Hi Davis,
well i was afraid, that it would be serious. I discconected the PC when the alert from AVG came up first time. I just reconnected it to update mbam and to write this post with the logs. I think i will reinstall the OS to be sure, but first here are the logs u asked for. I followed ur instructions and here are the results:
OTMoveIt log:========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: sopidkc.exe
Unable to kill process: tpszxyd.sys
Unable to kill process: 9129837.exe
Unable to kill process: afisicx.exe
Unable to kill process: tdctxte.exe
Unable to kill process: dpcxool64.sys
========== SERVICES/DRIVERS ==========
Service\Driver afisicx stopped successfully.
Service\Driver afisicx deleted successfully.
Service\Driver sopidkc stopped successfully.
Service\Driver sopidkc deleted successfully.
Service\Driver tdctxte stopped successfully.
Service\Driver tdctxte deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\sopidkc.exe moved successfully.
C:\WINDOWS\system32\tpszxyd.sys moved successfully.
C:\WINDOWS\9129837.exe moved successfully.
C:\WINDOWS\system32\afisicx.exe moved successfully.
C:\WINDOWS\system32\tdctxte.exe moved successfully.
C:\WINDOWS\system32\dpcxool64.sys moved successfully.
File/Folder C:\WINDOWS\system32\mmmsdpqdpq.dll not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Dokumente und Einstellungen\Guiness\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04052009_130409
Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat not found!
MBAM log:Malwarebytes' Anti-Malware 1.35
Datenbank Version: 1940
Windows 5.1.2600 Service Pack 3
05.04.2009 13:18:12
mbam-log-2009-04-05 (13-18-12).txt
Scan-Methode: Quick-Scan
Durchsuchte Objekte: 68203
Laufzeit: 8 minute(s), 9 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 14
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\new_drv (Rootkit.Agent) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\services\del (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\WINDOWS\services.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
RSIT log.txt:Logfile of random's system information tool 1.06 (written by random/random)
Run by Guiness at 2009-04-05 13:21:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (57%) free of 20 GB
Total RAM: 1023 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:27, on 05.04.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\Programme\AVG\AVG8\avgcsrvx.exe
C:\Dokumente und Einstellungen\Guiness\Desktop\Malwareremoval2\RSIT.exe
C:\Dokumente und Einstellungen\Guiness\Desktop\Guiness.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://web.de/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ttool] C:\WINDOWS\9129837.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab3.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 4929891671O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 5643 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Klick-Wartung.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"HP Software Update"=C:\Programme\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-05 1601304]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 176128]
"nmctxth"=C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmctxth.exe [2008-01-08 451896]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2008-12-15 136600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 33792]
"LightScribe Control Panel"=C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe [2008-12-07 2408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-05 10520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe"="C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Programme\Yahoo!\Messenger\YServer.exe"="C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\coolspot\xcMessenger\xcMessenger.exe"="C:\coolspot\xcMessenger\xcMessenger.exe:*:Enabled:X-Check Messenger"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-04-05 13:21:49 ----D---- C:\rsit
2009-04-05 13:08:55 ----D---- C:\Dokumente und Einstellungen\Guiness\Anwendungsdaten\Malwarebytes
2009-04-05 13:07:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-04-05 13:07:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-04-05 13:04:09 ----D---- C:\_OTMoveIt
2009-03-27 23:50:07 ----A---- C:\WINDOWS\system32\1BE.tmp
2009-03-27 23:50:05 ----A---- C:\WINDOWS\system32\1BD.tmp
2009-03-27 22:30:00 ----A---- C:\WINDOWS\system32\16C.tmp
2009-03-27 22:30:00 ----A---- C:\WINDOWS\system32\16B.tmp
2009-03-27 22:28:31 ----A---- C:\WINDOWS\system32\166.tmp
2009-03-27 22:28:30 ----A---- C:\WINDOWS\system32\165.tmp
2009-03-26 22:36:13 ----SHD---- C:\RECYCLER
2009-03-26 22:34:52 ----A---- C:\ComboFix.txt
2009-03-26 22:28:20 ----D---- C:\WINDOWS\temp
2009-03-26 22:25:24 ----A---- C:\WINDOWS\zip.exe
2009-03-26 22:25:24 ----A---- C:\WINDOWS\VFIND.exe
2009-03-26 22:25:24 ----A---- C:\WINDOWS\SWSC.exe
2009-03-26 22:25:24 ----A---- C:\WINDOWS\SWREG.exe
2009-03-26 22:25:24 ----A---- C:\WINDOWS\sed.exe
2009-03-26 22:25:24 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-26 22:25:24 ----A---- C:\WINDOWS\grep.exe
2009-03-26 22:25:24 ----A---- C:\WINDOWS\fdsv.exe
2009-03-26 22:25:21 ----D---- C:\WINDOWS\ERDNT
2009-03-26 19:45:21 ----D---- C:\Programme\uTorrent
2009-03-26 19:45:20 ----D---- C:\Dokumente und Einstellungen\Guiness\Anwendungsdaten\uTorrent
2009-03-26 19:14:57 ----DC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-03-26 18:47:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-26 13:53:36 ----RHD---- C:\AHCache
2009-03-26 13:37:18 ----A---- C:\WINDOWS\wininit.ini
2009-03-26 13:32:20 ----A---- C:\WINDOWS\system32\27.tmp
2009-03-26 13:30:51 ----A---- C:\WINDOWS\system32\1D.tmp
2009-03-26 13:28:33 ----D---- C:\Programme\ConvertHelper
2009-03-08 14:53:48 ----A---- C:\WINDOWS\Prof.ini
2009-03-08 14:51:03 ----A---- C:\WINDOWS\ClonyDrives.ini
2009-03-08 14:50:42 ----A---- C:\WINDOWS\Clony2.ini
======List of files/folders modified in the last 1 months======
2009-04-05 13:19:39 ----D---- C:\WINDOWS\system32\drivers
2009-04-05 13:19:39 ----D---- C:\WINDOWS
2009-04-05 13:19:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-05 13:18:12 ----D---- C:\WINDOWS\system32
2009-04-05 13:12:08 ----D---- C:\WINDOWS\Prefetch
2009-04-05 13:08:55 ----SHD---- C:\WINDOWS\Installer
2009-04-05 13:08:54 ----HD---- C:\Config.Msi
2009-04-05 13:08:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-05 13:07:48 ----RD---- C:\Programme
2009-04-03 12:33:17 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-03 12:32:43 ----D---- C:\Programme\Mozilla Firefox
2009-03-28 17:51:57 ----HD---- C:\$AVG8.VAULT$
2009-03-28 16:50:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg8
2009-03-27 23:51:42 ----SHD---- C:\System Volume Information
2009-03-26 22:31:10 ----A---- C:\WINDOWS\system.ini
2009-03-26 22:29:12 ----D---- C:\WINDOWS\system32\config
2009-03-26 22:27:45 ----D---- C:\WINDOWS\AppPatch
2009-03-26 22:27:42 ----D---- C:\Programme\Gemeinsame Dateien
2009-03-15 11:41:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD Shrink
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-05 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-05 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-05 107272]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-01-08 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-01-08 25272]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 EL90XBC;3Com EtherLink XL 90XB/C-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 IwUSB;IwUSB Driver; C:\WINDOWS\System32\Drivers\IwUSB.sys [2008-10-11 20645]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S4 sr;Filtertreiber für Systemwiederherstellung; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-05 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 249856]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2008-12-15 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [2008-12-07 94208]
R2 nmservice;Pure Networks Platform Service; C:\Programme\Gemeinsame Dateien\Pure Networks Shared\Platform\nmsrvc.exe [2008-01-08 451896]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 94208]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-24 603904]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-19 673280]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 57344]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 761856]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-01-24 360192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 143360]
S4 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 458752]
-----------------EOF-----------------
RSIT info.txt:
info.txt logfile of random's system information tool 1.06 2009-04-05 13:22:31
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AVG Free 8.0-->C:\Programme\AVG\AVG8\setup.exe /UNINSTALL
BelkinPort Monitor-->C:\WINDOWS\system32\rmvport.exe
ConvertHelper 2.2-->"C:\Programme\ConvertHelper\unins000.exe"
DYMO Label Software-->C:\PROGRA~1\DYMOLA~1\UNINSTAL.EXE /U C:\PROGRA~1\DYMOLA~1\INSTALL.LOG
FLV Player 2.0 (build 25)-->C:\Programme\FLV Player\uninst.exe
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Guiness\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 5.3-->C:\Programme\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3-->C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 5.3.B-->"C:\Programme\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LightScribe System Software 1.17.90.1-->MsiExec.exe /X{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU-->MsiExec.exe /I{9309DD7E-EBFE-3C95-8B47-30D3A012F606}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Tool Web Package : EXTRACT.EXE-->MsiExec.exe /X{D52A721B-E44C-4AD7-AD4F-29D83144384B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MindSoft Utilities XP 9-->MsiExec.exe /X{21624D10-245A-47D5-9DF0-806FD955442B}
Mozilla Firefox (3.0.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 6 Ultra Edition-->D:\Programme\Nero\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
One Click PDF 2.0-->MsiExec.exe /I{E32D85B0-1B37-4192-81F1-46804EE760E3}
OpenOffice.org 3.0-->MsiExec.exe /I{7EC19307-7C22-47A8-922B-3FA965291260}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
Radiotracker-->MsiExec.exe /I{90A7437B-54F0-4464-9DAE-35C00856C284}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sid Meier's Pirates!-->C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1031
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6i-->C:\Programme\VideoLAN\VLC\uninstall.exe
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XP Codec Pack-->C:\Programme\XP Codec Pack\Uninstall.exe
======Hosts File======
127.0.0.1 jL.chura.pl
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: IBB
Event Code: 7036
Message: Dienst "NLA (Network Location Awareness)" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2919
Source Name: Service Control Manager
Time Written: 20081214103620.000000+060
Event Type: Informationen
User:
Computer Name: IBB
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.
Record Number: 2918
Source Name: Service Control Manager
Time Written: 20081214103620.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: IBB
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.
Record Number: 2917
Source Name: Service Control Manager
Time Written: 20081214103620.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: IBB
Event Code: 7036
Message: Dienst "Konfigurationsfreie drahtlose Verbindung" befindet sich jetzt im Status "Beendet".
Record Number: 2916
Source Name: Service Control Manager
Time Written: 20081214103620.000000+060
Event Type: Informationen
User:
Computer Name: IBB
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 2915
Source Name: Service Control Manager
Time Written: 20081214103620.000000+060
Event Type: Informationen
User:
=====Application event log=====
Computer Name: KEKS-B7826BAC01
Event Code: 1
Message:
Record Number: 590
Source Name: Bonjour Service
Time Written: 20081108123255.000000+060
Event Type: Informationen
User:
Computer Name: KEKS-B7826BAC01
Event Code: 4097
Message: Die Anwendung "C:\Programme\Windows Media Player\wmplayer.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 07.11.2008 um 21:42:08.328
Ausnahme: c0000005 an Adresse 01F43B6C (libavcodec!dsputil_init)
Record Number: 589
Source Name: DrWatson
Time Written: 20081107214208.000000+060
Event Type: Informationen
User:
Computer Name: KEKS-B7826BAC01
Event Code: 1000
Message: Fehlgeschlagene Anwendung wmplayer.exe, Version 9.0.0.4503, fehlgeschlagenes Modul libavcodec.dll, Version 0.0.0.0, Fehleradresse 0x001f3b6c.
Record Number: 588
Source Name: Application Error
Time Written: 20081107214205.000000+060
Event Type: Fehler
User:
Computer Name: KEKS-B7826BAC01
Event Code: 4097
Message: Die Anwendung "C:\Programme\Windows Media Player\wmplayer.exe" hat einen Programmfehler verursacht.
Datum und Zeit des Fehlers: 07.11.2008 um 21:41:38.796
Ausnahme: c0000005 an Adresse 01F53B6C (libavcodec!dsputil_init)
Record Number: 587
Source Name: DrWatson
Time Written: 20081107214138.000000+060
Event Type: Informationen
User:
Computer Name: KEKS-B7826BAC01
Event Code: 1000
Message: Fehlgeschlagene Anwendung wmplayer.exe, Version 9.0.0.4503, fehlgeschlagenes Modul libavcodec.dll, Version 0.0.0.0, Fehleradresse 0x001f3b6c.
Record Number: 586
Source Name: Application Error
Time Written: 20081107214137.000000+060
Event Type: Fehler
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
U asked how my PC behaves. I think its slowler then normal when opening those log-files.
After submitting this post i will run a complete scan of AVG, just to see if AVG still finds something.
Again: Thank u for ur help! When reinstalling the OS (no problem with that, i have done that several times) are there any files i can savely backup before reinstalling? like pics or is it too dangerous to save anything? what about data on the non-system partition???
Many questions i know...