exe                  1804 Services                   0         1.216 K
    avshadow.exe                  1940 Services                   0         4.128 K
    svchost.exe                    260 Services                   0         5.412 K
    svchost.exe                    284 Services                   0         5.584 K
    svchost.exe                    396 Services                   0         1.864 K
    SearchIndexer.exe              464 Services                   0        16.340 K
    XAudio.exe                     736 Services                   0         2.212 K
    hpqwmiex.exe                   900 Services                   0         4.888 K
    postgres.exe                  1544 Services                   0         7.712 K
    postgres.exe                  2132 Services                   0         4.956 K
    postgres.exe                  2144 Services                   0         4.820 K
    postgres.exe                  2152 Services                   0         5.296 K
    postgres.exe                  2160 Services                   0         4.592 K
    dwm.exe                       2996 Console                    1         3.568 K
    taskeng.exe                   3040 Console                    1         9.780 K
    explorer.exe                  3088 Console                    1        33.280 K
    MSASCui.exe                   3288 Console                    1         6.916 K
    igfxtray.exe                  3296 Console                    1         4.976 K
    hkcmd.exe                     3304 Console                    1         5.056 K
    igfxpers.exe                  3312 Console                    1         4.484 K
    SynTPEnh.exe                  3360 Console                    1         6.728 K
    igfxsrvc.exe                  3368 Console                    1         4.904 K
    QLBCTRL.exe                   3384 Console                    1         7.516 K
    HPWAMain.exe                  3408 Console                    1         6.756 K
    wmdSync.exe                   3428 Console                    1         5.648 K
    avgnt.exe                     3440 Console                    1         3.908 K
    LGDevAgt.exe                  3464 Console                    1         4.824 K
    LGDCore.exe                   3480 Console                    1        12.012 K
    hpwuschd2.exe                 3500 Console                    1         3.336 K
    sidebar.exe                   3528 Console                    1        21.928 K
    Screenpresso.exe              3624 Console                    1        14.308 K
    SetPoint.exe                  3676 Console                    1         8.996 K
    WmiPrvSE.exe                  3720 Services                   0         5.832 K
    AutoHotkey.exe                3756 Console                    1         7.160 K
    sidebar.exe                   3880 Console                    1        25.152 K
    KHALMNPR.exe                  3956 Console                    1         6.432 K
    WiFiMsg.exe                   3972 Console                    1         4.976 K
    svchost.exe                   2812 Services                   0         6.604 K
    SynTPHelper.exe               1020 Console                    1         3.340 K
    HpqToaster.exe                 744 Console                    1         6.620 K
    opera.exe                     3852 Console                    1        95.432 K
    taskeng.exe                   1528 Services                   0         5.720 K
    SearchProtocolHost.exe        2664 Services                   0         8.388 K
    SearchFilterHost.exe          1756 Services                   0         5.348 K
    cmd.exe                       2928 Console                    1         2.972 K
    conime.exe                    2556 Console                    1         4.128 K
    HPHC_Service.exe              1140 Services                   0         8.764 K
    dllhost.exe                   3240 Console                    1         5.012 K
    tasklist.exe                  2992 Console                    1         4.884 K
    WmiPrvSE.exe                  4060 Services                   0         5.908 K
    
     
    ***** Ende des Scans Mon 07/05/2010 um 22:09:54.54 ***

  2. #2
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.750

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    Herzlich Willkommen hier bei uns am HijackThis Supportboard!

    **Bevor du mit Teil 1. der Aufgabe beginnst: HIER KLICKEN UND SORGFÄLTIG DURCHLESEN!**
    Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
    ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
    Bitte lese Dir zuerst in Ruhe die Anweisungen durch und Du sollst dabei die Reihenfolge einhalten! Ansonsten verlangsamt unsere Arbeit, wenn wir immer wieder noch an Kleinigkeiten nachschlagen müssen und dadurch eventuell die Übersicht verloren geht...


    Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, dazu:

    1.
    Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:
    Code:
    Malwarebytes
    2.
    Zunächst bitte folgende Einstellungen vornehmen: System-Dateien und -Ordner unter XP, Vista und Win7 sichtbar machen
    Am Ende unserer Arbeit, kannst wieder rückgängig machen!

    3.
    Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten--> `Do a system scan only`--> Einträge auswählen--> Häckhen setzen--> "Fix checked"klicken-->PC neu aufstarten) - fixe NUR Die von mir angegebenen Einträge!:
    HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    4.
    • Download den CCleaner
    • bei der Installation mitlesen - ("Füge CCleaner Yahoo! Toolbar hinzu" - abwählen!)-> starten -> Falls nötig, unter Options settings -> "german" einstellen.
    • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
    • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)


    5.
    poste erneut - nach der vorgenommenen Reinigungsaktion:
    ► TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

    Bitte alle Ergebnisse im Code-Tags posten!

    vor dein log schreibst du:[code]
    hier kommt dein logfile rein
    dahinter:[/code]
    gruß
    argos
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  3. #3
    Einsteiger
    Registriert seit
    05.07.2010
    Beiträge
    5

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    Hallo Argos,

    hier die Ergebnisse:

    1.

    erledigt

    Code:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    
    Datenbank Version: 4277
    
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18928
    
    7/6/2010 5:47:31 PM
    mbam-log-2010-07-06 (17-47-31).txt
    
    Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
    Durchsuchte Objekte: 334712
    Laufzeit: 1 Stunde(n), 14 Minute(n), 48 Sekunde(n)
    
    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 0
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 0
    Infizierte Dateiobjekte der Registrierung: 0
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 0
    
    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Speichermodule:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Registrierungswerte:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateiobjekte der Registrierung:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)
    
    Infizierte Dateien:
    (Keine bösartigen Objekte gefunden)

    2.

    erledigt


    3.

    erledigt


    4.

    erledigt

    Code:
    7-Zip 9.10 beta		04.02.2010	2,86MB	
    Abloadtool 2.0		26.05.2009	0,87MB	2.0
    ac'tivAid v1.3.1	Heise Zeitschriften Verlag GmbH & Co. KG	04.02.2009	5,45MB	1.3.1
    Adobe AIR	Adobe Systems Inc.	19.06.2010	30,5MB	1.5.1.8210
    Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	26.02.2009		10.0.22.87
    Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	12.06.2010		10.1.53.64
    Adobe Shockwave Player 11.5	Adobe Systems, Inc.	28.01.2010	7,41MB	11.5.6.606
    Apple Application Support	Apple Inc.	26.09.2009	32,2MB	1.0
    Apple Software Update	Apple Inc.	27.09.2009		2.1.1.116
    Application Installer 4.00.B13	Hewlett-Packard Company	29.07.2008	0,89MB	4.00.B13
    Ashampoo Burning Studio 2009	ashampoo GmbH & Co. KG	04.12.2008	64,5MB	8.0.3
    Auslogics Disk Defrag	Auslogics Software Pty Ltd	21.12.2009	5,16MB	version 3.1
    AutoHotkey 1.0.48.05	Chris Mallett	03.02.2010	2,56MB	1.0.48.05
    Avanquest update	Avanquest Software	07.04.2009	2,32MB	1.19
    Avira AntiVir Personal - Free Antivirus	Avira GmbH	28.05.2010	61,1MB	10.0.0.567
    Broadcom 802.11 Wireless LAN Adapter	Broadcom Corporation	30.07.2008	8,10MB	4.170.25.4
    Camera RAW Plug-In for EPSON Creativity Suite	SEIKO EPSON CORPORATION	16.11.2008	12,7MB	2.2.0.0
    CCleaner	Piriform	05.07.2010	2,36MB	2.33
    Conexant HD Audio	Conexant	03.08.2008	0,98MB	4.36.7.61
    CPUID CPU-Z 1.54		09.06.2010	2,97MB	
    Defraggler	Piriform	21.12.2009	1,68MB	
    DH Driver Cleaner Professional Edition	Ruud Ketelaars	24.03.2009	1,85MB	Version 1.5
    EPSON Attach To Email	SEIKO EPSON	16.11.2008	0,88MB	1.01.0000
    EPSON Copy Utility 3		16.11.2008	146,0MB	3.3.0.0
    EPSON Easy Photo Print	SEIKO EPSON CORPORATION	16.11.2008	84,5MB	1.5.0.0
    EPSON File Manager		16.11.2008	28,4MB	1.3.0.0
    EPSON Scan		16.11.2008	167,3MB	
    EPSON Scan Assistant		16.11.2008	3,78MB	1.10.00
    EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch		16.11.2008	7,66MB	
    EPSON-Drucker-Software	SEIKO EPSON Corporation	16.11.2008		
    ESU for Microsoft Vista	Hewlett-Packard	05.11.2007	9,78MB	1.0.19.1
    EurobetPoker (remove only)		24.10.2008	58,5MB	
    EuroPoker	europoker	13.03.2010	17,2MB	
    Everest Poker (Remove Only)		27.02.2010	11,3MB	
    FastStone Photo Resizer 1.4	FastStone Soft.	13.11.2008	1,10MB	1.4
    FAZ-News	Opera widgets	28.05.2010	0,99MB	
    FLAC 1.2.1b (remove only)	Xiph.org	11.01.2009	0,98MB	1.2.1b
    foobar2000 v1.0	Peter Pawlowski	18.01.2010	6,98MB	1.0
    Free Audio CD Burner version 1.2	DVDVideoSoft Limited.	13.11.2009	2,63MB	
    Free FLV Converter V 6.7.4	Koyote Soft	18.01.2010	16,1MB	6.7.4.0
    Free YouTube Download 2.2	DVD Video Soft Limited.	18.10.2008	5,47MB	
    Free YouTube to MP3 Converter version 3.2	DVDVideoSoft Limited.	13.11.2009	2,67MB	
    Freez FLV to MP3 Converter	www.smallvideosoft.com	18.10.2008	5,46MB	1.2
    Full Tilt Poker	Full Tilt Poker	26.08.2008	20,0MB	4.15.6.WIN.FullTilt.Real
    Futuremark SystemInfo	Futuremark Corporation	11.04.2009	3,63MB	3.17.0.1
    Haushaltsbuch 3.1	Euchler	30.11.2008		3.1
    HDAUDIO Soft Data Fax Modem with SmartCP		04.08.2008	0,76MB	
    Heroes of Might and Magic® IV		28.12.2008	768,2MB	
    HiJackThis	Trend Micro	04.07.2010	0,36MB	1.0.0
    HijackThis 2.0.2	TrendMicro	09.04.2009	1,46MB	2.0.2
    Holdem Manager	RVG Software	18.11.2009		1.07
    HP Active Support Library	Hewlett-Packard	11.02.2009	20,5MB	3.1.9.1
    HP Customer Experience Enhancements	Hewlett-Packard	05.11.2007	0,98MB	5.3.0.2325
    HP Easy Setup - Frontend	Hewlett-Packard	05.11.2007	1,59MB	5.3.0.2325
    HP Help and Support	Hewlett-Packard	06.11.2007		1.2.2
    HP Notebook Accessories Product Tour	Hewlett-Packard	06.11.2007		13.0.0
    HP Quick Launch Buttons 6.40 B2	Hewlett-Packard	30.07.2008	29,6MB	6.40 B2
    HP Update	Hewlett-Packard	30.06.2010		5.002.006.003
    HP Wireless Assistant	Hewlett-Packard	18.01.2009	3,82MB	3.00 H3
    HxD Hex Editor Version 1.7.6.5	Maël Hörz	31.10.2008	2,30MB	1.7.6.5
    ImgBurn	LIGHTNING UK!	10.08.2008	1,95MB	2.4.2.0
    Intel(R) Graphics Media Accelerator Driver		05.11.2007		
    Intel(R) Network Connections Drivers		04.08.2008		
    Intel(R) Programm für Prozessor-IDs	Intel Corporation	27.11.2008	3,89MB	4.00.0000
    Java DB 10.4.1.3	Sun Microsystems, Inc	06.04.2009	28,0MB	10.4.1.3
    Java(TM) 6 Update 17	Sun Microsystems, Inc.	07.04.2009		6.0.170
    Java(TM) SE Development Kit 6 Update 13	Sun Microsystems, Inc.	07.04.2009		1.6.0.130
    Java(TM) SE Runtime Environment 6	Sun Microsystems, Inc.	06.11.2007		1.6.0.0
    K-Lite Mega Codec Pack 4.4.5		04.01.2009	52,1MB	4.4.5
    Logitech GamePanel Software 3.02.173	Logitech Inc.	26.05.2009		3.02.173
    Logitech SetPoint	Logitech	11.06.2009	18,1MB	4.72
    Malwarebytes' Anti-Malware	Malwarebytes Corporation	04.07.2010	3,90MB	
    MansionPoker		24.09.2008	78,2MB	
    Media Player Classic - Home Cinema v. 1.3.1249.0		15.12.2009	15,9MB	
    Microsoft .NET Framework 1.1		03.08.2008		
    Microsoft .NET Framework 1.1 German Language Pack	Microsoft	05.11.2007	3,02MB	1.1.4322
    Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	06.02.2009	37,3MB	
    Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	05.02.2009	37,3MB	
    Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	120,3MB	4.0.30319
    Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	24.06.2010	24,5MB	4.0.30319
    Microsoft ODBC .NET Data Provider	Microsoft Corporation	11.08.2008	0,65MB	1.0.0.3328
    Microsoft Rechner-Plus	Microsoft	27.11.2008	0,92MB	1.0.0
    Microsoft Small Basic v0.3.1	Microsoft Corporation	29.03.2009	6,23MB	0.3.1
    Microsoft SQL Server 2005	Microsoft Corporation	05.11.2007	192,5MB	
    Microsoft SQL Server Native Client	Microsoft Corporation	06.11.2007		9.00.2047.00
    Microsoft SQL Server VSS Writer	Microsoft Corporation	06.11.2007		9.00.2047.00
    Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	12.08.2008		8.0.56336
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	15.05.2009		9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218	Microsoft Corporation	05.02.2010		9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	19.03.2009		9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	29.05.2010		9.0.30729.4148
    Mozilla Firefox (3.6.4)	Mozilla	23.06.2010	30,3MB	3.6.4 (de)
    Mp3tag v2.43	Florian Heidenreich	28.03.2009	5,03MB	v2.43
    MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	04.08.2008	1,27MB	4.20.9848.0
    MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	05.08.2008		4.20.9849.0
    MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008		4.20.9870.0
    MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	26.11.2009		4.20.9876.0
    NetBeans IDE 6.5.1	NetBeans.org	06.04.2009	159,4MB	6.5.1
    Notepad++		10.07.2009	4,43MB	5.3.1
    OpenAL		09.11.2009	0,75MB	
    OpenOffice.org 3.2	OpenOffice.org	05.02.2010		3.2.9483
    Opera 10.60	Opera Software ASA	30.06.2010	23,3MB	10.60
    Paint.NET v3.5.4	dotPDN LLC	04.04.2010		3.54.0
    Paragon Drive Copy 9.0 Personal Special Edition		03.06.2009	40,0MB	
    PartyPoker	PartyGaming	27.02.2010	41,2MB	140
    PC Inspector File Recovery		04.02.2009	5,93MB	4.0
    PC Wizard 2008.1.871	Laurent KUTIL & Franck DELATTRE	02.03.2009	3,86MB	
    PDF-Viewer	Tracker Software Products Ltd	15.05.2010	26,4MB	2.0.51.0
    PDF-XChange Shell Extentions	Tracker Software Products Ltd	05.06.2009	4,91MB	2.0.41.5
    PDFCreator	Frank Heindörfer, Philip Chinery	04.02.2009	23,4MB	0.9.6
    pdfsam		26.03.2009	5,66MB	1.0.3
    PeG-ACW July 2008		27.09.2008	364,1MB	
    PeG-NAP August 2008		23.09.2008	217,4MB	
    PeG-WW1 July 2008		27.09.2008	321,6MB	
    PeG-WW2 August 2008		28.09.2008	1.115,3MB	
    PeG-WW2 Western Europe August 2008		25.09.2008	442,7MB	
    PeG-WW2-Pacific August 2008		28.09.2008	629,6MB	
    PG2 UK102-textfileconverter		04.11.2008		
    PixiePack Codec Pack	None	30.11.2008		1.0.100.0
    PokerRoom.com (remove only)		27.02.2010	31,4MB	
    PokerStars	PokerStars	04.09.2008	35,1MB	
    PokerStove version 1.23		02.01.2010	3,22MB	
    PostgreSQL 8.3	PostgreSQL Global Development Group	01.01.2010		8.3
    QuickTime	Apple Inc.	27.09.2009		7.64.17.73
    Roxio Creator Audio	Roxio	06.11.2007		3.3.0
    Roxio Creator Basic v9	Roxio	06.11.2007		3.3.0
    Roxio Creator Copy	Roxio	06.11.2007		3.3.0
    Roxio Creator Data	Roxio	05.11.2007	0,96MB	3.3.0
    Roxio Creator Tools	Roxio	06.11.2007		3.3.0
    Roxio Express Labeler 3	Roxio	06.11.2007		2.1.0
    Roxio MyDVD Basic v9	Roxio	06.11.2007		9.0.116
    Scientific Calculator	Peter Mead	28.05.2010	3,43MB	
    Screenpresso	LearnPulse	29.06.2010	3,80MB	1.1.1.0
    Search Settings 1.2		19.10.2008		
    Secunia PSI		06.04.2009	1,14MB	
    Setometer	Pokerluckometer	04.09.2008	1,20MB	1.0.0
    Sierra Utilities		18.01.2010		
    Skype™ 4.2	Skype Technologies S.A.	31.05.2010		4.2.169
    Sony Ericsson Media Manager 1.1	Sony Ericsson	18.10.2009		1.1.550
    Sony Ericsson PC Suite 6.009.00	Sony Ericsson	11.11.2009	55,3MB	6.009.00
    Sophos Anti-Rootkit 1.5.4	Sophos Plc	04.07.2010	2,75MB	1.5.4
    SQLite ODBC Driver (remove only)		28.10.2008	1,45MB	
    ST Wiederherstellungs- & Sicherungsprogramme	Hewlett-Packard Company 	05.11.2007	10.082,0MB	3.0.17
    Synaptics Pointing Device Driver	Synaptics	04.08.2008	14,0MB	11.0.7.0
    System Requirements Lab		21.03.2009	0,30MB	
    TeamViewer 5	TeamViewer GmbH	20.12.2009	16,9MB	5.0.7572 
    Titan Poker		27.02.2010	120,9MB	
    Uninstall 1.0.0.1		13.11.2009	26,6MB	
    Universal Currency Converter	GreyWyvern	28.05.2010	0,95MB	
    Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	06.11.2007		9.00.2047.00
    Update Service	Sony Ericsson Mobile Communications AB	17.10.2009	104,1MB	2.9.9.17
    Vista Default Settings	Hewlett-Packard	05.11.2007	44,00KB	1.00 A1
    VLC media player 1.0.5	VideoLAN Team	26.02.2010	32,8MB	1.0.5
    WinDirStat 1.1.2		06.02.2009	0,83MB	
    Windows Media Player Firefox Plugin	Microsoft Corp	29.11.2008	0,29MB	1.0.0.8
    WinUAE 1.5.0	Arabuusimiehet	16.10.2008	6,46MB	1.5.0
    WSEX Poker 4.0.0	WorldSportsExchange	13.03.2010	12,1MB	4.0.0
    Xilisoft Download YouTube Video	Xilisoft	19.09.2008	20,7MB	1.0.92.0401
    XMind	XMind Ltd.	07.04.2009	36,3MB	3.0.2
    XnView 1.97.4	Gougelet Pierre-e	30.06.2010	23,5MB	1.97.4

    5.

    erledigt

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:03:33 PM, on 7/6/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Screenpresso] "C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Startup: ac'tivAid.lnk = C:\Program Files\ac'tivAid\ac'tivAid.ahk
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    
    --
    End of file - 6626 bytes

  4. #4
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.750

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    hi

    1.
    Wenn Du live Poker spielst, achte darauf, dass Du auf der sicheren Seite bleibst!
    blocklisted-Poker-Websites- malwareremoval.com

    2.
    Windows und die installierten Programme auf den neuesten Stand zu halten,sind Garanten für eine erhöhte Sicherheit!
    Java aktualisieren :
    `Start->Systemsteuereung-> Java-> Aktualisierung...(Update 20 schon fällig!)

    3.
    **Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
    **lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - (Inhalt markieren und löschen)
    **Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
    Temp Ordner leeren (Inhalt markieren und löschen):
    c:\windows\temp
    C:\Users\*Dein Benutzername*\AppData\Local\Temp--> lösche nur den Inhalt der Ordner, nicht die Ordner selbst
    (Markiere alle Dateien in allen Temp-Ordnern, die Sie findest, und lösche diese! )

    4.
    Öffne CCleaner
    • "Cleaner"-->"Analysieren"-->Klick auf den Button "Start CCleaner"
    • "Registry""Fehler suchen"--> "Fehler beheben"-->"Alle beheben"
    • Starte dein System neu auf


    5.
    ♦ Man kann sich nie sicher sein, dass sämtliche gesicherte Daten auf externe Medien wie USB-Stick/Festplatte und andere Produkte/Geräte (gilt auch bei CDs) sauber sind, sollte man deshalb regelmäßig lieber einen Online-Virenscanner für eine zweite Meinung konsultieren
    ♦ Also schließe jetzt alle externe Datenträgeran Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung
    ♦ Prüfe Deinen Rechner jetzt, auf Viren, Trojaner, Würmer und anderen Schadcode, mit dem kostenlosen Online Virenscanner von Kaspersky - ohne Säuberung, also Virenfunde können nicht entfernt werden, das machen wir dann andersrum!

    • User v. Vista und WIN7: Rechtsklick auf das Browser-Icon -> "als Administrator ausführen" wählen
    • muss den Internet Explorer von Microsoft verwendet werden
    • setze die Sicherheitseinstellungen im IE - Anleitung/paules-pc-forum - im IE zurück auf "Mittel" ► IE-> Extras-> Internetoptionen-> Sicherheit-> Internet-> Stufe...
    • erlaube ActiveX-Komponente "► Download von signierten ActiveX-Steuerelementen zulassen " - Dies ist notwendig, damit auf deine Festplatte zugegriffen werden kann
    • während der Scans andere Schutzprogramme (Antivirus und Spyware Programme), Skriptblocking usw abstellen! ►Am Ende des Scans nicht vergessen sofort erneut aktivieren!
    • klicke auf diesen Link um ► Kaspersky Online Scanner zu starten -> Diese Anleitung am besten vorher ansehen: ► Bebilderte Anleitung
    • dann auf Accept, um die Installation fortzusetzen
    • nach dem automatischen Download der neuen Virendefinitionen beendet, wähle "My Computer" aus
    • wenn der Scanvorgang beendet ist, um die Ergebnisse zu speichern: klicke auf "View Scan Report" -> "Save as"
    • speicher dies auf Deinen Desktop ► wähle "Datei Speichern unter..."► "Dateityp: Textdateien (*.txt)"
    • vergiss nicht, die Sicherheitseinstellungen im IE nach dem Scan wieder hochzustellen! ► Anleitung
    • abhängig von der Größe deines Betriebssystems (dh die Menge der Dateien, etc.), die Scan-Zeit variieren
    • anschließend bitte das Ergebnis in Deinem Thread hier posten!


    ► Wie ist den aktuellen Zustand des Rechners?
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  5. #5
    Einsteiger
    Registriert seit
    05.07.2010
    Beiträge
    5

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    1.

    nur über Clients


    2.

    erledigt


    3.

    erledigt


    4.

    erledigt


    5.

    Code:
    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
     Thursday, July 8, 2010
     Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
     Kaspersky Online Scanner version: 7.0.26.13
     Last database update: Wednesday, July 07, 2010 07:37:28
     Records in database: 4245764
    --------------------------------------------------------------------------------
    
    Scan settings:
    	scan using the following database: extended
    	Scan archives: yes
    	Scan e-mail databases: yes
    
    Scan area - My Computer:
    	C:\
    	D:\
    	E:\
    	F:\
    	G:\
    
    Scan statistics:
    	Objects scanned: 231652
    	Threats found: 0
    	Infected objects found: 0
    	Suspicious objects found: 0
    	Scan duration: 03:45:53
    
    No threats found. Scanned area is clean.
    
    Selected area has been scanned.

    Soweit hat es keine Verbindungsabbrüche gegeben.

  6. #6
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.750

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    Lass dein System ein paar Tage noch unter Beobachtung, dann melde dich erneut und berichte wie es läuft, ob noch Probleme auftreten
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

  7. #7
    Einsteiger
    Registriert seit
    05.07.2010
    Beiträge
    5

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    Alles klar, ich schau mal und melde mich. Vielen Dank für die Hilfe! Ist nicht selbstverständlich sowas!

  8. #8
    Einsteiger
    Registriert seit
    05.07.2010
    Beiträge
    5

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    Bisher keine Probleme. Vielen Dank nochmal!


    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:56:25 PM, on 7/13/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18928)
    Boot mode: Normal
    
    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\AutoHotkey\AutoHotkey.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Opera 10 Beta\Opera.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=smb&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Screenpresso] "C:\Users\Thomas\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe" -startup
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
    O4 - Startup: ac'tivAid.lnk = C:\Program Files\ac'tivAid\ac'tivAid.ahk
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
    O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    
    --
    End of file - 6484 bytes

  9. #9
    Moderator (global) Team-Mitglied Avatar von kira
    Registriert seit
    28.03.2006
    Ort
    Wien/Sprachen: Deutsch-Ungarisch
    Beiträge
    29.750

    AW: Verbindungsabbrüche WLAN + anschließend HijackThis Scan mit malware Verdacht

    hi

    ► Kannst du die Programme die wir verwendet haben und nicht brauchst entfernen, bis auf:
    Code:
    HijackThis/Trend Micro
    hjtscanlist
    CCleaner
    Die sind nützliche Programme, die bei Probleme/Notfall sehr hilfreich sein können!

    ► wenn alles gut verlaufen ist und dein System läuft stabil, mache folgendes:
    Erstelle manuell einen Wiederherstellungspunkt: Aktivieren und Deaktivieren der Systemwiederherstellung

    Hall!... ich bin ein `Link` mich an --> *Nachsorge* - von unserer Moderatorin Petra

    Informationen, Tipps und Wissenswertes zum Schluss:
    Um die PC-Sicherheit zu erhöhen, Tipps-Rat und Hilfe:
    • Ein Antivirenprogramm und Firewall (aber richtig konfiguriert Jedes Programm ist nur so gut, wie der Benutzer, das davor sitzt
    • Wie soll ich mich verhalten, wenn ein Anti-Viren Programm einspringt und Funde meldet?
      ** Niemals "Löschen" wählen, sondern die Funde bei virustotal prüfen lassen und danach bei Fachleuten erfragen! ...warum:
      ► Weil einige Dateien wurden als Malware eingestuft, bedeutet nicht gleich dass sie wirklich schädlich sind. Umgekehrt weil die Überprüfung einiger Arten schädlicher Dateien negative Ergebnisse gebracht haben, bedeutet nicht,dass sie so harmlos sind, wie (oft) dargestellt wird
    • Nicht mit vollen Zugriffsrechten als Administrator ins Internet gehen-->eingeschränkten Benutzerkonto
    • Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 2-3 Monate ändern)
    • Regelmäßige Update für Windows und alle installierte Software (Adobe und Java nicht vergessen!),Treiber(vom Hersteller) etc
    • Du kannst mehrere emailadresse verwenden z.B. gmx etc. Deine `haupt-E-Mail-Adresse` sollst du nur bekannte bzw vertrauliche Seite angeben/eintragen. Für andere nutze dann die gratis Webmails.
    • Nimm keine Mails von unbekannt an und öffne niemals Datei-Anhänge, wenn sie Dir nicht vorher von deinen Bekannten u. Freunden angekündigt worden sind.
    • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    • Achte auf die Basiskonfiguration des Internet Explorer: Aktive Inhalte prinzipiell auszuschalten. - Sicherheitscheck beim Internet Explorer
    • Es gibt gute und sichere Browser z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - (Browser wechsel dich) - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - `Kommen sich der IE und Firefox jetzt nicht dauernd in den Weg...` - Standardbrowser
    • Achte darauf, dass du nicht zuviele Prozesse in den System Startup und Dienste nimmst, unnötige Toolbars, sie verlangsamen und belasten nur dein System.
    • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
      NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
      also Immer brav aufpassen,nur das NÖTIGSTE installieren,weniger ist oft mehr
    • Besonders empfehlenswert (sysinternals - (Windows Sysinternals):
    • Autoruns
    • Process Explorer
    • TcpView
    • Mach ein Backup deines Systems - Kostenlose Anwendungsprogramme, falls mal was schiefgeht, damit du mit eigenen Mitteln schnell und einfach formatieren und neu aufsetzen kannst - Sichern von System, Programmen und Nutzdaten - Einrichten von Partitionen
    • Datensicherung und ArchivierungAcronis® True Image Home 2010
      Vorbeugung - Eine mühsame Prozedur zu ersparen, wenn Windows nicht mehr hochkommt: Windows native Backup Möglichkeit
    • Surfverhalten überdenken, "unsichere" Seiten vermeiden,verzichte auf Downloads von unsicheren Seiten, nicht alles anklicken und herunterladen was bunt und glänzt und bei Installationen hinschauen, was "mit"-installiert wird ...
    • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw! - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)


    Lesestoff:
    Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen
    (benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner - Anleitungen
    ich wünsche dir alles Gute
    Wir möchten unser Forum kostenlos weiter für euch anbieten, daher freuen wir uns sehr über jede auch noch so kleine Spende! Wenn Du es möchtest, kannst du das hier tun: *klick*
    gruß
    argos
    Warnung!:
    Vorsicht bei Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einem Verschlüsselungs-Trojaner infiziert sein!
    Anhang nicht öffnen, in unserem Forum erst nachfragen!

    Bitte diese Warnung weitergeben, wo Du nur kannst!
    Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
    Bitte diese Warnung weitergeben, wo Du nur kannst!

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Verdacht auf Malware
    Von -gb- im Forum Archiv
    Antworten: 14
    Letzter Beitrag: 12.06.2010, 10:32
  2. Malware Verdacht unter Win7
    Von WinstonWolf im Forum Archiv
    Antworten: 14
    Letzter Beitrag: 21.12.2009, 02:43
  3. Malware Verdacht (Spam)
    Von 2809 im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 30.07.2009, 13:01
  4. Scan mit GMER: Rootkits/Malware ?
    Von MattR im Forum Archiv
    Antworten: 12
    Letzter Beitrag: 31.12.2008, 20:53
  5. Antworten: 2
    Letzter Beitrag: 08.08.2005, 14:50

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •