Silly.Gen Virus - Nur Wechseldatenträger reinigen

[premierstreusel]

Hallo zusammen,
nach dem Auslesen von einer SD-Karte eines Freundes ist mein Rechner jetzt von einem nach Antivir als "Silly.Gen" erkanntem Virus befallen. Die Anleitung zur Reinigung (Hacked by <random> entfernen - Anleitung) habe ich mir auch schon durchgelesen und soweit verstanden.

Meine Frage ist nun ob meine externe Festplatte, die auch befallen ist, einfach durch das löschen der autorun.inf und der .vbs Datei zu bereinigen ist (wie in Punkt 2 beschrieben)?
Die Daten auf meinem Rechner sind alle auch auf meiner externen gespeichert, wenn diese frei von Viren wäre könnte ich mir das ganze Rumgefummel auch sparen und den Rechner formatieren (was ich eh bald machen wollte).

Muss ich den ganzen Weg gehen oder reicht es bis Punkt 2 um die externe Festplatte frei zu bekommen? Sprich könnte ich meine externe Festplatte auch an einen "sauberen" Rechner mit gedrückter Shift-Taste anschließen und den Virus dann manuel löschen um zu verhindern dass sie wieder neu befallen wird?

Danke ,
premierstreusel

[Petra]

Willkommen im HijackThis-Supportforum premierstreusel,

zunächst bitte aufmerksam durchlesen: Worauf muss ich während der Bereinigung achten?

Anschließend die folgenden Punkte unbedingt in der vorgegebenen Reihenfolge abarbeiten.

Berichte mir zu jedem Punkt, dass Du ihn erledigt hast.

Stoppe und frage, wenn etwas nicht funktioniert.

Poste Logfiles sofern angefordert und/oder antworte auf gestellte Fragen.

Benutze ausschließlich Programme und Tools, die in der Anleitung angegeben sind.
Installiere während unserer Bereinigung nichts Neues ohne Absprache.

===== Punkt 1 =====

Dateiliste mit HJTscanlist.bat erstellen

Falls Du WindowsXP Home hast, bitte zunächst tasklist.zip downloaden und nach C:\Windows\system32 entpacken, damit die HJTscanlist.bat eine Taskliste erstellen kann. Zur Erklärung: das Tool tasklist.exe ist nur in Windows Professional und Vista enthalten und muss bei Windows XP Home nachinstalliert werden. Unter Windows 2000 funktioniert das leider nicht.

Da ein HJT-Logfile nur bedingt aussagekräftig ist, möchten wir den Inhalt einiger kritischer Verzeichnisse auf Deinem System ansehen. Dazu lade folgende Datei herunter HJTscanlist.zip. Entpacke die Datei auf Deinen Desktop. Auf dem Desktop befindet sich nun die Datei HJTscanlist.bat, diese doppelklicken, um sie zu starten. Wähle Dein Betriebssystem aus (bei Windows 2000 wähle XP). Bei Abfrage der Einstellung benutze bitte die Auswahl Nr. 1 (Scanlist). Nun wird die Dateiliste erstellt und in Deinem Editor geöffnet und als hjtscanlist.txt auf Deinem Desktop gespeichert. Poste mir den Inhalt der Dateiliste hier in den Thread. Bei diesem Log brauchst Du keine Code-Tags setzen, da sie im Log schon enthalten sind

===== Punkt 2 =====

Systemdetails mit RSIT prüfen

• Lade Random's System Information Tool (RSIT) von random/random herunter,
• speichere es auf Deinem Desktop.
• Schließe alle Fenster und Programme inkl. Browser.
• Starte mit Doppelklick die RSIT.exe.
• Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
• Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
• In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
• Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
• Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
• Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
• Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= wird minimiert in der Taskleiste dargestellt) hier in den Thread.

===== Punkt 3 =====

Dateien suchen

Ich möchte prüfen, ob bestimmte Dateien noch auf Deinem System sind, dazu bitte den Text aus der Codebox:

Code:

@echo off
set log="%userprofile%\Desktop\files.txt"
if exist %log% del %log%

for %%d in (c d e f g h i j k l m n o p q r s t u v w x y z) do (
    if exist %%d:\ (
        %%d:
        cd \
        dir *.vb*;autorun.inf;boot.com /s
        dir *.vb*;autorun.inf;boot.com /ah /s
        attrib
    )
) >> %log%
start notepad %log%

in den Editor (Start => ausführen => notepad (reinschreiben) => OK) kopieren und als findfile.bat mit 'Speichern unter' auf dem Desktop speichern (bei Dateityp auf "All types" umstellen), Du solltest jetzt auf dem Desktop diese Datei finden => findfile.bat => die findfile.bat per Doppelklick starten. Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei files.txt präsentieren. Bitte kopiere den Inhalt hier in den Thread. Vorsicht: Nicht alle Funde sind Schädlinge!

Sollte es während der Ausführung des Skriptes zu einer Fehlermeldung "Windows kein Datenträger" kommen, kannst Du beruhigt auf "Weiter" klicken. Das liegt daran, dass ein Datenträger (z. B. ein Kartenlesegerät) leer ist.

[premierstreusel]

Hi, danke für die schnelle Antwort.
Hier das hjt Log:

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows XP [Version 5.1.2600]
 
 
C:

  16.12.2009 05:24      C:\WINDOWS --------- 0 
        C:\hiberfil.sys ---------  
        C:\pagefile.sys ---------  
  14.12.2009 07:23      C:\autorun.inf --------- 98 
  21.09.2009 03:25      C:\Program Files --------- 0 
  29.08.2009 12:49      C:\etax2009 --------- 0 
  17.05.2009 22:29      C:\Team17 --------- 0 
  24.02.2009 09:44      C:\RECYCLER --------- 0 
  24.02.2009 09:38      C:\Documents and Settings --------- 0 
  24.02.2009 09:38      C:\System Volume Information --------- 0 
  24.02.2009 09:38      C:\boot.ini --------- 211 
  14.04.2008 21:00      C:\ntldr --------- 250048 
  14.04.2008 21:00      C:\NTDETECT.COM --------- 47564 
  08.03.2005 01:26      C:\MSOCache --------- 0 
  08.03.2005 01:17      C:\NIS2008 --------- 0 
  08.03.2005 01:12      C:\CDS --------- 0 
  08.03.2005 00:05      C:\Intel --------- 0 
  06.03.2005 01:52      C:\IO.SYS --------- 0 
  06.03.2005 01:52      C:\MSDOS.SYS --------- 0 
  06.03.2005 01:52      C:\CONFIG.SYS --------- 0 
  06.03.2005 01:52      C:\AUTOEXEC.BAT --------- 0 
----------------------------------------

 
C:\WINDOWS

  16.12.2009 05:24     C:\WINDOWS\KB960859.log --------- 4770 
  16.12.2009 05:24     C:\WINDOWS\KB974318.log --------- 4686 
  16.12.2009 05:24     C:\WINDOWS\KB969059.log --------- 4602 
  16.12.2009 05:24     C:\WINDOWS\KB961371-v2.log --------- 4571 
  16.12.2009 05:24     C:\WINDOWS\KB971657.log --------- 4435 
  16.12.2009 05:24     C:\WINDOWS\KB971557.log --------- 4351 
  16.12.2009 05:23     C:\WINDOWS\KB974112.log --------- 4269 
  16.12.2009 05:23     C:\WINDOWS\KB971633.log --------- 4190 
  16.12.2009 05:23     C:\WINDOWS\KB975025.log --------- 4102 
  16.12.2009 05:23     C:\WINDOWS\KB974571.log --------- 4018 
  16.12.2009 05:23     C:\WINDOWS\KB973507.log --------- 3935 
  16.12.2009 05:23     C:\WINDOWS\KB969947.log --------- 5020 
  16.12.2009 05:23     C:\WINDOWS\KB976325-IE7.log --------- 27712 
  16.12.2009 05:22     C:\WINDOWS\KB974392.log --------- 3771 
  16.12.2009 05:22     C:\WINDOWS\KB973815.log --------- 3688 
  16.12.2009 05:22     C:\WINDOWS\KB975467.log --------- 3605 
  16.12.2009 05:22     C:\WINDOWS\KB968389.log --------- 3528 
  16.12.2009 05:19     C:\WINDOWS\setupapi.log --------- 822725 
  16.12.2009 05:19     C:\WINDOWS\setupact.log --------- 216153 
  16.12.2009 05:19     C:\WINDOWS\WindowsUpdate.log --------- 1932252 
  16.12.2009 05:17     C:\WINDOWS\wiadebug.log --------- 159 
  16.12.2009 05:17     C:\WINDOWS\wiaservc.log --------- 50 
  16.12.2009 05:17     C:\WINDOWS\bootstat.dat --------- 2048 
  16.12.2009 05:15     C:\WINDOWS\0.log --------- 0 
  16.12.2009 03:35     C:\WINDOWS\SchedLgU.Txt --------- 32570 
  14.09.2009 20:39     C:\WINDOWS\ie8_main.log --------- 1859 
  30.07.2009 15:57     C:\WINDOWS\WirelessFTP.INI --------- 97 
  19.07.2009 16:22     C:\WINDOWS\ntdtcsetup.log --------- 69521 
  19.07.2009 16:22     C:\WINDOWS\comsetup.log --------- 117347 
  19.07.2009 16:22     C:\WINDOWS\iis6.log --------- 50229 
  19.07.2009 16:22     C:\WINDOWS\ocmsn.log --------- 17985 
  19.07.2009 16:22     C:\WINDOWS\imsins.log --------- 1374 
  19.07.2009 16:22     C:\WINDOWS\tsoc.log --------- 128680 
  19.07.2009 16:22     C:\WINDOWS\KB969898.log --------- 13388 
  19.07.2009 16:22     C:\WINDOWS\ocgen.log --------- 162525 
  19.07.2009 16:22     C:\WINDOWS\msgsocm.log --------- 16321 
  19.07.2009 16:22     C:\WINDOWS\FaxSetup.log --------- 320724 
  19.07.2009 16:22     C:\WINDOWS\imsins.BAK --------- 1374 
  19.07.2009 16:22     C:\WINDOWS\KB969897-IE7.log --------- 121793 
  19.07.2009 16:22     C:\WINDOWS\updspapi.log --------- 49410 
  15.07.2009 09:57     C:\WINDOWS\KB961501.log --------- 10682 
  15.07.2009 09:55     C:\WINDOWS\KB970238.log --------- 10629 
  15.07.2009 09:55     C:\WINDOWS\KB968537.log --------- 12001 
  10.05.2009 20:40     C:\WINDOWS\KB941569.log --------- 13727 
  09.05.2009 22:17     C:\WINDOWS\KB923689.log --------- 3993 
  09.05.2009 22:17     C:\WINDOWS\KB952069.log --------- 22207 
  08.05.2009 17:13     C:\WINDOWS\wmsetup.log --------- 21413 
  08.05.2009 17:13     C:\WINDOWS\WMSysPr9.prx --------- 316640 
  02.05.2009 04:00     C:\WINDOWS\KB959426.log --------- 12174 
  27.04.2009 02:31     C:\WINDOWS\spupdsvc.log --------- 7761 
  25.04.2009 04:25     C:\WINDOWS\KB961373.log --------- 18572 
  25.04.2009 04:25     C:\WINDOWS\KB956803.log --------- 18077 
  25.04.2009 04:25     C:\WINDOWS\KB938127-v2-IE7.log --------- 17975 
  25.04.2009 04:25     C:\WINDOWS\KB963027-IE7.log --------- 46817 
  25.04.2009 04:22     C:\WINDOWS\KB956572.log --------- 14072 
  25.04.2009 04:22     C:\WINDOWS\KB952004.log --------- 14445 
  25.04.2009 04:22     C:\WINDOWS\KB954459.log --------- 11206 
  25.04.2009 04:22     C:\WINDOWS\KB960803.log --------- 11842 
  23.04.2009 00:45     C:\WINDOWS\KB923561.log --------- 8777 
  10.04.2009 19:06     C:\WINDOWS\KB960715.log --------- 45252 
  10.04.2009 16:21     C:\WINDOWS\ie7_main.log --------- 95366 
  10.04.2009 16:21     C:\WINDOWS\KB961260-IE7.log --------- 46371 
  10.04.2009 16:21     C:\WINDOWS\KB956390-IE7.log --------- 67470 
  10.04.2009 16:20     C:\WINDOWS\ie7.log --------- 52810 
  10.04.2009 16:18     C:\WINDOWS\IDNMitigationAPIs.log --------- 6338 
  10.04.2009 16:18     C:\WINDOWS\NLSDownlevelMapping.log --------- 6009 
  10.04.2009 16:17     C:\WINDOWS\KB915865.log --------- 2080 
  05.04.2009 20:06     C:\WINDOWS\KB951376-v2.log --------- 16110 
  05.04.2009 20:06     C:\WINDOWS\KB952954.log --------- 24141 
  05.04.2009 20:05     C:\WINDOWS\KB946648.log --------- 15818 
  05.04.2009 20:05     C:\WINDOWS\KB955839.log --------- 37408 
  05.04.2009 20:05     C:\WINDOWS\KB958215.log --------- 16655 
  05.04.2009 20:05     C:\WINDOWS\KB951978.log --------- 23193 
  05.04.2009 20:04     C:\WINDOWS\KB950974.log --------- 22575 
  05.04.2009 20:04     C:\WINDOWS\KB951698.log --------- 21363 
  05.04.2009 20:04     C:\WINDOWS\KB960225.log --------- 21504 
  05.04.2009 20:04     C:\WINDOWS\KB956841.log --------- 15020 
  05.04.2009 20:04     C:\WINDOWS\KB960714.log --------- 14044 
  05.04.2009 20:04     C:\WINDOWS\KB938464-v2.log --------- 10781 
  05.04.2009 20:04     C:\WINDOWS\KB950762.log --------- 13371 
  05.04.2009 20:03     C:\WINDOWS\KB957097.log --------- 13439 
  05.04.2009 20:03     C:\WINDOWS\KB958687.log --------- 13360 
  05.04.2009 20:03     C:\WINDOWS\KB952287.log --------- 13057 
  05.04.2009 20:03     C:\WINDOWS\KB967715.log --------- 21643 
  05.04.2009 20:03     C:\WINDOWS\KB950760.log --------- 12410 
  05.04.2009 20:03     C:\WINDOWS\KB951066.log --------- 12607 
  05.04.2009 20:03     C:\WINDOWS\KB958690.log --------- 20781 
  05.04.2009 20:02     C:\WINDOWS\KB951748.log --------- 21312 
  05.04.2009 20:02     C:\WINDOWS\KB954600.log --------- 8473 
  05.04.2009 20:02     C:\WINDOWS\KB958644.log --------- 8780 
  05.04.2009 20:02     C:\WINDOWS\KB955069.log --------- 8265 
  05.04.2009 20:02     C:\WINDOWS\KB956802.log --------- 15998 
  05.04.2009 20:02     C:\WINDOWS\msxml4-KB954430-enu.LOG --------- 308988 
  03.04.2009 17:50     C:\WINDOWS\KB898461.log --------- 6992 
  28.03.2009 15:19     C:\WINDOWS\Wdf01005Inst.log --------- 6269 
  28.03.2009 15:17     C:\WINDOWS\LDPINST.LOG --------- 5287 
  07.03.2009 04:30     C:\WINDOWS\DirectX.log --------- 116289 
  26.02.2009 05:44     C:\WINDOWS\nsreg.dat --------- 0 
  24.02.2009 09:39     C:\WINDOWS\OEWABLog.txt --------- 1178 
  24.02.2009 09:38     C:\WINDOWS\setuplog.txt --------- 121188 
  24.02.2009 09:37     C:\WINDOWS\sessmgr.setup.log --------- 2739 
  24.02.2009 09:37     C:\WINDOWS\DtcInstall.log --------- 626 
  24.02.2009 09:35     C:\WINDOWS\regopt.log --------- 2316 
  24.02.2009 09:31     C:\WINDOWS\REGLOCS.OLD --------- 8192 
  19.12.2008 00:42     C:\WINDOWS\KHALMNPR.Exe --------- 76304 
  08.05.2008 09:39     C:\WINDOWS\RTHDCPL.exe --------- 16862208 
  14.04.2008 21:00     C:\WINDOWS\hh.exe --------- 10752 
  14.04.2008 21:00     C:\WINDOWS\winnt256.bmp --------- 48680 
  14.04.2008 21:00     C:\WINDOWS\Greenstone.bmp --------- 26582 
  14.04.2008 21:00     C:\WINDOWS\Prairie Wind.bmp --------- 65954 
  14.04.2008 21:00     C:\WINDOWS\msdfmap.ini --------- 1405 
  14.04.2008 21:00     C:\WINDOWS\FeatherTexture.bmp --------- 16730 
  14.04.2008 21:00     C:\WINDOWS\_default.pif --------- 707 
  14.04.2008 21:00     C:\WINDOWS\NOTEPAD.EXE --------- 69120 
  14.04.2008 21:00     C:\WINDOWS\River Sumida.bmp --------- 26680 
  14.04.2008 21:00     C:\WINDOWS\winnt.bmp --------- 48680 
  14.04.2008 21:00     C:\WINDOWS\Zapotec.bmp --------- 9522 
  14.04.2008 21:00     C:\WINDOWS\winhlp32.exe --------- 283648 
  14.04.2008 21:00     C:\WINDOWS\winhelp.exe --------- 256192 
  14.04.2008 21:00     C:\WINDOWS\Blue Lace 16.bmp --------- 1272 
  14.04.2008 21:00     C:\WINDOWS\Santa Fe Stucco.bmp --------- 65832 
  14.04.2008 21:00     C:\WINDOWS\desktop.ini --------- 2 
  14.04.2008 21:00     C:\WINDOWS\Rhododendron.bmp --------- 17362 
  14.04.2008 21:00     C:\WINDOWS\clock.avi --------- 82944 
  14.04.2008 21:00     C:\WINDOWS\Coffee Bean.bmp --------- 17062 
  14.04.2008 21:00     C:\WINDOWS\explorer.exe --------- 1033728 
  14.04.2008 21:00     C:\WINDOWS\Gone Fishing.bmp --------- 17336 
  14.04.2008 21:00     C:\WINDOWS\vmmreg32.dll --------- 18944 
  14.04.2008 21:00     C:\WINDOWS\regedit.exe --------- 146432 
  14.04.2008 21:00     C:\WINDOWS\Soap Bubbles.bmp --------- 65978 
  14.04.2008 21:00     C:\WINDOWS\twunk_32.exe --------- 25600 
  14.04.2008 21:00     C:\WINDOWS\explorer.scf --------- 80 
  14.04.2008 21:00     C:\WINDOWS\twunk_16.exe --------- 49680 
  14.04.2008 21:00     C:\WINDOWS\twain_32.dll --------- 50688 
  14.04.2008 21:00     C:\WINDOWS\TASKMAN.EXE --------- 15360 
  14.04.2008 21:00     C:\WINDOWS\twain.dll --------- 94784 
  03.04.2008 01:27     C:\WINDOWS\RtlUpd.exe --------- 1196032 
  06.03.2008 10:07     C:\WINDOWS\RtlExUpd.dll --------- 520192 
  21.11.2007 10:15     C:\WINDOWS\SkyTel.exe --------- 1826816 
  15.11.2007 07:18     C:\WINDOWS\USetup.iss --------- 553 
  29.06.2007 10:44     C:\WINDOWS\MicCal.exe --------- 2165760 
  24.03.2007 11:19     C:\WINDOWS\RTLCPL.exe --------- 9715200 
  22.07.2006 10:14     C:\WINDOWS\SoundMan.exe --------- 86016 
  05.05.2006 10:26     C:\WINDOWS\alcwzrd.exe --------- 2808832 
  04.05.2005 12:43     C:\WINDOWS\Alcmtr.exe --------- 69632 
  08.03.2005 02:53     C:\WINDOWS\smscfg.ini --------- 61 
  08.03.2005 02:16     C:\WINDOWS\DPINST.LOG --------- 12578 
  08.03.2005 02:12     C:\WINDOWS\RTacDbg.txt --------- 4505 
  08.03.2005 01:54     C:\WINDOWS\tosOBEX.INI --------- 0 
  08.03.2005 01:27     C:\WINDOWS\win.ini --------- 552 
  08.03.2005 00:12     C:\WINDOWS\HideWin.exe --------- 315392 
  06.03.2005 01:52     C:\WINDOWS\control.ini --------- 0 
  06.03.2005 01:51     C:\WINDOWS\ODBCINST.INI --------- 4161 
  06.03.2005 01:50     C:\WINDOWS\WindowsShell.Manifest --------- 749 
  06.03.2005 01:49     C:\WINDOWS\vbaddin.ini --------- 37 
  06.03.2005 01:49     C:\WINDOWS\vb.ini --------- 36 
  06.03.2005 01:47     C:\WINDOWS\cmsetacl.log --------- 200 
  05.03.2005 17:47     C:\WINDOWS\Sti_Trace.log --------- 0 
  05.03.2005 17:44     C:\WINDOWS\system.ini --------- 231 
  05.03.2005 17:43     C:\WINDOWS\setuperr.log --------- 0 
  26.08.1997 13:06     C:\WINDOWS\IsUninst.exe --------- 315904 
----------------------------------------

 
C:\WINDOWS\System

 14.04.2008 21:00    C:\WINDOWS\System\MSVIDEO.DLL --------- 126912 
 14.04.2008 21:00    C:\WINDOWS\System\WFWNET.DRV --------- 13600 
 14.04.2008 21:00    C:\WINDOWS\System\AVICAP.DLL --------- 69584 
 14.04.2008 21:00    C:\WINDOWS\System\AVIFILE.DLL --------- 109456 
 14.04.2008 21:00    C:\WINDOWS\System\COMMDLG.DLL --------- 32816 
 14.04.2008 21:00    C:\WINDOWS\System\KEYBOARD.DRV --------- 2000 
 14.04.2008 21:00    C:\WINDOWS\System\LZEXPAND.DLL --------- 9936 
 14.04.2008 21:00    C:\WINDOWS\System\MCIAVI.DRV --------- 73376 
 14.04.2008 21:00    C:\WINDOWS\System\MCISEQ.DRV --------- 25264 
 14.04.2008 21:00    C:\WINDOWS\System\MCIWAVE.DRV --------- 28160 
 14.04.2008 21:00    C:\WINDOWS\System\MMSYSTEM.DLL --------- 68768 
 14.04.2008 21:00    C:\WINDOWS\System\MMTASK.TSK --------- 1152 
 14.04.2008 21:00    C:\WINDOWS\System\MOUSE.DRV --------- 2032 
 14.04.2008 21:00    C:\WINDOWS\System\WINSPOOL.DRV --------- 146432 
 14.04.2008 21:00    C:\WINDOWS\System\OLECLI.DLL --------- 82944 
 14.04.2008 21:00    C:\WINDOWS\System\OLESVR.DLL --------- 24064 
 14.04.2008 21:00    C:\WINDOWS\System\setup.inf --------- 59167 
 14.04.2008 21:00    C:\WINDOWS\System\SHELL.DLL --------- 5120 
 14.04.2008 21:00    C:\WINDOWS\System\SOUND.DRV --------- 1744 
 14.04.2008 21:00    C:\WINDOWS\System\stdole.tlb --------- 5532 
 14.04.2008 21:00    C:\WINDOWS\System\SYSTEM.DRV --------- 3360 
 14.04.2008 21:00    C:\WINDOWS\System\TAPI.DLL --------- 19200 
 14.04.2008 21:00    C:\WINDOWS\System\TIMER.DRV --------- 4048 
 14.04.2008 21:00    C:\WINDOWS\System\VER.DLL --------- 9008 
 14.04.2008 21:00    C:\WINDOWS\System\VGA.DRV --------- 2176 
----------------------------------------

 
C:\WINDOWS\System32

 16.12.2009 05:19     C:\WINDOWS\system32\dllcache --------- 0 
 16.12.2009 05:18     C:\WINDOWS\system32\CatRoot2 --------- 0 
 16.12.2009 03:21     C:\WINDOWS\system32\wpa.dbl --------- 2206 
 14.12.2009 06:09     C:\WINDOWS\system32\MSI-WIND.wsh --------- 90 
 04.11.2009 08:54     C:\WINDOWS\system32\perfh009.dat --------- 315076 
 04.11.2009 08:54     C:\WINDOWS\system32\perfc009.dat --------- 41238 
 04.11.2009 08:54     C:\WINDOWS\system32\PerfStringBackup.INI --------- 359948 
 15.09.2009 18:45     C:\WINDOWS\system32\FNTCACHE.DAT --------- 1556424 
 27.08.2009 19:27     C:\WINDOWS\system32\drivers --------- 0 
 06.08.2009 19:24     C:\WINDOWS\system32\wucltui.dll --------- 327896 
 06.08.2009 19:24     C:\WINDOWS\system32\wucltui.dll.mui --------- 21728 
 06.08.2009 19:24     C:\WINDOWS\system32\wuweb.dll --------- 209632 
 06.08.2009 19:24     C:\WINDOWS\system32\wuaucpl.cpl.mui --------- 15072 
 06.08.2009 19:24     C:\WINDOWS\system32\wuaucpl.cpl --------- 217816 
 06.08.2009 19:24     C:\WINDOWS\system32\wuapi.dll.mui --------- 15064 
 06.08.2009 19:24     C:\WINDOWS\system32\wuauclt.exe --------- 53472 
 06.08.2009 19:24     C:\WINDOWS\system32\cdm.dll --------- 96480 
 06.08.2009 19:24     C:\WINDOWS\system32\wuaueng.dll.mui --------- 17632 
 06.08.2009 19:23     C:\WINDOWS\system32\wuapi.dll --------- 575704 
 06.08.2009 19:23     C:\WINDOWS\system32\wuaueng.dll --------- 1929952 
 19.07.2009 16:22     C:\WINDOWS\system32\en-US --------- 0 
 02.06.2009 01:51     C:\WINDOWS\system32\MRT.exe --------- 23635392 
 12.05.2009 17:15     C:\WINDOWS\system32\wbem --------- 0 
 09.05.2009 22:17     C:\WINDOWS\system32\CatRoot --------- 0 
 09.05.2009 19:44     C:\WINDOWS\system32\DRVSTORE --------- 0 
 08.05.2009 15:40     C:\WINDOWS\system32\javaws.exe --------- 148888 
 08.05.2009 15:40     C:\WINDOWS\system32\javaw.exe --------- 144792 
 08.05.2009 15:40     C:\WINDOWS\system32\javacpl.cpl --------- 73728 
 08.05.2009 15:40     C:\WINDOWS\system32\java.exe --------- 144792 
 08.05.2009 15:40     C:\WINDOWS\system32\deploytk.dll --------- 410984 
 08.05.2009 00:32     C:\WINDOWS\system32\localspl.dll --------- 345600 
 29.04.2009 13:56     C:\WINDOWS\system32\webcheck.dll --------- 233472 
 29.04.2009 13:56     C:\WINDOWS\system32\wininet.dll --------- 827392 
 29.04.2009 13:56     C:\WINDOWS\system32\occache.dll --------- 102912 
 29.04.2009 13:56     C:\WINDOWS\system32\url.dll --------- 105984 
 29.04.2009 13:56     C:\WINDOWS\system32\pngfilt.dll --------- 44544 
 29.04.2009 13:56     C:\WINDOWS\system32\mstime.dll --------- 671232 
 29.04.2009 13:56     C:\WINDOWS\system32\urlmon.dll --------- 1159680 
 29.04.2009 13:56     C:\WINDOWS\system32\mshtmled.dll --------- 477696 
 29.04.2009 13:56     C:\WINDOWS\system32\mshtml.dll --------- 3596288 
 29.04.2009 13:56     C:\WINDOWS\system32\msrating.dll --------- 193024 
 29.04.2009 13:55     C:\WINDOWS\system32\inetcpl.cpl --------- 1830912 
 29.04.2009 13:55     C:\WINDOWS\system32\jsproxy.dll --------- 27648 
 29.04.2009 13:55     C:\WINDOWS\system32\msfeeds.dll --------- 459264 
 29.04.2009 13:55     C:\WINDOWS\system32\msfeedsbs.dll --------- 52224 
 29.04.2009 13:55     C:\WINDOWS\system32\iertutil.dll --------- 268288 
 29.04.2009 13:55     C:\WINDOWS\system32\ieframe.dll --------- 6066176 
 29.04.2009 13:55     C:\WINDOWS\system32\iernonce.dll --------- 44544 
 29.04.2009 13:55     C:\WINDOWS\system32\extmgr.dll --------- 133120 
 29.04.2009 13:55     C:\WINDOWS\system32\dxtrans.dll --------- 214528 
 29.04.2009 13:55     C:\WINDOWS\system32\ieencode.dll --------- 78336 
 29.04.2009 13:55     C:\WINDOWS\system32\iedkcs32.dll --------- 385024 
 29.04.2009 13:55     C:\WINDOWS\system32\ieapfltr.dll --------- 383488 
 29.04.2009 13:55     C:\WINDOWS\system32\ieakeng.dll --------- 153088 
 29.04.2009 13:55     C:\WINDOWS\system32\icardie.dll --------- 63488 
 29.04.2009 13:55     C:\WINDOWS\system32\ieaksie.dll --------- 230400 
 29.04.2009 13:55     C:\WINDOWS\system32\dxtmsft.dll --------- 347136 
 29.04.2009 13:55     C:\WINDOWS\system32\advpack.dll --------- 124928 
 29.04.2009 02:43     C:\WINDOWS\system32\Restore --------- 0 
 28.04.2009 18:06     C:\WINDOWS\system32\html.iec --------- 389120 
 28.04.2009 18:05     C:\WINDOWS\system32\ieudinit.exe --------- 13824 
 28.04.2009 18:05     C:\WINDOWS\system32\ie4uinit.exe --------- 70656 
 25.04.2009 14:26     C:\WINDOWS\system32\ieakui.dll --------- 161792 
 17.04.2009 21:26     C:\WINDOWS\system32\win32k.sys --------- 1847168 
 15.04.2009 23:51     C:\WINDOWS\system32\rpcrt4.dll --------- 585216 
 10.04.2009 16:20     C:\WINDOWS\system32\config --------- 0 
 07.04.2009 23:10     C:\WINDOWS\system32\msxml3a.dll --------- 29480 
 05.04.2009 20:05     C:\WINDOWS\system32\TZLog.log --------- 212010 
 03.04.2009 17:49     C:\WINDOWS\system32\PreInstall --------- 0 
 02.04.2009 17:28     C:\WINDOWS\system32\SoftwareDistribution --------- 0 
 26.03.2009 16:23     C:\WINDOWS\system32\usbaaplrc.dll --------- 1900544 
 21.03.2009 23:06     C:\WINDOWS\system32\kernel32.dll --------- 989696 
 07.03.2009 04:30     C:\WINDOWS\system32\DirectX --------- 0 
 06.03.2009 23:22     C:\WINDOWS\system32\pdh.dll --------- 284160 
 24.02.2009 09:38     C:\WINDOWS\system32\$winnt$.inf --------- 1215 
 24.02.2009 09:38     C:\WINDOWS\system32\pid.PNF --------- 5208 
 19.02.2009 01:27     C:\WINDOWS\system32\KemXML.dll --------- 84496 
 19.02.2009 01:27     C:\WINDOWS\system32\KemWnd.dll --------- 117264 
 19.02.2009 01:27     C:\WINDOWS\system32\KemUtil.dll --------- 145936 
 19.02.2009 01:27     C:\WINDOWS\system32\kemutb.dll --------- 170512 
 19.02.2009 01:26     C:\WINDOWS\system32\BtCoreIf.dll --------- 301656 
 09.02.2009 21:10     C:\WINDOWS\system32\lsasrv.dll --------- 729088 
 09.02.2009 21:10     C:\WINDOWS\system32\ntdll.dll --------- 714752 
 09.02.2009 21:10     C:\WINDOWS\system32\advapi32.dll --------- 617472 
 09.02.2009 21:10     C:\WINDOWS\system32\rpcss.dll --------- 401408 
 06.02.2009 20:11     C:\WINDOWS\system32\services.exe --------- 110592 
 06.02.2009 20:06     C:\WINDOWS\system32\ntoskrnl.exe --------- 2145280 
 06.02.2009 19:39     C:\WINDOWS\system32\sc.exe --------- 35328 
 06.02.2009 19:32     C:\WINDOWS\system32\ntkrnlpa.exe --------- 2023936 
 04.02.2009 04:59     C:\WINDOWS\system32\secur32.dll --------- 56832 
 05.01.2009 17:18     C:\WINDOWS\system32\QuickTimeVR.qtx --------- 90112 
 05.01.2009 17:18     C:\WINDOWS\system32\QuickTime.qts --------- 57344 
 21.12.2008 07:14     C:\WINDOWS\system32\quartz.dll --------- 1288192 
 17.12.2008 20:22     C:\WINDOWS\system32\ff_vfw.dll --------- 57344 
 16.12.2008 21:30     C:\WINDOWS\system32\winhttp.dll --------- 354304 
 12.12.2008 12:18     C:\WINDOWS\system32\dns-sd.exe --------- 87336 
 12.12.2008 12:11     C:\WINDOWS\system32\dnssd.dll --------- 61440 
 11.12.2008 14:27     C:\WINDOWS\system32\ff_vfw.dll.manifest --------- 547 
 11.12.2008 14:26     C:\WINDOWS\system32\pthreadGC2.dll --------- 60273 
 05.12.2008 15:54     C:\WINDOWS\system32\schannel.dll --------- 144896 
----------------------------------------

 
C:\WINDOWS\Prefetch

 16.12.2009 05:24     C:\WINDOWS\Prefetch\UPDATE.EXE-28E74683.pf --------- 72954 
 16.12.2009 05:24     C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf --------- 12204 
 16.12.2009 05:24     C:\WINDOWS\Prefetch\UPDATE.EXE-04F4C917.pf --------- 71594 
 16.12.2009 05:24     C:\WINDOWS\Prefetch\UPDATE.EXE-06EE2035.pf --------- 72120 
 16.12.2009 05:24     C:\WINDOWS\Prefetch\UPDATE.EXE-01909BB4.pf --------- 72108 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\UPDATE.EXE-1CD49AE5.pf --------- 72120 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\UPDATE.EXE-35192140.pf --------- 72120 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\UPDATE.EXE-0098B608.pf --------- 72460 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\WINRAR.EXE-3A7FD825.pf --------- 36506 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\UPDATE.EXE-063ADC00.pf --------- 72276 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\UPDATE.EXE-108E949D.pf --------- 72108 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\UPDATE.EXE-073E7D01.pf --------- 76194 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\UPDATE.EXE-2092E03F.pf --------- 74208 
 16.12.2009 05:23     C:\WINDOWS\Prefetch\AVWSC.EXE-21D2C1ED.pf --------- 32088 
 16.12.2009 05:22     C:\WINDOWS\Prefetch\UPDATE.EXE-38D7157A.pf --------- 72120 
 16.12.2009 05:22     C:\WINDOWS\Prefetch\UPDATE.EXE-0ABFA47E.pf --------- 72224 
 16.12.2009 05:22     C:\WINDOWS\Prefetch\UPDATE.EXE-1FE3FA6D.pf --------- 72302 
 16.12.2009 05:21     C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf --------- 32868 
 16.12.2009 05:20     C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf --------- 55092 
 16.12.2009 05:20     C:\WINDOWS\Prefetch\JUCHECK.EXE-1E35CB2F.pf --------- 36394 
 16.12.2009 05:20     C:\WINDOWS\Prefetch\JAVA.EXE-32FD225F.pf --------- 7930 
 16.12.2009 05:20     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4D19CB81.pf --------- 19792 
 16.12.2009 05:20     C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf --------- 21580 
 16.12.2009 05:19     C:\WINDOWS\Prefetch\LOGITECHUPDATE.EXE-267BCC3C.pf --------- 31524 
 16.12.2009 05:19     C:\WINDOWS\Prefetch\LULNCHR.EXE-3A30F1B8.pf --------- 37180 
 16.12.2009 05:19     C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf --------- 16972 
 16.12.2009 05:19     C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf --------- 22986 
 16.12.2009 05:19     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F5CBF0A.pf --------- 18524 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-359F83C5.pf --------- 7706 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf --------- 100670 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf --------- 55380 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\FNPLICENSINGSERVICE.EXE-1A7F4D94.pf --------- 

66942 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\UNSECAPP.EXE-16EB9856.pf --------- 49158 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\IPODSERVICE.EXE-37043579.pf --------- 73860 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\TOSBTHSP.EXE-0BBCDF76.pf --------- 30952 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\TOSBTHID.EXE-14CF6E59.pf --------- 31686 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\TOSA2DP.EXE-2F2EC385.pf --------- 30898 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\TOSBTAVAC.EXE-3B459FDF.pf --------- 18142 
 16.12.2009 05:16     C:\WINDOWS\Prefetch\TOSBT1ST.EXE-16B58055.pf --------- 11616 
 16.12.2009 03:26     C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80C.pf --------- 141784 
 16.12.2009 03:23     C:\WINDOWS\Prefetch\UPDATE.EXE-380C6CAC.pf --------- 69982 
 16.12.2009 03:23     C:\WINDOWS\Prefetch\PREUPD.EXE-16574861.pf --------- 24022 
 16.12.2009 03:22     C:\WINDOWS\Prefetch\ACRODIST.EXE-2B804A15.pf --------- 89040 
 14.12.2009 07:25     C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf --------- 24330 
 14.12.2009 07:12     C:\WINDOWS\Prefetch\VLC.EXE-02F29DFD.pf --------- 199706 
 14.12.2009 06:29     C:\WINDOWS\Prefetch\GUARDGUI.EXE-2C1384C2.pf --------- 20494 
 14.12.2009 06:27     C:\WINDOWS\Prefetch\WSCRIPT.EXE-0C5C5251.pf --------- 21830 
 14.12.2009 06:27     C:\WINDOWS\Prefetch\RUNDLL32.EXE-5018BD83.pf --------- 22646 
 14.12.2009 06:27     C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf --------- 80086 
 14.12.2009 06:21     C:\WINDOWS\Prefetch\AVCONFIG.EXE-0164DD33.pf --------- 40516 
 14.12.2009 06:21     C:\WINDOWS\Prefetch\AVCENTER.EXE-05983540.pf --------- 45990 
 14.12.2009 06:10     C:\WINDOWS\Prefetch\AVSCAN.EXE-0A98540D.pf --------- 50180 
 14.12.2009 05:55     C:\WINDOWS\Prefetch\ACROBATINFO.EXE-16EC04E5.pf --------- 71756 
 14.12.2009 05:46     C:\WINDOWS\Prefetch\WORDPAD.EXE-30063FA0.pf --------- 27608 
 14.12.2009 03:15     C:\WINDOWS\Prefetch\AVNOTIFY.EXE-1A41E508.pf --------- 53054 
 14.12.2009 03:01     C:\WINDOWS\Prefetch\ITUNES.EXE-14FD3AEE.pf --------- 98160 
 14.12.2009 02:13     C:\WINDOWS\Prefetch\RUNDLL32.EXE-627E9CD9.pf --------- 19556 
 13.12.2009 21:54     C:\WINDOWS\Prefetch\RUNDLL32.EXE-604DBF68.pf --------- 19248 
 13.12.2009 21:52     C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf --------- 16598 
 13.12.2009 21:52     C:\WINDOWS\Prefetch\RUNDLL32.EXE-537D6A53.pf --------- 22862 
 13.12.2009 21:51     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A72D021.pf --------- 17368 
 13.12.2009 21:48     C:\WINDOWS\Prefetch\AVGNT.EXE-08C8F6E1.pf --------- 30776 
 12.12.2009 03:34     C:\WINDOWS\Prefetch\ILLUSTRATOR.EXE-081B476E.pf --------- 59364 
 12.12.2009 03:34     C:\WINDOWS\Prefetch\DEVICECENTRAL.EXE-0590C510.pf --------- 69982 
 12.12.2009 02:48     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4420EF3B.pf --------- 19092 
 12.12.2009 02:47     C:\WINDOWS\Prefetch\RUNDLL32.EXE-74E0B965.pf --------- 20512 
 11.12.2009 04:52     C:\WINDOWS\Prefetch\JAVAWS.EXE-078C20EA.pf --------- 17284 
 11.12.2009 04:52     C:\WINDOWS\Prefetch\JAVAW.EXE-392A4E93.pf --------- 68242 
 09.12.2009 02:21     C:\WINDOWS\Prefetch\RUNDLL32.EXE-48B66035.pf --------- 17872 
 09.12.2009 02:21     C:\WINDOWS\Prefetch\RUNDLL32.EXE-763ADE9C.pf --------- 20834 
 08.12.2009 03:03     C:\WINDOWS\Prefetch\RUNDLL32.EXE-6101B7A9.pf --------- 19248 
 08.12.2009 03:01     C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-0306E9BB.pf --------- 82990 
 08.12.2009 03:01     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B5B102E.pf --------- 18426 
 08.12.2009 02:33     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3DE1C349.pf --------- 16894 
 05.12.2009 08:02     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3FBC1DA8.pf --------- 16616 
 05.12.2009 06:23     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3BC290B1.pf --------- 16894 
 29.11.2009 07:56     C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf --------- 43964 
 29.11.2009 07:56     C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf --------- 16240 
 29.11.2009 07:56     C:\WINDOWS\Prefetch\Layout.ini --------- 372138 
 29.11.2009 00:50     C:\WINDOWS\Prefetch\RUNDLL32.EXE-4EE39BB6.pf --------- 47474 
 04.11.2009 22:35     C:\WINDOWS\Prefetch\ACROBAT.EXE-3640FEA1.pf --------- 79800 
 04.11.2009 22:33     C:\WINDOWS\Prefetch\ETAXHELP.EXE-2E13E67C.pf --------- 59744 
 04.11.2009 22:33     C:\WINDOWS\Prefetch\ETAX2009.EXE-023B23EB.pf --------- 39986 
 04.11.2009 22:30     C:\WINDOWS\Prefetch\TOSBTPROC.EXE-149F607A.pf --------- 18686 
 04.11.2009 22:30     C:\WINDOWS\Prefetch\TOSSKYPEAPL.EXE-3255224F.pf --------- 60148 
 04.11.2009 22:30     C:\WINDOWS\Prefetch\TOSAVRC.EXE-301E7441.pf --------- 20816 
 04.11.2009 22:30     C:\WINDOWS\Prefetch\TOSOBEX.EXE-390888A4.pf --------- 28804 
 04.11.2009 22:30     C:\WINDOWS\Prefetch\TOSBTPCS.EXE-2430FAD9.pf --------- 18060 
 04.11.2009 22:30     C:\WINDOWS\Prefetch\TOSBTPSS.EXE-1F4FBFE9.pf --------- 17728 
 04.11.2009 08:54     C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf --------- 21124 
 02.11.2009 22:39     C:\WINDOWS\Prefetch\RUNDLL32.EXE-6F363646.pf --------- 18136 
 02.11.2009 22:07     C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf --------- 72692 
 02.11.2009 20:33     C:\WINDOWS\Prefetch\KHALMNPR.EXE-0D134993.pf --------- 52854 
 08.10.2009 02:40     C:\WINDOWS\Prefetch\RUNDLL32.EXE-6B01C25B.pf --------- 20418 
 02.10.2009 03:05     C:\WINDOWS\Prefetch\RUNDLL32.EXE-545A72B2.pf --------- 19342 
 30.09.2009 21:09     C:\WINDOWS\Prefetch\RUNDLL32.EXE-5491D502.pf --------- 18844 
 30.09.2009 20:21     C:\WINDOWS\Prefetch\RUNDLL32.EXE-55778B2B.pf --------- 18710 
 28.09.2009 22:25     C:\WINDOWS\Prefetch\RUNDLL32.EXE-5D224E6E.pf --------- 19474 
 23.09.2009 02:30     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3F82500B.pf --------- 18222 
 22.09.2009 11:58     C:\WINDOWS\Prefetch\RUNDLL32.EXE-42DB8B5D.pf --------- 19852 
 20.09.2009 23:02     C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf --------- 120108 
 20.09.2009 23:02     C:\WINDOWS\Prefetch\AU_.EXE-3752B00A.pf --------- 14144 
 20.09.2009 23:02     C:\WINDOWS\Prefetch\UNINSTALL_PLUGIN.EXE-07D4AB07.pf --------- 15758 
 20.09.2009 23:02     C:\WINDOWS\Prefetch\NS35.TMP-01293650.pf --------- 6074 
 20.09.2009 23:02     C:\WINDOWS\Prefetch\INSTALL_FLASH_PLAYER.EXE-33B947F8.pf --------- 

26288 
 20.09.2009 23:01     C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf --------- 26706 
 20.09.2009 23:01     C:\WINDOWS\Prefetch\DLLHOST.EXE-3C6DBDC5.pf --------- 19384 
 20.09.2009 23:01     C:\WINDOWS\Prefetch\GETPLUSPLUS_ADOBE.EXE-3247B0F6.pf --------- 

62384 
 20.09.2009 23:01     C:\WINDOWS\Prefetch\GETPLUSPLUS_ADOBE_REG_BOOTSTR-062913D1.pf 

--------- 24104 
 20.09.2009 23:01     C:\WINDOWS\Prefetch\GETPLUSPLUS_ADOBE_REG.EXE-027B0574.pf --------- 

26462 
 20.09.2009 22:58     C:\WINDOWS\Prefetch\FREEYOUTUBETOMP3CONVERTER.EXE-1374ED14.pf 

--------- 50720 
 20.09.2009 19:01     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D982727.pf --------- 21166 
 20.09.2009 18:52     C:\WINDOWS\Prefetch\SETUP.EXE-1BA76916.pf --------- 29652 
 20.09.2009 18:35     C:\WINDOWS\Prefetch\RUNDLL32.EXE-42A75769.pf --------- 17872 
 20.09.2009 18:32     C:\WINDOWS\Prefetch\PHOTODOWNLOADER.EXE-1E8C654C.pf --------- 69078 
 20.09.2009 18:31     C:\WINDOWS\Prefetch\BRIDGEPROXY.EXE-0338B0B7.pf --------- 12264 
 20.09.2009 18:31     C:\WINDOWS\Prefetch\RUNDLL32.EXE-53E3C49D.pf --------- 19568 
 18.09.2009 14:12     C:\WINDOWS\Prefetch\DISTNOTED.EXE-295D2FF1.pf --------- 17832 
 18.09.2009 14:12     C:\WINDOWS\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-1C618BE3.pf 

--------- 55786 
 18.09.2009 13:37     C:\WINDOWS\Prefetch\RUNDLL32.EXE-6CB46F5E.pf --------- 19664 
 15.09.2009 21:28     C:\WINDOWS\Prefetch\SNDVOL32.EXE-0EC6FD20.pf --------- 16960 
 15.09.2009 18:54     C:\WINDOWS\Prefetch\RUNDLL32.EXE-5E8AA5CD.pf --------- 51516 
 15.09.2009 18:46     C:\WINDOWS\Prefetch\AUTOPLAY.EXE-328AAB68.pf --------- 25558 
 15.09.2009 18:46     C:\WINDOWS\Prefetch\SETPOINT.EXE-17BEEB1B.pf --------- 28666 
 15.09.2009 18:46     C:\WINDOWS\Prefetch\DAEMON.EXE-0B75103A.pf --------- 58816 
 15.09.2009 18:46     C:\WINDOWS\Prefetch\TOSBTMNG.EXE-02925DC5.pf --------- 11568 
 15.09.2009 17:49     C:\WINDOWS\Prefetch\SPOOLSV.EXE-3A613CE3.pf --------- 11592 
 15.09.2009 17:17     C:\WINDOWS\Prefetch\SETUP.EXE-345E271C.pf --------- 73940 
 15.09.2009 17:17     C:\WINDOWS\Prefetch\SETUP.EXE-2571DDF3.pf --------- 38900 
 08.03.2005 02:15     C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 922112 
----------------------------------------

 
C:\WINDOWS\Tasks

 16.12.2009 05:17     C:\WINDOWS\Tasks\SA.DAT --------- 6 
 07.09.2009 17:24     C:\WINDOWS\Tasks\AppleSoftwareUpdate.job --------- 284 
 14.04.2008 21:00     C:\WINDOWS\Tasks\desktop.ini --------- 65 
----------------------------------------

 
C:\WINDOWS\Temp

 16.12.2009 05:17     C:\WINDOWS\Temp\Perflib_Perfdata_4a8.dat --------- 16384 
 12.12.2009 02:44     C:\WINDOWS\Temp\Perflib_Perfdata_780.dat --------- 16384 
 20.09.2009 18:46     C:\WINDOWS\Temp\Perflib_Perfdata_330.dat --------- 16384 
 15.09.2009 18:44     C:\WINDOWS\Temp\Perflib_Perfdata_6b4.dat --------- 16384 
 08.09.2009 16:43     C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat --------- 16384 
 08.09.2009 12:17     C:\WINDOWS\Temp\Perflib_Perfdata_168.dat --------- 16384 
 26.07.2009 19:05     C:\WINDOWS\Temp\Perflib_Perfdata_9c0.dat --------- 16384 
 18.07.2009 14:04     C:\WINDOWS\Temp\Perflib_Perfdata_738.dat --------- 16384 
 13.06.2009 22:50     C:\WINDOWS\Temp\Perflib_Perfdata_ac.dat --------- 16384 
 08.06.2009 19:10     C:\WINDOWS\Temp\Perflib_Perfdata_21c.dat --------- 16384 
 17.05.2009 23:59     C:\WINDOWS\Temp\Perflib_Perfdata_648.dat --------- 16384 
 10.05.2009 20:39     C:\WINDOWS\Temp\coinlog.log --------- 3708 
 09.05.2009 19:46     C:\WINDOWS\Temp\Perflib_Perfdata_7d4.dat --------- 16384 
 24.02.2009 09:37     C:\WINDOWS\Temp\Cookies --------- 0 
 24.02.2009 09:37     C:\WINDOWS\Temp\History --------- 0 
 24.02.2009 09:37     C:\WINDOWS\Temp\Temporary Internet Files --------- 0 
----------------------------------------

 
C:\DOCUME~1\Raoul\LOCALS~1\Temp

 16.12.2009 05:23      C:\DOCUME~1\Raoul\LOCALS~1\Temp\hjtscanlist.zip --------- 2097 
 16.12.2009 05:21      C:\DOCUME~1\Raoul\LOCALS~1\Temp\tasklist.zip --------- 36660 
 16.12.2009 05:20      C:\DOCUME~1\Raoul\LOCALS~1\Temp\BIT1B.tmp --------- 0 
 16.12.2009 05:20      C:\DOCUME~1\Raoul\LOCALS~1\Temp\jusched.log --------- 116037 
 16.12.2009 05:20      C:\DOCUME~1\Raoul\LOCALS~1\Temp\jupdate_d65bb55a --------- 8975 
 16.12.2009 05:16      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Acrobat Distiller 8 --------- 0 
 16.12.2009 05:16      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_ifSWGBcmZB97c9aCh5at 

--------- 28700 
 12.12.2009 04:22      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_464.dat --------- 

16384 
 12.12.2009 03:35      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Adobe --------- 0 
 12.12.2009 03:35      C:\DOCUME~1\Raoul\LOCALS~1\Temp\amt.log --------- 53612 
 12.12.2009 03:35      C:\DOCUME~1\Raoul\LOCALS~1\Temp\alm.log --------- 219447 
 12.12.2009 02:48      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_730.dat --------- 

16384 
 11.12.2009 04:52      C:\DOCUME~1\Raoul\LOCALS~1\Temp\java_install_reg.log --------- 5144 
 11.12.2009 04:52      C:\DOCUME~1\Raoul\LOCALS~1\Temp\hsperfdata_Raoul --------- 0 
 08.12.2009 03:01      C:\DOCUME~1\Raoul\LOCALS~1\Temp\TWAIN.LOG --------- 697 
 08.12.2009 03:01      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Twain001.Mtx --------- 4 
 08.12.2009 03:01      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Twunk001.MTX --------- 156 
 05.12.2009 08:02      C:\DOCUME~1\Raoul\LOCALS~1\Temp\000A27001D36C5B6 --------- 0 
 21.09.2009 03:24      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~nsu.tmp --------- 0 
 20.09.2009 23:05      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-9 --------- 0 
 20.09.2009 19:09      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_vWSylePf0qwpI9SkOqG8 

--------- 12304 
 15.09.2009 17:47      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{AC76BA86-1033-0000-7760-000000000003}.ini --------- 1284 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{abd781e6-d5ca-45aa-a5f7-f64799eb1c04}VC_Uninstall_Icon.ic

o --------- 55692 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{F6A1E06C-BFE5-4B48-8ED4-2180D2F362F5}ae_install_pkg_rev.i

co --------- 39368 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{F6A1E06C-BFE5-4B48-8ED4-2180D2F362F5}ae_ribs_bgd.png 

--------- 49920 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{D5058BB1-750B-49A1-B023-1AEBAC0C5636}sb_install_pkg_rev.i

co --------- 41413 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{D5058BB1-750B-49A1-B023-1AEBAC0C5636}sb_ribs_bgd.png 

--------- 53886 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{D5058BB1-750B-49A1-B023-1AEBAC0C5636}application.sif 

--------- 9056 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{CBA9F6F8-071E-4587-9852-AC008CE62FB1}sb_install_pkg_rev.i

co --------- 41413 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{CBA9F6F8-071E-4587-9852-AC008CE62FB1}sb_ribs_bgd.png 

--------- 53886 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{C540712E-34FC-476B-AB3F-972B5792E37C}en_install_pkg_rev.i

co --------- 39061 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{C540712E-34FC-476B-AB3F-972B5792E37C}en_ribs_bgd.png 

--------- 45350 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{C540712E-34FC-476B-AB3F-972B5792E37C}application.sif 

--------- 9244 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{C4519961-AC64-4565-B3AF-9050296B5D5A}ai_ribs_bgd.png 

--------- 38372 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{C4519961-AC64-4565-B3AF-9050296B5D5A}ai_install_pkg_rev.i

co --------- 41354 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{BB996BAA-72E6-48AF-899A-57B760CC3E21}pr_install_pkg_rev.i

co --------- 40581 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{BB996BAA-72E6-48AF-899A-57B760CC3E21}pr_ribs_bgd.png 

--------- 73536 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{BB996BAA-72E6-48AF-899A-57B760CC3E21}application.sif 

--------- 9432 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{A38BA97D-690D-487B-AA57-ED9F61AE5CC5}ae_install_pkg_rev.i

co --------- 39368 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{A38BA97D-690D-487B-AA57-ED9F61AE5CC5}ae_ribs_bgd.png 

--------- 49920 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{A38BA97D-690D-487B-AA57-ED9F61AE5CC5}application.sif 

--------- 9244 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{9787B2D4-5394-4525-A290-47653B3181D9}fw_install_pkg_rev.i

co --------- 40410 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{9787B2D4-5394-4525-A290-47653B3181D9}background.png 

--------- 50225 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{86B6D6BA-3231-4EF8-9C32-5DF258D3DB90}ae_install_pkg_rev.i

co --------- 39368 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{86B6D6BA-3231-4EF8-9C32-5DF258D3DB90}ae_ribs_bgd.png 

--------- 49920 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{81178416-8292-46D1-953F-483DE5A9A68A}pr_install_pkg_rev.i

co --------- 40581 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{81178416-8292-46D1-953F-483DE5A9A68A}pr_ribs_bgd.png 

--------- 73536 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{7BB7F66A-D798-45A3-A383-0727FB1EBF8E}background.png 

--------- 37113 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{7BB7F66A-D798-45A3-A383-0727FB1EBF8E}Setup.ico --------- 

41579 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{61D23D99-3398-414E-974E-EBAE498BB298}bridge.ico --------- 

42014 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{4DAFF26A-62E5-4F2F-9E98-E73B914E6828}pr_install_pkg_rev.i

co --------- 40581 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{4DAFF26A-62E5-4F2F-9E98-E73B914E6828}pr_ribs_bgd.png 

--------- 73536 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{450CDEDE-2E5F-4659-AC0D-BA693424ACAF}Setup.ico --------- 

45630 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{450CDEDE-2E5F-4659-AC0D-BA693424ACAF}background.png 

--------- 20376 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{3BC8460B-085E-47F3-9C62-8FFCBAF11D78}Setup.ico --------- 

38030 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{3BC8460B-085E-47F3-9C62-8FFCBAF11D78}background.png 

--------- 36942 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{30C4B843-28DA-466F-AFCA-CB0ED153C826}background.png 

--------- 57708 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{30C4B843-28DA-466F-AFCA-CB0ED153C826}PS_AppIcon.ico 

--------- 41582 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{24D77A7C-E10B-4057-9974-FAB8BFDAC853}installer.ico 

--------- 39627 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{24D77A7C-E10B-4057-9974-FAB8BFDAC853}background.png 

--------- 84807 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{1E6F1916-DF1A-4A7C-B6E1-4BF448386543}en_install_pkg_rev.i

co --------- 39061 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{1E6F1916-DF1A-4A7C-B6E1-4BF448386543}en_ribs_bgd.png 

--------- 45350 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{193F8A7B-1853-48D5-88AC-19446C2C1D13}estk_ribs_bgd.png 

--------- 93314 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{124E88C7-10AE-4870-9D9A-3637179C5931}sb_install_pkg_rev.i

co --------- 41413 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{124E88C7-10AE-4870-9D9A-3637179C5931}sb_ribs_bgd.png 

--------- 53886 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{11439DFB-0658-42C7-926D-B66985857733}ct_install_pkg_rev.i

co --------- 41414 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{11439DFB-0658-42C7-926D-B66985857733}background.png 

--------- 57164 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{04D62BBC-9C1D-4264-9FB3-980FF5ABB015}ae_appicon.ico 

--------- 45583 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{04D62BBC-9C1D-4264-9FB3-980FF5ABB015}ae_ribs_bgd.png 

--------- 49920 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{00E5C764-9525-44C3-8404-712AD06AE12A}Titan.ico --------- 

41561 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{00E5C764-9525-44C3-8404-712AD06AE12A}background.png 

--------- 74256 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{7FCDFE2E-D382-4886-8FB4-692D03AE640E}CS3_ribs_mastercolle

ction.png --------- 110809 
 15.09.2009 17:17      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{7FCDFE2E-D382-4886-8FB4-692D03AE640E}master_install_pkg.i

co --------- 66745 
 15.09.2009 17:16      C:\DOCUME~1\Raoul\LOCALS~1\Temp\adb2B.tmp --------- 136 
 15.09.2009 14:18      C:\DOCUME~1\Raoul\LOCALS~1\Temp\adb658.tmp --------- 136 
 15.09.2009 14:16      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{43099DDC-30E4-4F2C-B046-CBF720D2B673}estk_ribs_bgd.png 

--------- 93314 
 15.09.2009 14:16      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{43099DDC-30E4-4F2C-B046-CBF720D2B673}estk_install_pkg.ico 

--------- 40101 
 15.09.2009 14:15      C:\DOCUME~1\Raoul\LOCALS~1\Temp\adb62B.tmp --------- 136 
 15.09.2009 14:13      C:\DOCUME~1\Raoul\LOCALS~1\Temp\adb601.tmp --------- 136 
 15.09.2009 10:28      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Patcher --------- 0 
 11.09.2009 19:03      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{AC76BA86-7AD7-1033-7B44-A81300000003}.ini --------- 623 
 11.09.2009 19:02      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{AC76BA86-7AD7-1033-7B44-A81200000003}.ini --------- 701 
 08.09.2009 18:41      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo662112 --------- 1024 
 08.09.2009 18:41      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo702112 --------- 3072 
 08.09.2009 18:41      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo682112 --------- 1024 
 08.09.2009 18:41      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo692112 --------- 1024 
 08.09.2009 18:41      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo672112 --------- 1024 
 08.09.2009 13:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo683620 --------- 1024 
 08.09.2009 13:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo693620 --------- 1024 
 08.09.2009 13:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo703620 --------- 3072 
 08.09.2009 13:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo663620 --------- 1024 
 08.09.2009 13:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo673620 --------- 1024 
 08.09.2009 12:27      C:\DOCUME~1\Raoul\LOCALS~1\Temp\jinstall.cfg --------- 949 
 27.08.2009 19:30      C:\DOCUME~1\Raoul\LOCALS~1\Temp\000A27001E553EC4 --------- 0 
 31.07.2009 18:28      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090731172756F04).log --------- 19766 
 31.07.2009 18:27      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090731172755F04).log 

--------- 4044 
 18.07.2009 16:26      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_8Vjd3q0fzpVhR8vGWa76 

--------- 12304 
 16.07.2009 13:30      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_57c.dat --------- 

16384 
 15.07.2009 11:00      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_a14.dat --------- 

16384 
 14.07.2009 14:24      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~DF5908.tmp --------- 32768 
 14.07.2009 12:30      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~DF6984.tmp --------- 32768 
 14.07.2009 12:22      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~DF1638.tmp --------- 32768 
 14.07.2009 12:22      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~DF997D.tmp --------- 32768 
 02.07.2009 16:59      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-8 --------- 0 
 27.06.2009 18:25      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_734.dat --------- 

16384 
 13.06.2009 23:51      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_4DGKpVMkuQG1Nt7BDNBC 

--------- 28700 
 13.06.2009 23:45      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_764.dat --------- 

16384 
 09.06.2009 20:27      C:\DOCUME~1\Raoul\LOCALS~1\Temp\fla22.tmp --------- 5701622 
 09.06.2009 20:16      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-7 --------- 0 
 09.06.2009 19:05      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_C1Sahir8XkFV8WQUIEuj 

--------- 28700 
 09.06.2009 19:04      C:\DOCUME~1\Raoul\LOCALS~1\Temp\QuickTimePlayer (2009-06-09 

18.04.19).dmp --------- 52607 
 09.06.2009 19:03      C:\DOCUME~1\Raoul\LOCALS~1\Temp\QuickTimePlayer (2009-06-09 

18.03.51).dmp --------- 52825 
 09.06.2009 19:01      C:\DOCUME~1\Raoul\LOCALS~1\Temp\QuickTimePlayer (2009-06-09 

18.01.40).dmp --------- 52396 
 08.06.2009 20:23      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-6 --------- 0 
 08.06.2009 19:55      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo671852 --------- 1024 
 08.06.2009 19:55      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo681852 --------- 1024 
 08.06.2009 19:55      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo701852 --------- 3072 
 08.06.2009 19:55      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo691852 --------- 1024 
 08.06.2009 19:55      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo661852 --------- 1024 
 08.06.2009 19:16      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_cOo2TQhcVqVxn84s5lpE-journal 

--------- 1544 
 08.06.2009 19:16      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_cOo2TQhcVqVxn84s5lpE 

--------- 1024 
 08.06.2009 19:12      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_r90czVfAelv6cVXpEZaO 

--------- 28700 
 29.05.2009 03:00      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-5 --------- 0 
 18.05.2009 01:18      C:\DOCUME~1\Raoul\LOCALS~1\Temp\4775296_MVM_1.tmp --------- 0 
 18.05.2009 00:25      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo68556 --------- 1024 
 18.05.2009 00:25      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo70556 --------- 3072 
 18.05.2009 00:25      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo69556 --------- 1024 
 18.05.2009 00:25      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo66556 --------- 1024 
 18.05.2009 00:25      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo67556 --------- 1024 
 17.05.2009 22:28      C:\DOCUME~1\Raoul\LOCALS~1\Temp\WZS2.tmp --------- 0 
 13.05.2009 23:42      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Save For Web --------- 0 
 12.05.2009 18:26      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-4 --------- 0 
 12.05.2009 17:54      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Acr41.log --------- 265 
 12.05.2009 17:54      C:\DOCUME~1\Raoul\LOCALS~1\Temp\dw.log --------- 158 
 12.05.2009 17:15      C:\DOCUME~1\Raoul\LOCALS~1\Temp\outlook logging --------- 0 
 11.05.2009 02:03      C:\DOCUME~1\Raoul\LOCALS~1\Temp\tosBtExt --------- 0 
 09.05.2009 21:02      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-3 --------- 0 
 09.05.2009 20:56      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_cmCHEBqoii821Gmq9Qu1 

--------- 12304 
 09.05.2009 19:45      C:\DOCUME~1\Raoul\LOCALS~1\Temp\iTunesSetupDD0.log --------- 2024 
 09.05.2009 19:43      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupAdmin470.log --------- 2887255 
 09.05.2009 19:42      C:\DOCUME~1\Raoul\LOCALS~1\Temp\QTInstallCode.log --------- 2025 
 09.05.2009 19:42      C:\DOCUME~1\Raoul\LOCALS~1\Temp\qtplugin.log --------- 3994 
 09.05.2009 19:36      C:\DOCUME~1\Raoul\LOCALS~1\Temp\WLZDC1D.tmp --------- 0 
 08.05.2009 17:15      C:\DOCUME~1\Raoul\LOCALS~1\Temp\WLZ5ECA.tmp --------- 0 
 08.05.2009 15:40      C:\DOCUME~1\Raoul\LOCALS~1\Temp\java_install.log --------- 26962 
 08.05.2009 15:40      C:\DOCUME~1\Raoul\LOCALS~1\Temp\java_install_sp.log --------- 1183 
 06.05.2009 17:05      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_164.dat --------- 

16384 
 06.05.2009 16:57      C:\DOCUME~1\Raoul\LOCALS~1\Temp\msohtmlclip1 --------- 0 
 01.05.2009 22:35      C:\DOCUME~1\Raoul\LOCALS~1\Temp\fla6D.tmp --------- 515460 
 01.05.2009 22:34      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-2 --------- 0 
 01.05.2009 22:07      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_XZn3kodCk45T9SzRmcRP 

--------- 12304 
 29.04.2009 02:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\DelUS.bat --------- 305 
 27.04.2009 02:32      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Perflib_Perfdata_9c0.dat --------- 

16384 
 22.04.2009 18:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~WRD0003.tmp --------- 60450187 
 22.04.2009 18:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~$PdM2E.tmp --------- 162 
 22.04.2009 18:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~WRL0004.tmp --------- 0 
 22.04.2009 18:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Acr2D.pdf --------- 75203 
 22.04.2009 18:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Acr1D.pdf --------- 2324710 
 22.04.2009 17:23      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~DFDD5B.tmp --------- 512 
 22.04.2009 17:20      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_6LOnWQ9GPfAfpJtnvbS5 

--------- 24600 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo65 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo33 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo64 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo32 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo63 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo31 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo62 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo30 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo61 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo29 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo28 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo60 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo27 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo59 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo26 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo58 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo25 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo57 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo56 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo24 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo23 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo55 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo22 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo54 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo21 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo53 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo52 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo20 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo19 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo51 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo50 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo18 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo49 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo17 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo48 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo16 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo15 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo47 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo46 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo14 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo45 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo13 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo12 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo44 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo11 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo43 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo42 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo10 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo41 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo9 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo8 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo40 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo39 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo7 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo38 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo6 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo37 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo5 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo4 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo36 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo35 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo3 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo34 --------- 1024 
 20.04.2009 01:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo2 --------- 1024 
 19.04.2009 21:20      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Photoshop Temp4495653804 --------- 

2853396480 
 19.04.2009 21:20      C:\DOCUME~1\Raoul\LOCALS~1\Temp\~DF5D95.tmp --------- 512 
 19.04.2009 20:38      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo41400 --------- 3072 
 19.04.2009 20:38      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo21400 --------- 1024 
 19.04.2009 20:38      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo31400 --------- 1024 
 19.04.2009 20:05      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp-1 --------- 0 
 19.04.2009 18:56      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(200904191754313D4).log --------- 12492 
 19.04.2009 18:56      C:\DOCUME~1\Raoul\LOCALS~1\Temp\OAAdr.log --------- 4749 
 19.04.2009 18:54      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(200904191754303D4).log 

--------- 4047 
 19.04.2009 18:52      C:\DOCUME~1\Raoul\LOCALS~1\Temp\etilqs_jBNT3cfh43CwFeZ3x4R7 

--------- 28700 
 19.04.2009 18:47      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090419174711A54).log --------- 19767 
 19.04.2009 18:47      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090419174710A54).log 

--------- 4047 
 19.04.2009 18:44      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090419174430824).log --------- 19767 
 19.04.2009 18:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090419174428824).log 

--------- 4047 
 19.04.2009 18:42      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090419174249C1C).log --------- 19766 
 19.04.2009 18:42      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090419174246C1C).log 

--------- 4044 
 18.04.2009 18:49      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090418174919F48).log --------- 19767 
 18.04.2009 18:49      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090418174917F48).log 

--------- 4047 
 18.04.2009 18:46      C:\DOCUME~1\Raoul\LOCALS~1\Temp\control.xml --------- 12818 
 18.04.2009 17:42      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090418164241F0C).log --------- 19766 
 18.04.2009 17:42      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090418164239F0C).log 

--------- 4044 
 18.04.2009 17:39      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090418163944EA8).log --------- 19766 
 18.04.2009 17:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090418163941EA8).log 

--------- 4044 
 15.04.2009 17:15      C:\DOCUME~1\Raoul\LOCALS~1\Temp\plugtmp --------- 0 
 15.04.2009 02:02      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(200904150102009F8).log --------- 19767 
 15.04.2009 02:01      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(200904150101589F8).log 

--------- 4047 
 11.04.2009 22:54      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090411215437D70).log --------- 19767 
 11.04.2009 22:54      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090411215435D70).log 

--------- 4047 
 11.04.2009 21:48      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090411204828144).log --------- 19767 
 11.04.2009 21:48      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090411204826144).log 

--------- 4047 
 11.04.2009 00:38      C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(200904102338348C).log 

--------- 19766 
 11.04.2009 00:38      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(200904102338318C).log 

--------- 4046 
 10.04.2009 21:26      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090410202607E1C).log --------- 19766 
 10.04.2009 21:26      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090410202606E1C).log 

--------- 4044 
 10.04.2009 02:22      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090410012229D88).log --------- 19767 
 10.04.2009 02:22      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090410012227D88).log 

--------- 4047 
 07.04.2009 02:04      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090407010412C38).log --------- 19766 
 07.04.2009 02:04      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090407010410C38).log 

--------- 4044 
 07.04.2009 02:00      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090407010034D84).log --------- 19766 
 07.04.2009 02:00      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090407010032D84).log 

--------- 4044 
 03.04.2009 20:04      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090403190412F24).log --------- 19767 
 03.04.2009 20:04      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090403190411F24).log 

--------- 4047 
 03.04.2009 19:56      C:\DOCUME~1\Raoul\LOCALS~1\Temp\msohtmlclip --------- 0 
 03.04.2009 18:53      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090403175257E04).log --------- 19767 
 03.04.2009 18:52      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090403175254E04).log 

--------- 4047 
 03.04.2009 18:37      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090403173537E78).log --------- 19766 
 03.04.2009 18:35      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090403173534E78).log 

--------- 4044 
 03.04.2009 17:57      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090403165658F3C).log --------- 19919 
 03.04.2009 17:56      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090403165656F3C).log 

--------- 4044 
 01.04.2009 14:40      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090401133946E08).log --------- 19919 
 01.04.2009 14:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090401133943E08).log 

--------- 4044 
 01.04.2009 14:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\OIS --------- 0 
 30.03.2009 17:40      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090330164020FCC).log --------- 19766 
 30.03.2009 17:40      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090330164017FCC).log 

--------- 4044 
 29.03.2009 17:48      C:\DOCUME~1\Raoul\LOCALS~1\Temp\dxdiag.txt --------- 41620 
 28.03.2009 15:23      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(2009032814232619C).log --------- 19920 
 28.03.2009 15:23      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(2009032814232419C).log 

--------- 4047 
 28.03.2009 15:17      C:\DOCUME~1\Raoul\LOCALS~1\Temp\KE.log --------- 86 
 21.03.2009 18:14      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090321171445564).log --------- 19767 
 21.03.2009 18:14      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090321171443564).log 

--------- 4047 
 21.03.2009 18:12      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090321171203C74).log --------- 19767 
 21.03.2009 18:11      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090321171152C74).log 

--------- 4047 
 21.03.2009 17:40      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090321164018E88).log --------- 4691 
 21.03.2009 17:40      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090321164015E88).log 

--------- 4044 
 17.03.2009 12:15      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090317111503D8C).log --------- 19766 
 17.03.2009 12:15      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090317111501D8C).log 

--------- 4044 
 17.03.2009 12:11      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(20090317111105C00).log --------- 19766 
 17.03.2009 12:11      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(20090317111102C00).log 

--------- 4044 
 17.03.2009 01:20      C:\DOCUME~1\Raoul\LOCALS~1\Temp\46a7_appcompat.txt --------- 111020 
 07.03.2009 02:14      C:\DOCUME~1\Raoul\LOCALS~1\Temp\bye1.tmp --------- 0 
 05.03.2009 07:23      C:\DOCUME~1\Raoul\LOCALS~1\Temp\set5.tmp --------- 119016 
 05.03.2009 06:47      C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(200903050547459C).log 

--------- 19766 
 05.03.2009 06:47      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(200903050547449C).log 

--------- 4046 
 05.03.2009 06:12      C:\DOCUME~1\Raoul\LOCALS~1\Temp\EH5NsYt2.html.part --------- 0 
 05.03.2009 05:59      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{D7451502-F619-423D-9B62-72414FD944CB} --------- 0 
 05.03.2009 05:54      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{6E017129-83E1-465E-B359-93F2FBC5079B} --------- 0 
 05.03.2009 05:52      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{1B3D96C2-6CB9-41EC-BA76-03651847F7C5} --------- 0 
 05.03.2009 05:48      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\{BD3E9E44-45CE-4E01-A5CB-E595692FA174} --------- 0 
 02.03.2009 06:34      C:\DOCUME~1\Raoul\LOCALS~1\Temp\WERff84.dir00 --------- 0 
 27.02.2009 15:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\2498453.od --------- 134 
 27.02.2009 15:44      C:\DOCUME~1\Raoul\LOCALS~1\Temp\2498390.cvr --------- 4208 
 27.02.2009 15:07      

C:\DOCUME~1\Raoul\LOCALS~1\Temp\UserInfoSetup(200902271406443A0).log --------- 4691 
 27.02.2009 15:06      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SetupExe(200902271406413A0).log 

--------- 4044 
 27.02.2009 15:06      C:\DOCUME~1\Raoul\LOCALS~1\Temp\VBE --------- 0 
 26.02.2009 04:08      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Qj000001.b80 --------- 6288 
 26.02.2009 04:08      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo42944 --------- 3072 
 26.02.2009 04:08      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo22944 --------- 1024 
 26.02.2009 04:08      C:\DOCUME~1\Raoul\LOCALS~1\Temp\lilo32944 --------- 1024 
 26.02.2009 04:07      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Ij000003.b80 --------- 1461052320 
 26.02.2009 04:07      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Pj000002.b80 --------- 0 
 24.02.2009 10:30      C:\DOCUME~1\Raoul\LOCALS~1\Temp\861f_appcompat.txt --------- 77536 
 24.02.2009 10:29      C:\DOCUME~1\Raoul\LOCALS~1\Temp\5c36_appcompat.txt --------- 77536 
 24.02.2009 10:09      C:\DOCUME~1\Raoul\LOCALS~1\Temp\adb25.tmp --------- 136 
 24.02.2009 10:07      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Twunk002.MTX --------- 0 
 24.02.2009 09:59      C:\DOCUME~1\Raoul\LOCALS~1\Temp\AVSETUP_49a345e1 --------- 0 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Turkish.bin --------- 22263 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Hungarian.bin --------- 26094 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Norwegian.bin --------- 21975 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Portuguese(Brazil).bin --------- 

25082 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Hebrew.bin --------- 19564 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Czech.bin --------- 24321 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Finnish.bin --------- 22868 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Polish.bin --------- 24232 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Thai.bin --------- 21987 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Greek.bin --------- 25093 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\English.bin --------- 21944 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SWEDISH.bin --------- 24093 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Portuguese.bin --------- 26271 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Arabic.bin --------- 20991 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\SimChin.bin --------- 16420 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Italian.bin --------- 27421 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Russian.bin --------- 26136 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Spanish.bin --------- 27764 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\German.bin --------- 25764 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\French.bin --------- 27246 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\TradChin.bin --------- 16962 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Dutch.bin --------- 25758 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Korean.bin --------- 20145 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Danish.bin --------- 22794 
 24.02.2009 09:39      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Japanese.bin --------- 24340 
 11.04.2001 20:07      C:\DOCUME~1\Raoul\LOCALS~1\Temp\Set1.tmp --------- 166912 
----------------------------------------

 
C:\Program Files

----------------------------------------

 
C:\Documents and Settings\All Users\.. 

Raoul    
All Users    
Default User    
LocalService    
NetworkService    
----------------------------------------

 
C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

----------------------------------------

 

Abbildname                  PID Sitzungsname      Sitz.-Nr. Speichernutzung
========================= ===== ================ ========== ===============
System Idle Process           0 Console                   0            28 K
System                        4 Console                   0           244 K
smss.exe                    660 Console                   0           416 K
csrss.exe                   728 Console                   0         3.872 K
winlogon.exe                760 Console                   0         6.496 K
services.exe                804 Console                   0         6.012 K
lsass.exe                   816 Console                   0         6.440 K
svchost.exe                1000 Console                   0         4.972 K
svchost.exe                1052 Console                   0         4.516 K
svchost.exe                1216 Console                   0        35.428 K
svchost.exe                1340 Console                   0         3.612 K
svchost.exe                1460 Console                   0         4.004 K
spoolsv.exe                1704 Console                   0         6.208 K
sched.exe                  1748 Console                   0           588 K
svchost.exe                1936 Console                   0         3.492 K
explorer.exe                356 Console                   0        16.968 K
avguard.exe                1032 Console                   0        61.428 K
AppleMobileDeviceService.  1116 Console                   0         2.504 K
mDNSResponder.exe          1152 Console                   0         3.692 K
jqs.exe                    1192 Console                   0         1.864 K
MSIService.exe             1508 Console                   0         3.068 K
svchost.exe                1596 Console                   0         4.320 K
TosBtSrv.exe               1432 Console                   0         2.732 K
hkcmd.exe                  1844 Console                   0         3.896 K
igfxpers.exe               1868 Console                   0         3.296 K
igfxsrvc.exe               1964 Console                   0         3.392 K
RTHDCPL.exe                1996 Console                   0        22.424 K
MGSysCtrl.exe               144 Console                   0         5.916 K
wdfmgr.exe                  180 Console                   0         1.840 K
avgnt.exe                   484 Console                   0         2.100 K
PDVD9Serv.exe               552 Console                   0         3.976 K
jusched.exe                 600 Console                   0         5.984 K
iTunesHelper.exe            720 Console                   0         9.480 K
acrotray.exe                120 Console                   0         8.136 K
daemon.exe                  780 Console                   0        10.400 K
TosBtMng.exe               1760 Console                   0         6.704 K
SetPoint.exe               1268 Console                   0        10.652 K
KHALMNPR.exe               2268 Console                   0         5.544 K
TosA2dp.exe                2656 Console                   0         4.232 K
TosBtHid.exe               2672 Console                   0         2.760 K
TosBtHSP.exe               2732 Console                   0         4.596 K
iPodService.exe            3020 Console                   0         4.152 K
unsecapp.exe               3076 Console                   0         4.376 K
FNPLicensingService.exe    3236 Console                   0         2.260 K
alg.exe                    3268 Console                   0         3.640 K
wmiprvse.exe               3356 Console                   0         5.388 K
firefox.exe                3704 Console                   0        76.776 K
wuauclt.exe                2164 Console                   0        17.300 K
LuLnchr.exe                2500 Console                   0         4.796 K
LogitechUpdate.exe         2508 Console                   0         8.296 K
jucheck.exe                3340 Console                   0         7.956 K
wuauclt.exe                1068 Console                   0         4.344 K
cmd.exe                    2608 Console                   0         2.292 K
update.exe                 1912 Console                   0         4.964 K
tasklist.exe               3460 Console                   0         4.868 K
wmiprvse.exe                936 Console                   0         5.856 K

 
***** Ende des Scans 16.12.2009 um  5:24:46,38 ***

Hier das RSIT log.txt:

Code:

 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Raoul at 2009-12-16 05:29:11
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (10%) free of 40 GB
Total RAM: 2037 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:29:20, on 16.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Raoul\Desktop\RSIT.exe
C:\Program Files\trend micro\Raoul.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msi.com.tw/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by MSI-WIND
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 

*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program 

Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - 

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - 

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program 

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program 

Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe 

/START
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition 

Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program 

Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 

8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSI-WIND] C:\WINDOWS\SYSTEM32\MSI-WIND.vbs
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" 

-autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] 

C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program 

Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program 

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 

8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - 

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - 

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network 

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} 

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - 

C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - 

Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH 

- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common 

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program 

Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program 

Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program 

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - 

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program 

Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control 

Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program 

Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9320 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common 

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll 

[2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 

8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-08 

35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 

[2009-05-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 

8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program 

Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-20 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-20 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-20 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-08 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-07-30 684032]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-29 

75136]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 

266497]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-19 76304]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe 

[2008-10-13 50472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-08 148888]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe 

[2008-10-15 39792]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe 

[2007-03-29 624248]
""= []
"MSI-WIND"=C:\WINDOWS\SYSTEM32\MSI-WIND.vbs []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"sys"=C:\WINDOWS\Fonts\Fonts.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2009-07-18 

257440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-20 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli

cy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22

019"
"C:\Program Files\Realtek\8187SE Wireless LAN Utility\RtWLan.exe"="C:\Program 

Files\Realtek\8187SE Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft 

Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Games\Enemy Territory\ET.exe"="D:\Games\Enemy Territory\ET.exe:*:Enabled:ET"
"D:\Games\TmNationsForever\TmForever.exe"="D:\Games\TmNationsForever\TmForever.exe:*:Enabl

ed:TmForever"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program 

Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program 

Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpoli

cy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network 

Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22

019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a2216

ac-8dc6-11d9-8b1c-f3ba22853c06}]
shell\AutoRun\command - G:\CDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f7eb

a1-12a1-11de-93ca-0021857bdf4f}]
shell\Auto\command - auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

auto.exe
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{416915

96-e7e6-11de-94db-0021857bdf4f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

wscript.exe GIULIANO.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101b1

4c-020a-11de-9399-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

wscript.exe MSI-WIND.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101b1

4d-020a-11de-9399-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

wscript.exe MSI-WIND.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6e38

65-020b-11de-939a-0021857bdf4f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL 

wscript.exe MSI-WIND.vbs


======File associations======

.reg - open - C:\WINDOWS\pchealth\Global.exe

======List of files/folders created in the last 1 months======

2009-12-16 05:29:12 ----D---- C:\Program Files\trend micro
2009-12-16 05:29:11 ----D---- C:\rsit
2009-12-16 05:21:49 ----A---- C:\WINDOWS\system32\tasklist.exe
2009-12-16 05:18:56 ----D---- C:\WINDOWS\LastGood
2009-12-14 06:09:33 ----A---- C:\WINDOWS\system32\MSI-WIND.wsh

======List of files/folders modified in the last 1 months======

2009-12-16 05:29:12 ----RD---- C:\Program Files
2009-12-16 05:26:25 ----D---- C:\Program Files\Mozilla Firefox
2009-12-16 05:25:39 ----HD---- C:\WINDOWS\inf
2009-12-16 05:24:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-16 05:24:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-16 05:24:29 ----D---- C:\WINDOWS
2009-12-16 05:24:12 ----D---- C:\WINDOWS\Prefetch
2009-12-16 05:22:25 ----D---- C:\WINDOWS\system32
2009-12-16 05:19:20 ----SHDC---- C:\WINDOWS\system32\dllcache
2009-12-16 05:19:19 ----D---- C:\WINDOWS\Temp
2009-12-16 05:19:10 ----D---- C:\WINDOWS\Help
2009-12-16 03:35:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-14 07:24:38 ----D---- C:\Documents and Settings\Raoul\Application Data\vlc

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 

4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-07-26 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 

36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-03 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; 

C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys 

[2005-03-08 21035]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-19 10384]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition 

Classic\avgntflt.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 

13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 

[2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; 

C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 

10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-20 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); 

C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-08 4739072]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; 

C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-19 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; 

C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-19 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 

[2008-12-19 28816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys 

[2008-06-11 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys 

[2008-05-20 625792]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; 

C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-11 106368]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-11 

41600]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; 

C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 

26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; 

C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 at3ir2fe;at3ir2fe; C:\WINDOWS\system32\drivers\at3ir2fe.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 

17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; 

C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 

85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys 

[2008-04-14 10880]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; 

C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys [2008-07-11 306176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-16 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-30 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-02-01 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys 

[2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-23 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-19 

41856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 

36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys 

[2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 

121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 

[2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 

4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program 

Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program 

Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile 

Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 

238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe 

[2009-05-08 152984]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe 

[2008-06-10 159744]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth 

Toshiba Stack\TosBtSrv.exe [2007-09-29 128360]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 

38912]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common 

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-15 654848]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common 

Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft 

Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source 

Engine\OSE.EXE [2006-10-27 145184]

-----------------EOF-----------------

Und hier die info.txt:

Code:

info.txt logfile of random's system information tool 1.06 2009-12-16 05:29:22

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 

C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft 

Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common 

Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe 

/I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Library-->MsiExec.exe /I{7D62C409-EA5C-40E3-954E-AD4923250923}
Adobe Encore CS3-->MsiExec.exe /I{5373C190-2C97-4086-B0F6-E7774B2CF25A}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe 

/I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe 

/I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Premiere Pro CS3-->MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition 

Classic\SETUP.EXE /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe 

/X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BurnRecovery-->MsiExec.exe /I{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader 

Filter\uninstall.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation 

Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation 

Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
e-tax 2009-->MsiExec.exe /X{919F3D91-8374-410F-932B-A126F2C85426}
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\ffdshow\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube 

Download\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to 

Mp3 Converter\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP 

(KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation 

Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 

-removeonly
Microsoft Internationalized Domain Names Mitigation 

APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 

1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel 

APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe 

/X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe 

/X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe 

/X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe 

/X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe 

/X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe 

/X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe 

/X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe 

/X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe 

/X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe 

/X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe 

/X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe 

/X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe 

/X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe 

/X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe 

/X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe 

/X{7299052b-02a4-4627-81f2-1818da5d550d}
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR 

SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video 

Splitter\uninstall.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation 

Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 

-removeonly
Realtek High Definition Audio Driver-->RunDll32 

C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup 

"C:\Program Files\InstallShield Installation 

Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
Security Update for Windows Internet Explorer 7 

(KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 

(KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 

(KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 

(KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 

(KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 

(KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP 

(KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
System Control Manager-->C:\Program Files\InstallShield Installation 

Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 

-removeonly
Ulead Burn.Now 4.5 SE-->C:\Program Files\InstallShield Installation 

Information\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\setup.exe -runfromtemp -l0x0409
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Office 2007 (KB934528)-->msiexec /package 

{91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package 

{91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Update for Windows XP 

(KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP 

(KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP 

(KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP 

(KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation 

Information\{D10CB652-9332-4242-B7A9-2D61570144F7}\setup.exe -runfromtemp -l0x0009 

-removeonly
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net  (05/19/2008 

1.01.03.0000)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u 

C:\WINDOWS\system32\DRVSTORE\rt2860_182C209AFE287E941D2F1DE5B71B3589853F453B\rt2860.inf
Windows Driver Package - Realtek (rtl8187Se) Net  (07/10/2008 

5.9067.0710.2008)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE 

/u 

C:\WINDOWS\system32\DRVSTORE\net8187se_06BCAD86CB743343CBFF6639914BD6E626DE4A59\net8187se.

inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" 

/UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR 3.61 Multi\Uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (outdated)

======System event log======

Computer Name: MSI-WIND
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0021857BDF4F.  The following error
occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4243
Source Name: Dhcp
Time Written: 20090722144201.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time. 

Record Number: 4227
Source Name: W32Time
Time Written: 20090722143145.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 4226
Source Name: W32Time
Time Written: 20090722143145.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 0021857BDF4F.  The IP address being used is 169.254.28.93.

Record Number: 4225
Source Name: Dhcp
Time Written: 20090722143144.000000+480
Event Type: warning
User: 

Computer Name: MSI-WIND
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service 

and therefore cannot download and install updates according to the set schedule. Windows 

will continue to try to establish a connection.

Record Number: 4217
Source Name: Windows Update Agent
Time Written: 20090722142803.000000+480
Event Type: error
User: 

=====Application event log=====

Computer Name: MSI-WIND
Event Code: 2002
Message: The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Record Number: 1670
Source Name: LoadPerf
Time Written: 20090512161521.000000+480
Event Type: warning
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: 

<http://www.download.windowsupdate.co...en/authrootseq

.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1605
Source Name: crypt32
Time Written: 20090508160755.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: 

<http://www.download.windowsupdate.co...en/authrootseq

.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1604
Source Name: crypt32
Time Written: 20090508160755.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: 

<http://www.download.windowsupdate.co...en/authrootseq

.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1603
Source Name: crypt32
Time Written: 20090508160755.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: 

<http://www.download.windowsupdate.co...en/authrootseq

.txt> with error: This operation returned because the timeout period expired.


Record Number: 1602
Source Name: crypt32
Time Written: 20090508160754.000000+480
Event Type: error
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program 

Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Und zuletzt das files.txt von der findfile.bat:

Code:

 
 Volume in drive C is OS_Install
 Volume Serial Number is 0470-76D0

 Directory of C:\Documents and Settings\Raoul\Local Settings\Temp\bye1.tmp\Disk1

07.03.2009  02:14                43 autorun.inf
               1 File(s)             43 bytes

 Directory of C:\NIS2008

26.08.2007  17:01               123 autorun.inf
               1 File(s)            123 bytes

 Directory of C:\Program Files\Adobe\Adobe Contribute 

CS3\Configuration\DocumentTypes\NewDocuments

20.11.2006  13:08                13 Default.vb
20.11.2006  13:08                20 Default.vbs
               2 File(s)             33 bytes

 Directory of C:\Program Files\Adobe\Adobe Contribute 

CS3\Configuration\Shared\Google\FreeSearch\Help

20.11.2006  13:10             1.122 wf_dispatcher.vbs
               1 File(s)          1.122 bytes

Vielen Dank schonmal
Gruß, premierstreusel

[Petra]

Zwei Bitten vorab:
Nutze nur Code-Tags, nicht auch noch die Quote-Tags. Ich habe das jetzt oben geändert.

Wordwrap im Editor abschalten

Die Formatierung in Deinem Logfile ist falsch und schwierig zu lesen.
Schalte bitte Wordwrap in Deinem Editor (Notepad) ab.

• Start => Ausführen
• Schreibe Notepad dort hinein und drücke Enter.
• Format => Wordwrap abschalten.

===== Punkt 1 =====

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
  
  
  Code:

  :contents
  C:\autorun.inf
  C:\Documents and Settings\Raoul\Local Settings\Temp\bye1.tmp\Disk1\autorun.inf
  C:\NIS2008\autorun.inf

• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

===== Punkt 2 =====

Waren bei dem Suchlauf mit findfile.bat alle externen Festplatten und USB-Sticks und sonstige externe Medien an dem Computer angeschlossen? Es sieht mir nicht danach aus oder der Suchlauf war noch nicht beendet.

[premierstreusel]

Ok hab WordWrap abgeschaltet.
Hier die SystemLook txt:

Code:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 06:45 on 16/12/2009 by Raoul (Administrator - Elevation successful)

========== contents ==========

C:\autorun.inf - Opened succesfully.

ÿþ[autorun]
shellexecute=wscript.exe MSI-WIND.vbs

C:\Documents and Settings\Raoul\Local Settings\Temp\bye1.tmp\Disk1\autorun.inf - Opened succesfully.

[autorun]
open=autorun.exe
icon=icon1.ico

C:\NIS2008\autorun.inf - Opened succesfully.

[autorun]
OPEN=CDSTART.EXE
[cdstart]
TITLE="Norton Internet Security"
HOTKEYTITLE="&Install Norton Internet Security"


-=End Of File=-

Ja meine externe festplatte war angeschlossen, ich weiß nicht ob das programm durchgelaufen ist. Das Fenster war noch offen aber hat nichts angezeigt und die txt war schon erstellt von daher hab ich gedacht es ist fertig. Ich habs grade nochmal durchlaufen lassen jetzt hats scheinbar funktioniert:

Code:

 Volume in drive C is OS_Install
 Volume Serial Number is 0470-76D0

 Directory of C:\Documents and Settings\Raoul\Local Settings\Temp\bye1.tmp\Disk1

07.03.2009  02:14                43 autorun.inf
               1 File(s)             43 bytes

 Directory of C:\NIS2008

26.08.2007  17:01               123 autorun.inf
               1 File(s)            123 bytes

 Directory of C:\Program Files\Adobe\Adobe Contribute CS3\Configuration\DocumentTypes\NewDocuments

20.11.2006  13:08                13 Default.vb
20.11.2006  13:08                20 Default.vbs
               2 File(s)             33 bytes

 Directory of C:\Program Files\Adobe\Adobe Contribute CS3\Configuration\Shared\Google\FreeSearch\Help

20.11.2006  13:10             1.122 wf_dispatcher.vbs
               1 File(s)          1.122 bytes

 Directory of C:\Program Files\Adobe\Adobe Dreamweaver CS3\configuration\DocumentTypes\NewDocuments

20.03.2007  15:47                13 Default.vb
20.03.2007  15:47                20 Default.vbs
20.03.2007  15:47               897 Default_cb.vb
20.03.2007  15:47               851 Default_cb_nn.vb
               4 File(s)          1.781 bytes

 Directory of C:\Program Files\Adobe\Adobe Dreamweaver CS3\configuration\Shared\XSLTransform\ASP.NET_VB

20.03.2007  15:48             4.591 MM_XSLTransform.vb
               1 File(s)          4.591 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\CalendarSample

15.03.2007  22:44             4.016 Calendar.vbs
               1 File(s)          4.016 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Collect for Output

15.03.2007  22:44             2.962 CollectForOutput.vbs
               1 File(s)          2.962 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\ColorWheel

15.03.2007  22:44             5.766 ColorWheel.vbs
               1 File(s)          5.766 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\ContactSheet

15.03.2007  22:44             9.916 ContactSheet.vbs
               1 File(s)          9.916 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\CycleGraph

15.03.2007  22:44             5.897 CycleGraph.vbs
               1 File(s)          5.897 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Export Flash Animation

15.03.2007  22:44             2.987 ExportFlashAnimation.vbs
               1 File(s)          2.987 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Sierpinski

15.03.2007  22:44             5.452 Sierpinski.vbs
               1 File(s)          5.452 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Web Gallery

15.03.2007  22:44            10.563 WebGallery.vbs
               1 File(s)         10.563 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Working with Datasets

15.03.2007  22:44             2.076 ExportAllExistingDatasets.vbs
15.03.2007  22:44             3.275 ImportDatasets.vbs
               2 File(s)          5.351 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Working with Path Points

15.03.2007  22:44             1.870 CountCorners.vbs
15.03.2007  22:44             2.681 CreatePaths.vbs
15.03.2007  22:44             1.471 DeletePathPoint.vbs
               3 File(s)          6.022 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Working With Symbols

15.03.2007  22:44             1.982 SymbolsFromPageItems.vbs
15.03.2007  22:44             1.376 SymbolsFromStyles.vbs
               2 File(s)          3.358 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Working with Tagged Art

15.03.2007  22:44             1.666 CreateDeleteTag.vbs
               1 File(s)          1.666 bytes

 Directory of C:\Program Files\Adobe\Adobe Illustrator CS3\Scripting\Sample Scripts\Visual Basic\Working With Text

15.03.2007  22:44             1.555 Align Text.vbs
15.03.2007  22:44             1.533 Count Words.vbs
15.03.2007  22:44             1.506 CreateArea Text.vbs
15.03.2007  22:44             2.790 Get Selection.vbs
15.03.2007  22:44             1.488 MoveTextArt.vbs
15.03.2007  22:44             1.108 Select Range of Text.vbs
15.03.2007  22:44             1.665 Select Text Art.vbs
               7 File(s)         11.645 bytes

 Directory of C:\Program Files\Adobe\Adobe InDesign CS3\Scripts\Scripts Panel\Samples\VBScript

16.03.2007  10:49             9.280 AddGuides.vbs
16.03.2007  10:49             7.749 AddPoints.vbs
16.03.2007  10:49            10.556 AdjustLayout.vbs
16.03.2007  10:49             8.193 AlignToPage.vbs
16.03.2007  10:49             2.954 BreakFrame.vbs
16.03.2007  10:49            19.060 CornerEffects.vbs
16.03.2007  10:49             7.451 CreateCharacterStyle.vbs
16.03.2007  10:49            19.560 CropMarks.vbs
16.03.2007  10:49             4.053 ExportAllStories.vbs
16.03.2007  10:49            12.668 FindChangeByList.vbs
16.03.2007  10:49            18.625 ImageCatalog.vbs
16.03.2007  10:49             2.054 LabelGraphicMenu.vbs
16.03.2007  10:49             8.004 LabelGraphics.vbs
16.03.2007  10:49             8.025 MakeGrid.vbs
16.03.2007  10:49             9.815 Neon.vbs
16.03.2007  10:49            11.557 PathEffects.vbs
16.03.2007  10:49             4.469 PlaceMultipagePDF.vbs
16.03.2007  10:49             5.781 SelectObjects.vbs
16.03.2007  10:49             2.785 SortParagraphs.vbs
16.03.2007  10:49             2.097 SplitStory.vbs
16.03.2007  10:49             8.324 TabUtilities.vbs
              21 File(s)        183.060 bytes

 Directory of C:\Program Files\Adobe\Adobe InDesign CS3\Scripts\Scripts Panel\Samples\VBScript\LabelGraphicSupport

16.03.2007  10:49             4.914 LabelGraphicBeforeDisplay.vbs
16.03.2007  10:49             8.375 LabelGraphicOnInvoke.vbs
16.03.2007  10:49             2.372 RemoveLabelGraphicMenu.vbs
               3 File(s)         15.661 bytes

 Directory of C:\Program Files\Adobe\Adobe InDesign CS3\Scripts\Xml Rules

16.03.2007  10:49             5.876 glue code.vbs
               1 File(s)          5.876 bytes

 Directory of C:\Program Files\Adobe\Adobe Photoshop CS3\Scripting Guide\Sample Scripts\VBScript

21.03.2007  21:54             1.818 ApplyStyle.vbs
21.03.2007  21:54             4.631 BatchProcess.vbs
21.03.2007  21:54             2.149 ClipboardInteraction.vbs
21.03.2007  21:54             2.136 CreateAndExecuteAction.vbs
21.03.2007  21:54             1.307 CreateNewTextArt.vbs
21.03.2007  21:54             2.366 Crop.vbs
21.03.2007  21:54               589 DocumentByName.vbs
21.03.2007  21:54             1.676 DuplicateLayers.vbs
21.03.2007  21:54             2.299 ExecuteAction.vbs
21.03.2007  21:54             1.546 ExecuteJavaScript.vbs
21.03.2007  21:54             2.508 Filters.vbs
21.03.2007  21:54             2.220 HistoryState.vbs
21.03.2007  21:54             1.364 OpenDocument.vbs
21.03.2007  21:54             3.501 SaveAsFormats.vbs
21.03.2007  21:54             2.156 Selection.vbs
21.03.2007  21:54             1.880 SelectionEffects.vbs
21.03.2007  21:54             3.949 TextArt.vbs
21.03.2007  21:54             2.624 TextArtCenter.vbs
21.03.2007  21:54             1.663 Trim.vbs
              19 File(s)         42.382 bytes

 Directory of C:\Program Files\Ulead Systems\Ulead Burn.Now 4.5 SE

05.01.2007  12:43               101 Autorun.inf
               1 File(s)            101 bytes

 Directory of C:\WINDOWS\I386

14.04.2008  21:00             1.207 PUBPRN.VB_
14.04.2008  21:00             6.022 TSCINST.VB_
14.04.2008  21:00             4.821 TSCUINST.VB_
               3 File(s)         12.050 bytes

 Directory of C:\WINDOWS\system32

14.04.2008  21:00             3.708 pubprn.vbs
               1 File(s)          3.708 bytes

 Directory of C:\WINDOWS\system32\dllcache

14.04.2008  21:00             3.708 pubprn.vbs
               1 File(s)          3.708 bytes

     Total Files Listed:
              83 File(s)        349.840 bytes
               0 Dir(s)   4.322.562.048 bytes free
 Volume in drive C is OS_Install
 Volume Serial Number is 0470-76D0

 Directory of C:\

14.12.2009  07:23                98 autorun.inf
               1 File(s)             98 bytes

     Total Files Listed:
               1 File(s)             98 bytes
               0 Dir(s)   4.322.562.048 bytes free
A          C:\AUTOEXEC.BAT
A  SHR     C:\autorun.inf
A  SHR     C:\boot.ini
A          C:\CONFIG.SYS
A  SH      C:\hiberfil.sys
A  SHR     C:\IO.SYS
A  SHR     C:\MSDOS.SYS
A  SHR     C:\NTDETECT.COM
A  SHR     C:\ntldr
A  SH      C:\pagefile.sys
 Volume in drive D has no label.
 Volume Serial Number is A893-D329
 Volume in drive D has no label.
 Volume Serial Number is A893-D329

 Directory of D:\

14.12.2009  07:23                98 autorun.inf
               1 File(s)             98 bytes

     Total Files Listed:
               1 File(s)             98 bytes
               0 Dir(s)     628.580.352 bytes free
A          D:\4775296_MVM_0.tmp
A  SHR     D:\autorun.inf
 Volume in drive E is DATA
 Volume Serial Number is C000-CF68

 Directory of E:\PackardBell Dateien

14.12.2005  23:09             5.036 crccheck.vbs

 Directory of E:\PackardBell Dateien

05.07.2007  22:25                47 autorun.inf
               2 File(s)          5.083 bytes

 Directory of E:\PackardBell Dateien\Packard Bell\cd

28.10.2003  00:48             5.036 crccheck.vbs

 Directory of E:\PackardBell Dateien\Packard Bell\cd

11.10.2005  17:32                47 Autorun.inf
               2 File(s)          5.083 bytes

     Total Files Listed:
               4 File(s)         10.166 bytes
               0 Dir(s)  41.741.631.488 bytes free
 Volume in drive E is DATA
 Volume Serial Number is C000-CF68

 Directory of E:\

14.12.2009  06:29                98 autorun.inf
               1 File(s)             98 bytes

     Total Files Listed:
               1 File(s)             98 bytes
               0 Dir(s)  41.741.631.488 bytes free
A  SHR     E:\autorun.inf
A          E:\Bild0075.JPG
A          E:\Bild0076.JPG
A          E:\Bild0077.JPG
A          E:\Bild0078.JPG
A          E:\Bild0079.JPG
A          E:\Bild0080.JPG
A          E:\Djane20c.jpg
A          E:\Djane20FINAL.eps
A   H      E:\~$adtrip.docx

Danke und Gruß,
premierstreusel

[Petra]

Hallo premierstreusel,

Ja, dieser Output von findfile.bat sieht doch schon viel besser und vollständiger aus



Bitte die folgenden Punkte unbedingt in der vorgegebenen Reihenfolge abarbeiten.

Berichte mir zu jedem Punkt, dass Du ihn erledigt hast.

Stoppe und frage, wenn etwas nicht funktioniert.

Poste Logfiles sofern angefordert und/oder antworte auf gestellte Fragen.

Benutze ausschließlich Programme und Tools, die in der Anleitung angegeben sind.
Installiere während unserer Bereinigung nichts Neues ohne Absprache.



===== Punkt 1 =====

Dateien mit OTM verschieben

Bitte erstelle eine Sicherung Deiner Registry (falls noch nicht gemacht) nach dieser Anleitung.

Falls noch nicht vorhanden, lade Dir OTM von OldTimer herunter.

• Speichere das Programm auf Deinem Desktop.
• Sollte Dein Anti-Virus-Programm "Alarm" schlagen, bitte ignorieren und/oder OTM auf die Liste der Ausnahmen setzen.
• Doppelklick auf die OTM.exe, um das Programm auszuführen.
• Vista-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
• Einen Haken setzen bei "Unregister Dll's and Ocx's"
• Kopiere den Inhalt der folgenden Codebox komplett in die OTM-Box mit dem gelben Titel
  (Paste Instructions for Items to be Moved)
  
  Code:

  :reg
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "MSI-WIND"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  "sys"=-
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a2216ac-8dc6-11d9-8b1c-f3ba22853c06}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f7eba1-12a1-11de-93ca-0021857bdf4f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41691596-e7e6-11de-94db-0021857bdf4f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101b14c-020a-11de-9399-806d6172696f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101b14d-020a-11de-9399-806d6172696f}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6e3865-020b-11de-939a-0021857bdf4f}]
  
  :files
  C:\autorun.inf
  D:\autorun.inf
  E:\autorun.inf
  C:\WINDOWS\SYSTEM32\MSI-WIND.vbs
  C:\WINDOWS\system32\MSI-WIND.wsh
  C:\WINDOWS\pchealth\Global.exe
  C:\WINDOWS\system32\dllcache\Global.exe
  
  :commands
  [emptytemp]

• Den roten Moveit! Button anklicken.
• Bitte alles aus dem Ergebnisfenster (Results) herauskopieren oder
• den Inhalt der Datei C:\_OTM\MovedFiles\<datum_nr.>.log kopieren
  und das Ergebnis in Deine nächste Antwort posten.
• Die Dateien und/oder Ordner werden nach C:\_OTM\MovedFiles\ verschoben.
• Schließe OTMoveIt

Sollte eine Datei oder ein Ordner nicht verschoben werden können, wirst Du eventuell aufgefordert, den PC neuzustarten damit der Prozess abgeschlossen werden kann. Sollte dies der Fall sein, bestätige das mit Ja.


===== Punkt 2 =====

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Lade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel herunter:

Malwarebytes - MajorGeeks.com - BestTechie

• Anwendbar auf Windows 2000, XP, Vista und Windows 7.
• Installiere das Programm in den vorgegebenen Pfad.
• Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
• Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
• Aktiviere "Quick-Scan durchführen" => Scan.
• Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
• Bei Funden in C:\System Volume Information den Haken entfernen.
  Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
  Er könnte jedoch trotz Malware noch gebraucht werden.
  
• Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
• Berichte, wie der Rechner nun läuft.

Hier findest Du eine ausführliche und bebilderte Anleitung.


===== Punkt 3 =====

Externe Medien desinfizieren und absichern

Schalte Antiviren-Programm und Firewall ab, da der Flash_Disinfector irrtümlich von manchen Anti-Virus-Programmen als Schädling erkannt wird, was er aber nicht ist. Lade Flash Disinfector von sUBs herunter und speichere die Datei auf Deinem Desktop.

• Bitte trenne den Rechner vom Netz (WLAN nicht vergessen).
• Alle vorhandenen USB-Sticks, externen Festplatten und sonstige externe Medien anschließen.
• Starte die Flash_Disinfector.exe durch Doppelklick. Folge ggfs. den Anweisungen.
• Dein Desktop wird kurzfristig verschwinden und dann wiederkommen, das ist normal.
• Warte, bis das Programm den Scan beendet hat, dann schließe das Programm.
• Starte den Rechner neu.

Was Flash_Disinfector tun wird: Flash_Disinfector wird Deine Laufwerke von autorun.inf-Dateien befreien und zum Schutz vor Neuinfektion an ihre Stelle einen versteckten Ordner mit diesem Namen anlegen. Bitte diese Ordner nicht löschen! Sie schützen davor, dass die sich die Autorun-Infektion erneut installieren und andere schädliche Software laufen lassen kann.


===== Punkt 4 =====

Einträge mit HijackThis fixen

Bitte alle Anwendungen inkl. Browser schließen.
Folgende Einträge mit HJT fixen (falls noch vorhanden):
Starte HijackThis (bei Vista mit Rechtsklick als Adminstrator)
Hijackthis solltest Du hier finden => C:\Programme\Trend Micro\HijackThis\<hijackthis> oder <Benutzername>.exe
=> Do a system scan only => mache vor folgenden Zeilen einen Haken klicke und dann "Fix checked":

Code:

  
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by MSI-WIND

Den Rechner neu starten.


===== Punkt 5 =====

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update 17) von SUN. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u17-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars nicht mitinstallieren.


===== Punkt 6 =====

Sicherheitsrisiko Adobe Arcrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader 9.2.x herunter und installiere ihn.

Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren).


===== Punkt 8 =====

Windows Update

Dein Windows und der Internet-Explorer sind nicht auf dem neuesten Stand. Besuche die Windows-Update Seite und lasse alle wichtigen Updates installieren, die Dir über die benutzerdefinierte Suche angeboten werden.

Auch wenn Du den Internet Explorer nicht als Hauptbrowser nutzt, empfehle ich auf jeden Fall den Internet Explorer 8 zu installieren. Browser sicher konfigurieren: IE 6 - IE 7.


===== Punkt 9 =====

RSIT erneut das System scannen lassen

• Schließe alle Fenster und Programme inkl. Browser.
• Lösche C:\rsit\log.txt und C:\rsit\info.txt manuell.
• Doppelklicke die rsit.exe auf Deinem Desktop, um neue Logfiles zu erstellen.
• Bitte poste den Inhalt folgender Logs hier in den Thread:
  C:\rsit\log.txt und C:\rsit\info.txt.

[premierstreusel]

Hier das OTM Log:

Code:

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSI-WIND deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\sys deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a2216ac-8dc6-11d9-8b1c-f3ba22853c06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2216ac-8dc6-11d9-8b1c-f3ba22853c06}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f7eba1-12a1-11de-93ca-0021857bdf4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38f7eba1-12a1-11de-93ca-0021857bdf4f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41691596-e7e6-11de-94db-0021857bdf4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41691596-e7e6-11de-94db-0021857bdf4f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101b14c-020a-11de-9399-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5101b14c-020a-11de-9399-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5101b14d-020a-11de-9399-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5101b14d-020a-11de-9399-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b6e3865-020b-11de-939a-0021857bdf4f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b6e3865-020b-11de-939a-0021857bdf4f}\ not found.
========== FILES ==========
C:\autorun.inf moved successfully.
D:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\MSI-WIND.vbs not found.
C:\WINDOWS\system32\MSI-WIND.wsh moved successfully.
File/Folder C:\WINDOWS\pchealth\Global.exe not found.
File/Folder C:\WINDOWS\system32\dllcache\Global.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 42815 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 489035 bytes
 
User: Raoul
->Temp folder emptied: 2059268219 bytes
->Temporary Internet Files folder emptied: 107456900 bytes
->Java cache emptied: 27938954 bytes
->FireFox cache emptied: 90680602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 233532 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = -1915,73 mb
 
 
OTM by OldTimer - Version 3.1.2.2 log created on 12162009_215918

Files moved on Reboot...

Registry entries deleted on Reboot...

Code:

Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3373
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

16.12.2009 22:20:11
mbam-log-2009-12-16 (22-20-11).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 99989
Laufzeit: 4 minute(s), 34 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\dllcache\rndll32.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\tskmgr.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

HJThis zeigt mir nach dem system scan die zeile

Code:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by MSI-WIND

nicht an. Sollte also alles in Ordnung sein oder?

gruß, premierstreusel

[Petra]

ja, kannst fortfahren

[premierstreusel]

Ok super.

Hier die beiden Logs von RSIT:

info.txt:

Code:

info.txt logfile of random's system information tool 1.06 2009-12-17 02:56:54

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Library-->MsiExec.exe /I{7D62C409-EA5C-40E3-954E-AD4923250923}
Adobe Encore CS3-->MsiExec.exe /I{5373C190-2C97-4086-B0F6-E7774B2CF25A}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{0742B739-DCA3-4A21-AADD-B7CBF49C2058}
Adobe Premiere Pro CS3-->MsiExec.exe /I{A6CDBEB9-2DF5-4455-A647-F3DF0441D5C3}
Adobe Reader 9.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BurnRecovery-->MsiExec.exe /I{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}
CD Audio Reader Filter (remove only)-->"C:\Program Files\CD Audio Reader Filter\uninstall.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
DC-Bass Source 1.1.1-->"C:\Program Files\DSP-worx\DC-Bass Source\Uninstall.exe"
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
e-tax 2009-->MsiExec.exe /X{919F3D91-8374-410F-932B-A126F2C85426}
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\ffdshow\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MONOGRAM AMR Splitter/Decoder (remove only)-->"C:\Program Files\MONOGRAM AMR SplitterDecoder\uninstall.exe"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
OpenSource Flash Video Splitter (remove only)-->"C:\Program Files\OpenSource Flash Video Splitter\uninstall.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealMedia (remove only)-->"C:\Program Files\RealMedia\uninstall.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SHOUTcast Source (remove only)-->"C:\Program Files\SHOUTcast Source\uninstall.exe"
System Control Manager-->C:\Program Files\InstallShield Installation Information\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}\setup.exe -runfromtemp -l0x0009 -removeonly
Ulead Burn.Now 4.5 SE-->C:\Program Files\InstallShield Installation Information\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\setup.exe -runfromtemp -l0x0409
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{D10CB652-9332-4242-B7A9-2D61570144F7}\setup.exe -runfromtemp -l0x0009 -removeonly
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net  (05/19/2008 1.01.03.0000)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\rt2860_182C209AFE287E941D2F1DE5B71B3589853F453B\rt2860.inf
Windows Driver Package - Realtek (rtl8187Se) Net  (07/10/2008 5.9067.0710.2008)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\net8187se_06BCAD86CB743343CBFF6639914BD6E626DE4A59\net8187se.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR 3.61 Multi\Uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (outdated)

======System event log======

Computer Name: MSI-WIND
Event Code: 240
Message: A request to suspend power was denied by winlogon.exe.

Record Number: 4715
Source Name: Win32k
Time Written: 20090803183833.000000+480
Event Type: warning
User: 

Computer Name: MSI-WIND
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 4714
Source Name: Tcpip
Time Written: 20090803183445.000000+480
Event Type: warning
User: 

Computer Name: MSI-WIND
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0021857BDF4F.  The following
error occurred: 
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4694
Source Name: Dhcp
Time Written: 20090803182809.000000+480
Event Type: warning
User: 

Computer Name: MSI-WIND
Event Code: 240
Message: A request to suspend power was denied by winlogon.exe.

Record Number: 4690
Source Name: Win32k
Time Written: 20090803150005.000000+480
Event Type: warning
User: 

Computer Name: MSI-WIND
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 4685
Source Name: Windows Update Agent
Time Written: 20090803144714.000000+480
Event Type: error
User: 

=====Application event log=====

Computer Name: MSI-WIND
Event Code: 2002
Message: The MOF file created for the Outlook service could not be loaded. The
error code returned by the MOF Compiler is contained in the Record Data.
Before the performance counters of this service can be collected by WMI
the MOF file will need to be loaded manually. Contact the vendor of this
service for additional information.

Record Number: 1670
Source Name: LoadPerf
Time Written: 20090512161521.000000+480
Event Type: warning
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1605
Source Name: crypt32
Time Written: 20090508160755.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1604
Source Name: crypt32
Time Written: 20090508160755.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 1603
Source Name: crypt32
Time Written: 20090508160755.000000+480
Event Type: error
User: 

Computer Name: MSI-WIND
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 1602
Source Name: crypt32
Time Written: 20090508160754.000000+480
Event Type: error
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

und log.txt:

Code:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Raoul at 2009-12-17 02:56:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (24%) free of 40 GB
Total RAM: 2037 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:56:51, on 17.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Raoul\Desktop\RSIT.exe
C:\Program Files\trend micro\Raoul.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.msi.com.tw/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.msi.com.tw
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Micro Star SCM - Unknown owner - C:\Program Files\System Control Manager\MSIService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9312 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-08 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-03-29 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-20 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-20 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-20 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-08 16862208]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-07-30 684032]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-29 75136]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-19 76304]
"RemoteControl9"=C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]
"PDVD9LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-13 50472]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-08 148888]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-03-29 624248]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-20 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Realtek\8187SE Wireless LAN Utility\RtWLan.exe"="C:\Program Files\Realtek\8187SE Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Games\Enemy Territory\ET.exe"="D:\Games\Enemy Territory\ET.exe:*:Enabled:ET"
"D:\Games\TmNationsForever\TmForever.exe"="D:\Games\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-12-17 02:50:41 ----D---- C:\WINDOWS\ie8updates
2009-12-17 02:47:59 ----HDC---- C:\WINDOWS\ie8
2009-12-17 02:36:33 ----SHD---- C:\Config.Msi
2009-12-17 02:18:51 ----RASHD---- C:\autorun.inf
2009-12-16 22:08:17 ----D---- C:\Documents and Settings\Raoul\Application Data\Malwarebytes
2009-12-16 22:08:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-16 22:08:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-16 21:59:18 ----D---- C:\_OTM
2009-12-16 21:57:58 ----D---- C:\WINDOWS\ERDNT
2009-12-16 21:56:59 ----D---- C:\Program Files\ERUNT
2009-12-16 05:29:12 ----D---- C:\Program Files\trend micro
2009-12-16 05:29:11 ----D---- C:\rsit
2009-12-16 05:21:49 ----A---- C:\WINDOWS\system32\tasklist.exe

======List of files/folders modified in the last 1 months======

2009-12-17 02:56:51 ----D---- C:\WINDOWS\Prefetch
2009-12-17 02:54:58 ----D---- C:\Program Files\Mozilla Firefox
2009-12-17 02:53:36 ----HD---- C:\WINDOWS\inf
2009-12-17 02:53:15 ----D---- C:\WINDOWS
2009-12-17 02:53:01 ----D---- C:\WINDOWS\system32
2009-12-17 02:52:53 ----RD---- C:\Program Files
2009-12-17 02:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-17 02:52:52 ----D---- C:\WINDOWS\Temp
2009-12-17 02:52:23 ----D---- C:\WINDOWS\system32\en-US
2009-12-17 02:52:22 ----SHDC---- C:\WINDOWS\system32\dllcache
2009-12-17 02:52:22 ----D---- C:\WINDOWS\Media
2009-12-17 02:52:22 ----D---- C:\WINDOWS\Help
2009-12-17 02:52:22 ----D---- C:\Program Files\Internet Explorer
2009-12-17 02:51:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-17 02:50:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-17 02:50:44 ----A---- C:\WINDOWS\imsins.BAK
2009-12-17 02:47:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-17 02:39:07 ----SHD---- C:\WINDOWS\Installer
2009-12-17 02:39:06 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-17 02:38:42 ----D---- C:\Program Files\Common Files\Adobe
2009-12-17 02:38:21 ----D---- C:\Program Files\Adobe
2009-12-16 22:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-16 22:21:30 ----D---- C:\WINDOWS\system32\drivers
2009-12-14 07:24:38 ----D---- C:\Documents and Settings\Raoul\Application Data\vlc
2009-12-01 12:06:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-07-26 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-03 64128]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-03-08 21035]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-19 10384]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-20 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-08 4739072]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-19 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-19 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-19 28816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-06-11 156160]
R3 RT80x86;Ralink 802.11n Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2860.sys [2008-05-20 625792]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-11 106368]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-11 41600]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 alwyq1vg;alwyq1vg; C:\WINDOWS\system32\drivers\alwyq1vg.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\WINDOWS\system32\DRIVERS\rtl8187Se.sys [2008-07-11 306176]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-02-16 131712]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-30 36608]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-02-01 74240]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-23 54144]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-19 41856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-08 152984]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [2008-06-10 159744]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-29 128360]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-15 654848]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-27 145184]

-----------------EOF-----------------

gruß, premierstreusel

[premierstreusel]

Ich bekomme grade komischerweise eine Warnung von antivir auf den Silly.Gen Virus:

Code:

C:\System Volume Information\_restore{ED008A3C-6CF5-4395-8B7E-E1C7A9A2BAF1}\RP47\A0034854.vbs

Ist irgendwas schief gegangen?