HEUR/crypted in C:\Windows\Temp\rundll32.dll

Ic3Ang3l · 09.09.2009, 21:31

Hallo ihr Lieben.

Habe seit zwei Tagen Probleme mit dem Laptop.
Es ist ein
HP Pavilion dv6700 Notebook PC,
Prozessor AMD Turion 64 X2 Mobile Technology TL-60 2.00 GHz,
Betriebssystem: Windows Vista Home Premium 32 bit.

Am Besten von Anfang an, falls es relevant sein sollte.
Seit vorgestern Abend hatte ich immer, wenn ich den Internet Explorer nutzen (also egal welche Seite ich auf machen wollte) eine APPCRASH Fehlermeldung in der ntdll.dll. Dies konnte ich heute durch die Windows - Reparatur - Funktion beheben.
Dann kam ständig eine Virenwarnung (habe Antivir) TR/Crypt.ZPACK.Gen in der Datei C:\Windows\Temp\kbiwkmciohxhbror.tmp. Den konnte ich durch Antivir und CCleaner dann auch löschen, denk ich. Zumindest kam bisher die Warnung nicht mehr.
Seit das alles wieder in Ordnung ist, bekomme ich ständig, also so im Minuten Takt oder wenn ich etwas öffnen will, wieder eine Virenwarnung:
HEUR/crypted in der Datei C:\Windows\Temp\rundll32.dll

Ich habe bereits in Google gesucht und auch hier im Forum, aber leider nichts was mir helfen konnte.

Hier einmal meine HijackThis Logfile

Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Anwendungserfahrung AeLookupSvcALG (AeLookupSvcALG) - Unknown owner - C:\Windows\TEMP\xnddvlcswi.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Vielleicht findet sich jemand und kann mir helfen.

Vielen Dank im Voraus

john.doe · 09.09.2009, 21:55

Hallo und

Rootkitwarnung! Du hast eine schwere Infektion die nur mit sehr hohem Zeitaufwand zu bereinigen ist. Deshalb empfehle ich dir die schnelle und sichere Methode => http://www.trojaner-board.de/51262-a...sicherung.html

Solltest du trotzdem die Bereinigung vorziehen, dann beginne mit RSIT. Vorher solltest du jedoch deine Daten auf externe Medien oder andere Partitionen sichern.

1.) Poste beide Logs von http://www.trojaner-board.de/74910-a...tion-tool.html

2.) Solltest du noch irgendetwas mit dem Computer verbinden, wie Memorysticks, Speicherkarten, Digitalkameras, Handy, externe Laufwerke, ... dann stecke vor dem Scan alles an.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

ciao, andreas

Ic3Ang3l · 09.09.2009, 23:58

Vielen Dank für die schnelle Antwort. Werde es doch erst mit der Reinigung versuchen.

Hier einmal der Log von RSIT (1. Teil)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Raimund at 2009-09-10 00:27:34
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 104 GB (36%) free of 294 GB
Total RAM: 3071 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27:44, on 10.09.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\System32\mobsync.exe
C:\Users\Public\Steam\Steam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Raimund\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Raimund.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AlSrvN] C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/...fslauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Anwendungserfahrung AeLookupSvcALG (AeLookupSvcALG) - Unknown owner - C:\Windows\TEMP\xnddvlcswi.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10879 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-08-16 218408]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2007-04-11 56080]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-06-02 267048]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-05-27 13781536]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Spybot - Search & Destroy"=C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 5365592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-10 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"Uniblue RegistryBooster 2009"=c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]
"AlSrvN"=C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Helper\AlSrvN.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
TMMonitor.lnk - C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Installer.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-10 00:27:34 ----D---- C:\rsit
2009-09-09 23:38:56 ----A---- C:\Windows\Irremote.ini
2009-09-09 23:24:31 ----D---- C:\Program Files\Common Files\LightScribe
2009-09-09 18:43:08 ----D---- C:\Program Files\CCleaner
2009-09-09 17:08:42 ----D---- C:\ProgramData\F-Secure
2009-09-09 12:52:37 ----A---- C:\Windows\wininit.ini
2009-09-09 11:47:21 ----D---- C:\Program Files\Trend Micro
2009-09-09 00:31:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-09 00:31:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-08 23:37:54 ----D---- C:\Windows\system32\eu-ES
2009-09-08 23:37:54 ----D---- C:\Windows\system32\ca-ES
2009-09-08 23:37:53 ----D---- C:\Windows\system32\vi-VN
2009-09-08 23:27:17 ----D---- C:\Windows\system32\SPReview
2009-09-08 23:12:37 ----A---- C:\Windows\system32\scavenge.dll
2009-09-08 23:12:26 ----A---- C:\Windows\system32\compcln.exe
2009-09-08 23:11:20 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2009-09-08 23:11:20 ----A---- C:\Windows\system32\secproc_ssp.dll
2009-09-08 23:11:20 ----A---- C:\Windows\system32\secproc_isv.dll
2009-09-08 23:11:20 ----A---- C:\Windows\system32\secproc.dll
2009-09-08 23:11:20 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-09-08 23:11:20 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\sdohlp.dll
2009-09-08 23:11:19 ----A---- C:\Windows\system32\sdclt.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\samlib.dll
2009-09-08 23:11:19 ----A---- C:\Windows\system32\rtutils.dll
2009-09-08 23:11:19 ----A---- C:\Windows\system32\rtffilt.dll
2009-09-08 23:11:19 ----A---- C:\Windows\system32\rsaenh.dll
2009-09-08 23:11:19 ----A---- C:\Windows\system32\rrinstaller.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\rpcss.dll
2009-09-08 23:11:19 ----A---- C:\Windows\system32\rpchttp.dll
2009-09-08 23:11:19 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\RMActivate_isv.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\RMActivate.exe
2009-09-08 23:11:19 ----A---- C:\Windows\system32\riched20.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\scrrun.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\scrobj.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\scksp.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\schedsvc.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\scesrv.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\scecli.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\SCardSvr.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\scansetting.dll
2009-09-08 23:11:18 ----A---- C:\Windows\system32\samsrv.dll
2009-09-08 23:11:12 ----A---- C:\Windows\system32\pdh.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\powercpl.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\PNPXAssoc.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\PnPutil.exe
2009-09-08 23:11:11 ----A---- C:\Windows\system32\PnPUnattend.exe
2009-09-08 23:11:11 ----A---- C:\Windows\system32\pnpui.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\pnpsetup.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\pnidui.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\perfdisk.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\PerfCenterCPL.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\pcaui.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\p2psvc.dll
2009-09-08 23:11:11 ----A---- C:\Windows\system32\P2PGraph.dll
2009-09-08 23:11:10 ----A---- C:\Windows\system32\PkgMgr.exe
2009-09-08 23:11:10 ----A---- C:\Windows\system32\pidgenx.dll
2009-09-08 23:11:10 ----A---- C:\Windows\system32\photowiz.dll
2009-09-08 23:11:10 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-09-08 23:11:09 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-09-08 23:11:09 ----A---- C:\Windows\system32\ntdll.dll
2009-09-08 23:11:09 ----A---- C:\Windows\system32\nslookup.exe
2009-09-08 23:11:09 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\osk.exe
2009-09-08 23:11:08 ----A---- C:\Windows\system32\oobefldr.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\onex.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\olepro32.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\oleprn.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\oleaut32.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\ole32.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\offfilt.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\odbccp32.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\odbcconf.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\odbc32.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2009-09-08 23:11:08 ----A---- C:\Windows\system32\nlhtml.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rastls.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rasmontr.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rasmans.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rasgcw.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rasdlg.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rasdial.exe
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rasdiag.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\raschap.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\rasapi32.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\ocsetup.exe
2009-09-08 23:11:07 ----A---- C:\Windows\system32\ntprint.dll
2009-09-08 23:11:07 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-09-08 23:11:07 ----A---- C:\Windows\system32\ntmarta.dll
2009-09-08 23:11:06 ----A---- C:\Windows\system32\rastapi.dll
2009-09-08 23:11:06 ----A---- C:\Windows\system32\rasppp.dll
2009-09-08 23:11:06 ----A---- C:\Windows\system32\rasplap.dll
2009-09-08 23:11:05 ----A---- C:\Windows\system32\RacEngn.dll
2009-09-08 23:11:05 ----A---- C:\Windows\system32\Query.dll
2009-09-08 23:11:05 ----A---- C:\Windows\system32\quartz.dll
2009-09-08 23:11:05 ----A---- C:\Windows\system32\qmgr.dll
2009-09-08 23:11:05 ----A---- C:\Windows\system32\qedit.dll
2009-09-08 23:11:04 ----A---- C:\Windows\system32\RelMon.dll
2009-09-08 23:11:04 ----A---- C:\Windows\system32\rekeywiz.exe
2009-09-08 23:11:04 ----A---- C:\Windows\system32\regsvc.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\regapi.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\reg.exe
2009-09-08 23:11:03 ----A---- C:\Windows\system32\rdpwsx.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\rdpencom.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\prnntfy.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\printui.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\PresentationSettings.exe
2009-09-08 23:11:03 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-08 23:11:03 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-08 23:11:02 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-09-08 23:11:02 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-09-08 23:11:02 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-08 23:11:02 ----A---- C:\Windows\system32\powrprof.dll
2009-09-08 23:11:01 ----A---- C:\Windows\system32\qdvd.dll

Ic3Ang3l · 10.09.2009, 00:01

Hier der 2. Teil vom Log

2009-09-08 23:11:01 ----A---- C:\Windows\system32\QAGENTRT.DLL
2009-09-08 23:11:01 ----A---- C:\Windows\system32\puiapi.dll
2009-09-08 23:11:01 ----A---- C:\Windows\system32\propsys.dll
2009-09-08 23:11:01 ----A---- C:\Windows\system32\propdefs.dll
2009-09-08 23:11:01 ----A---- C:\Windows\system32\profsvc.dll
2009-09-08 23:11:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-09-08 23:11:00 ----A---- C:\Windows\system32\PSHED.DLL
2009-09-08 23:10:55 ----A---- C:\Windows\system32\shell32.dll
2009-09-08 23:10:55 ----A---- C:\Windows\system32\sendmail.dll
2009-09-08 23:10:54 ----A---- C:\Windows\system32\shlwapi.dll
2009-09-08 23:10:54 ----A---- C:\Windows\system32\shdocvw.dll
2009-09-08 23:10:54 ----A---- C:\Windows\system32\sethc.exe
2009-09-08 23:10:54 ----A---- C:\Windows\system32\services.exe
2009-09-08 23:10:53 ----A---- C:\Windows\system32\setupapi.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\ExplorerFrame.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\evr.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\eudcedit.exe
2009-09-08 23:10:39 ----A---- C:\Windows\system32\EhStorAPI.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\eapphost.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\eappgnui.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\eappcfg.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\eapp3hst.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\dwm.exe
2009-09-08 23:10:39 ----A---- C:\Windows\system32\dsprop.dll
2009-09-08 23:10:39 ----A---- C:\Windows\system32\dsound.dll
2009-09-08 23:10:38 ----A---- C:\Windows\system32\esent.dll
2009-09-08 23:10:38 ----A---- C:\Windows\explorer.exe
2009-09-08 23:10:36 ----A---- C:\Windows\system32\f3ahvoas.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\es.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\EncDec.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\emdmgmt.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\EhStorShell.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\EhStorPwdMgr.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\EhStorAuthn.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\diskraid.exe
2009-09-08 23:10:35 ----A---- C:\Windows\system32\diskpart.exe
2009-09-08 23:10:35 ----A---- C:\Windows\system32\dimsroam.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\diagperf.dll
2009-09-08 23:10:35 ----A---- C:\Windows\system32\dhcpcsvc6.dll
2009-09-08 23:10:34 ----A---- C:\Windows\system32\dhcpcsvc.dll
2009-09-08 23:10:34 ----A---- C:\Windows\system32\dfsr.exe
2009-09-08 23:10:34 ----A---- C:\Windows\system32\dfshim.dll
2009-09-08 23:10:34 ----A---- C:\Windows\system32\devmgr.dll
2009-09-08 23:10:33 ----A---- C:\Windows\system32\drvstore.dll
2009-09-08 23:10:33 ----A---- C:\Windows\system32\drvinst.exe
2009-09-08 23:10:33 ----A---- C:\Windows\system32\drmv2clt.dll
2009-09-08 23:10:33 ----A---- C:\Windows\system32\drmmgrtn.dll
2009-09-08 23:10:33 ----A---- C:\Windows\system32\dpapimig.exe
2009-09-08 23:10:33 ----A---- C:\Windows\system32\dot3svc.dll
2009-09-08 23:10:33 ----A---- C:\Windows\system32\dot3msm.dll
2009-09-08 23:10:33 ----A---- C:\Windows\system32\dot3cfg.dll
2009-09-08 23:10:32 ----A---- C:\Windows\system32\hbaapi.dll
2009-09-08 23:10:32 ----A---- C:\Windows\system32\gpresult.exe
2009-09-08 23:10:32 ----A---- C:\Windows\system32\dnsrslvr.dll
2009-09-08 23:10:32 ----A---- C:\Windows\system32\dnsapi.dll
2009-09-08 23:10:32 ----A---- C:\Windows\system32\dmusic.dll
2009-09-08 23:10:32 ----A---- C:\Windows\system32\dmsynth.dll
2009-09-08 23:10:31 ----A---- C:\Windows\system32\iasnap.dll
2009-09-08 23:10:31 ----A---- C:\Windows\system32\iashlpr.dll
2009-09-08 23:10:31 ----A---- C:\Windows\system32\iasdatastore.dll
2009-09-08 23:10:31 ----A---- C:\Windows\system32\iasads.dll
2009-09-08 23:10:31 ----A---- C:\Windows\system32\iasacct.dll
2009-09-08 23:10:31 ----A---- C:\Windows\system32\gpupdate.exe
2009-09-08 23:10:31 ----A---- C:\Windows\system32\gpsvc.dll
2009-09-08 23:10:30 ----A---- C:\Windows\system32\IasMigReader.exe
2009-09-08 23:10:30 ----A---- C:\Windows\system32\IasMigPlugin.dll
2009-09-08 23:10:29 ----A---- C:\Windows\system32\hidserv.dll
2009-09-08 23:10:29 ----A---- C:\Windows\system32\hdwwiz.exe
2009-09-08 23:10:29 ----A---- C:\Windows\system32\fontext.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\gpapi.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\gdi32.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\findstr.exe
2009-09-08 23:10:28 ----A---- C:\Windows\system32\feclient.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fdWSD.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fdWCN.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fdSSDP.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fdProxy.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fdeploy.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fdBthProxy.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fdBth.dll
2009-09-08 23:10:28 ----A---- C:\Windows\system32\fc.exe
2009-09-08 23:10:28 ----A---- C:\Windows\system32\Faultrep.dll
2009-09-08 23:10:27 ----A---- C:\Windows\system32\gpedit.dll
2009-09-08 23:10:27 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2009-09-08 23:10:27 ----A---- C:\Windows\system32\fundisc.dll
2009-09-08 23:10:27 ----A---- C:\Windows\system32\FunctionDiscoveryFolder.dll
2009-09-08 23:10:27 ----A---- C:\Windows\system32\ftp.exe
2009-09-08 23:10:26 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2009-09-08 23:10:26 ----A---- C:\Windows\system32\authui.dll
2009-09-08 23:10:26 ----A---- C:\Windows\system32\audiosrv.dll
2009-09-08 23:10:25 ----A---- C:\Windows\system32\AuxiliaryDisplayServices.dll
2009-09-08 23:10:25 ----A---- C:\Windows\system32\AuxiliaryDisplayDriverLib.dll
2009-09-08 23:10:25 ----A---- C:\Windows\system32\autochk.exe
2009-09-08 23:10:25 ----A---- C:\Windows\system32\authz.dll
2009-09-08 23:10:25 ----A---- C:\Windows\system32\AudioSes.dll
2009-09-08 23:10:25 ----A---- C:\Windows\system32\audiodg.exe
2009-09-08 23:10:24 ----A---- C:\Windows\system32\AuxiliaryDisplayCpl.dll
2009-09-08 23:10:24 ----A---- C:\Windows\system32\autoplay.dll
2009-09-08 23:10:24 ----A---- C:\Windows\system32\autofmt.exe
2009-09-08 23:10:24 ----A---- C:\Windows\system32\autoconv.exe
2009-09-08 23:10:23 ----A---- C:\Windows\system32\brcpl.dll
2009-09-08 23:10:22 ----A---- C:\Windows\system32\bthci.dll
2009-09-08 23:10:22 ----A---- C:\Windows\system32\browseui.dll
2009-09-08 23:10:22 ----A---- C:\Windows\system32\blackbox.dll
2009-09-08 23:10:22 ----A---- C:\Windows\system32\basecsp.dll
2009-09-08 23:10:22 ----A---- C:\Windows\system32\azroles.dll
2009-09-08 23:10:21 ----A---- C:\Windows\system32\bitsigd.dll
2009-09-08 23:10:21 ----A---- C:\Windows\system32\BFE.DLL
2009-09-08 23:10:21 ----A---- C:\Windows\system32\bcrypt.dll
2009-09-08 23:10:21 ----A---- C:\Windows\system32\accessibilitycpl.dll
2009-09-08 23:10:20 ----A---- C:\Windows\system32\apphelp.dll
2009-09-08 23:10:19 ----A---- C:\Windows\system32\apds.dll
2009-09-08 23:10:19 ----A---- C:\Windows\system32\adtschema.dll
2009-09-08 23:10:19 ----A---- C:\Windows\system32\adsmsext.dll
2009-09-08 23:10:19 ----A---- C:\Windows\system32\adsldpc.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\crypt32.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\credui.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\connect.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\conime.exe
2009-09-08 23:10:18 ----A---- C:\Windows\system32\comuid.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\comsvcs.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\comdlg32.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\cmdial32.dll
2009-09-08 23:10:18 ----A---- C:\Windows\system32\advapi32.dll
2009-09-08 23:10:17 ----A---- C:\Windows\system32\dbgeng.dll
2009-09-08 23:10:17 ----A---- C:\Windows\system32\davclnt.dll
2009-09-08 23:10:17 ----A---- C:\Windows\system32\dataclen.dll
2009-09-08 23:10:17 ----A---- C:\Windows\system32\d3d9.dll
2009-09-08 23:10:17 ----A---- C:\Windows\system32\cmmon32.exe
2009-09-08 23:10:16 ----A---- C:\Windows\system32\DevicePairingWizard.exe
2009-09-08 23:10:16 ----A---- C:\Windows\system32\DevicePairingProxy.dll
2009-09-08 23:10:16 ----A---- C:\Windows\system32\DevicePairing.dll
2009-09-08 23:10:16 ----A---- C:\Windows\system32\DeviceEject.exe
2009-09-08 23:10:16 ----A---- C:\Windows\system32\csrstub.exe
2009-09-08 23:10:16 ----A---- C:\Windows\system32\cscript.exe
2009-09-08 23:10:16 ----A---- C:\Windows\system32\cscdll.dll
2009-09-08 23:10:16 ----A---- C:\Windows\system32\cscapi.dll
2009-09-08 23:10:16 ----A---- C:\Windows\system32\cryptui.dll
2009-09-08 23:10:16 ----A---- C:\Windows\system32\cryptsvc.dll
2009-09-08 23:10:16 ----A---- C:\Windows\system32\cdd.dll
2009-09-08 23:10:15 ----A---- C:\Windows\system32\certmgr.dll
2009-09-08 23:10:15 ----A---- C:\Windows\system32\CertEnrollUI.dll
2009-09-08 23:10:15 ----A---- C:\Windows\system32\CertEnroll.dll
2009-09-08 23:10:15 ----A---- C:\Windows\system32\certcli.dll
2009-09-08 23:10:15 ----A---- C:\Windows\system32\bthudtask.exe
2009-09-08 23:10:15 ----A---- C:\Windows\system32\bthserv.dll
2009-09-08 23:10:14 ----A---- C:\Windows\system32\cipher.exe
2009-09-08 23:10:14 ----A---- C:\Windows\system32\ci.dll
2009-09-08 23:10:14 ----A---- C:\Windows\system32\CHxReadingStringIME.dll
2009-09-08 23:10:14 ----A---- C:\Windows\system32\chsbrkr.dll
2009-09-08 23:10:14 ----A---- C:\Windows\system32\cbsra.exe
2009-09-08 23:10:13 ----A---- C:\Windows\system32\chtbrkr.dll
2009-09-08 23:10:13 ----A---- C:\Windows\system32\certreq.exe
2009-09-08 23:10:13 ----A---- C:\Windows\system32\certprop.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msihnd.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msiexec.exe
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msi.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msftedit.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msexcl40.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msexch40.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msdtctm.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msdtcprx.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msdrm.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msctfui.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msctfp.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\MsCtfMonitor.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\msctf.dll
2009-09-08 23:10:12 ----A---- C:\Windows\system32\certutil.exe
2009-09-08 23:10:11 ----A---- C:\Windows\system32\msimsg.dll
2009-09-08 23:10:10 ----A---- C:\Windows\system32\MPSSVC.dll
2009-09-08 23:10:10 ----A---- C:\Windows\system32\mprapi.dll
2009-09-08 23:10:10 ----A---- C:\Windows\system32\mpr.dll
2009-09-08 23:10:10 ----A---- C:\Windows\system32\MMDevAPI.dll
2009-09-08 23:10:09 ----A---- C:\Windows\system32\mscories.dll
2009-09-08 23:10:09 ----A---- C:\Windows\system32\mscms.dll
2009-09-08 23:10:09 ----A---- C:\Windows\system32\mscandui.dll
2009-09-08 23:10:09 ----A---- C:\Windows\system32\modemui.dll
2009-09-08 23:10:08 ----A---- C:\Windows\system32\mscorier.dll
2009-09-08 23:10:08 ----A---- C:\Windows\system32\mscoree.dll
2009-09-08 23:10:07 ----A---- C:\Windows\system32\NetProjW.dll
2009-09-08 23:10:07 ----A---- C:\Windows\system32\netplwiz.dll
2009-09-08 23:10:07 ----A---- C:\Windows\system32\netcenter.dll
2009-09-08 23:10:07 ----A---- C:\Windows\system32\netapi32.dll
2009-09-08 23:10:07 ----A---- C:\Windows\system32\ncryptui.dll
2009-09-08 23:10:07 ----A---- C:\Windows\system32\ncrypt.dll
2009-09-08 23:10:06 ----A---- C:\Windows\system32\netlogon.dll
2009-09-08 23:10:06 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-08 23:10:06 ----A---- C:\Windows\system32\NcdProp.dll
2009-09-08 23:10:06 ----A---- C:\Windows\system32\mtxclu.dll
2009-09-08 23:10:06 ----A---- C:\Windows\system32\msxml6.dll
2009-09-08 23:10:06 ----A---- C:\Windows\system32\msxml3.dll
2009-09-08 23:10:05 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2009-09-08 23:10:04 ----A---- C:\Windows\system32\newdev.exe
2009-09-08 23:10:04 ----A---- C:\Windows\system32\newdev.dll
2009-09-08 23:10:04 ----A---- C:\Windows\system32\networkexplorer.dll
2009-09-08 23:10:04 ----A---- C:\Windows\system32\netshell.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\networkmap.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\networkitemfactory.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msscntrs.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msscb.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msrepl40.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msrd3x40.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msrd2x40.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\mspbde40.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msnetobj.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\MSMPEG2VDEC.DLL
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msltus40.dll
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msinfo32.exe
2009-09-08 23:10:03 ----A---- C:\Windows\system32\msimtf.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msxbde40.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\mswstr10.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\mswsock.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\mswdat10.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msvcp60.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msutb.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msjtes40.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msjter40.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msjint40.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msjetoledb40.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msjet40.dll
2009-09-08 23:10:02 ----A---- C:\Windows\system32\msisip.dll
2009-09-08 23:10:01 ----A---- C:\Windows\system32\MSVidCtl.dll
2009-09-08 23:10:01 ----A---- C:\Windows\system32\msvcrt.dll
2009-09-08 23:10:01 ----A---- C:\Windows\system32\mssrch.dll
2009-09-08 23:10:01 ----A---- C:\Windows\system32\mssprxy.dll
2009-09-08 23:10:01 ----A---- C:\Windows\system32\mssphtb.dll
2009-09-08 23:10:01 ----A---- C:\Windows\system32\mssph.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\mstsc.exe
2009-09-08 23:10:00 ----A---- C:\Windows\system32\mstlsapi.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\mstext40.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\mssvp.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\msstrc.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\mssitlb.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\msshsq.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\msshooks.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\msscp.dll
2009-09-08 23:10:00 ----A---- C:\Windows\system32\inetcomm.dll
2009-09-08 23:09:59 ----A---- C:\Windows\system32\InkEd.dll
2009-09-08 23:09:59 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-08 23:09:59 ----A---- C:\Windows\system32\inetppui.dll
2009-09-08 23:09:59 ----A---- C:\Windows\system32\inetpp.dll
2009-09-08 23:09:58 ----A---- C:\Windows\system32\iscsilog.dll
2009-09-08 23:09:58 ----A---- C:\Windows\system32\ipsmsnap.dll
2009-09-08 23:09:58 ----A---- C:\Windows\system32\IPSECSVC.DLL
2009-09-08 23:09:58 ----A---- C:\Windows\system32\imm32.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\ipsecsnp.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\iphlpsvc.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\IPHLPAPI.DLL
2009-09-08 23:09:57 ----A---- C:\Windows\system32\ipconfig.exe
2009-09-08 23:09:57 ----A---- C:\Windows\system32\input.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\IMJP10K.DLL
2009-09-08 23:09:57 ----A---- C:\Windows\system32\ifmon.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\icardres.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\icardagt.exe
2009-09-08 23:09:57 ----A---- C:\Windows\system32\iassvcs.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\iassdo.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\iassam.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\iasrecst.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\iasrad.dll
2009-09-08 23:09:57 ----A---- C:\Windows\system32\iaspolcy.dll
2009-09-08 23:09:56 ----A---- C:\Windows\system32\imapi2fs.dll
2009-09-08 23:09:56 ----A---- C:\Windows\system32\imapi2.dll
2009-09-08 23:09:56 ----A---- C:\Windows\system32\imapi.dll
2009-09-08 23:09:56 ----A---- C:\Windows\system32\IKEEXT.DLL
2009-09-08 23:09:54 ----A---- C:\Windows\system32\mfps.dll
2009-09-08 23:09:54 ----A---- C:\Windows\system32\mfpmp.exe
2009-09-08 23:09:54 ----A---- C:\Windows\system32\mfplat.dll
2009-09-08 23:09:54 ----A---- C:\Windows\system32\mferror.dll
2009-09-08 23:09:54 ----A---- C:\Windows\system32\mfc42u.dll
2009-09-08 23:09:54 ----A---- C:\Windows\system32\mfc42.dll
2009-09-08 23:09:54 ----A---- C:\Windows\system32\mf.dll
2009-09-08 23:09:53 ----A---- C:\Windows\system32\mimefilt.dll
2009-09-08 23:09:53 ----A---- C:\Windows\system32\milcore.dll
2009-09-08 23:09:52 ----A---- C:\Windows\system32\mmcndmgr.dll
2009-09-08 23:09:52 ----A---- C:\Windows\system32\mmcico.dll
2009-09-08 23:09:52 ----A---- C:\Windows\system32\mmci.dll
2009-09-08 23:09:52 ----A---- C:\Windows\system32\mmc.exe
2009-09-08 23:09:52 ----A---- C:\Windows\system32\midimap.dll
2009-09-08 23:09:50 ----A---- C:\Windows\system32\l2nacp.dll
2009-09-08 23:09:50 ----A---- C:\Windows\system32\korwbrkr.dll
2009-09-08 23:09:50 ----A---- C:\Windows\system32\kernel32.dll
2009-09-08 23:09:50 ----A---- C:\Windows\system32\kdusb.dll
2009-09-08 23:09:50 ----A---- C:\Windows\system32\kdcom.dll
2009-09-08 23:09:50 ----A---- C:\Windows\system32\kd1394.dll
2009-09-08 23:09:49 ----A---- C:\Windows\system32\shsetup.dll
2009-09-08 23:09:49 ----A---- C:\Windows\system32\MediaMetadataHandler.dll
2009-09-08 23:09:49 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll
2009-09-08 23:09:49 ----A---- C:\Windows\system32\mcmde.dll
2009-09-08 23:09:49 ----A---- C:\Windows\system32\mblctr.exe
2009-09-08 23:09:49 ----A---- C:\Windows\system32\Magnify.exe
2009-09-08 23:09:49 ----A---- C:\Windows\system32\logman.exe
2009-09-08 23:09:49 ----A---- C:\Windows\system32\logagent.exe
2009-09-08 23:09:48 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-09-08 23:09:48 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-09-08 23:09:48 ----A---- C:\Windows\system32\wercon.exe
2009-09-08 23:09:48 ----A---- C:\Windows\system32\wer.dll
2009-09-08 23:09:48 ----A---- C:\Windows\system32\WebClnt.dll
2009-09-08 23:09:48 ----A---- C:\Windows\system32\wdscore.dll
2009-09-08 23:09:48 ----A---- C:\Windows\system32\wdc.dll
2009-09-08 23:09:47 ----A---- C:\Windows\system32\winhttp.dll
2009-09-08 23:09:47 ----A---- C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll
2009-09-08 23:09:47 ----A---- C:\Windows\system32\whealogr.dll
2009-09-08 23:09:47 ----A---- C:\Windows\system32\wevtutil.exe
2009-09-08 23:09:47 ----A---- C:\Windows\system32\wevtsvc.dll
2009-09-08 23:09:47 ----A---- C:\Windows\system32\wevtapi.dll
2009-09-08 23:09:47 ----A---- C:\Windows\system32\wersvc.dll
2009-09-08 23:09:47 ----A---- C:\Windows\system32\WerFaultSecure.exe
2009-09-08 23:09:47 ----A---- C:\Windows\system32\WerFault.exe
2009-09-08 23:09:46 ----A---- C:\Windows\system32\win32spl.dll
2009-09-08 23:09:46 ----A---- C:\Windows\system32\wiaservc.dll
2009-09-08 23:09:46 ----A---- C:\Windows\system32\wiaaut.dll
2009-09-08 23:09:46 ----A---- C:\Windows\system32\version.dll
2009-09-08 23:09:45 ----A---- C:\Windows\system32\vds.exe
2009-09-08 23:09:45 ----A---- C:\Windows\system32\vdmdbg.dll
2009-09-08 23:09:44 ----A---- C:\Windows\system32\vdsutil.dll
2009-09-08 23:09:44 ----A---- C:\Windows\system32\vdsdyn.dll
2009-09-08 23:09:44 ----A---- C:\Windows\system32\user32.dll
2009-09-08 23:09:43 ----A---- C:\Windows\system32\wcncsvc.dll
2009-09-08 23:09:43 ----A---- C:\Windows\system32\uxsms.dll
2009-09-08 23:09:43 ----A---- C:\Windows\system32\Utilman.exe
2009-09-08 23:09:43 ----A---- C:\Windows\system32\usp10.dll
2009-09-08 23:09:43 ----A---- C:\Windows\system32\userenv.dll
2009-09-08 23:09:43 ----A---- C:\Windows\system32\usercpl.dll
2009-09-08 23:09:42 ----A---- C:\Windows\system32\wcnwiz2.dll
2009-09-08 23:09:42 ----A---- C:\Windows\system32\wcnwiz.dll
2009-09-08 23:09:42 ----A---- C:\Windows\system32\WcnNetsh.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\WSDMon.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wsdchngr.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\WSDApi.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wscsvc.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wscript.exe
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wscntfy.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wscisvif.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\WscEapPr.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wscapi.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wpcsvc.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wpccpl.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wpcao.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\wow32.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\WMVXENCD.DLL
2009-09-08 23:09:41 ----A---- C:\Windows\system32\WMVSDECD.DLL
2009-09-08 23:09:41 ----A---- C:\Windows\system32\WMVENCOD.DLL
2009-09-08 23:09:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-08 23:09:41 ----A---- C:\Windows\system32\w32time.dll
2009-09-08 23:09:41 ----A---- C:\Windows\system32\VSSVC.exe
2009-09-08 23:09:41 ----A---- C:\Windows\system32\vssapi.dll
2009-09-08 23:09:40 ----A---- C:\Windows\system32\xmlfilter.dll
2009-09-08 23:09:40 ----A---- C:\Windows\system32\wusa.exe
2009-09-08 23:09:40 ----A---- C:\Windows\system32\wshext.dll
2009-09-08 23:09:40 ----A---- C:\Windows\system32\wshbth.dll
2009-09-08 23:09:40 ----A---- C:\Windows\system32\wsepno.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\wsnmp32.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\WsmSvc.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\wlanui.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\wlanpref.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\wlanhlp.dll
2009-09-08 23:09:39 ----A---- C:\Windows\system32\wisptis.exe
2009-09-08 23:09:38 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\wlgpclnt.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\Wldap32.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\wlangpui.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\winsrv.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\WinSCard.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\WinSAT.exe
2009-09-08 23:09:38 ----A---- C:\Windows\system32\winrnr.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\winresume.exe
2009-09-08 23:09:38 ----A---- C:\Windows\system32\winmm.dll
2009-09-08 23:09:38 ----A---- C:\Windows\system32\winlogon.exe
2009-09-08 23:09:38 ----A---- C:\Windows\system32\winload.exe
2009-09-08 23:09:37 ----A---- C:\Windows\system32\wmpmde.dll
2009-09-08 23:09:37 ----A---- C:\Windows\system32\WMPhoto.dll
2009-09-08 23:09:37 ----A---- C:\Windows\system32\wmpeffects.dll
2009-09-08 23:09:27 ----A---- C:\Windows\system32\wmicmiplugin.dll
2009-09-08 23:09:27 ----A---- C:\Windows\system32\wmdrmsdk.dll
2009-09-08 23:09:27 ----A---- C:\Windows\system32\Storprop.dll
2009-09-08 23:09:23 ----A---- C:\Windows\system32\stobject.dll
2009-09-08 23:09:22 ----A---- C:\Windows\system32\sud.dll
2009-09-08 23:09:20 ----A---- C:\Windows\system32\srcore.dll
2009-09-08 23:09:19 ----A---- C:\Windows\system32\srchadmin.dll
2009-09-08 23:09:18 ----A---- C:\Windows\system32\srvsvc.dll
2009-09-08 23:09:02 ----A---- C:\Windows\system32\sysmain.dll
2009-09-08 23:09:01 ----A---- C:\Windows\system32\sysclass.dll
2009-09-08 23:09:01 ----A---- C:\Windows\system32\swprv.dll
2009-09-08 23:08:59 ----A---- C:\Windows\system32\SyncCenter.dll
2009-09-08 23:08:56 ----A---- C:\Windows\system32\smss.exe
2009-09-08 23:08:56 ----A---- C:\Windows\system32\SMBHelperClass.dll
2009-09-08 23:08:56 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll

Ic3Ang3l · 10.09.2009, 00:04

Und der 3. Teil vom Log. Es tut mir wirklich leid, dass es so wahnsinnig lang ist!!

2009-09-08 23:08:56 ----A---- C:\Windows\system32\slwmi.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\spp.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\spoolsv.exe
2009-09-08 23:08:55 ----A---- C:\Windows\system32\spoolss.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\spinstall.exe
2009-09-08 23:08:55 ----A---- C:\Windows\system32\spcmsg.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SmiEngine.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\slwga.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SLUINotify.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SLUI.exe
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SLsvc.exe
2009-09-08 23:08:55 ----A---- C:\Windows\system32\slmgr.vbs
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SLLUA.exe
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SLCommDlg.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\slcinst.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SLCExt.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\slcc.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\SLC.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\shwebsvc.dll
2009-09-08 23:08:55 ----A---- C:\Windows\system32\shsvcs.dll
2009-09-08 23:08:36 ----A---- C:\Windows\system32\sqlsrv32.dll
2009-09-08 23:08:36 ----A---- C:\Windows\system32\spwizui.dll
2009-09-08 23:08:36 ----A---- C:\Windows\system32\spwinsat.dll
2009-09-08 23:08:36 ----A---- C:\Windows\system32\spreview.exe
2009-09-08 23:08:36 ----A---- C:\Windows\system32\sperror.dll
2009-09-08 23:08:36 ----A---- C:\Windows\system32\softkbd.dll
2009-09-08 23:08:36 ----A---- C:\Windows\system32\SnippingTool.exe
2009-09-08 23:08:36 ----A---- C:\Windows\system32\SndVol.exe
2009-09-08 23:08:35 ----A---- C:\Windows\system32\TsWpfWrp.exe
2009-09-08 23:08:35 ----A---- C:\Windows\system32\TSTheme.exe
2009-09-08 23:08:35 ----A---- C:\Windows\system32\tscupgrd.exe
2009-09-08 23:08:34 ----A---- C:\Windows\system32\zipfldr.dll
2009-09-08 23:08:34 ----A---- C:\Windows\system32\untfs.dll
2009-09-08 23:08:32 ----A---- C:\Windows\system32\uDWM.dll
2009-09-08 23:08:31 ----A---- C:\Windows\system32\umpnpmgr.dll
2009-09-08 23:08:31 ----A---- C:\Windows\system32\ulib.dll
2009-09-08 23:08:31 ----A---- C:\Windows\system32\systemcpl.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\tsbyuv.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\tquery.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\themeui.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\thawbrkr.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\termsrv.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\tcpmon.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\taskeng.exe
2009-09-08 23:08:29 ----A---- C:\Windows\system32\taskcomp.dll
2009-09-08 23:08:29 ----A---- C:\Windows\system32\tapisrv.dll
2009-09-08 23:08:28 ----A---- C:\Windows\system32\themecpl.dll
2009-09-08 23:06:35 ----D---- C:\Windows\system32\EventProviders
2009-09-08 18:05:58 ----A---- C:\Windows\system32\ShellManager310E2D762.dll
2009-09-08 12:31:12 ----D---- C:\e69b9f67f839c12537d69cd2e024b3
2009-09-03 20:07:10 ----A---- C:\Windows\system32\xfcodec.dll
2009-09-03 10:44:13 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-03 10:44:12 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-29 17:40:48 ----D---- C:\Program Files\KalOnlineEng
2009-08-29 17:40:48 ----A---- C:\Windows\system32\MFC71.dll
2009-08-29 12:45:58 ----D---- C:\Program Files\TuneUpMedia
2009-08-29 12:45:46 ----D---- C:\Users\Raimund\AppData\Roaming\TuneUpMedia
2009-08-29 12:45:43 ----D---- C:\ProgramData\TuneUpMedia
2009-08-26 10:51:44 ----A---- C:\Windows\system32\tzres.dll
2009-08-26 09:53:02 ----D---- C:\Program Files\A Vampyre Story
2009-08-26 09:45:06 ----A---- C:\Windows\system32\gameux.dll
2009-08-21 10:08:37 ----D---- C:\Windows\system32\AGEIA
2009-08-21 10:08:36 ----D---- C:\Program Files\AGEIA Technologies
2009-08-21 10:08:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-21 10:05:56 ----D---- C:\NVIDIA
2009-08-20 23:15:33 ----D---- C:\Program Files\EA GAMES
2009-08-20 17:45:26 ----D---- C:\ProgramData\Blizzard Entertainment
2009-08-16 20:09:19 ----D---- C:\ProgramData\Electronic Arts
2009-08-16 20:04:44 ----D---- C:\Program Files\Microsoft WSE
2009-08-15 23:27:19 ----D---- C:\Program Files\Teamspeak2_RC2
2009-08-15 19:20:02 ----D---- C:\Program Files\CSE Demoplayer
2009-08-13 15:55:08 ----A---- C:\Windows\system32\occache.dll
2009-08-13 15:55:08 ----A---- C:\Windows\system32\jsproxy.dll
2009-08-13 15:55:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-08-13 15:55:07 ----A---- C:\Windows\system32\msfeeds.dll
2009-08-13 15:55:07 ----A---- C:\Windows\system32\iepeers.dll
2009-08-13 15:55:06 ----A---- C:\Windows\system32\wininet.dll
2009-08-13 15:55:06 ----A---- C:\Windows\system32\ieui.dll
2009-08-13 15:55:06 ----A---- C:\Windows\system32\iesetup.dll
2009-08-13 15:55:06 ----A---- C:\Windows\system32\iernonce.dll
2009-08-13 15:55:05 ----A---- C:\Windows\system32\urlmon.dll
2009-08-13 15:55:05 ----A---- C:\Windows\system32\msfeedssync.exe
2009-08-13 15:55:05 ----A---- C:\Windows\system32\ieUnatt.exe
2009-08-13 15:55:05 ----A---- C:\Windows\system32\iesysprep.dll
2009-08-13 15:55:05 ----A---- C:\Windows\system32\iertutil.dll
2009-08-13 15:55:05 ----A---- C:\Windows\system32\iedkcs32.dll
2009-08-13 15:55:05 ----A---- C:\Windows\system32\ie4uinit.exe
2009-08-13 15:55:03 ----A---- C:\Windows\system32\mshtml.dll
2009-08-13 15:55:03 ----A---- C:\Windows\system32\ieframe.dll
2009-08-13 15:53:38 ----A---- C:\Windows\system32\mshtmled.dll
2009-08-13 15:53:37 ----A---- C:\Windows\system32\msls31.dll
2009-08-13 15:53:37 ----A---- C:\Windows\system32\mshtmler.dll
2009-08-13 15:53:37 ----A---- C:\Windows\system32\icardie.dll
2009-08-13 15:53:37 ----A---- C:\Windows\system32\admparse.dll
2009-08-13 15:53:36 ----A---- C:\Windows\system32\imgutil.dll
2009-08-13 15:53:36 ----A---- C:\Windows\system32\ieakeng.dll
2009-08-13 15:53:36 ----A---- C:\Windows\system32\dxtrans.dll
2009-08-13 15:53:36 ----A---- C:\Windows\system32\dxtmsft.dll
2009-08-13 15:53:36 ----A---- C:\Windows\system32\corpol.dll
2009-08-13 15:53:35 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-08-13 15:53:35 ----A---- C:\Windows\system32\wextract.exe
2009-08-13 15:53:35 ----A---- C:\Windows\system32\webcheck.dll
2009-08-13 15:53:35 ----A---- C:\Windows\system32\mstime.dll
2009-08-13 15:53:35 ----A---- C:\Windows\system32\msrating.dll
2009-08-13 15:53:35 ----A---- C:\Windows\system32\licmgr10.dll
2009-08-13 15:53:35 ----A---- C:\Windows\system32\inseng.dll
2009-08-13 15:53:35 ----A---- C:\Windows\system32\ieakui.dll
2009-08-13 15:53:35 ----A---- C:\Windows\system32\ieaksie.dll
2009-08-13 15:53:34 ----A---- C:\Windows\system32\vbscript.dll
2009-08-13 15:53:34 ----A---- C:\Windows\system32\pngfilt.dll
2009-08-13 15:53:34 ----A---- C:\Windows\system32\ieapfltr.dll
2009-08-13 15:53:34 ----A---- C:\Windows\system32\advpack.dll
2009-08-13 15:53:33 ----A---- C:\Windows\system32\url.dll
2009-08-13 15:53:33 ----A---- C:\Windows\system32\jscript.dll
2009-08-13 15:53:32 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-08-13 15:53:32 ----A---- C:\Windows\system32\SetDepNx.exe
2009-08-13 15:53:32 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-08-13 15:53:32 ----A---- C:\Windows\system32\PDMSetup.exe
2009-08-13 15:53:32 ----A---- C:\Windows\system32\mshta.exe
2009-08-13 15:53:32 ----A---- C:\Windows\system32\iexpress.exe
2009-08-13 15:51:07 ----A---- C:\Windows\system32\wdigest.dll
2009-08-13 15:51:07 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-13 15:51:07 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-13 15:51:07 ----A---- C:\Windows\system32\kerberos.dll
2009-08-13 15:51:06 ----A---- C:\Windows\system32\secur32.dll
2009-08-13 15:51:06 ----A---- C:\Windows\system32\schannel.dll
2009-08-13 15:51:06 ----A---- C:\Windows\system32\lsass.exe
2009-08-13 12:55:49 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 12:55:47 ----A---- C:\Windows\system32\atl.dll
2009-08-13 12:55:44 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 12:55:44 ----A---- C:\Windows\system32\aaclient.dll
2009-08-13 12:55:43 ----A---- C:\Windows\system32\tsgqec.dll
2009-08-13 12:55:39 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 12:55:34 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 12:55:30 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 12:55:28 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 12:55:28 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 12:55:27 ----A---- C:\Windows\system32\wmploc.DLL

======List of files/folders modified in the last 1 months======

2009-09-10 00:27:36 ----D---- C:\Windows\Temp
2009-09-10 00:10:26 ----SHD---- C:\System Volume Information
2009-09-10 00:08:38 ----D---- C:\Users\Raimund\AppData\Roaming\Xfire
2009-09-10 00:05:24 ----D---- C:\Users\Raimund\AppData\Roaming\Nero
2009-09-09 23:40:22 ----SHD---- C:\Windows\Installer
2009-09-09 23:39:57 ----D---- C:\Program Files\Common Files\Nero
2009-09-09 23:38:56 ----D---- C:\Windows
2009-09-09 23:38:09 ----D---- C:\Program Files\Nero
2009-09-09 23:28:39 ----D---- C:\ProgramData\Nero
2009-09-09 23:24:54 ----D---- C:\Windows\SoftwareDistribution
2009-09-09 23:24:31 ----D---- C:\Program Files\Common Files
2009-09-09 23:23:16 ----D---- C:\Windows\System32
2009-09-09 23:02:40 ----D---- C:\Users\Raimund\AppData\Roaming\Skype
2009-09-09 23:00:30 ----D---- C:\Windows\inf
2009-09-09 23:00:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-09 22:28:24 ----D---- C:\Users\Raimund\AppData\Roaming\skypePM
2009-09-09 20:48:31 ----D---- C:\ProgramData\Xfire
2009-09-09 20:46:33 ----RSHD---- C:\ProgramData\SPSS
2009-09-09 18:45:45 ----D---- C:\Windows\Minidump
2009-09-09 18:45:45 ----D---- C:\Windows\Debug
2009-09-09 18:43:08 ----D---- C:\Program Files
2009-09-09 18:39:53 ----D---- C:\Program Files\Xfire
2009-09-09 18:21:00 ----D---- C:\Windows\system32\drivers
2009-09-09 17:08:42 ----HD---- C:\ProgramData
2009-09-09 17:02:33 ----SD---- C:\Windows\Downloaded Program Files
2009-09-09 13:00:15 ----D---- C:\Windows\system32\catroot2
2009-09-09 12:52:36 ----D---- C:\Program Files\BearShare
2009-09-09 11:53:10 ----D---- C:\Program Files\Java
2009-09-09 11:36:13 ----D---- C:\Windows\system32\catroot
2009-09-09 11:36:09 ----D---- C:\Windows\winsxs
2009-09-09 11:21:48 ----D---- C:\ProgramData\Lavasoft
2009-09-09 11:21:48 ----D---- C:\Program Files\Lavasoft
2009-09-09 11:21:35 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-09 00:19:32 ----D---- C:\Windows\rescache
2009-09-09 00:19:23 ----RD---- C:\Users
2009-09-08 23:52:58 ----D---- C:\Windows\Microsoft.NET
2009-09-08 23:52:55 ----RSD---- C:\Windows\assembly
2009-09-08 23:50:38 ----D---- C:\ProgramData\NVIDIA
2009-09-08 23:48:22 ----SHD---- C:\boot
2009-09-08 23:38:56 ----D---- C:\Program Files\Windows Mail
2009-09-08 23:38:56 ----D---- C:\Program Files\Windows Calendar
2009-09-08 23:38:56 ----D---- C:\Program Files\Movie Maker
2009-09-08 23:38:54 ----D---- C:\Program Files\Windows Sidebar
2009-09-08 23:38:54 ----D---- C:\Program Files\Windows Media Player
2009-09-08 23:38:54 ----D---- C:\Program Files\Windows Collaboration
2009-09-08 23:38:54 ----D---- C:\Program Files\Internet Explorer
2009-09-08 23:38:53 ----D---- C:\Program Files\Windows Journal
2009-09-08 23:38:52 ----D---- C:\Program Files\Windows Photo Gallery
2009-09-08 23:38:52 ----D---- C:\Program Files\Common Files\System
2009-09-08 23:38:48 ----D---- C:\Windows\servicing
2009-09-08 23:38:48 ----D---- C:\Windows\ehome
2009-09-08 23:38:48 ----D---- C:\Program Files\Windows Defender
2009-09-08 23:38:32 ----D---- C:\Windows\IME
2009-09-08 23:38:31 ----D---- C:\Windows\system32\XPSViewer
2009-09-08 23:38:31 ----D---- C:\Windows\system32\sk-SK
2009-09-08 23:38:31 ----D---- C:\Windows\system32\lv-LV
2009-09-08 23:38:31 ----D---- C:\Windows\system32\ko-KR
2009-09-08 23:38:31 ----D---- C:\Windows\system32\hr-HR
2009-09-08 23:38:31 ----D---- C:\Windows\system32\et-EE
2009-09-08 23:38:31 ----D---- C:\Windows\system32\en-US
2009-09-08 23:38:31 ----D---- C:\Windows\system32\da-DK
2009-09-08 23:38:29 ----D---- C:\Windows\system32\de-DE
2009-09-08 23:38:28 ----D---- C:\Windows\system32\oobe
2009-09-08 23:38:28 ----D---- C:\Windows\system32\migration
2009-09-08 23:38:28 ----D---- C:\Windows\system32\it-IT
2009-09-08 23:38:28 ----D---- C:\Windows\system32\el-GR
2009-09-08 23:38:25 ----D---- C:\Windows\system32\sv-SE
2009-09-08 23:38:25 ----D---- C:\Windows\system32\SLUI
2009-09-08 23:38:25 ----D---- C:\Windows\system32\setup
2009-09-08 23:38:25 ----D---- C:\Windows\system32\ru-RU
2009-09-08 23:38:25 ----D---- C:\Windows\system32\pt-PT
2009-09-08 23:38:25 ----D---- C:\Windows\system32\hu-HU
2009-09-08 23:38:25 ----D---- C:\Windows\system32\he-IL
2009-09-08 23:38:25 ----D---- C:\Windows\system32\fr-FR
2009-09-08 23:38:25 ----D---- C:\Windows\system32\fi-FI
2009-09-08 23:38:25 ----D---- C:\Windows\system32\cs-CZ
2009-09-08 23:38:25 ----D---- C:\Windows\system32\AdvancedInstallers
2009-09-08 23:38:24 ----D---- C:\Windows\system32\zh-TW
2009-09-08 23:38:24 ----D---- C:\Windows\system32\zh-CN
2009-09-08 23:38:24 ----D---- C:\Windows\system32\uk-UA
2009-09-08 23:38:24 ----D---- C:\Windows\system32\sr-Latn-CS
2009-09-08 23:38:24 ----D---- C:\Windows\system32\sl-SI
2009-09-08 23:38:24 ----D---- C:\Windows\system32\ro-RO
2009-09-08 23:38:24 ----D---- C:\Windows\system32\pl-PL
2009-09-08 23:38:24 ----D---- C:\Windows\system32\manifeststore
2009-09-08 23:38:24 ----D---- C:\Windows\system32\ja-JP
2009-09-08 23:38:24 ----D---- C:\Windows\system32\es-ES
2009-09-08 23:38:24 ----D---- C:\Windows\system32\bg-BG
2009-09-08 23:38:23 ----D---- C:\Windows\system32\tr-TR
2009-09-08 23:38:23 ----D---- C:\Windows\system32\th-TH
2009-09-08 23:38:22 ----D---- C:\Windows\system32\wbem
2009-09-08 23:38:22 ----D---- C:\Windows\system32\nl-NL
2009-09-08 23:38:22 ----D---- C:\Windows\system32\nb-NO
2009-09-08 23:38:22 ----D---- C:\Windows\system32\lt-LT
2009-09-08 23:38:22 ----D---- C:\Windows\system32\ar-SA
2009-09-08 23:38:21 ----D---- C:\Windows\system32\pt-BR
2009-09-08 23:38:21 ----D---- C:\Windows\system32\migwiz
2009-09-08 23:38:01 ----RSD---- C:\Windows\Fonts
2009-09-08 23:38:01 ----D---- C:\Windows\AppPatch
2009-09-08 23:37:53 ----D---- C:\Windows\system32\Boot
2009-09-08 23:31:33 ----D---- C:\Windows\WindowsMobile
2009-09-08 21:57:37 ----AD---- C:\ProgramData\TEMP
2009-09-08 19:56:35 ----SHD---- C:\$Recycle.bin
2009-09-08 18:07:18 ----A---- C:\Windows\system32\MsiExec.exe.log
2009-09-08 12:23:50 ----D---- C:\Windows\Prefetch
2009-09-08 12:10:33 ----D---- C:\Program Files\Common Files\Steam
2009-09-07 23:51:23 ----D---- C:\Program Files\Mozilla Firefox
2009-09-07 22:31:18 ----SD---- C:\ProgramData\Microsoft
2009-08-31 13:25:42 ----D---- C:\Users\Raimund\AppData\Roaming\Azureus
2009-08-29 12:46:17 ----D---- C:\Program Files\iTunes
2009-08-29 12:45:13 ----D---- C:\Program Files\Azureus
2009-08-25 16:11:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-23 15:49:17 ----D---- C:\Program Files\SlySoft
2009-08-23 15:47:21 ----D---- C:\Windows\system32\Tasks
2009-08-23 15:47:07 ----D---- C:\Program Files\Elaborate Bytes
2009-08-21 10:51:25 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-08-20 22:50:04 ----D---- C:\Users\Raimund\AppData\Roaming\DAEMON Tools Pro
2009-08-18 19:55:23 ----D---- C:\Program Files\Electronic Arts
2009-08-13 16:42:17 ----D---- C:\Windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [2008-05-24 73728]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-10 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-08-05 55656]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-10 25888]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-10 176640]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-07 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-05-27 9850240]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-09-15 191408]
R3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-10 15872]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\system32\DRIVERS\AF15BDA.sys [2009-07-29 306816]
S3 ajkv2zsw;ajkv2zsw; C:\Windows\system32\drivers\ajkv2zsw.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvcALG;Anwendungserfahrung AeLookupSvcALG; C:\Windows\TEMP\xnddvlcswi.exe [2009-09-07 32256]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-02 135168]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-05-15 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-05-27 211488]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2008-06-02 504104]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-05 316664]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe []
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-13 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

Ic3Ang3l · 10.09.2009, 00:06

Hier der erste Teil von der Info von RSIT

info.txt logfile of random's system information tool 1.06 2009-09-10 00:27:48

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
A Vampyre Story-->"C:\Program Files\A Vampyre Story\uninst.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 8.1.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
ANNO 1404-->"C:\Program Files\InstallShield Installation Information\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}\setup.exe" -runfromtemp -l0x0007 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft TotalMedia 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF68083C-E11E-4A91-B54B-CD72AB5A0CF5}\Setup.exe" -l0x7
ArtMoney SE v7.31-->"C:\Program Files\ArtMoney\Uninstall\unins000.exe"
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x7 -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneDVD2OEM-->"C:\Program Files\Elaborate Bytes\CloneDVD2OEM\CloneDVD2OEM-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2OEM"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
CSE Demoplayer-->MsiExec.exe /I{75C9CA43-7677-4F89-A971-1104A94DF0F2}
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Die Sims™ Lebensgeschichten-->MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DolbyFiles-->MsiExec.exe /X{b1adf008-e898-4fe2-8a1f-690d9a06acaf}
ElsterFormular 2007/2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe" -l0x7 -removeonly
ElsterFormular 2008/2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}\setup.exe" -l0x7 -removeonly
ESU for Microsoft Vista-->MsiExec.exe /I{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}
F.E.A.R. 2: Project Origin-->"C:\Program Files\Steam\steam.exe" steam://uninstall/16450
FIFA 09-->MsiExec.exe /X{2315B23D-3E21-4920-837D-AE6460934ECB}
Free Video to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube Download 2.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
FUSSBALL MANAGER 07-->C:\Program Files\EA SPORTS\FUSSBALL MANAGER 07\EAUninstall.exe
FUSSBALL MANAGER 09-->C:\Program Files\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
KalOnlineEng-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D7F824B-6744-4C30-B78B-0966E9BD461D}\Setup.exe" -l0x9
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
LightScribe System Software-->MsiExec.exe /X{82EF29B1-9B60-4142-A155-0599216DD053}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly
Menu Templates - Starter Kit-->MsiExec.exe /X{b78120a0-cf84-4366-a393-4d0a59bc546c}
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Movie Templates - Starter Kit-->MsiExec.exe /X{e498385e-1c51-459a-b45f-1721e37aa1a0}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-2085-KK25-2LEE-0UHL-8MPA-6H4U-EHAL"
Nero BurnRights-->MsiExec.exe /X{7829db6f-a066-4e40-8912-cb07887c20bb}
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero CoverDesigner-->MsiExec.exe /X{62ac81f6-bdd3-4110-9d36-3e9eaab40999}
Nero Disc Copy Gadget-->MsiExec.exe /X{f1861f30-3419-44db-b2a1-c274825698b3}
Nero DiscSpeed-->MsiExec.exe /X{869200db-287a-4dc0-b02b-2b6787fbcd4c}
Nero DriveSpeed-->MsiExec.exe /X{33cf58f5-48d8-4575-83d6-96f574e4d83a}
Nero InfoTool-->MsiExec.exe /X{fbcdfd61-7dcf-4e71-9226-873ba0053139}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Live-->MsiExec.exe /X{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}
Nero PhotoSnap-->MsiExec.exe /X{9e82b934-9a25-445b-b8df-8012808074ac}
Nero Recode-->MsiExec.exe /X{359cfc0a-beb1-440d-95ba-cf63a86da34f}
Nero Rescue Agent-->MsiExec.exe /X{368ba326-73ad-4351-84ed-3c0a7a52cc53}
Nero ShowTime-->MsiExec.exe /X{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
Nero Vision-->MsiExec.exe /X{43e39830-1826-415d-8bae-86845787b54b}
Nero WaveEditor-->MsiExec.exe /X{a209525b-3377-43f4-b886-32f6b6e7356f}
NeroBurningROM-->MsiExec.exe /X{d025a639-b9c9-417d-8531-208859000af8}
NeroExpress-->MsiExec.exe /X{595a3116-40bb-4e0f-a2e8-d7951da56270}
NeroLiveGadget-->MsiExec.exe /X{9e9fdde6-2c26-492a-85a0-05646b3f2795}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetObjects Fusion Essentials-->C:\Windows\IsUn0407.exe -f"C:\Program Files\NetObjects\NetObjects Fusion Essentials\Uninst.isu" -c"C:\Program Files\NetObjects\NetObjects Fusion Essentials\uninst.dll"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundTrax-->MsiExec.exe /X{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TuneUp Companion 1.5.5-->C:\Program Files\TuneUpMedia\Uninstall.exe
UltraISO Premium V9.2-->"C:\Program Files\UltraISO\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Azureus\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}
Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Mobile-Ressourcen-->C:\Program Files\Windows Mobile-Ressourcen\Windows Mobile Device Handbook\Bin\DHUninstall.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) [2009-09-09]
R3 - URLSearchHook: (no name) - - (no file) [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingD3577] cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt" [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingD3439] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt" [2009-09-09]
O4 - HKLM\..\RunOnce: [SpybotDeletingA3273] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt" [2009-09-09]
O4 - HKLM\..\RunOnce: [SpybotDeletingC8009] cmd.exe /c del "C:\Program Files\BearShare\Logs\hosts-state.txt" [2009-09-09]
O4 - HKLM\..\RunOnce: [SpybotDeletingC9012] cmd.exe /c del "C:\Program Files\BearShare\Logs\streams.txt" [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingD6097] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt" [2009-09-09]
O4 - HKLM\..\RunOnce: [SpybotDeletingA8626] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt" [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingB4584] command.com /c del "C:\Program Files\BearShare\Logs\ordinal.txt" [2009-09-09]
O4 - HKLM\..\RunOnce: [SpybotDeletingA4254] command.com /c del "C:\Program Files\BearShare\Logs\streams.txt" [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingB2998] command.com /c del "C:\Program Files\BearShare\Logs\streams.txt" [2009-09-09]
O4 - HKLM\..\RunOnce: [SpybotDeletingC7906] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt" [2009-09-09]
O4 - HKLM\..\RunOnce: [SpybotDeletingC3027] cmd.exe /c del "C:\Program Files\BearShare\Logs\ordinal.txt" [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingB6419] command.com /c del "C:\Program Files\BearShare\Logs\memory.txt" [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingD4345] cmd.exe /c del "C:\Program Files\BearShare\Logs\memory.txt" [2009-09-09]
O4 - HKCU\..\RunOnce: [SpybotDeletingB9564] command.com /c del "C:\Program Files\BearShare\Logs\hosts-state.txt" [2009-09-09]

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Windows-Defender (disabled) (outdated)

Ic3Ang3l · 10.09.2009, 00:08

Und der zweite Teil von der Info von RSIT

======System event log======

Computer Name: XXX
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB969897(Security Update) in den Status Wird bereitgestellt(Staging).
Record Number: 112097
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611070451.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB969897(Security Update) in den Status Wird bereitgestellt(Staging).
Record Number: 112096
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611070451.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB969897(Security Update) in den Status Wird bereitgestellt(Staging).
Record Number: 112095
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611070451.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB969897(Security Update) in den Status Wird bereitgestellt(Staging).
Record Number: 112094
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611070451.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: XXX
Event Code: 4372
Message: Windows-Wartung setzt das Paket KB969897(Security Update) in den Status Wird bereitgestellt(Staging).
Record Number: 112093
Source Name: Microsoft-Windows-Servicing
Time Written: 20090611070451.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: XXX
Event Code: 3
Message:
Record Number: 25709
Source Name: Adobe Version Cue CS3
Time Written: 20080719110912.000000-000
Event Type: Fehler
User:

Computer Name: XXX
Event Code: 3
Message:
Record Number: 25708
Source Name: Adobe Version Cue CS3
Time Written: 20080719110912.000000-000
Event Type: Fehler
User:

Computer Name: XXX
Event Code: 3
Message:
Record Number: 25707
Source Name: Adobe Version Cue CS3
Time Written: 20080719110912.000000-000
Event Type: Fehler
User:

Computer Name: XXX
Event Code: 3
Message:
Record Number: 25706
Source Name: Adobe Version Cue CS3
Time Written: 20080719110912.000000-000
Event Type: Fehler
User:

Computer Name: XXX
Event Code: 3
Message:
Record Number: 25705
Source Name: Adobe Version Cue CS3
Time Written: 20080719110912.000000-000
Event Type: Fehler
User:

=====Security event log=====

Computer Name: XXX
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 14814
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008121636.864798-000
Event Type: Überwachung gescheitert
User:

Computer Name: XXX
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 14813
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008121636.864798-000
Event Type: Überwachung gescheitert
User:

Computer Name: XXX
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 14812
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008121634.928798-000
Event Type: Überwachung gescheitert
User:

Computer Name: XXX
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 14811
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008121223.052798-000
Event Type: Überwachung gescheitert
User:

Computer Name: XXX
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7

Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 14810
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081008120155.725798-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online-Dienste
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

Und ich kann es nur wiederholen, es tut mir so wahnsinnig leid, dass es so unendlich lang ist...

Ic3Ang3l · 10.09.2009, 00:24

Habe den CCleaner wie beschrieben verwendet, und es hat eigentlich alles gelöscht, bis auf die eine Sache. Hab es inzwischen X Mal versucht, aber dieses eine geht nicht weg.
Soll ich es einfach ignorieren?

Danke im Voraus!

Directupload.net - Dqn3lm9jr.jpg

john.doe · 10.09.2009, 15:24

Zitat:

Soll ich es einfach ignorieren?

Ja, der gehört zu Avira und darf bleiben.

ciao, andreas

Ic3Ang3l · 10.09.2009, 21:26

Ok, ich werde es mir für das nächste Mal merken.
Leider kamen seit gestern immer andere, neue Viren-Warnungen und ich habe mich heute doch schweren Herzen dazu entschlossen zu formatieren.

Andreas, trotzdem vielen vielen Dank für die Mühe!!

john.doe · 10.09.2009, 21:32

Ist doch nicht schlimm. Du bist entlassen.

ciao, andreas

HEUR/crypted in C:\Windows\Temp\rundll32.dll

Log-Analyse und Auswertung: HEUR/crypted in C:\Windows\Temp\rundll32.dll