Trojaner-Board - Desktop Security 2010 installiert sich immer wieder neu

RSIT-log 1/3

Code:

Logfile of random's system information tool 1.07 (written by random/random)

Run by *** at 2010-05-09 17:11:26

Microsoft Windows XP Professional Service Pack 3

System drive C: has 6 GB (41%) free of 15 GB

Total RAM: 1023 MB (56% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:11:28, on 09.05.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\WINDOWS\system32\RunDll32.exe

H:\iTunes\itunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\Programme\Windows Desktop Search\WindowsSearch.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Programme\Bonjour\mDNSResponder.exe

C:\Programme\Avira\AntiVir Desktop\avshadow.exe

C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programme\iPod\bin\iPodService.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Dokumente und Einstellungen\***\Desktop\blubb\CCleaner.exe

C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe

C:\Programme\trend micro\***.exe
 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "H:\iTunes\itunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Dokumente und Einstellungen\***\Desktop\blubb\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTime] c:\programme\quicktime\qtsystem\corevideo.resources\en.lproj\quicktimequicktimeresources.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [0qeknturvls7] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\m.29.tmp.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ\ICQ7.1\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ\ICQ7.1\ICQ.exe

O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271965339750

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
 

--

End of file - 7904 bytes
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

"OSSelectorReinstall"=C:\Programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-09 2224104]

"Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

""= []

"StartCCC"=C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 61440]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888]

"iTunesHelper"=H:\iTunes\itunes\iTunesHelper.exe [2010-04-28 142120]

"Malwarebytes Anti-Malware (reboot)"=C:\Dokumente und Einstellungen\***\Desktop\blubb\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []

""= []
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"0qeknturvls7"=C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\m.29.tmp.exe [2010-05-06 2942976]

2/3

Code:

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart

Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

Windows Search.lnk - C:\Programme\Windows Desktop Search\WindowsSearch.exe
 

C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart

Adobe Gamma.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\ICQ\ICQ7.1\ICQ.exe"="C:\Programme\ICQ\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"

"C:\Programme\ICQ\ICQ7.1\aolload.exe"="C:\Programme\ICQ\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"

"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour""

"H:\iTunes\itunes\iTunes.exe"="H:\iTunes\itunes\iTunes.exe:*:Enabled:iTunes"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Programme\ICQ\ICQ7.1\ICQ.exe"="C:\Programme\ICQ\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"

"C:\Programme\ICQ\ICQ7.1\aolload.exe"="C:\Programme\ICQ\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
 

======List of files/folders created in the last 1 months======
 

2010-05-09 17:05:40 ----D---- C:\Programme\trend micro

2010-05-09 17:05:39 ----D---- C:\rsit

2010-05-06 23:41:57 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes

2010-05-06 23:41:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-05-06 16:49:02 ----D---- C:\WINDOWS\system32\NtmsData

2010-05-04 13:56:54 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM

2010-05-01 04:28:22 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Media Player Classic

2010-04-29 15:51:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm

2010-04-29 15:08:10 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer

2010-04-29 15:07:56 ----A---- C:\WINDOWS\system32\GEARAspi.dll

2010-04-29 15:07:15 ----D---- C:\Programme\iPod

2010-04-29 15:07:09 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-29 15:06:12 ----D---- C:\Programme\QuickTime

2010-04-29 15:06:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer

2010-04-29 15:05:31 ----SHD---- C:\Config.Msi

2010-04-29 15:04:56 ----D---- C:\Programme\Apple Software Update

2010-04-29 15:03:03 ----A---- C:\WINDOWS\system32\usbaaplrc.dll

2010-04-29 15:02:31 ----D---- C:\Programme\Bonjour

2010-04-29 14:46:09 ----D---- C:\WINDOWS\system32\appmgmt

2010-04-29 14:42:23 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ

2010-04-29 14:41:24 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search

2010-04-29 14:40:40 ----D---- C:\Programme\ICQ

2010-04-29 14:39:10 ----DC---- C:\WINDOWS\system32\DRVSTORE

2010-04-29 14:38:56 ----D---- C:\Programme\Gemeinsame Dateien\Apple

2010-04-29 14:38:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple

2010-04-29 14:23:27 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2010-04-29 14:23:27 ----A---- C:\WINDOWS\system32\mucltui.dll

2010-04-22 22:30:05 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia

2010-04-22 22:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-04-22 22:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2010-04-22 22:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2010-04-22 22:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2010-04-22 22:19:19 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2010-04-22 22:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$

2010-04-22 22:12:23 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

2010-04-22 22:08:36 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ATI

2010-04-22 22:08:36 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI

2010-04-22 22:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$

2010-04-22 21:59:47 ----D---- C:\WINDOWS\ie8updates

2010-04-22 21:59:01 ----SH---- C:\boot.ini

2010-04-22 21:57:31 ----HDC---- C:\WINDOWS\ie8

2010-04-22 21:52:42 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-04-22 21:52:42 ----RSD---- C:\WINDOWS\Fonts

2010-04-22 21:52:42 ----RD---- C:\WINDOWS\Web

2010-04-22 21:52:42 ----HD---- C:\WINDOWS\inf

2010-04-22 21:52:42 ----D---- C:\WINDOWS\WinSxS

2010-04-22 21:52:42 ----D---- C:\WINDOWS\twain_32

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Temp

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\wins

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\wbem

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\usmt

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\spool

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\ShellExt

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\Setup

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\ras

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\oobe

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\npp

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\mui

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\inetsrv

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\IME

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\icsxml

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\ias

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\export

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\drivers

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\dhcp

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\de-de

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\de

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\config

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\3com_dmi

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\3076

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\2052

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1054

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1042

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1041

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1037

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1033

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1031

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1028

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32\1025

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system32

2010-04-22 21:52:42 ----D---- C:\WINDOWS\system

2010-04-22 21:52:42 ----D---- C:\WINDOWS\security

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Resources

2010-04-22 21:52:42 ----D---- C:\WINDOWS\repair

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Provisioning

2010-04-22 21:52:42 ----D---- C:\WINDOWS\PeerNet

2010-04-22 21:52:42 ----D---- C:\WINDOWS\pchealth

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Network Diagnostic

2010-04-22 21:52:42 ----D---- C:\WINDOWS\mui

2010-04-22 21:52:42 ----D---- C:\WINDOWS\msapps

2010-04-22 21:52:42 ----D---- C:\WINDOWS\msagent

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Media

2010-04-22 21:52:42 ----D---- C:\WINDOWS\L2Schemas

2010-04-22 21:52:42 ----D---- C:\WINDOWS\java

2010-04-22 21:52:42 ----D---- C:\WINDOWS\ime

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Help

2010-04-22 21:52:42 ----D---- C:\WINDOWS\ehome

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Driver Cache

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Debug

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Cursors

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Connection Wizard

2010-04-22 21:52:42 ----D---- C:\WINDOWS\Config

2010-04-22 21:52:42 ----D---- C:\WINDOWS\AppPatch

2010-04-22 21:52:42 ----D---- C:\WINDOWS\addins

2010-04-22 21:52:42 ----D---- C:\WINDOWS

2010-04-22 21:50:24 ----D---- C:\WINDOWS\system32\XPSViewer

2010-04-22 21:50:21 ----D---- C:\Programme\MSBuild

2010-04-22 21:50:19 ----D---- C:\WINDOWS\system32\en-US

2010-04-22 21:50:14 ----D---- C:\Programme\Reference Assemblies

2010-04-22 21:49:44 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2010-04-22 21:49:44 ----N---- C:\WINDOWS\system32\prntvpt.dll

2010-04-22 21:49:43 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2010-04-22 21:49:02 ----RSD---- C:\WINDOWS\assembly

2010-04-22 21:48:25 ----D---- C:\WINDOWS\Microsoft.NET

2010-04-22 21:46:16 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search

2010-04-22 21:45:50 ----D---- C:\WINDOWS\system32\GroupPolicy

2010-04-22 21:45:50 ----D---- C:\Programme\Windows Desktop Search

2010-04-22 21:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-04-22 21:45:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-04-22 21:44:32 ----N---- C:\WINDOWS\system32\spmsg.dll

2010-04-22 21:44:29 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2010-04-22 21:44:03 ----D---- C:\Programme\Windows Media Connect 2

2010-04-22 21:43:41 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2010-04-22 21:42:48 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2010-04-22 21:42:27 ----D---- C:\WINDOWS\system32\LogFiles

2010-04-22 21:42:22 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2010-04-22 21:41:39 ----A---- C:\WINDOWS\system32\ksuser.dll

2010-04-22 21:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2010-04-22 21:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2010-04-22 21:33:05 ----D---- C:\WINDOWS\ie7updates

2010-04-22 21:32:26 ----D---- C:\WINDOWS\WBEM

2010-04-22 21:30:31 ----HDC---- C:\WINDOWS\ie7

2010-04-22 21:30:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$

2010-04-22 21:29:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$

2010-04-22 21:27:16 ----N---- C:\WINDOWS\system32\ati2sgag.exe

2010-04-22 21:26:00 ----D---- C:\WINDOWS\system32\ReinstallBackups

2010-04-22 21:25:49 ----D---- C:\Programme\ATI Technologies

2010-04-22 21:25:48 ----HD---- C:\Programme\InstallShield Installation Information

2010-04-22 21:25:33 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield

2010-04-22 21:25:16 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage

2010-04-22 21:25:07 ----D---- C:\ATI

2010-04-22 21:08:18 ----A---- C:\WINDOWS\system32\h323log.txt

2010-04-22 21:06:06 ----A---- C:\WINDOWS\system32\hidserv.dll

2010-04-22 21:05:07 ----A---- C:\WINDOWS\system32\ativvaxx.dll

2010-04-22 21:05:07 ----A---- C:\WINDOWS\system32\ati3duag.dll

2010-04-22 21:05:06 ----A---- C:\WINDOWS\system32\ati3d1ag.dll

2010-04-22 21:05:06 ----A---- C:\WINDOWS\system32\ati2dvag.dll

2010-04-22 21:05:06 ----A---- C:\WINDOWS\system32\ati2cqag.dll

2010-04-22 21:04:40 ----A---- C:\WINDOWS\system32\usbui.dll

2010-04-22 21:03:21 ----SHD---- C:\WINDOWS\Installer

2010-04-22 21:03:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-04-22 21:03:20 ----D---- C:\Programme\Gemeinsame Dateien\ODBC

2010-04-22 21:03:20 ----A---- C:\WINDOWS\ODBCINST.INI

2010-04-22 21:03:17 ----D---- C:\Programme\Gemeinsame Dateien\SpeechEngines

2010-04-22 21:03:16 ----RD---- C:\Programme

2010-04-22 21:03:16 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared

2010-04-22 21:03:16 ----D---- C:\Programme\Gemeinsame Dateien

2010-04-22 21:03:13 ----RA---- C:\WINDOWS\system32\kbdtuq.dll

2010-04-22 21:03:13 ----RA---- C:\WINDOWS\system32\kbdtuf.dll

2010-04-22 21:03:13 ----RA---- C:\WINDOWS\system32\kbdazel.dll

2010-04-22 21:03:12 ----RA---- C:\WINDOWS\system32\kbdtat.dll

2010-04-22 21:03:12 ----RA---- C:\WINDOWS\system32\kbdmon.dll

2010-04-22 21:03:12 ----RA---- C:\WINDOWS\system32\kbdkyr.dll

2010-04-22 21:03:12 ----RA---- C:\WINDOWS\system32\kbdaze.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbdycc.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbduzb.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbdur.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbdru1.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbdru.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbdkaz.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbdbu.dll

2010-04-22 21:03:11 ----RA---- C:\WINDOWS\system32\kbdblr.dll

2010-04-22 21:03:10 ----RA---- C:\WINDOWS\system32\kbdhept.dll

2010-04-22 21:03:10 ----RA---- C:\WINDOWS\system32\kbdhela3.dll

2010-04-22 21:03:10 ----RA---- C:\WINDOWS\system32\kbdhela2.dll

2010-04-22 21:03:10 ----RA---- C:\WINDOWS\system32\kbdhe319.dll

2010-04-22 21:03:10 ----RA---- C:\WINDOWS\system32\kbdhe220.dll

2010-04-22 21:03:10 ----RA---- C:\WINDOWS\system32\kbdhe.dll

2010-04-22 21:03:10 ----RA---- C:\WINDOWS\system32\kbdgkl.dll

2010-04-22 21:03:09 ----RA---- C:\WINDOWS\system32\kbdlv1.dll

2010-04-22 21:03:09 ----RA---- C:\WINDOWS\system32\kbdlv.dll

2010-04-22 21:03:09 ----RA---- C:\WINDOWS\system32\kbdlt1.dll

2010-04-22 21:03:09 ----RA---- C:\WINDOWS\system32\kbdlt.dll

2010-04-22 21:03:09 ----RA---- C:\WINDOWS\system32\kbdest.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdsl1.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdsl.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdro.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdpl1.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdpl.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdhu1.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdhu.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdcz2.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdcz1.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdcz.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\kbdcr.dll

2010-04-22 21:03:08 ----RA---- C:\WINDOWS\system32\KBDAL.DLL

2010-04-22 21:03:07 ----RA---- C:\WINDOWS\system32\kbdycl.dll

2010-04-22 21:03:05 ----A---- C:\WINDOWS\system32\spxcoins.dll

2010-04-22 21:03:05 ----A---- C:\WINDOWS\system32\irclass.dll

2010-04-22 21:03:05 ----A---- C:\WINDOWS\system32\EqnClass.Dll

2010-04-22 21:03:05 ----A---- C:\WINDOWS\system32\dgsetup.dll

2010-04-22 21:03:05 ----A---- C:\WINDOWS\system32\dgrpsetu.dll

2010-04-22 21:03:03 ----N---- C:\WINDOWS\system32\CONFIG.TMP

2010-04-22 21:03:03 ----A---- C:\WINDOWS\TASKMAN.EXE

2010-04-22 21:03:03 ----A---- C:\WINDOWS\system32\batt.dll

2010-04-22 21:03:02 ----A---- C:\WINDOWS\system32\storprop.dll

2010-04-22 21:03:02 ----A---- C:\WINDOWS\NOTEPAD.EXE

2010-04-22 21:02:52 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini

2010-04-22 21:02:49 ----RA---- C:\WINDOWS\SET8.tmp

2010-04-22 21:02:46 ----RA---- C:\WINDOWS\SET4.tmp

2010-04-22 21:02:45 ----RA---- C:\WINDOWS\SET3.tmp

2010-04-22 21:02:39 ----D---- C:\WINDOWS\system32\CatRoot2

2010-04-22 21:02:39 ----D---- C:\WINDOWS\system32\CatRoot

2010-04-22 21:02:33 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft

2010-04-22 21:02:11 ----D---- C:\Dokumente und Einstellungen

2010-04-22 21:02:10 ----SHD---- C:\System Volume Information

2010-04-22 21:00:59 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe Systems