Hallo Zusammen
Dies ist mein erster Beitrag hier und ich würd mich über Eure Meinung/Hilfe freuen. Falls ich etwas falsch gepostet habe, oder relevante Informationen vergessen habe, schreibt das bitte, und ich werde sie nachliefern.
Die Geschichte
Ich habe seit ca. einem halben Jahr das Problem, dass diverse Spiele (WoW, Tropico 3, CnC RA3 usw.) mitten im Spielbetrieb abstürzen. Dabei erschienen neben den Windows-Problemberichtfenstern auch immer wieder Bluescreens. Einmal mit IRQL NOT LESS OR EQUAL, dann wieder mit ACCESS VIOLATION usw. Eines meiner grössten Probleme dabei ist, dass es sich nicht immer um den selben Fehler handelt sondern sich diese scheinbar zufällig abwechseln.
In den letzten paar Tagen habe ich mich mal wieder ziemlich aufgeregt, da ich gerne ma ne Runde Tropico 3 gezockt hätte. Dies lief aber je länger je schlechter:
- zuerst liess es sich noch um die 2-10 min spielen
- danach stürzte es beim laden ab mit dem Fehlerverweis auf eine "granny2.dll"
-zuletzt liess es sich nicht mehr starten mit einem Fehlerverweis auf die .exe selbst (ich habe unten das crash-log aus dem game eingefügt)
Ich habe an einen Hardwaredefekt gedacht und ein bisschen getestet:
Grafikkarte:
- 3d mark ausgeführt, keine probleme
- gegen eine sicher funktionierende ausgetauscht
Soundkarte:
- Im Gerätemanager deaktiviert
CPU
- Mit prime95 ausgelastet
RAM
- memtest86
- 2 der 4 Riegel ausgebaut
Alle diese Aktionen haben nix gebracht, das Problem besteht weiterhin
Auf den Virusverdacht hin, habe ich das gesamte System mit Avira Antivir gescannt, dann mit Spybot, und auf Rootkits mit Sophos Anti-Rootkit alles erfolglos...
Dann habe ich Windows mal neu aufgesetzt. Das Ergebnis war überraschend:
Ich geb die Ereignisse mal chronologisch wieder:
GESTERN
-Windows neu aufgesetzt
-Treiber installiert
-Virenschutz installiert
-Tropico 3 als Testspiel installiert
-Tropico 3 gestartet: lief 1 Stunde problemlos, danach habe ICH es beendet
HEUTE
-Netzwerkkabel angeschlossen
-Tropico 3 gestartet lief ca. 20min, dann Fehler: Access Violation verweis auf "granny2.dll"
-Tropico 3 neu gestartet lief ca 5 minuten; dann derselbe Fehler
-Tropico 3 neu gestartet stürzt nach laden eines Savegames ab mit dem unten angezeigten log
-Alle weiteren Versuche laufen aufs Selbe hinaus.
-Spiel diverse Male neu installiert, dazwischen
CCleaner laufen lassen, läuft aufs Selbe hinaus...
Hat jmd. n Plan an was das liegen könnte? wäre um Hilfe sehr dankbar!
Mein Sys:
- Motherboard:
Penryn1600SLI-110dB
- CPU Full Name:
Intel(R) Core(TM)2 Duo CPU E8400 @
3.00GHz
- Ram:
4x Kingston DDR2 800 1024 MB
- Audiokarte:
M-Audio Delta Audiophile 2496
- Netzwerkkarte:
LevelOne 32/64-Bit Gigabit Ethernet Adapter
Crashlog aus dem Game: PHP-Code:
crash infos:
*** executable info
Name: C:\Programme\Kalypso\Tropico 3\tropico3.exe
Timestamp: 4af1bb8e
Date: Wed Nov 04 18:36:14 200
*** hardware info
CPU Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
CPU count 2
Phys. Memory 2048 MBytes
Memory In Use 13%
Disk Free 3884 MBytes
*** OS info
Windows XP
Version 5.1.2600 Service Pack 3
MyDocs folder: C:\Dokumente und Einstellungen\ORiol\Eigene Dateien
AppData folder: C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten
*** Debug::Init()
Time 3937671 milliseconds
Language: German
Boot::Mount Localization Data: 17.87000 ms
bootInit_FileSystems: 85.74000 ms
Version: 1.09.339
nvapi initialized successfully!
[Console Error] AutoRenderConfig - matching GPU: NVIDIA GeForce 9800 GTX/9800 GTX+
[Console Error] matched: geforce.+9800
[Console Error] level: High
[Console Error] AutoRenderConfig - GPU class: High
*** Engine info
Sizes:
GameObject: 72
GameObjectEx: 216
IRenderObj: 176
IRenderOp: 560
GameRenderObj: 460
RenderDevice :: Init
fullscreen video mode: 1680 x 1050 @ 0Hz
video hardware: 10de,0612 (NVIDIA GeForce 9800 GTX/9800 GTX+)
approx video memory: 499MB
approx texture memory: 994MB
Engine::Init::InitRenderDevice: 58.23000 ms
Engine::Init::Terminal & Device: 73.74000 ms
DTM Reset slots:
2048 - 22
1024 - 40
512 - 110
256 - 220
Engine::Init::TextureManager: 79.74000 ms
Engine::Init::Shaders: 17.69000 ms
Engine::Init::GeomBuffers: 0.46000 ms
Engine::Init::Entities: 0.01000 ms[*] Shadowmap initialization...
64 x 64
NV 16-bit depth texture, NULL color texture
Engine::Init::Shadowmap: 0.39000 ms
Engine::Init::UIL: 41.04000 ms
Engine :: Init: 213.15999 ms
bootInit_RegisterScriptFuncitons: 593.83002 ms
bootInit: 764.90997 ms
boot_start start: 797
InitPreload: 2.72000 ms
Rebuilding UIL cache
boot_start packs mounted: 907
EntitiesOp: 116.40000 ms
LuaAutorunOp started
[Console Error] Building "Substation" doesnt have entrance waypoints
[Console Error] ERROR: Door.InitStates: Cant find state Openingr for entity GuardPostBarrier
[Console Error] ERROR: Door.InitStates: Cant find state Closedr for entity GuardPostBarrier
LuaAutoRun: 268.09999 ms
LuaAutorunOp ended
Engine :: PostInit: 18.24000 ms
InitPostLoad: 45.71000 ms
GrannyBinaryPack :: LoadMeshes: 334.47999 ms
BinkPlayer::Play(Movies\kalypso.bik)
GrannyBinaryPack :: LoadAnimations: 266.70999 ms
BinkPlayer::Play(Movies\Haemimont.bik)
BinkPlayer::Play(movies/nv1920x1200.bik)
BinkPlayer::Play(Movies\intro.bik)
Engine::SetTerrain: 0.00000 ms
[Console Error] LoadGame on
Engine::SetTerrain: 0.00000 ms
[Console Error] TransportCacheFlush
LateInit::TextureManager: 28.43000 ms
LateInit::Atlases::ReloadAtlasIndex: 8.55000 ms
LateInit::Atlases::LoadAtlases: 246.62000 ms
LateInit::Atlases: 255.23000 ms
unable to load object File Sytem Error
unable to load object File Sytem Error
LateInit::Shaders: 11.54000 ms
LateInit::Materials: 11.94000 ms
unable to load object Pool Error
LateInit::Subsystems: 54.93000 ms
Entity :: PrecacheAllLoadData: 14.18000 ms
LateInit::Binary Meshes & Anims: 24.84000 ms
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
LateInit::Particles: 966.66998 ms
LateInit::BillboardObjectRenderer: 87.32000 ms
Engine :: LateInit: 1443.33997 ms
mounting packs in dirs/ start...
mounting packs in dirs/ finished
[AsyncReader destructor]
[AsyncReader destructor] - waiting for the reader thread to finish
Total/current/peak reads: 12 / 1 / 8
Freeing 0 items in DTM memory
unable to load object File Sytem Error
Engine::SetTerrain: 418.19998 ms
unable to load object File Sytem Error
unable to load object File Sytem Error
unable to load object File Sytem Error
-- PrintErrorInfo() start --
Writing minidump (if there's no 'Minidump Done' below, it crashed)
Minidump Done
Parsing map file (if there's no 'ParseMap Done' below, it crashed)
ParseMap Done
--------------------------------------------------------------
-- Exception Information
--
Module: tropico3.exe
Address: 001b:005b0340
Function: COULDN'T FIND OR PARSE MAP FILE
Error: Access violation
Remarks:
Read from location 000001a0
CS:EIP:
8b 8e a0 01 00 00 3b f9 74 2b 85 c9 74 27 8b 01
8b 50 08 ff d2 84 c0 74 1c 8b 8e a0 01 00 00 85
Registers:
EAX=234c88c8 CS=001b EIP=005b0340 EFLAGS=00010202
EBX=012e3390 SS=0023 ESP=0012fccc EBP=00000000
ECX=7c9201bb DS=0023 ESI=00000000 FS=003b
EDX=1b420002 ES=0023 EDI=234c88c8 GS=0000
Stack:
12fccc: 47 00 59 00 01 00 00 00 e0 da ec 19 a0 fd 12 00 G.Y.....àÚì.*ý..
12fcdc: 01 54 24 01 00 00 00 00 38 1e 4b 23 00 00 00 00 .T$.....8.K#....
12fcec: 00 00 00 00 00 00 00 00 00 58 02 00 28 e3 37 1a .........X..(ã7.
12fcfc: 49 5a 4f 4e 00 00 00 00 00 00 00 00 24 00 00 00 IZON........$...
12fd0c: 2f 00 00 00 ff ff ff 7f e5 01 59 00 d8 54 24 01 /...ÿÿÿå.Y.ØT$.
12fd1c: e0 da ec 19 01 54 24 01 98 13 ec 16 e0 da ec 19 àÚì..T$.˜.ì.àÚì.
12fd2c: a4 fd 12 00 48 1c 5b 00 98 13 ec 16 58 9d 45 23 ¤ý..H.[.˜.ì.XE#
12fd3c: c7 c4 6a 00 d8 54 24 01 28 78 44 1a 01 54 24 01 ÇÄj.ØT$.(xD..T$.
12fd4c: 40 ae 3b 16 d0 94 a0 19 7f 11 4f 3f fa ef 0c bd @®;.Д*..O?úï.½
12fd5c: 27 45 16 bf 00 00 80 3f 00 00 00 00 00 00 00 00 'E.¿..€?........
12fd6c: 00 00 00 00 00 00 00 00 00 00 80 3f 00 00 00 00 ..........€?....
12fd7c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3f ..............€?
12fd8c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
12fd9c: 00 00 80 3f 24 fe 12 00 65 1e 60 00 e8 df ec 19 ..€?$þ..e.`.èßì.
12fdac: 01 00 00 00 40 4c 39 01 01 00 00 00 d8 54 24 01 ....@L9.....ØT$.
12fdbc: 91 26 60 00 d8 54 24 01 d8 54 24 01 00 00 00 00 ‘&`.ØT$.ØT$.....
12fdcc: 00 00 24 01 00 00 00 00 28 00 00 00 0a 00 00 00 ..$.....(.......
12fddc: b0 b6 ec 19 40 e6 ec 19 00 00 00 00 dc fd 12 00 °¶ì.@æì.....Üý..
12fdec: c0 e6 ec 19 00 55 71 4a 04 a1 3e 4f 62 bf 01 cd Àæì..UqJ.¡>Ob¿.Í
12fdfc: e0 da ec 19 a0 bb 16 00 01 00 00 00 00 00 00 00 àÚì.*»..........
12fe0c: 00 00 00 00 00 00 00 00 b0 b6 ec 19 e0 da ec 19 ........°¶ì.àÚì.
12fe1c: 58 fe 12 00 40 e6 ec 19 58 fe 12 00 3c 36 60 00 Xþ..@æì.Xþ..<6`.
12fe2c: d8 54 24 01 2e 93 80 7c 28 84 3d 01 01 00 00 00 ØT$..“€|(„=.....
12fe3c: b2 47 4e 00 28 84 00 01 40 48 4e 00 88 4d 4e 00 ²GN.(„..@HN.ˆMN.
12fe4c: 28 84 3d 01 90 06 00 00 1a 04 00 00 88 fe 12 00 („=........ˆþ..
12fe5c: 3d 4f 4e 00 a8 00 00 00 28 84 3d 01 88 fe 12 00 =ON.¨...(„=.ˆþ..
12fe6c: 01 00 00 00 88 fe 12 00 01 00 00 00 34 00 00 00 ....ˆþ......4...
12fe7c: 46 9f 7a 17 80 33 6f 00 a8 c8 7f 00 bc fe 12 00 FŸz.€3o.¨È.¼þ..
12fe8c: 75 22 4e 00 48 47 72 00 b0 2d 66 00 a8 00 00 00 u"N.HGr.°-f.¨...
12fe9c: 48 47 72 00 01 00 00 00 98 fe 12 00 f0 f8 12 00 HGr.....˜þ..ðø..
12feac: b0 ff 12 00 ec 97 6b 00 d0 50 73 00 00 00 00 00 °ÿ..ì—k.ÐPs.....
12febc: c0 ff 12 00 ac 8d 6b 00 10 22 4e 00 00 00 00 00 Àÿ..¬k.."N.....
12fecc: fe ff ff ff 48 47 72 00 00 fc 12 00 fc fe 12 00 þÿÿÿHGr..ü..üþ..
12fedc: e0 4f 2e 01 00 e9 91 7c c0 01 92 7c ff ff ff ff àO...é‘|À.’|ÿÿÿÿ
12feec: 18 00 00 00 1f 00 00 00 00 00 24 01 00 00 00 00 ..........$.....
12fefc: 01 00 00 00 fe ff ff ff 01 00 00 00 00 00 00 00 ....þÿÿÿ........
12ff0c: 0f 00 00 00 ca 12 64 00 e8 05 2f 01 53 50 40 00 ....Ê.d.è./.SP@.
12ff1c: 00 00 00 00 66 82 65 00 14 00 00 00 1f 00 00 00 ....f‚e.........
12ff2c: 96 93 65 00 00 00 00 00 56 77 4c 00 00 00 40 00 –“e.....VwL...@.
12ff3c: 00 00 00 00 3e 23 15 00 01 00 00 00 b8 58 a8 48 ....>#......¸X¨H
12ff4c: 35 00 37 00 34 00 36 00 00 50 fd 7f 44 00 00 00 5.7.4.6..PýD...
12ff5c: c8 3d 15 00 28 3e 15 00 40 3e 15 00 00 00 00 00 È=..(>..@>......
12ff6c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
12ff7c: 00 00 00 00 00 00 00 00 01 0c 00 00 01 00 00 00 ................
12ff8c: 00 00 00 00 00 00 00 00 01 00 01 00 00 00 00 00 ................
12ff9c: ac ff 12 00 34 00 36 00 00 00 00 00 48 ff 12 00 ¬ÿ..4.6.....Hÿ..
12ffac: 2b 87 2b 5b e0 ff 12 00 90 a6 4c 00 50 ed c9 48 +‡+[àÿ..¦L.PíÉH
12ffbc: 01 00 00 00 f0 ff 12 00 67 70 81 7c 35 00 37 00 ....ðÿ..gp|5.7.
12ffcc: 34 00 36 00 00 50 fd 7f fa 12 55 80 c8 ff 12 00 4.6..Pýú.U€Èÿ..
12ffdc: 40 0b 49 89 ff ff ff ff c0 9a 83 7c 70 70 81 7c @.I‰ÿÿÿÿÀšƒ|pp|
12ffec: 00 00 00 00 00 00 00 00 00 00 00 00 c1 77 4c 00 ............ÁwL.
12fffc: 00 00 00 00 ....
Calls:
COULDN'T FIND OR PARSE MAP FILE
Modules:
C:\Programme\Kalypso\Tropico 3\tropico3.exe, loaded at 0x400000, size 5416184 bytes
C:\Programme\Kalypso\Tropico 3\fmodex.dll, loaded at 0xa00000, size 375032 bytes
C:\WINDOWS\system32\nvapi.dll, loaded at 0xa500000, size 1056768 bytes
C:\Programme\Logitech\SetPoint\lgscroll.dll, loaded at 0xa960000, size 76304 bytes
C:\WINDOWS\system32\d3dx9_41.dll, loaded at 0x10000000, size 4178264 bytes
C:\Programme\Logitech\SetPoint\GameHook.dll, loaded at 0x10d00000, size 64016 bytes
C:\Programme\Kalypso\Tropico 3\binkw32.dll, loaded at 0x18000000, size 176376 bytes
C:\WINDOWS\system32\xpsp2res.dll, loaded at 0x1f1e0000, size 2981888 bytes
C:\WINDOWS\system32\d3d9.dll, loaded at 0x4fd50000, size 1689088 bytes
C:\Programme\Kalypso\Tropico 3\granny2.dll, loaded at 0x50000000, size 636152 bytes
C:\WINDOWS\system32\icm32.dll, loaded at 0x58d90000, size 254976 bytes
C:\WINDOWS\system32\NETAPI32.dll, loaded at 0x597d0000, size 337408 bytes
C:\WINDOWS\system32\uxtheme.dll, loaded at 0x5b0f0000, size 219136 bytes
C:\WINDOWS\system32\COMCTL32.dll, loaded at 0x5d450000, size 617472 bytes
C:\WINDOWS\system32\hnetcfg.dll, loaded at 0x66710000, size 348672 bytes
C:\WINDOWS\system32\faultrep.dll, loaded at 0x69900000, size 80896 bytes
C:\WINDOWS\system32\d3d8thk.dll, loaded at 0x6de80000, size 8192 bytes
C:\WINDOWS\System32\mswsock.dll, loaded at 0x719b0000, size 247296 bytes
C:\WINDOWS\System32\wshtcpip.dll, loaded at 0x719f0000, size 19456 bytes
C:\WINDOWS\system32\WS2HELP.dll, loaded at 0x71a00000, size 19968 bytes
C:\WINDOWS\system32\WS2_32.dll, loaded at 0x71a10000, size 82432 bytes
C:\WINDOWS\system32\WSOCK32.dll, loaded at 0x71a30000, size 24576 bytes
C:\WINDOWS\system32\SAMLIB.dll, loaded at 0x71b70000, size 64000 bytes
C:\WINDOWS\system32\sensapi.dll, loaded at 0x72240000, size 7168 bytes
C:\WINDOWS\system32\msacm32.drv, loaded at 0x72c80000, size 20992 bytes
C:\WINDOWS\system32\wdmaud.drv, loaded at 0x72c90000, size 23552 bytes
C:\WINDOWS\system32\WINSPOOL.DRV, loaded at 0x72f70000, size 146944 bytes
C:\WINDOWS\system32\mscms.dll, loaded at 0x73aa0000, size 73728 bytes
C:\WINDOWS\system32\KsUser.dll, loaded at 0x73e40000, size 4096 bytes
C:\WINDOWS\system32\DSOUND.dll, loaded at 0x73e70000, size 367616 bytes
C:\WINDOWS\system32\MSCTF.dll, loaded at 0x746a0000, size 297984 bytes
C:\WINDOWS\system32\WINSTA.dll, loaded at 0x76300000, size 53760 bytes
C:\WINDOWS\system32\COMDLG32.dll, loaded at 0x76350000, size 281600 bytes
C:\WINDOWS\system32\USERENV.dll, loaded at 0x76620000, size 736768 bytes
C:\WINDOWS\system32\cryptdll.dll, loaded at 0x76740000, size 33280 bytes
C:\WINDOWS\system32\WINMM.dll, loaded at 0x76af0000, size 178176 bytes
C:\WINDOWS\system32\WINTRUST.dll, loaded at 0x76bf0000, size 176640 bytes
C:\WINDOWS\system32\imagehlp.dll, loaded at 0x76c50000, size 144384 bytes
C:\WINDOWS\system32\iphlpapi.dll, loaded at 0x76d20000, size 95744 bytes
C:\WINDOWS\system32\rtutils.dll, loaded at 0x76e40000, size 44032 bytes
C:\WINDOWS\system32\rasman.dll, loaded at 0x76e50000, size 61440 bytes
C:\WINDOWS\system32\TAPI32.dll, loaded at 0x76e70000, size 181760 bytes
C:\WINDOWS\system32\RASAPI32.DLL, loaded at 0x76ea0000, size 237056 bytes
C:\WINDOWS\system32\DNSAPI.dll, loaded at 0x76ee0000, size 147968 bytes
C:\WINDOWS\system32\WTSAPI32.dll, loaded at 0x76f10000, size 18432 bytes
C:\WINDOWS\system32\WLDAP32.dll, loaded at 0x76f20000, size 173056 bytes
C:\WINDOWS\system32\rasadhlp.dll, loaded at 0x76f80000, size 7680 bytes
C:\WINDOWS\system32\CLBCATQ.DLL, loaded at 0x76f90000, size 498688 bytes
C:\WINDOWS\system32\COMRes.dll, loaded at 0x77010000, size 846848 bytes
C:\WINDOWS\system32\OLEAUT32.dll, loaded at 0x770f0000, size 551936 bytes
C:\WINDOWS\system32\WININET.dll, loaded at 0x77180000, size 671744 bytes
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll, loaded at 0x773a0000, size 1054208 bytes
C:\WINDOWS\system32\ole32.dll, loaded at 0x774b0000, size 1287680 bytes
C:\WINDOWS\system32\NTMARTA.DLL, loaded at 0x77660000, size 119296 bytes
C:\WINDOWS\system32\SETUPAPI.dll, loaded at 0x778f0000, size 989696 bytes
C:\WINDOWS\system32\CRYPT32.dll, loaded at 0x77a50000, size 604160 bytes
C:\WINDOWS\system32\MSASN1.dll, loaded at 0x77af0000, size 57344 bytes
C:\WINDOWS\system32\Apphelp.dll, loaded at 0x77b10000, size 125952 bytes
C:\WINDOWS\system32\midimap.dll, loaded at 0x77ba0000, size 18944 bytes
C:\WINDOWS\system32\MSACM32.dll, loaded at 0x77bb0000, size 72192 bytes
C:\WINDOWS\system32\VERSION.dll, loaded at 0x77bd0000, size 18944 bytes
C:\WINDOWS\system32\msvcrt.dll, loaded at 0x77be0000, size 343040 bytes
C:\WINDOWS\system32\msv1_0.dll, loaded at 0x77c40000, size 132608 bytes
C:\WINDOWS\system32\ADVAPI32.dll, loaded at 0x77da0000, size 678400 bytes
C:\WINDOWS\system32\RPCRT4.dll, loaded at 0x77e50000, size 584704 bytes
C:\WINDOWS\system32\GDI32.dll, loaded at 0x77ef0000, size 285184 bytes
C:\WINDOWS\system32\SHLWAPI.dll, loaded at 0x77f40000, size 474624 bytes
C:\WINDOWS\system32\Secur32.dll, loaded at 0x77fc0000, size 56320 bytes
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll, loaded at 0x78130000, size 626688 bytes
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll, loaded at 0x7c420000, size 548864 bytes
C:\WINDOWS\system32\kernel32.dll, loaded at 0x7c800000, size 1063424 bytes
C:\WINDOWS\system32\ntdll.dll, loaded at 0x7c910000, size 731648 bytes
C:\WINDOWS\system32\USER32.dll, loaded at 0x7e360000, size 580096 bytes
C:\WINDOWS\system32\SHELL32.dll, loaded at 0x7e670000, size 8502272 bytes
Last lua lines:
Realm folder:
Missions/CampaignPenotimo/CampaignPenotimo/
-- PrintErrorInfo() end --
*** Debug::Done()
Time (ms) 24922
hijack log
PHP-Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by ORiol at 2010-01-10 15:19:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 93 GB (81%) free of 114 GB
Total RAM: 3071 MB (83% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:16, on 10.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
E:\Setup.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
C:\Dokumente und Einstellungen\ORiol\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\ORiol.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 4823 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-11-03 2540800]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-11-29 55824]
"nwiz"=nwiz.exe /installquiet []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\DeltaIITray.exe [2008-03-03 236040]
"DeltaIITaskbarApp"=C:\WINDOWS\system32\DeltaIITray.exe [2008-03-03 236040]
"GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"CanonMyPrinter"=C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [2008-01-09 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{204ae830-fd4e-11de-830e-806d6172696f}]
shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{771bad50-fd48-11de-a930-806d6172696f}]
shell\AutoRun\command - G:\setup.exe
======List of files/folders created in the last 1 months======
2010-01-10 15:19:56 ----D---- C:\Programme\trend micro
2010-01-10 15:19:55 ----D---- C:\rsit
2010-01-10 15:17:05 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Malwarebytes
2010-01-10 15:16:59 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-01-10 15:16:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-10 15:14:17 ----D---- C:\WINDOWS\LastGood
2010-01-10 15:10:54 ----D---- C:\Programme\Kalypso
2010-01-10 14:21:52 ----D---- C:\Programme\Sophos
2010-01-10 14:18:11 ----D---- C:\ProgramData
2010-01-10 14:17:30 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2010-01-10 14:08:47 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-01-10 13:57:01 ----D---- C:\Programme\Electronic Arts
2010-01-10 13:45:47 ----A---- C:\WINDOWS\system32\wpa.bak
2010-01-10 13:45:25 ----A---- C:\WINDOWS\setuplog.txt
2010-01-10 13:41:48 ----A---- C:\WINDOWS\system32\REX Shared Library.dll
2010-01-10 13:41:48 ----A---- C:\WINDOWS\system32\ReWire.dll
2010-01-10 13:39:42 ----D---- C:\WINDOWS\RegisteredPackages
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\vxblock.dll
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxwave.dll
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxsfs.dll
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxmas.dll
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxdrv.dll
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\pxafs.dll
2010-01-10 13:39:20 ----N---- C:\WINDOWS\system32\px.dll
2010-01-10 13:39:20 ----D---- C:\Programme\Winamp
2010-01-10 13:39:20 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Winamp
2010-01-10 13:36:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Propellerhead Software
2010-01-10 13:36:55 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Propellerhead Software
2010-01-10 13:34:26 ----HD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMyPrinter
2010-01-10 13:34:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
2010-01-10 13:33:37 ----D---- C:\Programme\Propellerhead
2010-01-10 13:32:43 ----HD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
2010-01-10 13:32:36 ----A---- C:\WINDOWS\system32\CNMLM9E.DLL
2010-01-10 13:32:32 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2010-01-10 13:32:20 ----A---- C:\WINDOWS\system32\CNC540O.DLL
2010-01-10 13:32:20 ----A---- C:\WINDOWS\system32\CNC540L.DLL
2010-01-10 13:32:20 ----A---- C:\WINDOWS\system32\CNC540I.DLL
2010-01-10 13:32:19 ----A---- C:\WINDOWS\system32\CNC540C.DLL
2010-01-10 13:32:05 ----HD---- C:\Programme\CanonBJ
2010-01-10 13:30:53 ----D---- C:\Programme\Canon
2010-01-10 13:01:50 ----D---- C:\Programme\CCleaner
2010-01-10 12:48:24 ----D---- C:\WINDOWS\system32\PreInstall
2010-01-10 12:48:15 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-01-10 12:47:59 ----D---- C:\Programme\Microsoft Works
2010-01-10 12:47:41 ----D---- C:\Programme\Microsoft Visual Studio
2010-01-10 12:47:41 ----D---- C:\Programme\Gemeinsame Dateien\DESIGNER
2010-01-10 12:36:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2010-01-10 12:30:10 ----D---- C:\Config.Msi
2010-01-10 12:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-01-10 12:26:10 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-10 11:30:28 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Mozilla
2010-01-10 11:29:38 ----D---- C:\Programme\Mozilla Firefox
2010-01-10 11:27:50 ----D---- C:\Programme\Spybot - Search & Destroy
2010-01-10 11:27:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-01-09 21:11:42 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Tropico 3
2010-01-09 21:11:33 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-01-09 21:11:33 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-01-09 21:11:33 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-01-09 21:11:32 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-01-09 21:11:32 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-01-09 21:11:32 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-01-09 21:11:32 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-01-09 21:11:31 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-01-09 21:11:31 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-01-09 21:11:31 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-01-09 21:11:30 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-01-09 21:11:30 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-01-09 21:11:30 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-01-09 21:11:30 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-01-09 21:11:29 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2010-01-09 21:11:29 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2010-01-09 21:11:29 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2010-01-09 21:11:29 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2010-01-09 21:11:29 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2010-01-09 21:11:28 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2010-01-09 21:11:28 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2010-01-09 21:11:28 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2010-01-09 21:11:27 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2010-01-09 21:11:27 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2010-01-09 21:11:27 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2010-01-09 21:11:27 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2010-01-09 21:11:27 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2010-01-09 21:11:26 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2010-01-09 21:11:26 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2010-01-09 21:11:25 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2010-01-09 21:11:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2010-01-09 21:11:25 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2010-01-09 21:11:25 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2010-01-09 21:11:24 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2010-01-09 21:11:24 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2010-01-09 21:11:24 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2010-01-09 21:11:23 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2010-01-09 21:11:23 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2010-01-09 21:11:23 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2010-01-09 21:11:23 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2010-01-09 21:11:23 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2010-01-09 21:11:22 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2010-01-09 21:11:22 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2010-01-09 21:11:22 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2010-01-09 21:11:22 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2010-01-09 21:11:21 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2010-01-09 21:11:21 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2010-01-09 21:11:20 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2010-01-09 21:11:20 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2010-01-09 21:11:20 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2010-01-09 21:11:19 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2010-01-09 21:11:19 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2010-01-09 21:11:19 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2010-01-09 21:11:18 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2010-01-09 21:11:18 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2010-01-09 21:11:18 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2010-01-09 21:11:18 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2010-01-09 21:11:18 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2010-01-09 21:11:17 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2010-01-09 21:11:17 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2010-01-09 21:11:17 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2010-01-09 21:11:17 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2010-01-09 21:11:17 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-01-09 21:11:16 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2010-01-09 21:11:16 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2010-01-09 21:11:16 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2010-01-09 21:11:15 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2010-01-09 21:11:15 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2010-01-09 21:11:15 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2010-01-09 21:11:15 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2010-01-09 21:11:15 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2010-01-09 21:11:14 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2010-01-09 21:11:07 ----D---- C:\WINDOWS\Logs
2010-01-09 20:41:09 ----A---- C:\WINDOWS\system32\msonpmon.dll
2010-01-09 20:40:46 ----D---- C:\Programme\MSBuild
2010-01-09 20:37:54 ----D---- C:\WINDOWS\SHELLNEW
2010-01-09 20:37:42 ----D---- C:\Programme\Microsoft Office
2010-01-09 20:37:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-01-09 20:37:25 ----RHD---- C:\MSOCache
2010-01-09 20:17:17 ----A---- C:\WINDOWS\system32\ksuser.dll
2010-01-09 20:07:29 ----A---- C:\WINDOWS\system32\DeltaIITray.exe
2010-01-09 20:07:29 ----A---- C:\WINDOWS\system32\DeltaIIpnl.dll
2010-01-09 20:07:29 ----A---- C:\WINDOWS\system32\DeltaIICpl.exe
2010-01-09 20:07:29 ----A---- C:\WINDOWS\system32\deltaIICoIn.dll
2010-01-09 20:07:29 ----A---- C:\WINDOWS\system32\deltaIIasio.dll
2010-01-09 20:07:28 ----A---- C:\WINDOWS\system32\pcifmdio.dll
2010-01-09 20:04:06 ----D---- C:\Programme\M-Audio
2010-01-09 19:45:43 ----SH---- C:\boot.ini
2010-01-09 19:41:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-09 19:41:42 ----RSD---- C:\WINDOWS\Fonts
2010-01-09 19:41:42 ----RD---- C:\WINDOWS\Web
2010-01-09 19:41:42 ----HD---- C:\WINDOWS\inf
2010-01-09 19:41:42 ----D---- C:\WINDOWS\WinSxS
2010-01-09 19:41:42 ----D---- C:\WINDOWS\twain_32
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Temp
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\wins
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\wbem
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\usmt
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\spool
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\ShellExt
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\Setup
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\ras
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\oobe
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\npp
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\mui
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\IME
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\icsxml
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\ias
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\export
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\drivers
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\dhcp
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\de-de
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\de
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\config
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\3com_dmi
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\3076
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\2052
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1054
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1042
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1041
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1037
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1033
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1031
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1028
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32\1025
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system32
2010-01-09 19:41:42 ----D---- C:\WINDOWS\system
2010-01-09 19:41:42 ----D---- C:\WINDOWS\security
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Resources
2010-01-09 19:41:42 ----D---- C:\WINDOWS\repair
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Provisioning
2010-01-09 19:41:42 ----D---- C:\WINDOWS\PeerNet
2010-01-09 19:41:42 ----D---- C:\WINDOWS\pchealth
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Network Diagnostic
2010-01-09 19:41:42 ----D---- C:\WINDOWS\mui
2010-01-09 19:41:42 ----D---- C:\WINDOWS\msapps
2010-01-09 19:41:42 ----D---- C:\WINDOWS\msagent
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Media
2010-01-09 19:41:42 ----D---- C:\WINDOWS\L2Schemas
2010-01-09 19:41:42 ----D---- C:\WINDOWS\java
2010-01-09 19:41:42 ----D---- C:\WINDOWS\ime
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Help
2010-01-09 19:41:42 ----D---- C:\WINDOWS\ehome
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Driver Cache
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Debug
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Cursors
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Connection Wizard
2010-01-09 19:41:42 ----D---- C:\WINDOWS\Config
2010-01-09 19:41:42 ----D---- C:\WINDOWS\AppPatch
2010-01-09 19:41:42 ----D---- C:\WINDOWS\addins
2010-01-09 19:41:42 ----D---- C:\WINDOWS
2010-01-09 19:36:44 ----A---- C:\WINDOWS\system32\nvunrm.exe
2010-01-09 19:36:44 ----A---- C:\WINDOWS\system32\cohelper.dll
2010-01-09 19:36:23 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2010-01-09 19:31:16 ----SHD---- C:\RECYCLER
2010-01-09 19:23:58 ----D---- C:\WINDOWS\system32\AGEIA
2010-01-09 19:23:58 ----D---- C:\Programme\AGEIA Technologies
2010-01-09 19:23:50 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2010-01-09 19:23:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2010-01-09 19:23:43 ----D---- C:\Programme\NVIDIA Corporation
2010-01-09 19:22:36 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-01-09 19:22:36 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-01-09 19:22:36 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-01-09 19:22:36 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-01-09 19:22:36 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-01-09 19:22:35 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-01-09 19:22:35 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-01-09 19:22:35 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-01-09 19:22:35 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-01-09 19:22:34 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-01-09 19:22:32 ----D---- C:\NVIDIA
2010-01-09 19:19:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogiShrd
2010-01-09 19:19:36 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Logitech
2010-01-09 19:18:56 ----N---- C:\WINDOWS\system32\spmsg.dll
2010-01-09 19:18:56 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-01-09 19:18:54 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2010-01-09 19:18:49 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-09 19:18:43 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2010-01-09 19:18:41 ----A---- C:\WINDOWS\system32\KemXML.dll
2010-01-09 19:18:41 ----A---- C:\WINDOWS\system32\KemWnd.dll
2010-01-09 19:18:41 ----A---- C:\WINDOWS\system32\KemUtil.dll
2010-01-09 19:18:41 ----A---- C:\WINDOWS\system32\kemutb.dll
2010-01-09 19:18:34 ----HD---- C:\Programme\InstallShield Installation Information
2010-01-09 19:18:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Logitech
2010-01-09 19:18:33 ----D---- C:\Programme\Gemeinsame Dateien\Logishrd
2010-01-09 19:18:32 ----D---- C:\Programme\Logitech
2010-01-09 19:18:31 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\InstallShield
2010-01-09 19:16:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
2010-01-09 19:16:32 ----D---- C:\Programme\WinZip
2010-01-09 19:15:06 ----A---- C:\WINDOWS\oodcnt.INI
2010-01-09 19:15:02 ----D---- C:\WINDOWS\system32\oodag
2010-01-09 19:13:46 ----D---- C:\Programme\OO Software
2010-01-09 19:09:37 ----D---- C:\Programme\Avira
2010-01-09 19:09:37 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2010-01-09 19:05:03 ----D---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Identities
2010-01-09 19:05:02 ----HD---- C:\Programme\Uninstall Information
2010-01-09 19:04:53 ----ASH---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\desktop.ini
2010-01-09 19:04:52 ----SD---- C:\Dokumente und Einstellungen\ORiol\Anwendungsdaten\Microsoft
2010-01-09 19:02:51 ----D---- C:\WINDOWS\SoftwareDistribution
2010-01-09 19:02:48 ----SD---- C:\WINDOWS\system32\Microsoft
2010-01-09 19:02:48 ----D---- C:\WINDOWS\Prefetch
2010-01-09 19:02:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-09 19:00:31 ----D---- C:\WINDOWS\system32\xircom
2010-01-09 19:00:31 ----D---- C:\Programme\xerox
2010-01-09 19:00:31 ----D---- C:\Programme\microsoft frontpage
2010-01-09 19:00:12 ----A---- C:\WINDOWS\control.ini
2010-01-09 19:00:12 ----A---- C:\AUTOEXEC.BAT
2010-01-09 19:00:01 ----A---- C:\WINDOWS\system32\mapi32.dll
2010-01-09 18:59:22 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-09 18:59:22 ----RD---- C:\WINDOWS\Offline Web Pages
2010-01-09 18:59:22 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-09 18:59:18 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-09 18:59:15 ----HD---- C:\Programme\WindowsUpdate
2010-01-09 18:59:12 ----D---- C:\Programme\Online-Dienste
2010-01-09 18:59:02 ----D---- C:\WINDOWS\system32\DirectX
2010-01-09 18:58:59 ----A---- C:\WINDOWS\system32\atrace.dll
2010-01-09 18:58:57 ----A---- C:\WINDOWS\system32\desktop.ini
2010-01-09 18:58:57 ----A---- C:\WINDOWS\desktop.ini
2010-01-09 18:58:53 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2010-01-09 18:58:52 ----D---- C:\Programme\Gemeinsame Dateien\Dienste
2010-01-09 18:58:52 ----A---- C:\WINDOWS\system32\acctres.dll
2010-01-09 18:58:50 ----SD---- C:\WINDOWS\Tasks
2010-01-09 18:58:50 ----D---- C:\Programme\Gemeinsame Dateien\MSSoap
2010-01-09 18:58:50 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2010-01-09 18:58:47 ----D---- C:\WINDOWS\system32\Macromed
2010-01-09 18:58:47 ----D---- C:\WINDOWS\srchasst
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuweb.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wups.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wups(2)(2).dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wucltui.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuauserv.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuaueng.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuauclt.exe
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuapi.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\wuapi(2)(2).dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2010-01-09 18:58:45 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2010-01-09 18:58:44 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2010-01-09 18:58:44 ----A---- C:\WINDOWS\system32\qmgr.dll
2010-01-09 18:58:42 ----D---- C:\Programme\Movie Maker
2010-01-09 18:58:33 ----A---- C:\WINDOWS\system32\safrslv.dll
2010-01-09 18:58:33 ----A---- C:\WINDOWS\system32\safrdm.dll
2010-01-09 18:58:33 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2010-01-09 18:58:33 ----A---- C:\WINDOWS\system32\racpldlg.dll
2010-01-09 18:58:31 ----D---- C:\WINDOWS\system32\Restore
2010-01-09 18:58:31 ----A---- C:\WINDOWS\system32\srrstr.dll
2010-01-09 18:58:31 ----A---- C:\WINDOWS\system32\fltMc.exe
2010-01-09 18:58:31 ----A---- C:\WINDOWS\system32\fltlib.dll
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\srsvc.dll
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\srclient.dll
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\msconf.dll
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\mnmdd.dll
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2010-01-09 18:58:30 ----A---- C:\WINDOWS\system32\ils.dll
2010-01-09 18:58:28 ----D---- C:\Programme\NetMeeting
2010-01-09 18:58:28 ----A---- C:\WINDOWS\system32\msoert2.dll
2010-01-09 18:58:28 ----A---- C:\WINDOWS\system32\msoeacct.dll
2010-01-09 18:58:27 ----A---- C:\WINDOWS\system32\inetres.dll
2010-01-09 18:58:27 ----A---- C:\WINDOWS\system32\inetcomm.dll
2010-01-09 18:58:26 ----D---- C:\Programme\Outlook Express
2010-01-09 18:58:26 ----A---- C:\WINDOWS\system32\schedsvc.dll
2010-01-09 18:58:26 ----A---- C:\WINDOWS\system32\mstinit.exe
2010-01-09 18:58:26 ----A---- C:\WINDOWS\system32\mstask.dll
2010-01-09 18:58:26 ----A---- C:\WINDOWS\system32\isign32.dll
2010-01-09 18:58:26 ----A---- C:\WINDOWS\system32\inetcfg.dll
2010-01-09 18:58:26 ----A---- C:\WINDOWS\system32\icwphbk.dll
2010-01-09 18:58:26 ----A---- C:\WINDOWS\system32\icwdial.dll
2010-01-09 18:58:23 ----D---- C:\Programme\Gemeinsame Dateien\System
2010-01-09 18:58:22 ----D---- C:\Programme\Internet Explorer
2010-01-09 18:57:55 ----D---- C:\Programme\ComPlus Applications
2010-01-09 18:57:53 ----A---- C:\WINDOWS\vbaddin.ini
2010-01-09 18:57:53 ----A---- C:\WINDOWS\vb.ini
2010-01-09 18:57:49 ----D---- C:\WINDOWS\Registration
2010-01-09 18:57:42 ----D---- C:\Programme\Windows Media Player
2010-01-09 18:57:42 ----D---- C:\Programme\Online Services
2010-01-09 18:57:37 ----D---- C:\Programme\Messenger
2010-01-09 18:57:34 ----D---- C:\Programme\MSN Gaming Zone
2010-01-09 18:57:34 ----A---- C:\WINDOWS\system32\write.exe
2010-01-09 18:57:30 ----A---- C:\WINDOWS\system32\sndvol32.exe
2010-01-09 18:57:30 ----A---- C:\WINDOWS\system32\hticons.dll
2010-01-09 18:57:29 ----A---- C:\WINDOWS\system32\winchat.exe
2010-01-09 18:57:29 ----A---- C:\WINDOWS\system32\avwav.dll
2010-01-09 18:57:29 ----A---- C:\WINDOWS\system32\avtapi.dll
2010-01-09 18:57:29 ----A---- C:\WINDOWS\system32\avmeter.dll
2010-01-09 18:57:26 ----A---- C:\WINDOWS\system32\getuname.dll
2010-01-09 18:57:25 ----A---- C:\WINDOWS\system32\winmine.exe
2010-01-09 18:57:25 ----A---- C:\WINDOWS\system32\sol.exe
2010-01-09 18:57:25 ----A---- C:\WINDOWS\system32\mshearts.exe
2010-01-09 18:57:25 ----A---- C:\WINDOWS\system32\freecell.exe
2010-01-09 18:57:25 ----A---- C:\WINDOWS\system32\charmap.exe
2010-01-09 18:57:25 ----A---- C:\WINDOWS\system32\calc.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\tslabels.ini
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\tskill.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\tscon.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\shadow.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\reset.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\regini.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\qwinsta.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\qappsrv.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\msg.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\logoff.exe
2010-01-09 18:57:24 ----A---- C:\WINDOWS\system32\cdmodem.dll
2010-01-09 18:57:21 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2010-01-09 18:57:16 ----D---- C:\Programme\MSN
2010-01-09 18:57:15 ----A---- C:\WINDOWS\system32\sndrec32.exe
2010-01-09 18:57:15 ----A---- C:\WINDOWS\system32\mplay32.exe
2010-01-09 18:57:15 ----A---- C:\WINDOWS\system32\hypertrm.dll
2010-01-09 18:57:15 ----A---- C:\WINDOWS\system32\accwiz.exe
2010-01-09 18:57:14 ----D---- C:\Programme\Windows NT
2010-01-09 18:57:14 ----A---- C:\WINDOWS\system32\spider.exe
2010-01-09 18:57:14 ----A---- C:\WINDOWS\system32\mspaint.exe
2010-01-09 18:57:14 ----A---- C:\WINDOWS\system32\clipbrd.exe
2010-01-09 18:57:13 ----A---- C:\WINDOWS\system32\tsgqec.dll
2010-01-09 18:57:13 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2010-01-09 18:57:13 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2010-01-09 18:57:13 ----A---- C:\WINDOWS\system32\mstscax.dll
2010-01-09 18:57:13 ----A---- C:\WINDOWS\system32\mstsc.exe
2010-01-09 18:57:13 ----A---- C:\WINDOWS\system32\aaclient.dll
2010-01-09 18:57:12 ----D---- C:\WINDOWS\system32\MsDtc
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\termsrv.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\sessmgr.exe
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\remotepg.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\rdshost.exe
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\rdpclip.exe
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\rdchost.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\qprocess.exe
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\mtxoci.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\icaapi.dll
2010-01-09 18:57:12 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2010-01-09 18:57:11 ----A---- C:\WINDOWS\system32\xolehlp.dll
2010-01-09 18:57:11 ----A---- C:\WINDOWS\system32\msdtctm.dll
2010-01-09 18:57:11 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2010-01-09 18:57:11 ----A---- C:\WINDOWS\system32\msdtclog.dll
2010-01-09 18:57:11 ----A---- C:\WINDOWS\system32\msdtc.exe
2010-01-09 18:57:11 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2010-01-09 18:57:10 ----D---- C:\WINDOWS\system32\Com
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\stclient.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\mtxex.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\mtxdm.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\comrepl.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\comaddin.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\colbact.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\clbcatex.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\catsrvut.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\catsrvps.dll
2010-01-09 18:57:10 ----A---- C:\WINDOWS\system32\catsrv.dll
2010-01-09 18:57:09 ----A---- C:\WINDOWS\system32\comuid.dll
2010-01-09 18:57:09 ----A---- C:\WINDOWS\system32\comsvcs.dll
2010-01-09 18:57:09 ----A---- C:\WINDOWS\system32\comsnap.dll
2010-01-09 18:57:09 ----A---- C:\WINDOWS\system32\clbcatq.dll
2010-01-09 18:56:55 ----A---- C:\WINDOWS\system32\servdeps.dll
2010-01-09 18:56:55 ----A---- C:\WINDOWS\system32\mmfutil.dll
2010-01-09 18:56:55 ----A---- C:\WINDOWS\system32\licwmi.dll
2010-01-09 18:56:55 ----A---- C:\WINDOWS\system32\cmprops.dll
2010-01-09 18:55:07 ----A---- C:\WINDOWS\system32\h323log.txt
2010-01-09 18:52:06 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-01-09 18:50:21 ----A---- C:\WINDOWS\system32\usbui.dll
2010-01-09 18:49:24 ----SHD---- C:\WINDOWS\Installer
2010-01-09 18:49:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-09 18:49:23 ----D---- C:\Programme\Gemeinsame Dateien\ODBC
2010-01-09 18:49:23 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-09 18:49:21 ----RD---- C:\Programme
2010-01-09 18:49:21 ----D---- C:\Programme\Gemeinsame Dateien\SpeechEngines
2010-01-09 18:49:21 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-01-09 18:49:21 ----D---- C:\Programme\Gemeinsame Dateien
2010-01-09 18:49:18 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2010-01-09 18:49:18 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2010-01-09 18:49:18 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdur.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdru.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2010-01-09 18:49:17 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2010-01-09 18:49:16 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2010-01-09 18:49:16 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2010-01-09 18:49:16 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2010-01-09 18:49:16 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2010-01-09 18:49:16 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2010-01-09 18:49:16 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2010-01-09 18:49:16 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2010-01-09 18:49:15 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2010-01-09 18:49:15 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2010-01-09 18:49:15 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2010-01-09 18:49:15 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2010-01-09 18:49:15 ----RA---- C:\WINDOWS\system32\kbdest.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdro.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2010-01-09 18:49:14 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2010-01-09 18:49:13 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-09 18:49:12 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-09 18:49:12 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2010-01-09 18:49:12 ----A---- C:\WINDOWS\system32\dgsetup.dll
2010-01-09 18:49:12 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2010-01-09 18:49:11 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2010-01-09 18:49:11 ----A---- C:\WINDOWS\TASKMAN.EXE
2010-01-09 18:49:11 ----A---- C:\WINDOWS\system32\batt.dll
2010-01-09 18:49:07 ----A---- C:\WINDOWS\NOTEPAD.EXE
2010-01-09 18:49:06 ----A---- C:\WINDOWS\system32\storprop.dll
2010-01-09 18:49:00 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2010-01-09 18:47:19 ----RA---- C:\WINDOWS\SET8.tmp
2010-01-09 18:47:17 ----RA---- C:\WINDOWS\SET4.tmp
2010-01-09 18:47:16 ----RA---- C:\WINDOWS\SET3.tmp
2010-01-09 18:47:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-09 18:47:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-09 18:47:06 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-01-09 18:46:41 ----SHD---- C:\System Volume Information
2010-01-09 18:46:41 ----D---- C:\Dokumente und Einstellungen
======List of files/folders modified in the last 1 months======
2010-01-09 20:38:01 ----A---- C:\WINDOWS\win.ini
2010-01-09 18:49:20 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-01-10 56816]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 DELTAII;Service for M-Audio Delta Driver (WDM); C:\WINDOWS\system32\DRIVERS\deltaII.sys [2008-03-03 302728]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-11-29 35088]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-11-29 36368]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]
R3 RTL8023;LevelOne 32/64-Bit Gigabit Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\GNC105T.sys [2003-08-08 64768]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\2FF.tmp []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-11-03 1332480]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe [2008-01-09 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
hijack info
PHP-Code:
info.txt logfile of random's system information tool 1.06 2010-01-10 15:20:18
======Uninstall list======
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Canon MP540 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x0007
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Command & Conquer™ Alarmstufe Rot 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Delta-->C:\Programme\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Programme\trend micro\HijackThis.exe" /uninstall
Inkjet Printer/Scanner Extended Survey Program-->C:\Programme\Canon\IJPLM\SETUP.EXE -R
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.7)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
NVIDIA Display Control Panel-->C:\Programme\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Programme\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
O&O Defrag Professional-->MsiExec.exe /I{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}
Reason 4.0-->"C:\Programme\Propellerhead\Reason\Uninstall Reason\unins000.exe"
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Tropico 3 1.00-->"C:\Programme\Kalypso\Tropico 3\uninst.exe"
Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Winamp-->"C:\Programme\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: *****
Event Code: 3260
Message: Dieser Computer wurde erfolgreich "workgroup" hinzugefügt: "FORTEZIA".
Record Number: 5
Source Name: Workstation
Time Written: 20100109185652.000000+060
Event Type: Informationen
User:
Computer Name: *****
Event Code: 6011
Message: Der NetBIOS-Name und DNS-Hostname dieses Computers wurden von MACHINENAME in ***** geändert.
Record Number: 4
Source Name: EventLog
Time Written: 20100109185514.000000+060
Event Type: Informationen
User:
Computer Name: MACHINENAME
Event Code: 2
Message: Bei der Überprüfung, ob \Device\Serial0 ein serieller Anschluss ist, wurde ein FIFO-Baustein entdeckt. Es wird der FIFO-Baustein verwendet.
Record Number: 3
Source Name: Serial
Time Written: 20100109184705.000000+060
Event Type: Informationen
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.
Record Number: 2
Source Name: EventLog
Time Written: 20100109184649.000000+060
Event Type: Informationen
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20100109184649.000000+060
Event Type: Informationen
User:
=====Application event log=====
Computer Name: *****
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst MSDTC (MSDTC) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.
Record Number: 5
Source Name: LoadPerf
Time Written: 20100109185745.000000+060
Event Type: Informationen
User:
Computer Name: *****
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.
Record Number: 4
Source Name: LoadPerf
Time Written: 20100109185742.000000+060
Event Type: Informationen
User:
Computer Name: *****
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.
Record Number: 3
Source Name: LoadPerf
Time Written: 20100109185547.000000+060
Event Type: Informationen
User:
Computer Name:*****
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst PSched (PSched) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.
Record Number: 2
Source Name: LoadPerf
Time Written: 20100109185524.000000+060
Event Type: Informationen
User:
Computer Name: *****
Event Code: 1000
Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) wurden geladen.
Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte.
Record Number: 1
Source Name: LoadPerf
Time Written: 20100109185523.000000+060
Event Type: Informationen
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Malware Log
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3533
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
10.01.2010 15:46:20
mbam-log-2010-01-10 (15-46-20).txt
Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 204859
Laufzeit: 26 minute(s), 55 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\System Volume Information\_restore{7222A30F-EED8-404D-B877-4F0BB40B32C0}\RP21\A0002653.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{D3CCBD04-6272-4400-9D89-0F325FEE53D9}\RP141\A0069386.exe (Malware.Tool) -> Quarantined and deleted successfully.
10.01.2010, 15:43
so wie Du das frägst klingts beinahe wie ne Drohung 
Linear-Darstellung
