Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Probleme mit Win-Spy (https://www.trojaner-board.de/81344-probleme-win-spy.html)

Pogohannes 06.01.2010 18:36
Probleme mit Win-Spy
 
Hallo liebe user
ich habe seit kurzem in der taskleiste ein icon. Er hat keinerlei funktion, jedoch wenn ich darüber fahre kommt folgendes "Win- Spy Shareware. Icon will not appear on Retail version." Habe schon einige foren durchforstet aber die richtige hilfe habe ich noch nicht bekommeneinen HJT Log hab ich schon :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:01, on 06.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programme\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Programme\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\system32\svchost.exe
H:\Programme\Avira\AntiVir Desktop\avguard.exe
H:\Programme\LogMeIn Hamachi\hamachi-2.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Programme\bin32\nSvcAppFlt.exe
H:\Programme\bin32\nSvcIp.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wbem\unsecapp.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Programme\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Programme\Microsoft IntelliType Pro\itype.exe
H:\Programme\Razer\Salmosa\razerhid.exe
H:\Programme\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\programme\steam\steam.exe
H:\Programme\Skype\Phone\Skype.exe
H:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
H:\Programme\ICQ6.5\ICQ.exe
H:\Programme\RouterCom\live.exe
H:\Programme\RouterCom\cmss.exe
H:\Programme\Razer\Salmosa\razerofa.exe
H:\Programme\RouterCom\services32.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
H:\Programme\Skype\Plugin Manager\skypePM.exe
H:\Programme\Mozilla Firefox\firefox.exe
H:\Programme\Skype\Toolbars\Shared\SkypeNames.exe
H:\Programme\Mozilla Thunderbird\thunderbird.exe
H:\Programme\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "H:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Salmosa] H:\Programme\Razer\Salmosa\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SataGD] H:\PROGRA~1\ROUTER~1\Remlive.exe
O4 - HKLM\..\Run: [LOCAL] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "h:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "H:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "H:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [CURRENT] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262024727562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - H:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Programme\bin32\nSvcAppFlt.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - H:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - H:\Programme\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6238 bytes

Pogohannes 06.01.2010 20:03
hier noch die logs von RSIT

Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Hannes at 2010-01-06 19:54:01
Microsoft Windows XP Professional Service Pack 3
System drive H: has 388 GB (81%) free of 477 GB
Total RAM: 3327 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:13, on 06.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Programme\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Programme\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\system32\svchost.exe
H:\Programme\Avira\AntiVir Desktop\avguard.exe
H:\Programme\LogMeIn Hamachi\hamachi-2.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Programme\bin32\nSvcAppFlt.exe
H:\Programme\bin32\nSvcIp.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wbem\unsecapp.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Programme\Internet Explorer\IEXPLORE.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Programme\Microsoft IntelliType Pro\itype.exe
H:\Programme\Razer\Salmosa\razerhid.exe
H:\Programme\Avira\AntiVir Desktop\avgnt.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\ctfmon.exe
H:\programme\steam\steam.exe
H:\Programme\Skype\Phone\Skype.exe
H:\Programme\Microsoft IntelliType Pro\dpupdchk.exe
H:\Programme\ICQ6.5\ICQ.exe
H:\Programme\RouterCom\live.exe
H:\Programme\RouterCom\cmss.exe
H:\Programme\Razer\Salmosa\razerofa.exe
H:\Programme\RouterCom\services32.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
H:\Programme\Skype\Plugin Manager\skypePM.exe
H:\Programme\Trend Micro\HijackThis\HijackThis.exe
H:\Programme\World of Warcraft\Wow.exe
H:\Programme\Windows Media Player\wmplayer.exe
H:\Programme\Mozilla Firefox\firefox.exe
H:\Programme\Skype\Toolbars\Shared\SkypeNames.exe
H:\Programme\Malwarebytes' Anti-Malware\mbam.exe
H:\Dokumente und Einstellungen\Hannes\Eigene Dateien\Downloads\RSIT.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Programme\Trend Micro\HijackThis\Hannes.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [itype] "H:\Programme\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Salmosa] H:\Programme\Razer\Salmosa\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SataGD] H:\PROGRA~1\ROUTER~1\Remlive.exe
O4 - HKLM\..\Run: [LOCAL] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "h:\programme\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "H:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "H:\Programme\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [CURRENT] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [svchost] H:\WINDOWS\dir_32gi\svchost.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: h:\windows\system32\nvlsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262024727562
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - H:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Programme\bin32\nSvcAppFlt.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - H:\Programme\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - H:\Programme\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6568 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
H:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
H:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
H:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
H:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2008-08-02 13570048]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2008-08-02 86016]
"itype"=H:\Programme\Microsoft IntelliType Pro\itype.exe [2009-05-21 1501064]
"Salmosa"=H:\Programme\Razer\Salmosa\razerhid.exe [2008-08-21 139264]
"avgnt"=H:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-07-31 16806912]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"SataGD"=H:\PROGRA~1\ROUTER~1\Remlive.exe [2010-01-06 24576]
"LOCAL"=H:\WINDOWS\dir_32gi\svchost.exe [2005-12-15 221184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=H:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"svchost"=H:\WINDOWS\dir_32gi\svchost.exe [2005-12-15 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Steam"=h:\programme\steam\steam.exe [2009-12-28 1217808]
"Skype"=H:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ICQ"=H:\Programme\ICQ6.5\ICQ.exe [2009-03-01 172792]
"CURRENT"=H:\WINDOWS\dir_32gi\svchost.exe [2005-12-15 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"svchost"=H:\WINDOWS\dir_32gi\svchost.exe [2005-12-15 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - H:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Programme\ICQ6.5\ICQ.exe"="H:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\Programme\Skype\Plugin Manager\skypePM.exe"="H:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"H:\Programme\Steam\steamapps\halfpeter413\counter-strike source\hl2.exe"="H:\Programme\Steam\steamapps\halfpeter413\counter-strike source\hl2.exe:*:Enabled:hl2"
"H:\WINDOWS\system32\dpvsetup.exe"="H:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"H:\WINDOWS\system32\rundll32.exe"="H:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen"
"H:\Programme\Activision\Call of Duty - World at War\CoDWaWmp.exe"="H:\Programme\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"H:\Programme\Activision\Call of Duty - World at War\CoDWaW.exe"="H:\Programme\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"H:\Programme\Warcraft III\Warcraft III.exe"="H:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"H:\Programme\Warcraft III\Frozen Throne.exe"="H:\Programme\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"H:\Programme\World of Warcraft\Launcher.exe"="H:\Programme\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"H:\Programme\RouterCom\winup.exe"="H:\Programme\RouterCom\winup.exe:*:Enabled:winup.exe"
"H:\Programme\Skype\Phone\Skype.exe"="H:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{468ccb47-f585-11de-9d3d-665544336040}]
shell\AutoRun\command - I:\MSA.EXE


======List of files/folders created in the last 1 months======

2010-01-06 19:54:01 ----D---- H:\rsit
2010-01-06 19:42:17 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Malwarebytes
2010-01-06 19:42:12 ----D---- H:\Programme\Malwarebytes' Anti-Malware
2010-01-06 19:42:12 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-06 19:23:15 ----D---- H:\Programme\CCleaner
2010-01-06 18:30:55 ----D---- H:\Programme\Trend Micro
2010-01-06 18:21:34 ----A---- H:\WINDOWS\system32\lsdelete.exe
2010-01-06 17:50:30 ----HDC---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-06 17:50:20 ----D---- H:\Programme\Lavasoft
2010-01-06 17:50:20 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2010-01-06 16:49:23 ----H---- H:\WINDOWS\hpvert.dll
2010-01-06 16:49:23 ----D---- H:\Programme\Accessories
2010-01-06 16:49:23 ----A---- H:\WINDOWS\ruto32.exe
2010-01-06 16:49:23 ----A---- H:\WINDOWS\refsdm.dll
2010-01-06 16:49:22 ----D---- H:\Programme\RouterCom
2010-01-06 01:06:07 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\vxblock.dll
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxwave.dll
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxsfs.dll
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxmas.dll
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxinsi64.exe
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxinsa64.exe
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxhpinst.exe
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxdrv.dll
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxcpyi64.exe
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxcpya64.exe
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\pxafs.dll
2010-01-05 22:28:50 ----N---- H:\WINDOWS\system32\px.dll
2010-01-05 22:28:35 ----D---- H:\Programme\Gemeinsame Dateien\DivX Shared
2010-01-05 22:28:35 ----D---- H:\Programme\DivX
2010-01-05 22:27:12 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard
2010-01-05 21:48:13 ----D---- H:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2010-01-05 21:43:26 ----D---- H:\Programme\World of Warcraft
2010-01-04 15:06:06 ----D---- H:\WINDOWS\Minidump
2010-01-04 11:02:03 ----D---- H:\WINDOWS\dir_32gi
2010-01-04 00:31:33 ----SD---- H:\Programme\HLSW
2010-01-04 00:31:33 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\HLSW
2010-01-04 00:06:05 ----D---- H:\Programme\LogMeIn Hamachi
2010-01-03 00:03:33 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\SoundSpectrum
2010-01-03 00:02:43 ----D---- H:\Programme\SoundSpectrum
2010-01-02 23:45:48 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\WinRAR
2010-01-02 23:45:35 ----D---- H:\Programme\WinRAR
2009-12-30 08:49:02 ----D---- H:\WINDOWS\wb
2009-12-30 07:02:28 ----A---- H:\WINDOWS\system32\XAudio2_1.dll
2009-12-30 07:02:28 ----A---- H:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-30 07:02:27 ----A---- H:\WINDOWS\system32\xactengine3_1.dll
2009-12-30 07:02:27 ----A---- H:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-30 07:02:27 ----A---- H:\WINDOWS\system32\d3dx10_38.dll
2009-12-30 07:02:27 ----A---- H:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-30 07:02:26 ----A---- H:\WINDOWS\system32\XAudio2_0.dll
2009-12-30 07:02:26 ----A---- H:\WINDOWS\system32\xactengine3_0.dll
2009-12-30 07:02:26 ----A---- H:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-30 07:02:26 ----A---- H:\WINDOWS\system32\D3DX9_38.dll
2009-12-30 07:02:25 ----A---- H:\WINDOWS\system32\xactengine2_10.dll
2009-12-30 07:02:25 ----A---- H:\WINDOWS\system32\D3DX9_37.dll
2009-12-30 07:02:25 ----A---- H:\WINDOWS\system32\d3dx10_37.dll
2009-12-30 07:02:25 ----A---- H:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-30 07:02:24 ----A---- H:\WINDOWS\system32\d3dx9_36.dll
2009-12-30 07:02:24 ----A---- H:\WINDOWS\system32\d3dx10_36.dll
2009-12-30 07:02:24 ----A---- H:\WINDOWS\system32\D3DCompiler_36.dll
2009-12-30 07:02:23 ----A---- H:\WINDOWS\system32\xactengine2_9.dll
2009-12-30 07:02:23 ----A---- H:\WINDOWS\system32\d3dx10_35.dll
2009-12-30 07:02:23 ----A---- H:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-30 07:02:22 ----A---- H:\WINDOWS\system32\xactengine2_8.dll
2009-12-30 07:02:22 ----A---- H:\WINDOWS\system32\X3DAudio1_2.dll
2009-12-30 07:02:22 ----A---- H:\WINDOWS\system32\d3dx9_35.dll
2009-12-30 07:02:22 ----A---- H:\WINDOWS\system32\d3dx10_34.dll
2009-12-30 07:02:21 ----A---- H:\WINDOWS\system32\d3dx9_34.dll
2009-12-30 07:02:21 ----A---- H:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-30 07:02:20 ----A---- H:\WINDOWS\system32\xactengine2_7.dll
2009-12-30 07:02:20 ----A---- H:\WINDOWS\system32\d3dx10_33.dll
2009-12-30 07:02:20 ----A---- H:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-30 07:02:18 ----A---- H:\WINDOWS\system32\xactengine2_6.dll
2009-12-30 07:02:18 ----A---- H:\WINDOWS\system32\xactengine2_5.dll
2009-12-30 07:02:18 ----A---- H:\WINDOWS\system32\d3dx9_33.dll
2009-12-30 07:02:17 ----A---- H:\WINDOWS\system32\d3dx9_32.dll
2009-12-30 07:02:07 ----D---- H:\WINDOWS\Logs
2009-12-30 06:56:47 ----D---- H:\Programme\Activision
2009-12-30 05:46:13 ----D---- H:\Programme\Wormux
2009-12-30 04:52:15 ----D---- H:\Programme\CRS-MegaDev
2009-12-29 23:01:35 ----D---- H:\Programme\MSXML 4.0
2009-12-29 21:03:31 ----SHD---- H:\RECYCLER
2009-12-29 18:50:52 ----HDC---- H:\WINDOWS\$NtUninstallKB970430$
2009-12-29 18:50:49 ----HDC---- H:\WINDOWS\$NtUninstallKB941569$
2009-12-29 18:50:39 ----HDC---- H:\WINDOWS\$NtUninstallKB929399$
2009-12-29 18:50:30 ----HDC---- H:\WINDOWS\$NtUninstallKB939683$
2009-12-29 18:50:14 ----HDC---- H:\WINDOWS\$NtUninstallKB971737$
2009-12-29 18:49:54 ----HDC---- H:\WINDOWS\$NtUninstallKB954154_WM11$
2009-12-29 18:23:26 ----D---- H:\Programme\Take2
2009-12-29 18:08:15 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DrivingSpeed2
2009-12-29 18:01:18 ----A---- H:\WINDOWS\system32\xinput1_3.dll
2009-12-29 18:01:18 ----A---- H:\WINDOWS\system32\xactengine2_4.dll
2009-12-29 18:01:18 ----A---- H:\WINDOWS\system32\x3daudio1_1.dll
2009-12-29 18:01:18 ----A---- H:\WINDOWS\system32\d3dx9_31.dll
2009-12-29 18:01:17 ----A---- H:\WINDOWS\system32\xinput1_2.dll
2009-12-29 18:01:17 ----A---- H:\WINDOWS\system32\xinput1_1.dll
2009-12-29 18:01:17 ----A---- H:\WINDOWS\system32\xactengine2_3.dll
2009-12-29 18:01:17 ----A---- H:\WINDOWS\system32\xactengine2_2.dll
2009-12-29 18:01:16 ----A---- H:\WINDOWS\system32\xactengine2_1.dll
2009-12-29 18:01:16 ----A---- H:\WINDOWS\system32\d3dx9_30.dll
2009-12-29 18:01:15 ----A---- H:\WINDOWS\system32\xactengine2_0.dll
2009-12-29 18:01:15 ----A---- H:\WINDOWS\system32\x3daudio1_0.dll
2009-12-29 18:01:15 ----A---- H:\WINDOWS\system32\d3dx9_29.dll
2009-12-29 18:01:15 ----A---- H:\WINDOWS\system32\d3dx9_28.dll
2009-12-29 18:01:14 ----A---- H:\WINDOWS\system32\xinput9_1_0.dll
2009-12-29 18:01:14 ----A---- H:\WINDOWS\system32\d3dx9_27.dll
2009-12-29 18:01:14 ----A---- H:\WINDOWS\system32\d3dx9_26.dll
2009-12-29 18:01:13 ----A---- H:\WINDOWS\system32\d3dx9_25.dll
2009-12-29 18:01:13 ----A---- H:\WINDOWS\system32\d3dx9_24.dll
2009-12-29 18:00:29 ----D---- H:\Programme\Smokin' Guns
2009-12-29 18:00:19 ----D---- H:\Programme\DrivingSpeed2
2009-12-29 17:58:55 ----D---- H:\Programme\c
2009-12-29 17:58:12 ----D---- H:\westwood
2009-12-29 17:57:52 ----D---- H:\Programme\cc
2009-12-29 17:57:07 ----D---- H:\minira2
2009-12-29 17:53:24 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Wormux
2009-12-29 17:49:47 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Armagetron
2009-12-29 17:49:44 ----D---- H:\Programme\Armagetron Advanced
2009-12-29 17:49:44 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Armagetron
2009-12-29 03:11:37 ----A---- H:\WINDOWS\War3Unin.exe
2009-12-29 03:08:56 ----D---- H:\Programme\Warcraft III
2009-12-29 02:28:52 ----N---- H:\WINDOWS\system32\spmsg.dll
2009-12-29 02:28:46 ----HDC---- H:\WINDOWS\$NtUninstallMSCompPackV1$
2009-12-29 02:28:28 ----D---- H:\Programme\Windows Media Connect 2
2009-12-29 02:28:20 ----HDC---- H:\WINDOWS\$NtUninstallwmp11$
2009-12-29 02:27:54 ----HDC---- H:\WINDOWS\$NtUninstallWMFDist11$
2009-12-29 02:27:40 ----D---- H:\WINDOWS\system32\LogFiles
2009-12-29 02:27:33 ----HDC---- H:\WINDOWS\$NtUninstallWudf01000$
2009-12-29 02:26:41 ----D---- H:\WINDOWS\ie8updates
2009-12-29 02:26:16 ----D---- H:\WINDOWS\WBEM
2009-12-29 02:25:14 ----HDC---- H:\WINDOWS\ie8
2009-12-29 02:09:22 ----D---- H:\Programme\bin32
2009-12-29 02:09:19 ----D---- H:\Programme\log
2009-12-29 02:08:56 ----A---- H:\WINDOWS\system32\nvunrm.exe
2009-12-28 23:13:49 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\skypePM
2009-12-28 23:13:26 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Macromedia
2009-12-28 23:13:24 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Adobe
2009-12-28 23:12:21 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\ICQ
2009-12-28 23:12:15 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Skype
2009-12-28 23:11:56 ----D---- H:\Programme\ICQ6.5
2009-12-28 23:11:24 ----D---- H:\Programme\Gemeinsame Dateien\Skype
2009-12-28 23:11:23 ----RD---- H:\Programme\Skype
2009-12-28 23:11:20 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
2009-12-28 21:17:44 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Thunderbird
2009-12-28 21:16:54 ----D---- H:\Programme\Mozilla Thunderbird
2009-12-28 21:16:40 ----D---- H:\Programme\Avira
2009-12-28 21:16:40 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2009-12-28 20:57:59 ----D---- H:\Programme\Steam
2009-12-28 20:56:43 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Mozilla
2009-12-28 20:56:24 ----D---- H:\Programme\Mozilla Firefox
2009-12-28 20:45:24 ----A---- H:\WINDOWS\system32\MRT.exe
2009-12-28 20:45:19 ----HDC---- H:\WINDOWS\$NtUninstallKB973904$
2009-12-28 20:45:15 ----HDC---- H:\WINDOWS\$NtUninstallKB955759$
2009-12-28 20:45:11 ----HDC---- H:\WINDOWS\$NtUninstallKB974392$
2009-12-28 20:45:08 ----HDC---- H:\WINDOWS\$NtUninstallKB974318$
2009-12-28 20:45:01 ----HDC---- H:\WINDOWS\$NtUninstallKB976325$
2009-12-28 20:44:58 ----HDC---- H:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-28 20:44:55 ----HDC---- H:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-28 20:44:52 ----HDC---- H:\WINDOWS\$NtUninstallKB973687$
2009-12-28 20:44:48 ----HDC---- H:\WINDOWS\$NtUninstallKB969947$
2009-12-28 20:44:44 ----HDC---- H:\WINDOWS\$NtUninstallKB975467$
2009-12-28 20:44:40 ----HDC---- H:\WINDOWS\$NtUninstallKB968389$
2009-12-28 20:44:37 ----HDC---- H:\WINDOWS\$NtUninstallKB969059$
2009-12-28 20:44:35 ----HDC---- H:\WINDOWS\$NtUninstallKB958869$
2009-12-28 20:44:30 ----HDC---- H:\WINDOWS\$NtUninstallKB971486$
2009-12-28 20:44:27 ----HDC---- H:\WINDOWS\$NtUninstallKB974112$
2009-12-28 20:44:23 ----HDC---- H:\WINDOWS\$NtUninstallKB974571$
2009-12-28 20:44:21 ----HDC---- H:\WINDOWS\$NtUninstallKB975025$
2009-12-28 20:44:18 ----HDC---- H:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-28 20:44:15 ----HDC---- H:\WINDOWS\$NtUninstallKB973525$
2009-12-28 20:44:12 ----HDC---- H:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-28 20:44:10 ----HDC---- H:\WINDOWS\$NtUninstallKB971961$
2009-12-28 20:44:07 ----HDC---- H:\WINDOWS\$NtUninstallKB956844$
2009-12-28 20:43:07 ----HDC---- H:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-28 20:43:04 ----HDC---- H:\WINDOWS\$NtUninstallKB971657$
2009-12-28 20:43:01 ----HDC---- H:\WINDOWS\$NtUninstallKB973815$
2009-12-28 20:42:57 ----HDC---- H:\WINDOWS\$NtUninstallKB960859$
2009-12-28 20:42:54 ----HDC---- H:\WINDOWS\$NtUninstallKB973507$
2009-12-28 20:42:51 ----HDC---- H:\WINDOWS\$NtUninstallKB973354$
2009-12-28 20:42:48 ----HDC---- H:\WINDOWS\$NtUninstallKB956744$
2009-12-28 20:42:45 ----HDC---- H:\WINDOWS\$NtUninstallKB973869$
2009-12-28 20:42:41 ----HDC---- H:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-28 20:42:38 ----HDC---- H:\WINDOWS\$NtUninstallKB971557$
2009-12-28 20:42:35 ----HDC---- H:\WINDOWS\$NtUninstallKB971633$
2009-12-28 20:42:31 ----HDC---- H:\WINDOWS\$NtUninstallKB970238$
2009-12-28 20:42:28 ----HDC---- H:\WINDOWS\$NtUninstallKB961501$
2009-12-28 20:42:24 ----HDC---- H:\WINDOWS\$NtUninstallKB959426$
2009-12-28 20:42:21 ----HDC---- H:\WINDOWS\$NtUninstallKB960803$
2009-12-28 20:42:17 ----HDC---- H:\WINDOWS\$NtUninstallKB952004$
2009-12-28 20:42:09 ----HDC---- H:\WINDOWS\$NtUninstallKB956572$
2009-12-28 20:42:05 ----HDC---- H:\WINDOWS\$NtUninstallKB923561$
2009-12-28 20:41:59 ----HDC---- H:\WINDOWS\$NtUninstallKB967715$
2009-12-28 20:41:56 ----HDC---- H:\WINDOWS\$NtUninstallKB960225$
2009-12-28 20:41:53 ----HDC---- H:\WINDOWS\$NtUninstallKB958687$
2009-12-28 20:41:49 ----HDC---- H:\WINDOWS\$NtUninstallKB956803$
2009-12-28 20:41:46 ----HDC---- H:\WINDOWS\$NtUninstallKB956802$
2009-12-28 20:41:43 ----HDC---- H:\WINDOWS\$NtUninstallKB957097$
2009-12-28 20:41:40 ----HDC---- H:\WINDOWS\$NtUninstallKB954459$
2009-12-28 20:41:36 ----HDC---- H:\WINDOWS\$NtUninstallKB955069$
2009-12-28 20:41:33 ----HDC---- H:\WINDOWS\$NtUninstallKB958644$
2009-12-28 20:41:30 ----HDC---- H:\WINDOWS\$NtUninstallKB952287$
2009-12-28 20:41:27 ----HDC---- H:\WINDOWS\$NtUninstallKB950974$
2009-12-28 20:41:24 ----HDC---- H:\WINDOWS\$NtUninstallKB952954$
2009-12-28 20:41:21 ----HDC---- H:\WINDOWS\$NtUninstallKB946648$
2009-12-28 20:41:18 ----HDC---- H:\WINDOWS\$NtUninstallKB951066$
2009-12-28 20:41:14 ----HDC---- H:\WINDOWS\$NtUninstallKB951748$
2009-12-28 20:41:11 ----HDC---- H:\WINDOWS\$NtUninstallKB951978$
2009-12-28 20:41:08 ----HDC---- H:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-28 20:41:03 ----HDC---- H:\WINDOWS\$NtUninstallKB950762$
2009-12-28 20:18:32 ----D---- H:\WINDOWS\Prefetch
2009-12-28 19:43:20 ----SH---- H:\boot.ini
2009-12-28 19:40:30 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-12-28 19:40:30 ----RSD---- H:\WINDOWS\Fonts
2009-12-28 19:40:30 ----RD---- H:\WINDOWS\Web
2009-12-28 19:40:30 ----HD---- H:\WINDOWS\system32
2009-12-28 19:40:30 ----HD---- H:\WINDOWS\inf
2009-12-28 19:40:30 ----D---- H:\WINDOWS\WinSxS
2009-12-28 19:40:30 ----D---- H:\WINDOWS\twain_32
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Temp
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\wins
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\wbem
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\usmt
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\spool
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\ShellExt
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\Setup
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\ras
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\oobe
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\npp
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\mui
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\inetsrv
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\IME
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\icsxml
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\ias
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\export
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\drivers
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\dhcp
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\config
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\3com_dmi
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\3076
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\2052
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1054
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1042
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1041
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1037
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1033
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1031
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1028
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system32\1025
2009-12-28 19:40:30 ----D---- H:\WINDOWS\system
2009-12-28 19:40:30 ----D---- H:\WINDOWS\security
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Resources
2009-12-28 19:40:30 ----D---- H:\WINDOWS\repair
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Provisioning
2009-12-28 19:40:30 ----D---- H:\WINDOWS\PeerNet
2009-12-28 19:40:30 ----D---- H:\WINDOWS\pchealth
2009-12-28 19:40:30 ----D---- H:\WINDOWS\mui
2009-12-28 19:40:30 ----D---- H:\WINDOWS\msapps
2009-12-28 19:40:30 ----D---- H:\WINDOWS\msagent
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Media
2009-12-28 19:40:30 ----D---- H:\WINDOWS\java
2009-12-28 19:40:30 ----D---- H:\WINDOWS\ime
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Help
2009-12-28 19:40:30 ----D---- H:\WINDOWS\ehome
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Driver Cache
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Debug
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Cursors
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Connection Wizard
2009-12-28 19:40:30 ----D---- H:\WINDOWS\Config
2009-12-28 19:40:30 ----D---- H:\WINDOWS\AppPatch
2009-12-28 19:40:30 ----D---- H:\WINDOWS\addins
2009-12-28 19:40:30 ----D---- H:\WINDOWS
2009-12-28 19:37:25 ----D---- H:\WINDOWS\system32\de-de
2009-12-28 19:37:24 ----D---- H:\WINDOWS\system32\de
2009-12-28 19:37:24 ----D---- H:\WINDOWS\system32\bits
2009-12-28 19:37:24 ----D---- H:\WINDOWS\l2schemas
2009-12-28 19:36:35 ----D---- H:\WINDOWS\ServicePackFiles
2009-12-28 19:35:14 ----D---- H:\WINDOWS\network diagnostic
2009-12-28 19:33:07 ----HDC---- H:\WINDOWS\$NtServicePackUninstall$
2009-12-28 19:27:44 ----D---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2009-12-28 19:27:31 ----D---- H:\WINDOWS\system32\PreInstall
2009-12-28 19:27:30 ----HDC---- H:\WINDOWS\$NtUninstallKB898461$
2009-12-28 19:27:30 ----HD---- H:\WINDOWS\$hf_mig$
2009-12-28 19:25:59 ----A---- H:\WINDOWS\system32\wups2.dll
2009-12-28 19:25:59 ----A---- H:\WINDOWS\system32\wucltui.dll.mui
2009-12-28 19:25:58 ----D---- H:\WINDOWS\system32\SoftwareDistribution
2009-12-28 19:25:58 ----A---- H:\WINDOWS\system32\wuaueng.dll.mui
2009-12-28 19:25:58 ----A---- H:\WINDOWS\system32\wuapi.dll.mui
2009-12-28 19:25:40 ----D---- H:\Programme\Razer
2009-12-28 19:25:10 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\InstallShield
2009-12-28 19:23:16 ----D---- H:\WINDOWS\system32\ReinstallBackups
2009-12-28 19:22:54 ----D---- H:\Programme\Microsoft IntelliType Pro
2009-12-28 19:22:28 ----D---- H:\Programme\MSXML 6.0
2009-12-28 19:22:11 ----HDC---- H:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-28 19:19:46 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-12-28 19:19:38 ----D---- H:\WINDOWS\system32\AGEIA
2009-12-28 19:19:38 ----D---- H:\Programme\AGEIA Technologies
2009-12-28 19:19:24 ----D---- H:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2009-12-28 19:18:55 ----D---- H:\WINDOWS\nview
2009-12-28 19:18:55 ----A---- H:\WINDOWS\system32\nvudisp.exe
2009-12-28 19:17:20 ----D---- H:\WINDOWS\system32\Lang
2009-12-28 19:15:33 ----A---- H:\WINDOWS\system32\ChCfg.exe
2009-12-28 19:15:13 ----D---- H:\WINDOWS\system32\RTCOM
2009-12-28 19:15:12 ----A---- H:\WINDOWS\system32\ksuser.dll
2009-12-28 19:14:47 ----A---- H:\WINDOWS\system32\spupdsvc.exe
2009-12-28 19:14:46 ----HDC---- H:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-12-28 19:14:43 ----A---- H:\WINDOWS\SoundMan.exe
2009-12-28 19:14:43 ----A---- H:\WINDOWS\SkyTel.exe
2009-12-28 19:14:43 ----A---- H:\WINDOWS\RtlUpd.exe
2009-12-28 19:14:43 ----A---- H:\WINDOWS\RTLCPL.exe
2009-12-28 19:14:42 ----D---- H:\Programme\Realtek
2009-12-28 19:14:42 ----A---- H:\WINDOWS\RTHDCPL.exe
2009-12-28 19:14:42 ----A---- H:\WINDOWS\MicCal.exe
2009-12-28 19:14:42 ----A---- H:\WINDOWS\alcwzrd.exe
2009-12-28 19:14:42 ----A---- H:\WINDOWS\Alcmtr.exe
2009-12-28 19:14:40 ----A---- H:\WINDOWS\RtlExUpd.dll
2009-12-28 19:14:40 ----A---- H:\WINDOWS\HideWin.exe
2009-12-28 19:14:38 ----D---- H:\Programme\Gemeinsame Dateien\InstallShield
2009-12-28 19:13:46 ----HD---- H:\Programme\InstallShield Installation Information
2009-12-28 19:13:45 ----D---- H:\Programme\profile
2009-12-28 19:13:23 ----A---- H:\WINDOWS\system32\nvusmu.exe
2009-12-28 19:13:21 ----A---- H:\WINDOWS\system32\nvusmb.exe
2009-12-28 19:13:18 ----A---- H:\WINDOWS\system32\NVUNINST.EXE
2009-12-28 18:59:37 ----D---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Identities
2009-12-28 18:59:36 ----HD---- H:\Programme\Uninstall Information
2009-12-28 18:59:26 ----SD---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\Microsoft
2009-12-28 18:59:26 ----ASH---- H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\desktop.ini
2009-12-28 18:58:44 ----D---- H:\WINDOWS\SoftwareDistribution
2009-12-28 18:58:42 ----SD---- H:\WINDOWS\system32\Microsoft
2009-12-28 18:58:42 ----N---- H:\WINDOWS\SchedLgU.Txt
2009-12-28 18:56:04 ----D---- H:\WINDOWS\system32\xircom
2009-12-28 18:56:04 ----D---- H:\Programme\xerox
2009-12-28 18:56:04 ----D---- H:\Programme\microsoft frontpage
2009-12-28 18:55:39 ----A---- H:\WINDOWS\control.ini
2009-12-28 18:55:28 ----A---- H:\WINDOWS\system32\mapi32.dll
2009-12-28 18:54:51 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-12-28 18:54:51 ----RD---- H:\WINDOWS\Offline Web Pages
2009-12-28 18:54:51 ----RAH---- H:\WINDOWS\system32\logonui.exe.manifest
2009-12-28 18:54:47 ----RAH---- H:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-28 18:54:44 ----HD---- H:\Programme\WindowsUpdate
2009-12-28 18:54:41 ----D---- H:\Programme\Online-Dienste
2009-12-28 18:54:28 ----D---- H:\WINDOWS\system32\DirectX
2009-12-28 18:54:13 ----A---- H:\WINDOWS\system32\atrace.dll
2009-12-28 18:54:09 ----A---- H:\WINDOWS\system32\desktop.ini
2009-12-28 18:54:09 ----A---- H:\WINDOWS\desktop.ini
2009-12-28 18:54:02 ----A---- H:\WINDOWS\system32\nmevtmsg.dll
2009-12-28 18:54:01 ----A---- H:\WINDOWS\system32\acctres.dll
2009-12-28 18:54:00 ----D---- H:\Programme\Gemeinsame Dateien\Dienste
2009-12-28 18:53:58 ----SD---- H:\WINDOWS\Tasks
2009-12-28 18:53:58 ----A---- H:\WINDOWS\system32\icfgnt5.dll
2009-12-28 18:53:57 ----D---- H:\Programme\Gemeinsame Dateien\MSSoap
2009-12-28 18:53:53 ----D---- H:\WINDOWS\srchasst
2009-12-28 18:53:52 ----D---- H:\WINDOWS\system32\Macromed
2009-12-28 18:53:49 ----A---- H:\WINDOWS\system32\wuweb.dll
2009-12-28 18:53:49 ----A---- H:\WINDOWS\system32\wups.dll
2009-12-28 18:53:49 ----A---- H:\WINDOWS\system32\wucltui.dll
2009-12-28 18:53:49 ----A---- H:\WINDOWS\system32\wuauserv.dll
2009-12-28 18:53:49 ----A---- H:\WINDOWS\system32\wuaueng1.dll
2009-12-28 18:53:49 ----A---- H:\WINDOWS\system32\wuaueng.dll
2009-12-28 18:53:48 ----A---- H:\WINDOWS\system32\wuauclt1.exe
2009-12-28 18:53:48 ----A---- H:\WINDOWS\system32\wuauclt.exe
2009-12-28 18:53:48 ----A---- H:\WINDOWS\system32\wuapi.dll
2009-12-28 18:53:48 ----A---- H:\WINDOWS\system32\qmgrprxy.dll
2009-12-28 18:53:48 ----A---- H:\WINDOWS\system32\qmgr.dll
2009-12-28 18:53:48 ----A---- H:\WINDOWS\system32\bitsprx3.dll
2009-12-28 18:53:48 ----A---- H:\WINDOWS\system32\bitsprx2.dll
2009-12-28 18:53:44 ----D---- H:\Programme\Movie Maker
2009-12-28 18:53:40 ----A---- H:\WINDOWS\system32\safrslv.dll
2009-12-28 18:53:40 ----A---- H:\WINDOWS\system32\safrdm.dll
2009-12-28 18:53:40 ----A---- H:\WINDOWS\system32\safrcdlg.dll
2009-12-28 18:53:40 ----A---- H:\WINDOWS\system32\racpldlg.dll
2009-12-28 18:53:37 ----A---- H:\WINDOWS\system32\fltlib.dll
2009-12-28 18:53:36 ----D---- H:\WINDOWS\system32\Restore
2009-12-28 18:53:36 ----A---- H:\WINDOWS\system32\srsvc.dll
2009-12-28 18:53:36 ----A---- H:\WINDOWS\system32\srrstr.dll
2009-12-28 18:53:36 ----A---- H:\WINDOWS\system32\srclient.dll
2009-12-28 18:53:36 ----A---- H:\WINDOWS\system32\fltmc.exe
2009-12-28 18:53:35 ----A---- H:\WINDOWS\system32\nmmkcert.dll
2009-12-28 18:53:35 ----A---- H:\WINDOWS\system32\msconf.dll
2009-12-28 18:53:35 ----A---- H:\WINDOWS\system32\mnmsrvc.exe
2009-12-28 18:53:35 ----A---- H:\WINDOWS\system32\mnmdd.dll
2009-12-28 18:53:35 ----A---- H:\WINDOWS\system32\isrdbg32.dll
2009-12-28 18:53:35 ----A---- H:\WINDOWS\system32\ils.dll
2009-12-28 18:53:32 ----D---- H:\Programme\NetMeeting
2009-12-28 18:53:32 ----A---- H:\WINDOWS\system32\msoert2.dll
2009-12-28 18:53:32 ----A---- H:\WINDOWS\system32\msoeacct.dll
2009-12-28 18:53:31 ----A---- H:\WINDOWS\system32\inetres.dll
2009-12-28 18:53:30 ----A---- H:\WINDOWS\system32\inetcomm.dll
2009-12-28 18:53:29 ----D---- H:\Programme\Outlook Express
2009-12-28 18:53:29 ----A---- H:\WINDOWS\system32\schedsvc.dll
2009-12-28 18:53:28 ----A---- H:\WINDOWS\system32\mstinit.exe
2009-12-28 18:53:28 ----A---- H:\WINDOWS\system32\mstask.dll
2009-12-28 18:53:28 ----A---- H:\WINDOWS\system32\isign32.dll
2009-12-28 18:53:28 ----A---- H:\WINDOWS\system32\inetcfg.dll
2009-12-28 18:53:28 ----A---- H:\WINDOWS\system32\icwphbk.dll
2009-12-28 18:53:28 ----A---- H:\WINDOWS\system32\icwdial.dll
2009-12-28 18:53:22 ----D---- H:\Programme\Gemeinsame Dateien\System
2009-12-28 18:53:20 ----D---- H:\Programme\Internet Explorer
2009-12-28 18:52:52 ----D---- H:\Programme\ComPlus Applications
2009-12-28 18:52:50 ----A---- H:\WINDOWS\vbaddin.ini
2009-12-28 18:52:50 ----A---- H:\WINDOWS\vb.ini
2009-12-28 18:52:46 ----D---- H:\WINDOWS\Registration
2009-12-28 18:52:39 ----D---- H:\Programme\Windows Media Player
2009-12-28 18:52:39 ----D---- H:\Programme\Online Services
2009-12-28 18:52:34 ----D---- H:\Programme\Messenger
2009-12-28 18:52:31 ----D---- H:\Programme\MSN Gaming Zone
2009-12-28 18:52:31 ----A---- H:\WINDOWS\system32\write.exe
2009-12-28 18:52:24 ----A---- H:\WINDOWS\system32\winchat.exe
2009-12-28 18:52:24 ----A---- H:\WINDOWS\system32\sndvol32.exe
2009-12-28 18:52:24 ----A---- H:\WINDOWS\system32\hticons.dll
2009-12-28 18:52:24 ----A---- H:\WINDOWS\system32\avwav.dll
2009-12-28 18:52:24 ----A---- H:\WINDOWS\system32\avtapi.dll
2009-12-28 18:52:24 ----A---- H:\WINDOWS\system32\avmeter.dll
2009-12-28 18:52:18 ----A---- H:\WINDOWS\system32\sol.exe
2009-12-28 18:52:18 ----A---- H:\WINDOWS\system32\getuname.dll
2009-12-28 18:52:18 ----A---- H:\WINDOWS\system32\charmap.exe
2009-12-28 18:52:18 ----A---- H:\WINDOWS\system32\calc.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\winmine.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\usrlogon.cmd
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\tsshutdn.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\tslabels.ini
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\tskill.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\tsdiscon.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\tscon.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\shadow.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\rwinsta.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\reset.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\regini.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\mshearts.exe
2009-12-28 18:52:17 ----A---- H:\WINDOWS\system32\freecell.exe
2009-12-28 18:52:16 ----A---- H:\WINDOWS\system32\rdpcfgex.dll
2009-12-28 18:52:16 ----A---- H:\WINDOWS\system32\qwinsta.exe
2009-12-28 18:52:16 ----A---- H:\WINDOWS\system32\qappsrv.exe
2009-12-28 18:52:16 ----A---- H:\WINDOWS\system32\msg.exe
2009-12-28 18:52:16 ----A---- H:\WINDOWS\system32\msdtcprf.ini
2009-12-28 18:52:16 ----A---- H:\WINDOWS\system32\logoff.exe
2009-12-28 18:52:16 ----A---- H:\WINDOWS\system32\cdmodem.dll
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\stclient.dll
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\mtxlegih.dll
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\mtxex.dll
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\mtxdm.dll
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\dcomcnfg.exe
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\comsnap.dll
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\comrepl.dll
2009-12-28 18:52:15 ----A---- H:\WINDOWS\system32\comaddin.dll
2009-12-28 18:52:11 ----A---- H:\WINDOWS\system32\wmimgmt.msc
2009-12-28 18:52:02 ----D---- H:\Programme\MSN
2009-12-28 18:52:01 ----A---- H:\WINDOWS\system32\sndrec32.exe
2009-12-28 18:52:01 ----A---- H:\WINDOWS\system32\accwiz.exe
2009-12-28 18:52:00 ----D---- H:\Programme\Windows NT
2009-12-28 18:52:00 ----A---- H:\WINDOWS\system32\mspaint.exe
2009-12-28 18:52:00 ----A---- H:\WINDOWS\system32\mplay32.exe
2009-12-28 18:52:00 ----A---- H:\WINDOWS\system32\hypertrm.dll
2009-12-28 18:51:59 ----A---- H:\WINDOWS\system32\tscfgwmi.dll
2009-12-28 18:51:59 ----A---- H:\WINDOWS\system32\spider.exe
2009-12-28 18:51:59 ----A---- H:\WINDOWS\system32\clipbrd.exe
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\tscupgrd.exe
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\sessmgr.exe
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\remotepg.dll
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\rdshost.exe
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\rdsaddin.exe
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\rdchost.dll
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\mstscax.dll
2009-12-28 18:51:58 ----A---- H:\WINDOWS\system32\mstsc.exe
2009-12-28 18:51:57 ----D---- H:\WINDOWS\system32\MsDtc
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\termsrv.dll
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\rdpwsx.dll
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\rdpsnd.dll
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\rdpclip.exe
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\qprocess.exe
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\msdtcuiu.dll
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\icaapi.dll
2009-12-28 18:51:57 ----A---- H:\WINDOWS\system32\cfgbkend.dll
2009-12-28 18:51:56 ----A---- H:\WINDOWS\system32\xolehlp.dll
2009-12-28 18:51:56 ----A---- H:\WINDOWS\system32\mtxoci.dll
2009-12-28 18:51:56 ----A---- H:\WINDOWS\system32\msdtctm.dll
2009-12-28 18:51:56 ----A---- H:\WINDOWS\system32\msdtcprx.dll
2009-12-28 18:51:56 ----A---- H:\WINDOWS\system32\msdtclog.dll
2009-12-28 18:51:56 ----A---- H:\WINDOWS\system32\msdtc.exe
2009-12-28 18:51:55 ----D---- H:\WINDOWS\system32\Com
2009-12-28 18:51:55 ----A---- H:\WINDOWS\system32\colbact.dll
2009-12-28 18:51:55 ----A---- H:\WINDOWS\system32\clbcatex.dll
2009-12-28 18:51:55 ----A---- H:\WINDOWS\system32\catsrvps.dll
2009-12-28 18:51:54 ----A---- H:\WINDOWS\system32\comsvcs.dll
2009-12-28 18:51:54 ----A---- H:\WINDOWS\system32\catsrvut.dll
2009-12-28 18:51:54 ----A---- H:\WINDOWS\system32\catsrv.dll
2009-12-28 18:51:53 ----A---- H:\WINDOWS\system32\comuid.dll
2009-12-28 18:51:53 ----A---- H:\WINDOWS\system32\clbcatq.dll
2009-12-28 18:51:48 ----A---- H:\WINDOWS\system32\servdeps.dll
2009-12-28 18:51:48 ----A---- H:\WINDOWS\system32\mmfutil.dll
2009-12-28 18:51:47 ----A---- H:\WINDOWS\system32\licwmi.dll
2009-12-28 18:51:47 ----A---- H:\WINDOWS\system32\cmprops.dll
2009-12-28 18:50:56 ----A---- H:\WINDOWS\system32\h323log.txt
2009-12-28 18:49:17 ----A---- H:\WINDOWS\system32\hidserv.dll
2009-12-28 18:47:32 ----A---- H:\WINDOWS\system32\usbui.dll
2009-12-28 18:46:37 ----SHD---- H:\WINDOWS\Installer
2009-12-28 18:46:37 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-12-28 18:46:36 ----D---- H:\Programme\Gemeinsame Dateien\ODBC
2009-12-28 18:46:36 ----A---- H:\WINDOWS\ODBCINST.INI
2009-12-28 18:46:33 ----D---- H:\Programme\Gemeinsame Dateien\SpeechEngines
2009-12-28 18:46:32 ----RD---- H:\Programme
2009-12-28 18:46:32 ----D---- H:\Programme\Gemeinsame Dateien\Microsoft Shared
2009-12-28 18:46:32 ----D---- H:\Programme\Gemeinsame Dateien
2009-12-28 18:46:30 ----RA---- H:\WINDOWS\system32\kbdtuq.dll
2009-12-28 18:46:30 ----RA---- H:\WINDOWS\system32\kbdtuf.dll
2009-12-28 18:46:30 ----RA---- H:\WINDOWS\system32\kbdazel.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbdycc.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbduzb.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbdur.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbdtat.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbdmon.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbdkyr.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbdkaz.dll
2009-12-28 18:46:28 ----RA---- H:\WINDOWS\system32\kbdaze.dll
2009-12-28 18:46:27 ----RA---- H:\WINDOWS\system32\kbdru1.dll
2009-12-28 18:46:27 ----RA---- H:\WINDOWS\system32\kbdru.dll
2009-12-28 18:46:27 ----RA---- H:\WINDOWS\system32\kbdbu.dll
2009-12-28 18:46:27 ----RA---- H:\WINDOWS\system32\kbdblr.dll
2009-12-28 18:46:26 ----RA---- H:\WINDOWS\system32\kbdhept.dll
2009-12-28 18:46:26 ----RA---- H:\WINDOWS\system32\kbdhela3.dll
2009-12-28 18:46:26 ----RA---- H:\WINDOWS\system32\kbdhela2.dll
2009-12-28 18:46:26 ----RA---- H:\WINDOWS\system32\kbdhe319.dll
2009-12-28 18:46:26 ----RA---- H:\WINDOWS\system32\kbdhe220.dll
2009-12-28 18:46:26 ----RA---- H:\WINDOWS\system32\kbdgkl.dll
2009-12-28 18:46:25 ----RA---- H:\WINDOWS\system32\kbdhe.dll
2009-12-28 18:46:24 ----RA---- H:\WINDOWS\system32\kbdlv1.dll
2009-12-28 18:46:24 ----RA---- H:\WINDOWS\system32\kbdlv.dll
2009-12-28 18:46:24 ----RA---- H:\WINDOWS\system32\kbdlt1.dll
2009-12-28 18:46:24 ----RA---- H:\WINDOWS\system32\kbdlt.dll
2009-12-28 18:46:24 ----RA---- H:\WINDOWS\system32\kbdest.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdycl.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdsl1.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdsl.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdro.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdpl1.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdpl.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdhu1.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdhu.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdcz2.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdcz1.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdcz.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\kbdcr.dll
2009-12-28 18:46:22 ----RA---- H:\WINDOWS\system32\KBDAL.DLL
2009-12-28 18:46:20 ----A---- H:\WINDOWS\system32\irclass.dll
2009-12-28 18:46:19 ----A---- H:\WINDOWS\system32\spxcoins.dll
2009-12-28 18:46:19 ----A---- H:\WINDOWS\system32\EqnClass.Dll
2009-12-28 18:46:19 ----A---- H:\WINDOWS\system32\dgsetup.dll
2009-12-28 18:46:19 ----A---- H:\WINDOWS\system32\dgrpsetu.dll
2009-12-28 18:46:17 ----N---- H:\WINDOWS\system32\CONFIG.TMP
2009-12-28 18:46:17 ----A---- H:\WINDOWS\TASKMAN.EXE
2009-12-28 18:46:16 ----A---- H:\WINDOWS\system32\batt.dll
2009-12-28 18:46:16 ----A---- H:\WINDOWS\notepad.exe
2009-12-28 18:46:15 ----A---- H:\WINDOWS\system32\storprop.dll
2009-12-28 18:46:08 ----ASH---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2009-12-28 18:44:50 ----RA---- H:\WINDOWS\SET8.tmp
2009-12-28 18:44:48 ----RA---- H:\WINDOWS\SET4.tmp
2009-12-28 18:44:47 ----RA---- H:\WINDOWS\SET3.tmp
2009-12-28 18:44:43 ----D---- H:\WINDOWS\system32\CatRoot2
2009-12-28 18:44:43 ----D---- H:\WINDOWS\system32\CatRoot
2009-12-28 18:44:37 ----SD---- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2009-12-28 18:44:20 ----SHD---- H:\System Volume Information
2009-12-28 18:44:20 ----D---- H:\Dokumente und Einstellungen

======List of files/folders modified in the last 1 months======

2009-12-29 02:28:33 ----A---- H:\WINDOWS\win.ini
2009-12-28 18:46:31 ----A---- H:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\H:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; H:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 BIOS;BIOS; \??\H:\WINDOWS\system32\drivers\BIOS.sys []
R1 kbdhid;Tastatur-HID-Treiber; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; H:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 avgntflt;avgntflt; H:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-25 56816]
R3 hamachi;Hamachi Network Interface; H:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-06 4755968]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\H:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Maus-HID-Treiber; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-02 6121856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-01-29 54016]
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; H:\WINDOWS\system32\drivers\nvhda32.sys [2007-12-11 30880]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-01-29 22016]
R3 nvsmu;nvsmu; H:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB-Massenspeichertreiber; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Salmosa03;Razer Salmosa USB Filter Driver; H:\WINDOWS\System32\Drivers\Salmosa.sys [2008-03-20 9344]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; H:\Programme\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; H:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); H:\Programme\bin32\nSvcAppFlt.exe [2008-01-29 598016]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; H:\Programme\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; H:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-01-06 1181328]
R2 nSvcIp;ForceWare IP service; H:\Programme\bin32\nSvcIp.exe [2008-01-29 163840]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2008-08-02 163908]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; H:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
Code:
info.txt logfile of random's system information tool 1.06 2010-01-06 19:54:16

======Uninstall list======

-->H:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Armagetron Advanced 0.2.8.2.1.gcc-->H:\Programme\Armagetron Advanced\uninst.exe
Avira AntiVir Personal - Free Antivirus-->H:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
Call of Duty(R) - World at War(TM)-->H:\Programme\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0407
CCleaner-->"H:\Programme\CCleaner\uninst.exe"
Counter-Strike: Source-->"H:\Programme\Steam\steam.exe" steam://uninstall/240
DivX Codec-->H:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->H:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->H:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->H:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->H:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driving Speed 2.0-->"H:\Programme\DrivingSpeed2\unins000.exe"
G-Force-->H:\Programme\SoundSpectrum\G-Force\Uninstall.exe
Hidden and Dangerous Deluxe-->"H:\Programme\Take2\Hidden and Dangerous Deluxe\Bin\IIUninst.exe" H:\Programme\Take2\Hidden and Dangerous Deluxe\Bin\install.log
High Definition Audio Driver Package - KB888111-->"H:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"H:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.2.1-->"H:\Programme\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"H:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"H:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"H:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ICQ6.5-->"H:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
LogMeIn Hamachi-->H:\WINDOWS\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
Malwarebytes' Anti-Malware-->"H:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
MegaTrainer XL V1.4.5.3-Beta-->"H:\Programme\CRS-MegaDev\MegaTrainer XL\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"H:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.7)-->H:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0)-->H:\Programme\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->H:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"H:\Programme\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0407 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA PhysX v8.08.01-->MsiExec.exe /X{699BAC7F-DC10-4709-97D8-45379301BBE7}
Razer Salmosa-->H:\Programme\InstallShield Installation Information\{E6DA58C0-4EC5-4F5E-B73E-2F22ED30ACFC}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RunDll32 H:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "H:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x7  -removeonly
ROCCAT GUI 1.10 (CS:S)-->H:\Programme\Steam\steamapps\halfpeter413\counter-strike source\roccatgui110css_uninst.exe
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"H:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"H:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"H:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"H:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"H:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"H:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"H:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"H:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->H:\WINDOWS\system32\MacroMed\Flash\genuinst.exe H:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sicherheitsupdate für Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"H:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"H:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"H:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"H:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"H:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"H:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"H:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"H:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"H:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"H:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"H:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"H:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"H:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"H:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"H:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"H:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"H:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"H:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"H:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"H:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"H:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"H:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"H:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371-v2)-->"H:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"H:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"H:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"H:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"H:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"H:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"H:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"H:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"H:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"H:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971961)-->"H:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"H:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"H:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"H:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"H:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"H:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"H:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"H:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"H:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"H:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"H:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"H:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB976325)-->"H:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Smokin' Guns 1.0-->"H:\Programme\Smokin' Guns\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Update für Windows Internet Explorer 8 (KB975364)-->"H:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"H:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"H:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"H:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"H:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"H:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"H:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"H:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Windows Internet Explorer 8-->"H:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"H:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"H:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"H:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->H:\Programme\WinRAR\uninstall.exe
World of Warcraft-->H:\Programme\Gemeinsame Dateien\Blizzard Entertainment\WORLD OF WARCRAFT\Uninstall.exe
Wormux-->H:\Programme\Wormux\uninstall.exe

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: HANNES-9BA597B1
Event Code: 15007
Message: Die von URL-Präfix "http://*:2869/" identifizierte Namespacereservierung wurde erfolgreich hinzugefügt.

Record Number: 5
Source Name: HTTP
Time Written: 20091228185443.000000+060
Event Type: Informationen
User:

Computer Name: HANNES-9BA597B1
Event Code: 6011
Message: Der NetBIOS-Name und DNS-Hostname dieses Computers wurden von MACHINENAME in HANNES-9BA597B1 geändert.

Record Number: 4
Source Name: EventLog
Time Written: 20091228185102.000000+060
Event Type: Informationen
User:

Computer Name: MACHINENAME
Event Code: 2
Message: Bei der Überprüfung, ob \Device\Serial0 ein serieller Anschluss ist, wurde ein FIFO-Baustein entdeckt. Es wird der FIFO-Baustein verwendet.

Record Number: 3
Source Name: Serial
Time Written: 20091228184437.000000+060
Event Type: Informationen
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.

Record Number: 2
Source Name: EventLog
Time Written: 20091228184427.000000+060
Event Type: Informationen
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20091228184427.000000+060
Event Type: Informationen
User:

=====Application event log=====

Computer Name: HANNES-9BA597B1
Event Code: 1001
Message: Die Leistungsindikatoren für den Dienst WmiApRpl (WmiApRpl) wurden entfernt. Die Daten
enthalten die neuen Werte der Registrierungseinträge Last Counter
und Last Help.

Record Number: 185
Source Name: LoadPerf
Time Written: 20091229031122.000000+060
Event Type: Informationen
User:

Computer Name: HANNES-9BA597B1
Event Code: 8
Message: Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Record Number: 184
Source Name: crypt32
Time Written: 20091229030757.000000+060
Event Type: Fehler
User:

Computer Name: HANNES-9BA597B1
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 183
Source Name: Avira AntiVir
Time Written: 20091229030727.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: HANNES-9BA597B1
Event Code: 1800
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.

Record Number: 182
Source Name: SecurityCenter
Time Written: 20091229030721.000000+060
Event Type: Informationen
User:

Computer Name: HANNES-9BA597B1
Event Code: 2004
Message: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Record Number: 181
Source Name: PerfNet
Time Written: 20091229030702.000000+060
Event Type: Fehler
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Programme\Gemeinsame Dateien\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Pogohannes 06.01.2010 20:22
hier noch der berricht von malwarebytes


Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3502
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.01.2010 20:16:29
mbam-log-2010-01-06 (20-16-29).txt

Scan-Methode: Vollständiger Scan (A:\|C:\|D:\|E:\|F:\|H:\|)
Durchsuchte Objekte: 187510
Laufzeit: 31 minute(s), 59 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{i0l86vhg-v87o-17n1-m853-81cgtrruip6w} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\current (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\local (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
H:\WINDOWS\dir_32gi\svchost.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\svchost.exe (Trojan.Delf) -> Quarantined and deleted successfully.
H:\Dokumente und Einstellungen\Hannes\Anwendungsdaten\addons.dat (Bifrose.Trace) -> Quarantined and deleted successfully.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19