Free Malware Removal Forum

by **nihonjin** » April 15th, 2009, 6:27 am

Hi there,

My virus scanner (Avira free version) showed me that I have a Trojan "TR/PSW.Delf.AB".
However it is not able to remove it, it somehow copies itself to another file when it is deleted. The virus is in C:\Windows\htpd.soa and when I delete the file it creates C:\Windows\htpd.soax. And everytime it is deleted it adds anotherx.
I also ran the Kaspersky Online scanner but it did not detect the virus.
What should I do?

By the way, I'm running Windows XP SP2. Following is my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:22, on 15.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\BUFFALO\NASNAVI\nassvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\SuperFlexible\ExtremeSyncService.exe
C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\eMule\emule.exe
C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Microsoft Office\Office10\msoffice.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\PowerDesk\PDExplo.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Control Center] C:\Programme\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ExtremeSync Background Scheduler] C:\Programme\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b76cf4cbe948) (gupdate1c9b76cf4cbe948) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Programme\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9994 bytes

by **peku006** » April 22nd, 2009, 3:35 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

I f you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

1 - Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items except items in the System Volume Information folder and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

by **nihonjin** » April 22nd, 2009, 8:28 am

here we go

===========
mbm
===========

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

22.04.2009 21:25:17
mbam-log-2009-04-22 (21-25-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 173446
Time elapsed: 32 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

=========
log.txt
=========

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dude at 2009-04-22 21:26:50
Microsoft Windows XP Professional Service Pack 2
System drive C: has 224 GB (94%) free of 238 GB
Total RAM: 1023 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:06, on 22.04.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\BUFFALO\NASNAVI\nassvc.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\SuperFlexible\ExtremeSyncService.exe
C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programme\eMule\emule.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Programme\Microsoft Office\Office10\msoffice.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\explorer.exe
C:\Programme\Avira\AntiVir Desktop\avcenter.exe
C:\Programme\PowerDesk\PDExplo.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Dude\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Dude.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ExtremeSync Background Scheduler] C:\Programme\SuperFlexible\ExtremeSyncService.exe /TIMERASAPP /STARTUP
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAID Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0011220843
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b76cf4cbe948) (gupdate1c9b76cf4cbe948) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Programme\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10140 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Klick-Wartung.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]
WsftpBrowserHelper Class - C:\Programme\WS_FTP Pro\wsbho2k0.dll [2004-06-17 118830]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-07 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-04-10 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-12-15 5513216]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2004-12-15 86016]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-05-21 221184]
"LogitechVideoRepair"=C:\Programme\Logitech\Video\ISStart.exe [2004-06-01 458752]
"LogitechVideoTray"=C:\Programme\Logitech\Video\LogiTray.exe [2004-06-01 217088]
"NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2009-01-05 413696]
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"ExtremeSync Background Scheduler"=C:\Programme\SuperFlexible\ExtremeSyncService.exe [2008-10-29 6433808]
"Adobe Version Cue CS2"=C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [2005-04-04 856064]
"Acrobat Assistant 7.0"=C:\Programme\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
""= []
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-04-10 148888]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2009-04-02 342312]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 1277584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2002-12-31 15360]
"LogitechSoftwareUpdate"=C:\Programme\Logitech\Video\ManifestEngine.exe [2004-06-01 196608]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2009-04-05 20480]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-07 39408]
"eMuleAutoStart"=C:\Programme\eMule\emule.exe [2009-02-23 5668864]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE
RAID Manager.lnk - C:\Programme\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe"="C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-04-22 21:26:50 ----D---- C:\rsit
2009-04-22 20:47:54 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-04-21 22:02:23 ----D---- C:\Programme\Avira
2009-04-21 22:02:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-04-18 09:02:36 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\OfficeUpdate12
2009-04-17 18:46:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2009-04-17 18:44:28 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2009-04-17 07:14:30 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2009-04-15 19:20:41 ----D---- C:\Programme\Trend Micro
2009-04-14 21:48:44 ----D---- C:\Programme\CCleaner
2009-04-14 21:40:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller
2009-04-14 08:03:53 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Malwarebytes
2009-04-14 08:03:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-04-13 22:21:24 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-13 19:18:59 ----A---- C:\WINDOWS\eprint.INI
2009-04-13 19:17:27 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\diginet
2009-04-13 19:17:25 ----D---- C:\Programme\Diginet
2009-04-12 21:48:23 ----N---- C:\WINDOWS\install.exe
2009-04-12 21:48:22 ----N---- C:\WINDOWS\remove.exe
2009-04-12 21:48:21 ----N---- C:\WINDOWS\system32\ntport.dll
2009-04-12 21:48:21 ----D---- C:\Programme\ITE
2009-04-12 21:42:35 ----RA---- C:\WINDOWS\system32\Audio3D.dll
2009-04-12 19:37:40 ----D---- C:\Programme\PC Wizard 2008
2009-04-12 19:37:32 ----D---- C:\Programme\iPod
2009-04-12 19:37:27 ----D---- C:\Programme\iTunes
2009-04-12 19:37:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-12 14:26:17 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-04-12 14:26:15 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-04-12 14:26:08 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\TuneUp Software
2009-04-12 14:25:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2009-04-12 14:25:19 ----D---- C:\Programme\TuneUp Utilities 2008
2009-04-10 17:19:30 ----D---- C:\Programme\iTunes Export
2009-04-10 17:01:54 ----RSD---- C:\WINDOWS\assembly
2009-04-10 17:01:54 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-10 17:01:52 ----D---- C:\WINDOWS\system32\URTTemp
2009-04-10 16:45:40 ----D---- C:\WINDOWS\Sun
2009-04-10 16:43:48 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-10 16:43:48 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-10 16:43:48 ----A---- C:\WINDOWS\system32\java.exe
2009-04-10 16:43:48 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-10 16:43:31 ----D---- C:\Programme\Java
2009-04-10 16:42:46 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Sun
2009-04-09 08:41:44 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Image Zone Express
2009-04-08 23:16:56 ----A---- C:\WINDOWS\Explorer.EXE.Z-missing.txt
2009-04-08 21:25:07 ----A---- C:\WINDOWS\system32\rundll32.exe.Z-missing.txt
2009-04-08 21:15:43 ----A---- C:\WINDOWS\system32\FileOps.exe
2009-04-08 21:15:42 ----D---- C:\WINDOWS\system32\Adobe
2009-04-08 21:10:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe Systems
2009-04-08 21:08:19 ----D---- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2009-04-08 21:03:08 ----A---- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2009-04-08 21:02:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP Product Assistant
2009-04-08 20:58:31 ----A---- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
2009-04-08 20:44:53 ----D---- C:\Programme\Spybot - Search & Destroy
2009-04-08 20:44:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-04-08 20:33:56 ----A---- C:\WINDOWS\RegisterRSM.ini
2009-04-07 21:41:49 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-07 21:35:03 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-04-07 21:06:10 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Ipswitch
2009-04-07 21:05:48 ----D---- C:\Programme\WS_FTP Pro
2009-04-07 21:05:20 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\vlc
2009-04-07 21:04:11 ----D---- C:\Programme\VideoLAN
2009-04-07 20:59:40 ----D---- C:\Programme\iPod Video Converter 3
2009-04-07 20:56:25 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2009-04-07 20:56:19 ----D---- C:\Programme\DVD Ripper Platinum 4
2009-04-07 20:29:16 ----D---- C:\Programme\SuperFlexible
2009-04-07 20:25:53 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\SuperFlexibleSynchronizer
2009-04-07 20:25:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SuperFlexibleSynchronizer
2009-04-07 20:17:50 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2009-04-07 20:17:50 ----A---- C:\WINDOWS\system32\nnr.dll
2009-04-07 20:17:50 ----A---- C:\WINDOWS\system32\INETWH32.DLL
2009-04-07 20:17:28 ----D---- C:\Programme\NetObjects
2009-04-07 19:56:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HP
2009-04-07 19:56:34 ----D---- C:\Programme\Gemeinsame Dateien\HP
2009-04-07 19:54:59 ----D---- C:\Programme\Gemeinsame Dateien\Hewlett-Packard
2009-04-07 19:52:48 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2009-04-07 19:52:48 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2009-04-07 19:52:48 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-04-07 19:52:48 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-04-07 19:52:48 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-04-07 19:52:48 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-04-07 19:51:51 ----D---- C:\Programme\HP
2009-04-07 19:51:16 ----HD---- C:\Config.Msi
2009-04-07 19:50:47 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\HP
2009-04-07 19:49:48 ----A---- C:\WINDOWS\system32\hpotscl.dll
2009-04-07 19:49:47 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2009-04-07 19:49:47 ----A---- C:\WINDOWS\system32\HPZc3212.dll
2009-04-07 19:49:47 ----A---- C:\WINDOWS\system32\hpovst08.dll
2009-04-07 19:49:47 ----A---- C:\WINDOWS\system32\hpgwiamd.dll
2009-04-07 19:48:54 ----A---- C:\WINDOWS\system32\hpzcon12.dll
2009-04-07 19:48:52 ----A---- C:\WINDOWS\system32\hpzlnt12.dll
2009-04-07 19:48:52 ----A---- C:\WINDOWS\system32\hpzcoi12.dll
2009-04-07 19:46:38 ----D---- C:\Temp
2009-04-07 19:39:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2009-04-07 19:39:14 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2009-04-07 19:39:14 ----D---- C:\Programme\Adobe
2009-04-07 19:37:58 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-04-07 19:37:58 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-04-07 19:37:58 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-04-07 19:37:58 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-07 19:37:58 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-04-07 19:37:58 ----N---- C:\WINDOWS\system32\px.dll
2009-04-07 19:37:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2009-04-07 19:37:29 ----D---- C:\Programme\Google
2009-04-06 20:01:20 ----D---- C:\Programme\eMule
2009-04-06 19:58:47 ----D---- C:\Programme\TagRename
2009-04-06 19:57:38 ----D---- C:\Programme\AxCrypt
2009-04-06 19:56:58 ----D---- C:\Programme\Axon Data
2009-04-06 19:50:11 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\NASNaviator2
2009-04-06 19:49:55 ----D---- C:\Programme\BUFFALO
2009-04-06 19:49:41 ----A---- C:\WINDOWS\UN060501.INI
2009-04-06 19:49:41 ----A---- C:\WINDOWS\UN060501.EXE
2009-04-06 19:43:06 ----A---- C:\WINDOWS\vpc32.INI
2009-04-06 19:28:31 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-04-06 19:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2009-04-06 19:27:57 ----D---- C:\WINDOWS\ie7updates
2009-04-06 19:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2009-04-06 19:27:31 ----D---- C:\Programme\MSXML 4.0
2009-04-05 21:21:11 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-04-05 21:21:06 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-04-05 18:53:48 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Apple Computer
2009-04-05 18:53:42 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-04-05 18:53:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-04-05 18:53:13 ----D---- C:\Programme\Bonjour
2009-04-05 18:52:49 ----D---- C:\Programme\QuickTime
2009-04-05 18:52:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2009-04-05 18:52:32 ----D---- C:\Programme\Apple Software Update
2009-04-05 18:52:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-05 18:52:26 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-04-05 18:52:00 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2009-04-05 18:51:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2009-04-05 18:46:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallShield
2009-04-05 18:46:32 ----D---- C:\Programme\Gemeinsame Dateien\Jasc Software Inc
2009-04-05 18:46:21 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Jasc Software Inc
2009-04-05 18:45:41 ----D---- C:\Programme\Jasc Software Inc
2009-04-05 18:16:01 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Ahead
2009-04-05 18:13:51 ----D---- C:\Programme\Nero
2009-04-05 18:13:51 ----D---- C:\Programme\Gemeinsame Dateien\Ahead
2009-04-05 17:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-04-05 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-04-05 17:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-04-05 17:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-04-05 17:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-04-05 17:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-04-05 17:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-04-05 17:57:15 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-04-05 17:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-04-05 17:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-04-05 17:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-04-05 17:56:57 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-04-05 17:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-04-05 17:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-04-05 17:56:44 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-04-05 17:56:39 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-04-05 17:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-04-05 17:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-04-05 17:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-04-05 17:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-04-05 17:56:17 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-04-05 17:56:13 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-04-05 17:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2009-04-05 17:55:58 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-04-05 17:55:54 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2009-04-05 17:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2009-04-05 17:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-04-05 17:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-04-05 17:55:37 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-04-05 17:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-04-05 17:55:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-04-05 17:55:10 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-04-05 17:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-04-05 17:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-04-05 17:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-04-05 17:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-04-05 17:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-04-05 17:54:41 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-04-05 17:54:37 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-04-05 17:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-04-05 17:54:27 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-04-05 17:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-04-05 17:54:18 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-04-05 17:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-04-05 17:54:01 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-04-05 17:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-04-05 17:53:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-04-05 17:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-04-05 17:53:42 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-04-05 17:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-04-05 17:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-04-05 17:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-04-05 17:53:23 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-04-05 17:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-04-05 17:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-04-05 17:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-04-05 17:53:07 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-04-05 17:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-04-05 17:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-04-05 17:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-04-05 17:52:46 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-04-05 17:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-04-05 17:52:37 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-04-05 17:52:33 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-04-05 17:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-04-05 17:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2009-04-05 17:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-04-05 17:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-04-05 17:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-04-05 17:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-04-05 17:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-04-05 17:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-04-05 17:45:57 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\VCOM
2009-04-05 17:45:49 ----D---- C:\Programme\PowerDesk
2009-04-05 17:44:39 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-04-05 17:18:29 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-04-05 17:07:49 ----A---- C:\WINDOWS\system32\WgaTray.exe
2009-04-05 17:07:48 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-04-05 17:07:48 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-04-05 17:05:31 ----D---- C:\Programme\WinRAR
2009-04-05 17:03:24 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Macromedia
2009-04-05 17:03:24 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Adobe
2009-04-05 16:38:26 ----SHD---- C:\RECYCLER
2009-04-05 16:33:25 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Mozilla
2009-04-05 16:33:22 ----D---- C:\Programme\Mozilla Firefox
2009-04-05 16:29:44 ----A---- C:\WINDOWS\ODBC.INI
2009-04-05 16:29:20 ----D---- C:\Programme\Gemeinsame Dateien\Designer
2009-04-05 16:29:01 ----D---- C:\WINDOWS\ShellNew
2009-04-05 16:28:55 ----D---- C:\Programme\Microsoft Office
2009-04-05 16:23:06 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-04-05 16:21:18 ----N---- C:\WINDOWS\system32\capicom.dll
2009-04-05 16:21:02 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\FotoWire
2009-04-05 16:21:01 ----D---- C:\Programme\Gemeinsame Dateien\FotoWire
2009-04-05 16:20:29 ----D---- C:\Programme\Logitech
2009-04-05 16:20:13 ----RA---- C:\WINDOWS\system32\InstMed.exe
2009-04-05 16:20:07 ----A---- C:\WINDOWS\system32\lvcoinst.ini
2009-04-05 16:20:07 ----A---- C:\WINDOWS\system32\lvcoinst.dll
2009-04-05 16:20:06 ----A---- C:\WINDOWS\system32\LVUI2RC.dll
2009-04-05 16:20:06 ----A---- C:\WINDOWS\system32\LVUI2.dll
2009-04-05 16:20:06 ----A---- C:\WINDOWS\system32\LVCodec2.dll
2009-04-05 16:19:58 ----D---- C:\Programme\Gemeinsame Dateien\Logitech
2009-04-05 16:19:54 ----A---- C:\WINDOWS\IsUn0407.exe
2009-04-05 16:19:38 ----R---- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2009-04-05 16:19:35 ----D---- C:\Program Files
2009-04-05 16:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-05 16:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-05 16:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-05 16:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-05 16:14:13 ----D---- C:\WINDOWS\WBEM
2009-04-05 16:14:13 ----D---- C:\WINDOWS\system32\de-de
2009-04-05 16:13:32 ----HDC---- C:\WINDOWS\ie7
2009-04-05 16:13:23 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-04-05 16:13:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-04-05 16:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-04-05 16:12:59 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-04-05 16:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-05 16:11:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-04-05 16:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-05 16:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-05 16:11:23 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-05 16:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-05 16:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-05 16:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-04-05 16:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-05 16:10:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-05 16:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-05 16:10:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-05 16:10:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-05 16:10:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-05 16:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-05 16:10:33 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-05 16:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-05 16:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-05 16:10:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-05 16:10:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-05 16:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-05 16:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-05 16:10:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-05 16:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-05 16:09:50 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-04-05 16:07:38 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
2009-04-05 15:57:34 ----D---- C:\Programme\ASUSTeK
2009-04-05 15:56:55 ----D---- C:\WINDOWS\nview
2009-04-05 15:56:55 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-04-05 15:50:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-04-05 15:50:56 ----D---- C:\WINDOWS\system32\PreInstall
2009-04-05 15:50:56 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-04-05 15:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-04-05 15:50:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-05 07:11:00 ----SH---- C:\boot.ini
2009-04-05 07:06:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-05 07:06:15 ----RSD---- C:\WINDOWS\Fonts
2009-04-05 07:06:15 ----RD---- C:\WINDOWS\Web
2009-04-05 07:06:15 ----HD---- C:\WINDOWS\inf
2009-04-05 07:06:15 ----D---- C:\WINDOWS\WinSxS
2009-04-05 07:06:15 ----D---- C:\WINDOWS\twain_32
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Temp
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\wins
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\wbem
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\usmt
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\spool
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\ShellExt
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\Setup
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\ras
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\oobe
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\npp
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\mui
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\IME
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\icsxml
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\ias
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\export
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\drivers
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\dhcp
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\config
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\3com_dmi
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\3076
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\2052
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1054
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1042
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1041
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1037
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1033
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1031
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1028
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32\1025
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system32
2009-04-05 07:06:15 ----D---- C:\WINDOWS\system
2009-04-05 07:06:15 ----D---- C:\WINDOWS\security
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Resources
2009-04-05 07:06:15 ----D---- C:\WINDOWS\repair
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Provisioning
2009-04-05 07:06:15 ----D---- C:\WINDOWS\PeerNet
2009-04-05 07:06:15 ----D---- C:\WINDOWS\pchealth
2009-04-05 07:06:15 ----D---- C:\WINDOWS\mui
2009-04-05 07:06:15 ----D---- C:\WINDOWS\msapps
2009-04-05 07:06:15 ----D---- C:\WINDOWS\msagent
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Media
2009-04-05 07:06:15 ----D---- C:\WINDOWS\java
2009-04-05 07:06:15 ----D---- C:\WINDOWS\ime
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Help
2009-04-05 07:06:15 ----D---- C:\WINDOWS\ehome
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Driver Cache
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Debug
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Cursors
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Connection Wizard
2009-04-05 07:06:15 ----D---- C:\WINDOWS\Config
2009-04-05 07:06:15 ----D---- C:\WINDOWS\AppPatch
2009-04-05 07:06:15 ----D---- C:\WINDOWS\addins
2009-04-05 07:06:15 ----D---- C:\WINDOWS
2009-04-05 06:20:11 ----A---- C:\WINDOWS\system32\h323log.txt
2009-04-05 06:14:49 ----A---- C:\WINDOWS\system32\usbui.dll
2009-04-05 06:13:38 ----SHD---- C:\WINDOWS\Installer
2009-04-05 06:13:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-05 06:13:37 ----D---- C:\Programme\Gemeinsame Dateien\ODBC
2009-04-05 06:13:37 ----A---- C:\WINDOWS\ODBCINST.INI
2009-04-05 06:13:34 ----D---- C:\Programme\Gemeinsame Dateien\SpeechEngines
2009-04-05 06:13:33 ----RD---- C:\Programme
2009-04-05 06:13:33 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-04-05 06:13:33 ----D---- C:\Programme\Gemeinsame Dateien
2009-04-05 06:13:30 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-04-05 06:13:29 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-04-05 06:13:29 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-04-05 06:13:27 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-04-05 06:13:27 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-04-05 06:13:27 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-04-05 06:13:27 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-04-05 06:13:27 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-04-05 06:13:27 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-04-05 06:13:27 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-04-05 06:13:26 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-04-05 06:13:26 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-04-05 06:13:26 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-04-05 06:13:26 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-04-05 06:13:26 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-04-05 06:13:24 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-04-05 06:13:24 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-04-05 06:13:24 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-04-05 06:13:24 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-04-05 06:13:24 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-04-05 06:13:24 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-04-05 06:13:24 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-04-05 06:13:22 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-04-05 06:13:22 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-04-05 06:13:22 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-04-05 06:13:22 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-04-05 06:13:22 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-04-05 06:13:19 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-04-05 06:13:16 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-04-05 06:13:16 ----A---- C:\WINDOWS\system32\irclass.dll
2009-04-05 06:13:16 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-04-05 06:13:16 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-04-05 06:13:15 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-04-05 06:13:13 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-04-05 06:13:13 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-04-05 06:13:12 ----A---- C:\WINDOWS\system32\batt.dll
2009-04-05 06:13:12 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-04-05 06:13:11 ----A---- C:\WINDOWS\system32\storprop.dll
2009-04-05 06:13:04 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2009-04-05 06:12:59 ----RA---- C:\WINDOWS\SET8.tmp
2009-04-05 06:12:57 ----RA---- C:\WINDOWS\SET4.tmp
2009-04-05 06:12:56 ----RA---- C:\WINDOWS\SET3.tmp
2009-04-05 06:12:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-05 06:12:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-05 06:12:45 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-04-05 06:12:22 ----D---- C:\Dokumente und Einstellungen
2009-04-05 06:12:21 ----SHD---- C:\System Volume Information
2009-04-05 01:48:58 ----D---- C:\Programme\Marvell
2009-04-05 01:48:44 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2009-04-05 01:48:03 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-04-05 01:45:30 ----D---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Identities
2009-04-05 01:45:28 ----HD---- C:\Programme\Uninstall Information
2009-04-05 01:45:23 ----ASH---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\desktop.ini
2009-04-05 01:45:22 ----SD---- C:\Dokumente und Einstellungen\Dude\Anwendungsdaten\Microsoft
2009-04-05 01:43:30 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-05 01:43:29 ----D---- C:\WINDOWS\Prefetch
2009-04-05 01:43:28 ----SD---- C:\WINDOWS\system32\Microsoft
2009-04-05 01:43:28 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-04-04 23:37:23 ----RA---- C:\WINDOWS\system32\AsIO.dll
2009-04-04 23:36:40 ----A---- C:\WINDOWS\IsUninst.exe
2009-04-04 23:34:40 ----A---- C:\WINDOWS\uninst.exe
2009-04-04 23:28:17 ----A---- C:\WINDOWS\system32\ASUSW32N50.dll
2009-04-04 23:28:13 ----HD---- C:\Programme\InstallShield Installation Information
2009-04-04 23:28:13 ----D---- C:\Programme\ASUS
2009-04-04 23:21:57 ----RA---- C:\WINDOWS\system32\a3d.dll
2009-04-04 23:21:52 ----RA---- C:\WINDOWS\system32\udaprop.dll
2009-04-04 23:21:52 ----RA---- C:\WINDOWS\system32\cmudax.dll
2009-04-04 23:21:52 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe
2009-04-04 23:21:52 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll
2009-04-04 23:21:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-04 23:21:42 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-04-04 23:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB835221WXP$
2009-04-04 23:20:05 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-04-04 22:29:58 ----D---- C:\WINDOWS\system32\xircom
2009-04-04 22:29:58 ----D---- C:\Programme\xerox
2009-04-04 22:29:58 ----D---- C:\Programme\microsoft frontpage
2009-04-04 22:29:42 ----A---- C:\WINDOWS\control.ini
2009-04-04 22:29:42 ----A---- C:\AUTOEXEC.BAT
2009-04-04 22:29:31 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-04-04 22:28:52 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-04 22:28:52 ----RD---- C:\WINDOWS\Offline Web Pages
2009-04-04 22:28:52 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-04-04 22:28:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-04-04 22:28:44 ----HD---- C:\Programme\WindowsUpdate
2009-04-04 22:28:41 ----D---- C:\Programme\Online-Dienste
2009-04-04 22:28:24 ----D---- C:\WINDOWS\system32\DirectX
2009-04-04 22:27:59 ----A---- C:\WINDOWS\system32\atrace.dll
2009-04-04 22:27:56 ----A---- C:\WINDOWS\system32\desktop.ini
2009-04-04 22:27:56 ----A---- C:\WINDOWS\desktop.ini
2009-04-04 22:27:48 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-04-04 22:27:46 ----D---- C:\Programme\Gemeinsame Dateien\Dienste
2009-04-04 22:27:46 ----A---- C:\WINDOWS\system32\acctres.dll
2009-04-04 22:27:43 ----SD---- C:\WINDOWS\Tasks
2009-04-04 22:27:43 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-04-04 22:27:42 ----D---- C:\Programme\Gemeinsame Dateien\MSSoap
2009-04-04 22:27:37 ----D---- C:\WINDOWS\srchasst
2009-04-04 22:27:36 ----D---- C:\WINDOWS\system32\Macromed
2009-04-04 22:27:33 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-04-04 22:27:33 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-04-04 22:27:33 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-04-04 22:27:33 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-04-04 22:27:32 ----A---- C:\WINDOWS\system32\wups.dll
2009-04-04 22:27:32 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-04-04 22:27:32 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-04-04 22:27:32 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-04-04 22:27:32 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-04-04 22:27:31 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-04-04 22:27:31 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-04-04 22:27:31 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-04-04 22:27:31 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-04-04 22:27:27 ----D---- C:\Programme\Movie Maker
2009-04-04 22:27:22 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-04-04 22:27:22 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-04-04 22:27:22 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-04-04 22:27:22 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-04-04 22:27:17 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-04-04 22:27:17 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-04-04 22:27:16 ----D---- C:\WINDOWS\system32\Restore
2009-04-04 22:27:16 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-04-04 22:27:16 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-04-04 22:27:16 ----A---- C:\WINDOWS\system32\srclient.dll
2009-04-04 22:27:15 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-04-04 22:27:15 ----A---- C:\WINDOWS\system32\msconf.dll
2009-04-04 22:27:15 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-04-04 22:27:15 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-04-04 22:27:15 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-04-04 22:27:15 ----A---- C:\WINDOWS\system32\ils.dll
2009-04-04 22:27:12 ----D---- C:\Programme\NetMeeting
2009-04-04 22:27:12 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-04-04 22:27:11 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-04-04 22:27:10 ----A---- C:\WINDOWS\system32\inetres.dll
2009-04-04 22:27:10 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-04-04 22:27:08 ----D---- C:\Programme\Outlook Express
2009-04-04 22:27:08 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-04-04 22:27:08 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-04-04 22:27:07 ----A---- C:\WINDOWS\system32\mstask.dll
2009-04-04 22:27:07 ----A---- C:\WINDOWS\system32\isign32.dll
2009-04-04 22:27:07 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-04-04 22:27:07 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-04-04 22:27:07 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-04-04 22:27:00 ----D---- C:\Programme\Gemeinsame Dateien\System
2009-04-04 22:26:58 ----D---- C:\Programme\Internet Explorer
2009-04-04 22:26:32 ----D---- C:\Programme\ComPlus Applications
2009-04-04 22:26:30 ----A---- C:\WINDOWS\vbaddin.ini
2009-04-04 22:26:30 ----A---- C:\WINDOWS\vb.ini
2009-04-04 22:26:27 ----D---- C:\WINDOWS\Registration
2009-04-04 22:26:21 ----D---- C:\Programme\Windows Media Player
2009-04-04 22:26:21 ----D---- C:\Programme\Online Services
2009-04-04 22:26:17 ----D---- C:\Programme\Messenger
2009-04-04 22:26:12 ----D---- C:\Programme\MSN Gaming Zone
2009-04-04 22:26:12 ----A---- C:\WINDOWS\system32\write.exe
2009-04-04 22:26:01 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-04-04 22:26:01 ----A---- C:\WINDOWS\system32\hticons.dll
2009-04-04 22:26:01 ----A---- C:\WINDOWS\system32\avwav.dll
2009-04-04 22:26:01 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-04-04 22:26:01 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-04-04 22:26:00 ----A---- C:\WINDOWS\system32\winchat.exe
2009-04-04 22:25:51 ----A---- C:\WINDOWS\system32\sol.exe
2009-04-04 22:25:51 ----A---- C:\WINDOWS\system32\getuname.dll
2009-04-04 22:25:51 ----A---- C:\WINDOWS\system32\charmap.exe
2009-04-04 22:25:51 ----A---- C:\WINDOWS\system32\calc.exe
2009-04-04 22:25:50 ----A---- C:\WINDOWS\system32\winmine.exe
2009-04-04 22:25:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-04-04 22:25:50 ----A---- C:\WINDOWS\system32\reset.exe
2009-04-04 22:25:50 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-04-04 22:25:50 ----A---- C:\WINDOWS\system32\freecell.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\tskill.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\tscon.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\shadow.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\regini.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-04-04 22:25:49 ----A---- C:\WINDOWS\system32\msg.exe
2009-04-04 22:25:48 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-04-04 22:25:48 ----A---- C:\WINDOWS\system32\logoff.exe
2009-04-04 22:25:48 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-04-04 22:25:47 ----A---- C:\WINDOWS\system32\stclient.dll
2009-04-04 22:25:47 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-04-04 22:25:47 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-04-04 22:25:47 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-04-04 22:25:47 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-04-04 22:25:47 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-04-04 22:25:47 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-04-04 22:25:46 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-04-04 22:25:41 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-04-04 22:25:30 ----D---- C:\Programme\MSN
2009-04-04 22:25:30 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-04-04 22:25:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-04-04 22:25:29 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-04-04 22:25:29 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-04-04 22:25:28 ----D---- C:\Programme\Windows NT
2009-04-04 22:25:28 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-04-04 22:25:28 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-04-04 22:25:27 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-04-04 22:25:27 ----A---- C:\WINDOWS\system32\spider.exe
2009-04-04 22:25:26 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-04-04 22:25:26 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-04-04 22:25:26 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-04-04 22:25:26 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-04-04 22:25:26 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-04-04 22:25:26 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-04-04 22:25:26 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-04-04 22:25:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-04-04 22:25:24 ----D---- C:\WINDOWS\system32\MsDtc
2009-04-04 22:25:24 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-04-04 22:25:24 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-04-04 22:25:24 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-04-04 22:25:24 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-04-04 22:25:23 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-04-04 22:25:23 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-04-04 22:25:23 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-04-04 22:25:22 ----D---- C:\WINDOWS\system32\Com
2009-04-04 22:25:22 ----A---- C:\WINDOWS\system32\colbact.dll
2009-04-04 22:25:22 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-04-04 22:25:22 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-04-04 22:25:22 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-04-04 22:25:21 ----A---- C:\WINDOWS\system32\comuid.dll
2009-04-04 22:25:21 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-04-04 22:25:21 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-04-04 22:25:20 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-04-04 22:25:13 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-04-04 22:25:13 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-04-04 22:25:13 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-04-04 22:25:12 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-04-08 20:58:24 ----A---- C:\WINDOWS\system32\hpzjrd01.dll
2009-04-07 19:56:55 ----A---- C:\WINDOWS\win.ini
2009-04-05 06:13:32 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; \??\C:\WINDOWS\system32\drivers\AsIO.sys []
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2002-12-31 40192]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2002-12-31 60800]
R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2004-05-28 19968]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2002-12-31 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-12-15 3329504]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2004-05-22 163328]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2002-12-31 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2002-12-31 57600]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2002-12-31 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2002-12-31 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-10-27 223104]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HdAudAddService;Microsoft UAA-Funktionstreiber für den High Definition Audio-Dienst; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-12-17 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-12-17 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-12-17 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ; C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys [2004-05-20 258560]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-04-10 152984]
R2 NasPmService;NAS PM Service; C:\Programme\BUFFALO\NASNAVI\nassvc.exe [2008-07-11 251184]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2004-12-15 139331]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2002-12-31 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 gupdate1c9b76cf4cbe948;Google Update Service (gupdate1c9b76cf4cbe948); C:\Programme\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-07 183280]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-08 72704]
S3 Adobe Version Cue CS2;Adobe Version Cue CS2; C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [2005-04-04 163840]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-04-12 361728]

-----------------EOF-----------------

==========
info.txt
==========

info.txt logfile of random's system information tool 1.06 2009-04-22 21:27:09

======Uninstall list======

-->C:\Programme\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=e:\adobe creative suite 2.0/lang=0409
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS Probe V2.24.03-->C:\WINDOWS\uninst.exe -f"C:\Programme\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Programme\ASUS\Asus Probe\probunis.dll"
ASUS WLAN Card Utilities/Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x7
AsusUpdate-->C:\WINDOWS\IsUninst.exe -fC:\Programme\ASUS\AsusUpdate\Uninst.isu
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
AxCrypt (Remove Only)-->"C:\Programme\AxCrypt\AxCryptU.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BUFFALO NAS Navigator-->C:\WINDOWS\UN060501.EXE /U
CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe"
C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
DVD Ripper Platinum 4-->C:\Programme\\DVD Ripper Platinum 4\Uninstall.exe
eMule-->"C:\Programme\eMule\Uninstall.exe"
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.B-->"C:\Programme\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
iPod Video Converter 3-->C:\Programme\iPod Video Converter 3\Uninstall.exe
Ipswitch WS_FTP Pro-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
ITE IT8212 ATA RAID Controller-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}\Setup.exe" -l0x9
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x7 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Logitech® Camera-Treiber-->"C:\Programme\Gemeinsame Dateien\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional mit FrontPage-->MsiExec.exe /I{90280407-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.

-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{79F71DBA-38D0-D6C4-DF6C-335C37091031}
NetObjects Fusion 9.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DEB00DB9-7B6A-4704-92CF-C7A7D47E766F}\setup.exe" -l0x7 anything -uninst
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Wizard 2008.1.871-->"C:\Programme\PC Wizard 2008\unins000.exe"
Picasa 3-->"C:\Programme\Google\Picasa3\Uninstall.exe"
Pixum ePrint 1.2-->C:\Programme\Diginet\Pixum ePrint\uninstall.exe
PowerDesk 6-->MsiExec.exe /I{B93251B5-9209-4DAB-867C-AA98D91584CD}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Super Flexible File Synchronizer v4.45a-->"C:\Programme\SuperFlexible\unins000.exe"
Tag&Rename 3.2-->"C:\Programme\TagRename\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update für Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update für Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update für Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update für Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update für Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update für Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update für Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update für Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update für Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update für Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update für Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update für Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update für Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
VLC media player 0.9.9-->C:\Programme\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP-Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Programme\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: ARBEITSZIMMER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Google Software Updater" gesendet.

Record Number: 1187
Source Name: Service Control Manager
Time Written: 20090410135800.000000+540
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ARBEITSZIMMER
Event Code: 51
Message: Bei einem Auslagerungsvorgang wurde ein Fehler festgestellt. Betroffen ist Gerät \Device\Harddisk7\D.

Record Number: 1186
Source Name: Disk
Time Written: 20090410111500.000000+540
Event Type: Warnung
User:

Computer Name: ARBEITSZIMMER
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Beendet".

Record Number: 1185
Source Name: Service Control Manager
Time Written: 20090409224111.000000+540
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 7036
Message: Dienst "Google Software Updater" befindet sich jetzt im Status "Ausgeführt".

Record Number: 1184
Source Name: Service Control Manager
Time Written: 20090409224000.000000+540
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "Google Software Updater" gesendet.

Record Number: 1183
Source Name: Service Control Manager
Time Written: 20090409224000.000000+540
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: ARBEITSZIMMER
Event Code: 2444
Message: MS DTC wurde mit den folgenden Einstellungen gestartet:

Sicherheitskonfiguration (AUS = 0 und EIN = 1):

Netzwerkverwaltung von Transaktionen = 0,

Netzwerkclients = 0,

Eingehende verteilte Transaktionen mithilfe des systemeigenen MSDTC-Protokolls = 0,

Ausgehende verteilte Transaktionen mithilfe des systemeigenen MSDTC-Protokolls = 0,

Transaction Internet Protocol (TIP) = 0,

XA-Transaktionen = 0
Record Number: 382
Source Name: MSDTC
Time Written: 20090410170230.000000+540
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 1000
Message: Fehlgeschlagene Anwendung emule.exe, Version 0.49.2.37, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x10001e39.

Record Number: 381
Source Name: Application Error
Time Written: 20090410165305.000000+540
Event Type: Fehler
User:

Computer Name: ARBEITSZIMMER
Event Code: 11707
Message: Produkt: Java(TM) 6 Update 13 -- Installationsvorgang erfolgreich abgeschlossen.

Record Number: 380
Source Name: MsiInstaller
Time Written: 20090410164424.000000+540
Event Type: Informationen
User: ARBEITSZIMMER\Dude

Computer Name: ARBEITSZIMMER
Event Code: 4097
Message: Die Anwendung "C:\Programme\eMule\emule.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 10.04.2009 um 16:37:55.203
Ausnahme: c0000005 an Adresse 10001E39 (<nosymbols>)

Record Number: 379
Source Name: DrWatson
Time Written: 20090410163755.000000+540
Event Type: Informationen
User:

Computer Name: ARBEITSZIMMER
Event Code: 1000
Message: Fehlgeschlagene Anwendung emule.exe, Version 0.49.2.37, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x10001e39.

Record Number: 378
Source Name: Application Error
Time Written: 20090410163753.000000+540
Event Type: Fehler
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\;C:\Programme\Gemeinsame Dateien\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programme\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Programme\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

by **peku006** » April 22nd, 2009, 1:36 pm

Hi nihonjin

1 - Download and Run OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.

Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.

Code: Select all

:files
C:\WINDOWS\vpc32.INI
C:\WINDOWS\SET8.tmp
C:\WINDOWS\SET4.tmp
C:\WINDOWS\SET3.tmp

:Commands
[EmptyTemp]

Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the OTMoveIt3 log
2. the Kaspersky online scanner report
3. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006

by **nihonjin** » April 24th, 2009, 3:08 am

took some time because the computer crashed and could not be restarted......
so at the moment I'm starting the computer with the windows disk, format all hard drives and will install everything new......

by **peku006** » April 24th, 2009, 4:17 am

Hi nihonjin

what caused that your computer crashed ? :shock:

when you used the OTMoveIt3 or Kaspersky Online Scan ?

by **NonSuch** » April 30th, 2009, 2:28 am

Due to a lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.

Free Malware Removal Forum

TR/PSW.Delf.AB

TR/PSW.Delf.AB

Re: TR/PSW.Delf.AB

Re: TR/PSW.Delf.AB

Re: TR/PSW.Delf.AB

Re: TR/PSW.Delf.AB

Re: TR/PSW.Delf.AB

Re: TR/PSW.Delf.AB

Who is online