[code] OTScanIt logfile created on: 17.05.2008 14:19:22 OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\oscan\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1006,80 Mb Total Physical Memory | 465,80 Mb Available Physical Memory | 46,27% Memory free 2,37 Gb Paging File | 1,98 Gb Available in Paging File | 83,60% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 53,88 Gb Total Space | 4,20 Gb Free Space | 7,79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LP-majaendres Current User Name: majaendres Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] brss01a.exe -> %SystemRoot%\system32\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 12.12.2001 16:01:00 | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28.02.2006 12:42:38 | Attr = ] cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 16.06.2004 16:44:06 | Attr = ] fpavserver.exe -> %ProgramFiles%\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -> FRISK Software [Ver = 1, 0, 33, 1 | Size = 18528 bytes | Modified Date = 15.02.2007 11:42:40 | Attr = ] tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.EXE -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 13.04.2004 12:15:18 | Attr = ] 00thotkey.exe -> %SystemRoot%\system32\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 253952 bytes | Modified Date = 11.08.2004 11:38:30 | Attr = ] stacmon.exe -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 03.08.2003 16:01:14 | Attr = ] apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 30.10.2003 16:46:18 | Attr = ] agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 20.02.2004 15:00:28 | Attr = ] tfnf5.exe -> %SystemRoot%\system32\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 6, 0, 0 | Size = 73728 bytes | Modified Date = 02.12.2003 14:15:46 | Attr = ] smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 118784 bytes | Modified Date = 30.03.2004 14:01:48 | Attr = ] tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 266240 bytes | Modified Date = 28.06.2004 11:56:20 | Attr = ] tmerzctl.exe -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 15 | Size = 86016 bytes | Modified Date = 19.08.2004 17:02:16 | Attr = ] tmeejme.exe -> %ProgramFiles%\Toshiba\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 19 | Size = 77824 bytes | Modified Date = 05.03.2004 15:15:56 | Attr = ] tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.03.01 | Size = 102400 bytes | Modified Date = 11.03.2004 12:37:32 | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 40960 bytes | Modified Date = 28.06.2004 11:56:04 | Attr = ] ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 57 | Size = 892928 bytes | Modified Date = 13.07.2004 21:51:04 | Attr = ] tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 20.07.2004 01:04:00 | Attr = ] openvpn-gui.exe -> %ProgramFiles%\OpenVPN\bin\openvpn-gui.exe -> [Ver = | Size = 99328 bytes | Modified Date = 18.08.2005 10:55:00 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22.02.2008 05:25:21 | Attr = ] apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 26.02.2003 11:08:42 | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1143 | Size = 81920 bytes | Modified Date = 14.06.2004 17:18:22 | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4497 | Size = 77824 bytes | Modified Date = 29.10.2007 14:19:10 | Attr = ] touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 122880 bytes | Modified Date = 11.03.2003 15:03:28 | Attr = ] fprottray.exe -> %ProgramFiles%\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe -> FRISK Software [Ver = 1.0.0.21 | Size = 1335928 bytes | Modified Date = 24.04.2007 15:16:04 | Attr = ] toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 15.09.2003 16:04:04 | Attr = ] hardcopy.exe -> %ProgramFiles%\Hardcopy\hardcopy.exe -> sw4you, Siegfried Weckmann [Ver = 16.1.04 | Size = 1232896 bytes | Modified Date = 27.07.2006 15:58:18 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 20.04.2008 22:06:08 | Attr = ] acrord32.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 341616 bytes | Modified Date = 11.05.2007 04:06:38 | Attr = ] otscanit.exe -> %SystemDrive%\oscan\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09.05.2008 21:51:12 | Attr = ] [Win32 Services - Non-Microsoft Only] (AVP) Kaspersky Anti-Virus 7.0 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> File not found (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28.02.2006 12:42:38 | Attr = ] (Brother XP spl Service) BrSplService [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 11.04.2002 16:00:00 | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 16.06.2004 16:44:06 | Attr = ] (dmadmin) Verwaltungsdienst für die Verwaltung logischer Datenträger [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 225280 bytes | Modified Date = 14.04.2008 07:52:44 | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.04.010 | Size = 658432 bytes | Modified Date = 08.11.2007 23:59:11 | Attr = ] (FPAVServer) F-PROT Antivirus for Windows system [Win32_Own | Auto | Running] -> %ProgramFiles%\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe -> FRISK Software [Ver = 1, 0, 33, 1 | Size = 18528 bytes | Modified Date = 15.02.2007 11:42:40 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (iPod Service) iPod Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30.10.2006 10:36:32 | Attr = ] (OpenVPNService) OpenVPN Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\OpenVPN\bin\openvpnserv.exe -> [Ver = | Size = 16384 bytes | Modified Date = 05.04.2006 10:14:04 | Attr = ] (Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.EXE -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 13.04.2004 12:15:18 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 000StTHK -> %SystemRoot%\system32\000StTHK.exe [000StTHK.exe] -> [Ver = | Size = 24576 bytes | Modified Date = 23.06.2001 20:28:06 | Attr = ] 00THotkey -> %SystemRoot%\system32\00THotkey.exe [C:\WINDOWS\system32\00THotkey.exe] -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 253952 bytes | Modified Date = 11.08.2004 11:38:30 | Attr = ] AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 20.02.2004 15:00:28 | Attr = ] Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe [C:\Programme\Apoint2K\Apoint.exe] -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 30.10.2003 16:46:18 | Attr = ] dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 20.07.2004 01:04:00 | Attr = ] F-PROT Antivirus Tray application -> %ProgramFiles%\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [C:\Programme\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe] -> FRISK Software [Ver = 1.0.0.21 | Size = 1335928 bytes | Modified Date = 24.04.2007 15:16:04 | Attr = ] igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4497 | Size = 77824 bytes | Modified Date = 29.10.2007 14:19:10 | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1143 | Size = 221184 bytes | Modified Date = 14.06.2004 17:18:48 | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1143 | Size = 81920 bytes | Modified Date = 14.06.2004 17:18:22 | Attr = ] NDSTray.exe -> [NDSTray.exe] -> File not found openvpn-gui -> %ProgramFiles%\OpenVPN\bin\openvpn-gui.exe [C:\Programme\OpenVPN\bin\openvpn-gui.exe] -> [Ver = | Size = 99328 bytes | Modified Date = 18.08.2005 10:55:00 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Programme\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25.10.2006 19:58:18 | Attr = ] SigmaTel StacMon -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe [C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe] -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 03.08.2003 16:01:14 | Attr = ] SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe [C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 118784 bytes | Modified Date = 30.03.2004 14:01:48 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22.02.2008 05:25:21 | Attr = ] TFncKy -> [TFncKy.exe] -> File not found TFNF5 -> %SystemRoot%\system32\TFNF5.exe [TFNF5.exe] -> TOSHIBA Corp. [Ver = 2, 6, 0, 0 | Size = 73728 bytes | Modified Date = 02.12.2003 14:15:46 | Attr = ] TMERzCtl.EXE -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe [C:\Programme\TOSHIBA\TME3\TMERzCtl.EXE /Service] -> TOSHIBA [Ver = 1, 0, 2, 15 | Size = 86016 bytes | Modified Date = 19.08.2004 17:02:16 | Attr = ] TMESRV.EXE -> %ProgramFiles%\Toshiba\TME3\TMESRV31.EXE [C:\Programme\TOSHIBA\TME3\TMESRV31.EXE /Logon] -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 13.04.2004 12:15:18 | Attr = ] TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe [C:\Programme\TOSHIBA\TouchED\TouchED.Exe] -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 122880 bytes | Modified Date = 11.03.2003 15:03:28 | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 266240 bytes | Modified Date = 28.06.2004 11:56:20 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe ["C:\Programme\DAEMON Tools\daemon.exe" -lang 1033] -> DT Soft Ltd. [Ver = 4.10.0.0 | Size = 171464 bytes | Modified Date = 18.09.2007 16:16:16 | Attr = ] TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe [C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 15.09.2003 16:04:04 | Attr = ] < All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> < majaendres Startup Folder > -> C:\Dokumente und Einstellungen\majaendres\Startmenü\Programme\Autostart -> %UserProfile%\Startmenü\Programme\Autostart\Hardcopy.LNK -> %ProgramFiles%\Hardcopy\hardcopy.exe -> sw4you, Siegfried Weckmann [Ver = 16.1.04 | Size = 1232896 bytes | Modified Date = 27.07.2006 15:58:18 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4497 | Size = 139264 bytes | Modified Date = 29.10.2007 14:19:11 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM-Laufwerktreiber -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 14.04.2008 00:10:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTOSHIBA_DVD-ROM_SD-R2512________________1320____\34594a3430343737393120202020202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_GS3115N&Prod_KWD359T&Rev_1.0\5&36e5972&0&000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_GS3115N&Prod_KWD359T&Rev_1.0\5&36e5972&0&010 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 27.09.2004 09:57:41 | Attr = ] < HOSTS File > (820 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.tonic.to/renewal.htm?7F40A686;;; -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> sapsm.dr-lauterbach.de;*.local; -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> de21_die-staemme.de [http] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23.10.2006 00:08:42 | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 20.07.2004 01:04:00 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2BC10DC8-66F6-4B6E-85B3-3966F3A439FB} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\Ecoach.dll [Ecoach] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] {E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6039 | Size = 172280 bytes | Modified Date = 21.11.2007 02:47:27 | Attr = ] {f8e553c6-4c00-11d3-80bc-00105a653379}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [NetPhone Wählhilfe] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6039 | Size = 172280 bytes | Modified Date = 21.11.2007 02:47:27 | Attr = ] CmdMapping\\{f8e553c6-4c00-11d3-80bc-00105a653379} [HKEY_LOCAL_MACHINE] -> [NetPhone Wählhilfe] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Markierte Rufnummer wählen -> %ProgramFiles%\NetPhone Client\IEDial.htm -> [Ver = | Size = 959 bytes | Modified Date = 16.03.2004 18:11:02 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7DC5BF73-4738-4CC3-AE30-4E7FE958148D} -> () -> {A8C5E4A9-1B62-4FC5-866F-8C32259BB516} -> (Intel(R) PRO/100 VE Network Connection) -> {C345D067-E597-4177-9BF3-D62265A316CE} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [Proxifier NSP] -> %SystemRoot%\system32\PrxerNsp.dll -> [Ver = 2, 60, 0, 1 | Size = 61440 bytes | Modified Date = 28.02.2007 15:56:34 | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 28.02.2006 12:42:30 | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value saphtmlp:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SapGui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 7100.1.0.11 | Size = 69632 bytes | Modified Date = 26.04.2007 09:58:41 | Attr = ] sapr3:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SAP\FrontEnd\SapGui\SAPHTMLP.DLL[SAP HTML Pluggable Protocol] -> SAP AG, Walldorf [Ver = 7100.1.0.11 | Size = 69632 bytes | Modified Date = 26.04.2007 09:58:41 | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_05] -> {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_12] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultAccessPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUServer -> http://LP-DC:8530 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUStatusServer -> http://LP-DC:8530 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\ElevateNonAdmins -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\TargetGroup -> Testgruppe -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\TargetGroupEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoRebootWithLoggedOnUsers -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 4 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallDay -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallTime -> 16 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\UseWUServer -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RescheduleWaitTime -> 30 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AutoInstallMinorUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequencyEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequency -> 4 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootRelaunchTimeout -> 1440 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootRelaunchTimeoutEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootWarningTimeout -> 30 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootWarningTimeoutEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RescheduleWaitTimeEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUPowerManagement -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\IncludeRecommendedUpdates -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14.04.2008 07:52:20 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 14.04.2008 07:52:14 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 14.04.2008 07:52:20 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 14.04.2008 07:52:24 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 14.04.2008 07:52:34 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 712 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 187904 bytes | Modified Date = 14.04.2008 07:52:24 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 119296 bytes | Modified Date = 14.04.2008 07:52:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> AF FF 27 4F 4B 62 81 25 30 C8 61 97 49 32 E0 6D 33 66 32 62 39 64 31 62 00 00 00 00 97 D2 00 00 18 CA 06 00 99 D0 B7 71 04 CA 06 00 10 00 00 00 00 00 00 00 29 66 DD C3 5E 3D 2B 12 15 E3 50 3F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 1C 8F 11 EC 91 C0 3B 6E 19 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 42 74 B2 5E 89 99 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 04.08.2004 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 30 66 13 48 1E 6E E0 C1 9E 12 B7 56 A1 DA 3D 5B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 00 20 7D 2E A2 B1 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E1 E2 AD F3 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 95 A7 B2 F3 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 95 A7 B2 F3 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows-Firewall/Gemeinsame Nutzung der Internetverbindung -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14.04.2008 07:53:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 334336 bytes | Modified Date = 14.04.2008 07:52:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 143360 bytes | Modified Date = 14.04.2008 07:53:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14.04.2008 00:23:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programme\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe -> C:\Programme\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe [C:\Programme\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application] -> [Ver = 1, 0, 0, 1 | Size = 5696568 bytes | Modified Date = 19.11.2007 14:57:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programme\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe -> C:\Programme\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe [C:\Programme\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services] -> [Ver = | Size = 537944 bytes | Modified Date = 19.11.2007 14:57:20 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 143360 bytes | Modified Date = 14.04.2008 07:53:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mmc.exe -> C:\WINDOWS\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console] -> Microsoft Corporation [Ver = 5.2.3790.4136 (srv03_sp2_qfe.070821-1204) | Size = 1415168 bytes | Modified Date = 14.04.2008 07:52:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\SAP\FrontEnd\SapGui\saplogon.exe -> C:\Programme\SAP\FrontEnd\SapGui\saplogon.exe [C:\Programme\SAP\FrontEnd\SapGui\saplogon.exe:*:Enabled:SAP Logon for Windows] -> SAP AG, Walldorf [Ver = 7100.1.6.1038 | Size = 548864 bytes | Modified Date = 13.02.2008 06:50:28 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\NetPhone Client\client.exe -> C:\Programme\NetPhone Client\client.exe [C:\Programme\NetPhone Client\client.exe:*:Enabled:NetPhone Client] -> Deutsche Telekom AG [Ver = 4.4.0.17 | Size = 946244 bytes | Modified Date = 10.06.2005 15:08:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\iTunes\iTunes.exe -> C:\Programme\iTunes\iTunes.exe [C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 15338560 bytes | Modified Date = 30.10.2006 10:36:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 14.04.2008 00:23:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Bonjour\mDNSResponder.exe -> C:\Programme\Bonjour\mDNSResponder.exe [C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 28.02.2006 12:42:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\ICQ6\ICQ.exe -> C:\Programme\ICQ6\ICQ.exe [C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6039 | Size = 172280 bytes | Modified Date = 21.11.2007 02:47:27 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\NetPhone Client\CLMgr.exe -> C:\Programme\NetPhone Client\CLMgr.exe [C:\Programme\NetPhone Client\CLMgr.exe:LocalSubNet:Enabled:NetPhone Client Line Manager] -> Deutsche Telekom AG [Ver = 4.4.0.80 | Size = 2592840 bytes | Modified Date = 10.06.2005 15:08:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\NetMeeting\conf.exe -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe:LocalSubNet:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.5512 | Size = 1040384 bytes | Modified Date = 14.04.2008 07:52:40 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe -> C:\Programme\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe [C:\Programme\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application] -> [Ver = 1, 0, 0, 1 | Size = 5696568 bytes | Modified Date = 19.11.2007 14:57:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe -> C:\Programme\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe [C:\Programme\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services] -> [Ver = | Size = 537944 bytes | Modified Date = 19.11.2007 14:57:20 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\135:TCP -> 135:TCP:LocalSubNet:Enabled:RPC Port -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{FB79EBD9-BC5C-49B4-BC36-B9E5CEE4B698} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A8C5E4A9-1B62-4FC5-866F-8C32259BB516} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C345D067-E597-4177-9BF3-D62265A316CE} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{7DC5BF73-4738-4CC3-AE30-4E7FE958148D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14.04.2008 07:53:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatische Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Aktiviert den Download und die Installation von Windows-Updates. Der Computer kann automatische Updates oder die Windows Update-Website nicht verwenden, falls der Dienst deaktiviert wird. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 14.04.2008 07:52:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14.04.2008 07:52:24 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote-Registrierung -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 14.04.2008 07:53:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 14.04.2008 07:52:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 75264 bytes | Modified Date = 14.04.2008 07:53:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 14.04.2008 07:52:24 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Ermöglicht einem Remotebenutzer, sich an diesem Computer anzumelden und Programme auszuführen. Unterstützt verschiedene TCP/IP-Telnetclients, einschließlich UNIX-basierten und Windows-basierten Computern. Wenn dieser Dienst angehalten wird, ist der Remotezugriff möglicherweise nicht mehr verfügbar. Wenn dieser Dienst deaktiviert wird, können alle Dienste, die explizit von diesem Dienst abhängen, nicht mehr gestartet werden. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = Die derzeitige Homepage -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> [Files/Folders - Created Within 30 days] 080516_SD_01.pdf -> %SystemDrive%\080516_SD_01.pdf -> [Ver = | Size = 103130 bytes | Created Date = 16.05.2008 14:02:14 | Attr = ] Adobe -> %SystemDrive%\Adobe -> [Folder | Created Date = 16.05.2008 12:17:07 | Attr = ] angriffsplaner -> %SystemDrive%\angriffsplaner -> [Folder | Created Date = 24.04.2008 11:10:05 | Attr = ] angriffsplaner.zip -> %SystemDrive%\angriffsplaner.zip -> [Ver = | Size = 360366 bytes | Created Date = 24.04.2008 11:09:07 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\angriffsplaner.zip:Zone.Identifier axa.doc -> %SystemDrive%\axa.doc -> [Ver = | Size = 25600 bytes | Created Date = 21.04.2008 20:17:20 | Attr = ] CD36 -> %SystemDrive%\CD36 -> [Folder | Created Date = 25.04.2008 12:15:16 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 15.05.2008 18:44:06 | Attr = HS] CryptLoad_1.0.6 -> %SystemDrive%\CryptLoad_1.0.6 -> [Folder | Created Date = 23.04.2008 22:45:23 | Attr = ] dxva_sig.rar -> %SystemDrive%\dxva_sig.rar -> [Ver = | Size = 95710788 bytes | Created Date = 20.04.2008 15:26:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\dxva_sig.rar:Zone.Identifier Einloggen per Link Tutorial.rar -> %SystemDrive%\Einloggen per Link Tutorial.rar -> [Ver = | Size = 1953 bytes | Created Date = 29.04.2008 21:04:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\Einloggen per Link Tutorial.rar:Zone.Identifier fm6.xls -> %SystemDrive%\fm6.xls -> [Ver = | Size = 13824 bytes | Created Date = 13.05.2008 17:09:28 | Attr = ] graphic.zip -> %SystemDrive%\graphic.zip -> [Ver = | Size = 9166477 bytes | Created Date = 28.04.2008 19:21:01 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\graphic.zip:Zone.Identifier Gruppenangriff Manual.rar -> %SystemDrive%\Gruppenangriff Manual.rar -> [Ver = | Size = 2029 bytes | Created Date = 22.04.2008 21:54:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\Gruppenangriff Manual.rar:Zone.Identifier heidelberger.doc -> %SystemDrive%\heidelberger.doc -> [Ver = | Size = 26112 bytes | Created Date = 21.04.2008 10:35:16 | Attr = ] Hilfe für den Stämme Bot.zip -> %SystemDrive%\Hilfe für den Stämme Bot.zip -> [Ver = | Size = 198236 bytes | Created Date = 22.04.2008 21:55:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\Hilfe für den Stämme Bot.zip:Zone.Identifier HJTInstall.exe -> %SystemDrive%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 15.05.2008 17:41:17 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\HJTInstall.exe:Zone.Identifier KopieAngebot_Kundenauftrag.doc -> %SystemDrive%\KopieAngebot_Kundenauftrag.doc -> [Ver = | Size = 424448 bytes | Created Date = 28.04.2008 15:42:14 | Attr = ] mbam-setup.exe -> %SystemDrive%\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1649976 bytes | Created Date = 16.05.2008 17:49:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\mbam-setup.exe:Zone.Identifier multiple-ie-setup.exe -> %SystemDrive%\multiple-ie-setup.exe -> [Ver = | Size = 10835448 bytes | Created Date = 20.04.2008 19:40:07 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\multiple-ie-setup.exe:Zone.Identifier myto.psd -> %SystemDrive%\myto.psd -> [Ver = | Size = 1909646 bytes | Created Date = 26.04.2008 22:01:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\myto.psd:Zone.Identifier oscan -> %SystemDrive%\oscan -> [Folder | Created Date = 17.05.2008 14:02:37 | Attr = ] pidsetup.exe -> %SystemDrive%\pidsetup.exe -> [Ver = 1.8.5 | Size = 952776 bytes | Created Date = 20.04.2008 15:25:43 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\pidsetup.exe:Zone.Identifier Protokoll_Interne Besprechung Beratung_180408.doc -> %SystemDrive%\Protokoll_Interne Besprechung Beratung_180408.doc -> [Ver = | Size = 117248 bytes | Created Date = 16.05.2008 09:19:30 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 17.05.2008 11:26:36 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 17.05.2008 12:20:02 | Attr = HS] sdsetup.exe -> %SystemDrive%\sdsetup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 18462024 bytes | Created Date = 15.05.2008 18:27:01 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\sdsetup.exe:Zone.Identifier SD_Angebtosabwicklung.doc -> %SystemDrive%\SD_Angebtosabwicklung.doc -> [Ver = | Size = 705024 bytes | Created Date = 05.05.2008 11:05:14 | Attr = ] staemme -> %SystemDrive%\staemme -> [Folder | Created Date = 28.04.2008 19:25:05 | Attr = ] Unbenannt.JPG -> %SystemDrive%\Unbenannt.JPG -> [Ver = | Size = 6440 bytes | Created Date = 27.04.2008 19:56:58 | Attr = ] virus.html -> %SystemDrive%\virus.html -> [Ver = | Size = 53016 bytes | Created Date = 17.05.2008 00:06:15 | Attr = ] zkubest.doc -> %SystemDrive%\zkubest.doc -> [Ver = | Size = 101376 bytes | Created Date = 14.05.2008 16:32:57 | Attr = ] zkubest1505.doc -> %SystemDrive%\zkubest1505.doc -> [Ver = | Size = 88064 bytes | Created Date = 15.05.2008 09:31:52 | Attr = ] zkubest1505_2.doc -> %SystemDrive%\zkubest1505_2.doc -> [Ver = | Size = 132608 bytes | Created Date = 15.05.2008 11:13:56 | Attr = ] zkubest_offene_Abrufmenge.doc -> %SystemDrive%\zkubest_offene_Abrufmenge.doc -> [Ver = | Size = 30720 bytes | Created Date = 25.04.2008 15:21:12 | Attr = ] slrundll.exe -> %SystemRoot%\System32\dllcache\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 15.05.2008 20:46:22 | Attr = ] adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 08.05.2008 19:00:56 | Attr = ] ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327168 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701952 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 08.05.2008 19:00:55 | Attr = ] atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 08.05.2008 19:00:54 | Attr = ] atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 08.05.2008 19:00:53 | Attr = ] atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 08.05.2008 19:00:53 | Attr = ] atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 08.05.2008 19:00:53 | Attr = ] ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 08.05.2008 19:00:53 | Attr = ] cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 08.05.2008 19:00:53 | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 206880 bytes | Created Date = 15.05.2008 18:44:16 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 3500 bytes | Created Date = 15.05.2008 18:44:16 | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 13856 bytes | Created Date = 15.05.2008 18:44:16 | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 2372 bytes | Created Date = 15.05.2008 18:44:16 | Attr = HS] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 08.05.2008 19:00:53 | Attr = ] hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 08.05.2008 19:00:52 | Attr = ] hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 08.05.2008 19:00:52 | Attr = ] hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 08.05.2008 19:00:51 | Attr = ] mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 08.05.2008 19:00:50 | Attr = ] mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 08.05.2008 19:00:50 | Attr = ] mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 08.05.2008 19:00:50 | Attr = ] mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 08.05.2008 19:00:50 | Attr = ] netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 08.05.2008 19:00:49 | Attr = ] ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 08.05.2008 19:00:49 | Attr = ] nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 08.05.2008 19:00:49 | Attr = ] recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 08.05.2008 19:00:49 | Attr = ] s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 08.05.2008 19:00:49 | Attr = ] siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 08.05.2008 19:00:48 | Attr = ] sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Created Date = 08.05.2008 19:00:48 | Attr = ] slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 08.05.2008 19:00:48 | Attr = ] slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 08.05.2008 19:00:48 | Attr = ] slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 08.05.2008 19:00:48 | Attr = ] slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 08.05.2008 19:00:48 | Attr = ] vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 08.05.2008 19:00:47 | Attr = ] wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 08.05.2008 19:00:47 | Attr = ] wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 08.05.2008 19:00:46 | Attr = ] wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 08.05.2008 19:00:46 | Attr = ] wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 08.05.2008 19:00:46 | Attr = ] watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 08.05.2008 19:00:46 | Attr = ] watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 08.05.2008 19:00:46 | Attr = ] ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Created Date = 08.05.2008 19:08:14 | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 08.05.2008 19:08:14 | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Created Date = 08.05.2008 19:08:14 | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 08.05.2008 19:08:14 | Attr = ] ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Created Date = 08.05.2008 19:08:14 | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 08.05.2008 19:08:13 | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 08.05.2008 19:08:13 | Attr = ] ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 08.05.2008 19:08:13 | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Created Date = 08.05.2008 19:08:13 | Attr = ] hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 08.05.2008 19:08:10 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 15.05.2008 21:04:37 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 08.05.2008 19:08:08 | Attr = ] mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 08.05.2008 19:08:06 | Attr = ] nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 08.05.2008 19:08:06 | Attr = ] s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 08.05.2008 19:08:04 | Attr = ] slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 08.05.2008 19:08:04 | Attr = ] slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 08.05.2008 19:08:04 | Attr = ] slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 08.05.2008 19:08:04 | Attr = ] slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 08.05.2008 19:08:04 | Attr = ] slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 08.05.2008 19:08:04 | Attr = ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 08.05.2008 18:54:27 | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 15.05.2008 17:14:09 | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 16.05.2008 00:13:10 | Attr = H ] NDSBrow.INI -> %SystemRoot%\NDSBrow.INI -> [Ver = | Size = 0 bytes | Created Date = 16.05.2008 17:42:46 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 09.05.2008 08:59:39 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 08.05.2008 19:04:49 | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 15.05.2008 20:46:22 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 299520 bytes | Created Date = 09.05.2008 11:54:57 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 15.05.2008 17:13:39 | Attr = ] [Files/Folders - Modified Within 30 days] 080516_SD_01.pdf -> %SystemDrive%\080516_SD_01.pdf -> [Ver = | Size = 103130 bytes | Modified Date = 16.05.2008 14:03:55 | Attr = ] Adobe -> %SystemDrive%\Adobe -> [Folder | Modified Date = 16.05.2008 12:17:46 | Attr = ] angriffsplaner -> %SystemDrive%\angriffsplaner -> [Folder | Modified Date = 24.04.2008 11:10:06 | Attr = ] angriffsplaner.zip -> %SystemDrive%\angriffsplaner.zip -> [Ver = | Size = 360366 bytes | Modified Date = 01.05.2008 17:46:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\angriffsplaner.zip:Zone.Identifier axa.doc -> %SystemDrive%\axa.doc -> [Ver = | Size = 25600 bytes | Modified Date = 21.04.2008 20:28:09 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 14.05.2008 17:12:48 | Attr = RHS] CD36 -> %SystemDrive%\CD36 -> [Folder | Modified Date = 25.04.2008 12:17:44 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 16.05.2008 09:21:41 | Attr = HS] CryptLoad_1.0.6 -> %SystemDrive%\CryptLoad_1.0.6 -> [Folder | Modified Date = 23.04.2008 22:46:06 | Attr = ] dxva_sig.rar -> %SystemDrive%\dxva_sig.rar -> [Ver = | Size = 95710788 bytes | Modified Date = 20.04.2008 15:26:43 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\dxva_sig.rar:Zone.Identifier Einloggen per Link Tutorial.rar -> %SystemDrive%\Einloggen per Link Tutorial.rar -> [Ver = | Size = 1953 bytes | Modified Date = 29.04.2008 21:04:23 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\Einloggen per Link Tutorial.rar:Zone.Identifier fm6.xls -> %SystemDrive%\fm6.xls -> [Ver = | Size = 13824 bytes | Modified Date = 13.05.2008 17:09:28 | Attr = ] graphic.zip -> %SystemDrive%\graphic.zip -> [Ver = | Size = 9166477 bytes | Modified Date = 28.04.2008 19:21:01 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\graphic.zip:Zone.Identifier Gruppenangriff Manual.rar -> %SystemDrive%\Gruppenangriff Manual.rar -> [Ver = | Size = 2029 bytes | Modified Date = 29.04.2008 21:04:20 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\Gruppenangriff Manual.rar:Zone.Identifier heidelberger.doc -> %SystemDrive%\heidelberger.doc -> [Ver = | Size = 26112 bytes | Modified Date = 21.04.2008 20:31:19 | Attr = ] Hilfe für den Stämme Bot.zip -> %SystemDrive%\Hilfe für den Stämme Bot.zip -> [Ver = | Size = 198236 bytes | Modified Date = 22.04.2008 21:55:15 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\Hilfe für den Stämme Bot.zip:Zone.Identifier HJTInstall.exe -> %SystemDrive%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 15.05.2008 17:41:20 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\HJTInstall.exe:Zone.Identifier JDF-Übersetzungen.xls -> %SystemDrive%\JDF-Übersetzungen.xls -> [Ver = | Size = 35328 bytes | Modified Date = 17.04.2008 16:19:03 | Attr = ] KopieAngebot_Kundenauftrag.doc -> %SystemDrive%\KopieAngebot_Kundenauftrag.doc -> [Ver = | Size = 424448 bytes | Modified Date = 29.04.2008 14:45:08 | Attr = ] mbam-setup.exe -> %SystemDrive%\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1649976 bytes | Modified Date = 16.05.2008 17:49:32 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\mbam-setup.exe:Zone.Identifier multiple-ie-setup.exe -> %SystemDrive%\multiple-ie-setup.exe -> [Ver = | Size = 10835448 bytes | Modified Date = 20.04.2008 19:40:07 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\multiple-ie-setup.exe:Zone.Identifier myto.psd -> %SystemDrive%\myto.psd -> [Ver = | Size = 1909646 bytes | Modified Date = 26.04.2008 22:01:30 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\myto.psd:Zone.Identifier ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 251712 bytes | Modified Date = 08.05.2008 19:00:16 | Attr = RHS] oscan -> %SystemDrive%\oscan -> [Folder | Modified Date = 17.05.2008 14:09:03 | Attr = ] pidsetup.exe -> %SystemDrive%\pidsetup.exe -> [Ver = 1.8.5 | Size = 952776 bytes | Modified Date = 20.04.2008 15:25:43 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\pidsetup.exe:Zone.Identifier Programme -> %ProgramFiles% -> [Folder | Modified Date = 16.05.2008 09:21:14 | Attr = ] Protokoll_Interne Besprechung Beratung_180408.doc -> %SystemDrive%\Protokoll_Interne Besprechung Beratung_180408.doc -> [Ver = | Size = 117248 bytes | Modified Date = 18.04.2008 11:42:17 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 17.05.2008 11:48:04 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 17.05.2008 12:20:02 | Attr = HS] sdsetup.exe -> %SystemDrive%\sdsetup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 18462024 bytes | Modified Date = 15.05.2008 18:27:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemDrive%\sdsetup.exe:Zone.Identifier SD_Angebtosabwicklung.doc -> %SystemDrive%\SD_Angebtosabwicklung.doc -> [Ver = | Size = 705024 bytes | Modified Date = 05.05.2008 14:30:14 | Attr = ] Sierra -> %SystemDrive%\Sierra -> [Folder | Modified Date = 16.05.2008 11:48:38 | Attr = ] staemme -> %SystemDrive%\staemme -> [Folder | Modified Date = 17.05.2008 13:30:18 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 15.05.2008 17:13:45 | Attr = HS] Textfiles -> %SystemDrive%\Textfiles -> [Folder | Modified Date = 22.04.2008 21:40:14 | Attr = ] Unbenannt.JPG -> %SystemDrive%\Unbenannt.JPG -> [Ver = | Size = 6440 bytes | Modified Date = 27.04.2008 19:58:57 | Attr = ] virus.html -> %SystemDrive%\virus.html -> [Ver = | Size = 53016 bytes | Modified Date = 17.05.2008 00:06:16 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 17.05.2008 13:50:51 | Attr = ] zkubest.doc -> %SystemDrive%\zkubest.doc -> [Ver = | Size = 101376 bytes | Modified Date = 14.05.2008 16:32:58 | Attr = ] zkubest1505.doc -> %SystemDrive%\zkubest1505.doc -> [Ver = | Size = 88064 bytes | Modified Date = 15.05.2008 11:13:29 | Attr = ] zkubest1505_2.doc -> %SystemDrive%\zkubest1505_2.doc -> [Ver = | Size = 132608 bytes | Modified Date = 15.05.2008 12:19:40 | Attr = ] zkubest_offene_Abrufmenge.doc -> %SystemDrive%\zkubest_offene_Abrufmenge.doc -> [Ver = | Size = 30720 bytes | Modified Date = 25.04.2008 15:21:12 | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 206880 bytes | Modified Date = 15.05.2008 23:44:58 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 3500 bytes | Modified Date = 15.05.2008 23:44:59 | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 13856 bytes | Modified Date = 15.05.2008 23:44:59 | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 2372 bytes | Modified Date = 15.05.2008 23:44:59 | Attr = HS] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 16.05.2008 16:03:13 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 17.05.2008 11:47:20 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 08.05.2008 19:04:23 | Attr = ] de-de -> %SystemRoot%\System32\de-de -> [Folder | Modified Date = 16.05.2008 16:03:09 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 16.05.2008 16:03:11 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 17.05.2008 11:27:39 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 140440 bytes | Modified Date = 09.05.2008 08:58:54 | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 08.05.2008 19:08:19 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 15.05.2008 21:04:37 | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 08.05.2008 19:04:31 | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 08.05.2008 19:03:50 | Attr = ] perfc007.dat -> %SystemRoot%\System32\perfc007.dat -> [Ver = | Size = 86100 bytes | Modified Date = 15.05.2008 18:29:09 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72486 bytes | Modified Date = 15.05.2008 18:29:09 | Attr = ] perfh007.dat -> %SystemRoot%\System32\perfh007.dat -> [Ver = | Size = 463344 bytes | Modified Date = 15.05.2008 18:29:09 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 444862 bytes | Modified Date = 15.05.2008 18:29:09 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1080090 bytes | Modified Date = 15.05.2008 18:29:08 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 08.05.2008 18:58:59 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 16.05.2008 19:57:28 | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 09.05.2008 08:58:48 | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 08.05.2008 19:07:59 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 09.05.2008 08:58:47 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 09.05.2008 08:59:26 | Attr = ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 08.05.2008 18:58:48 | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 09.05.2008 08:58:47 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 16.05.2008 17:40:57 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 17.05.2008 11:25:06 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 15.05.2008 23:31:31 | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 08.05.2008 19:08:21 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 15.05.2008 17:14:09 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 09.05.2008 08:58:46 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 16.05.2008 00:21:02 | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 16.05.2008 00:14:45 | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 15.05.2008 23:43:50 | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 08.05.2008 19:08:17 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 16.05.2008 16:03:24 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 16.05.2008 17:03:22 | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 16.05.2008 00:15:04 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 15.05.2008 17:12:56 | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 08.05.2008 19:04:30 | Attr = ] NDSBrow.INI -> %SystemRoot%\NDSBrow.INI -> [Ver = | Size = 0 bytes | Modified Date = 16.05.2008 17:42:46 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 08.05.2008 19:08:18 | Attr = ] PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 08.05.2008 19:07:56 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 17.05.2008 14:10:25 | Attr = ] saplogon.ini -> %SystemRoot%\saplogon.ini -> [Ver = | Size = 7908 bytes | Modified Date = 07.05.2008 15:13:51 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 09.05.2008 08:18:28 | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 08.05.2008 19:08:23 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 15.05.2008 19:12:34 | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 08.05.2008 19:04:28 | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 08.05.2008 19:03:47 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 253 bytes | Modified Date = 17.05.2008 11:36:02 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 17.05.2008 11:48:14 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 17.05.2008 11:35:43 | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 16.05.2008 00:15:15 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 781 bytes | Modified Date = 14.05.2008 17:12:48 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 08.05.2008 19:08:55 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 276 bytes | Modified Date = 16.05.2008 09:31:01 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 16.05.2008 17:41:02 | Attr = H ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\OFFICE\DATA\ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 19.10.2006 14:14:17 | Attr = ] opa11.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8536 bytes | Modified Date = 19.10.2006 14:21:33 | Attr = ] C:\Dokumente und Einstellungen\majaendres\Lokale Einstellungen\Temp\ -> C:\Dokumente und Einstellungen\majaendres\Lokale Einstellungen\Temp -> [Folder | Modified Date = 17.05.2008 14:14:31 | Attr = ] blinomxhER.dll -> C:\Dokumente und Einstellungen\majaendres\Lokale Einstellungen\Temp\blinomxhER.dll -> [Ver = | Size = 53248 bytes | Modified Date = 17.05.2008 14:13:03 | Attr = ] 1 C:\Dokumente und Einstellungen\majaendres\Lokale Einstellungen\Temp\*.tmp files -> C:\Dokumente und Einstellungen\majaendres\Lokale Einstellungen\Temp\*.tmp -> [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:96,c6,23,3a,d1,64,13,46,ed,1b,53,f6,a2,c7,0f,70,f7,9c,a2,05,7c,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ec,68,aa,23,dd,ce,6a,f8,cc,db,69,70,b0,6e,5b,85,22,.. "khjeh"=hex:3e,3d,76,6c,eb,d8,aa,e4,1c,d1,5a,da,5b,8b,24,7c,a3,b4,58,a4,e3,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:71,73,2a,91,a6,58,d6,64,13,6a,2e,f2,ca,aa,c3,5a,aa,5a,2a,f3,95,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:85,c7,9c,f5,df,fd,1a,e4,44,d6,cf,63,d1,00,c2,a2,11,99,79,6d,df,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:96,c6,23,3a,d1,64,13,46,ed,1b,53,f6,a2,c7,0f,70,f7,9c,a2,05,7c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ec,68,aa,23,dd,ce,6a,f8,cc,db,69,70,b0,6e,5b,85,22,.. "khjeh"=hex:3e,3d,76,6c,eb,d8,aa,e4,1c,d1,5a,da,5b,8b,24,7c,a3,b4,58,a4,e3,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:71,73,2a,91,a6,58,d6,64,13,6a,2e,f2,ca,aa,c3,5a,aa,5a,2a,f3,95,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:85,c7,9c,f5,df,fd,1a,e4,44,d6,cf,63,d1,00,c2,a2,11,99,79,6d,df,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Programme\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:96,c6,23,3a,d1,64,13,46,ed,1b,53,f6,a2,c7,0f,70,f7,9c,a2,05,7c,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,ec,68,aa,23,dd,ce,6a,f8,cc,db,69,70,b0,6e,5b,85,22,.. "khjeh"=hex:3e,3d,76,6c,eb,d8,aa,e4,1c,d1,5a,da,5b,8b,24,7c,a3,b4,58,a4,e3,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:71,73,2a,91,a6,58,d6,64,13,6a,2e,f2,ca,aa,c3,5a,aa,5a,2a,f3,95,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41] "khjeh"=hex:85,c7,9c,f5,df,fd,1a,e4,44,d6,cf,63,d1,00,c2,a2,11,99,79,6d,df,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20226~\2] "7040311900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL" "7040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL" scanning hidden files ... C:\WINDOWS\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 115 < Document and Settings folder & sub folders > scanning hidden files ... C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:3B71D0B4 105 bytes C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:6B364EF3 116 bytes C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 145 bytes C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Thumbs.db:encryptable 0 bytes C:\Dokumente und Einstellungen\majaendres\Eigene Dateien\Eigene Bilder\Thumbs.db:encryptable 0 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\- www.Office-Loesung.de - - - - - - - - - - - - - - - - - - - -.url:favicon 3262 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\ABAP-4 How-To Compendium.url:favicon 318 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\Abwehr von DDoS Attacken - OS - Tutorials @ tutorials.de Forum, Tutorial, Anleitung, Schulung & Hilfe.url:favicon 1406 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\apache DoS-Attacken abfangen - huschi.net.url:favicon 318 bytess C:\Dokumente und Einstellungen\majaendres\Favoriten\CSS Technik und Grundlagen.url:favicon 1406 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\Dedicated Hosting Offers - Web Hosting Talk - The largest, most influential web hosting community on the Internet.url:favicon 11502 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\Ein CSS-Layout erstellen (Webdesign) andreas-kalt.de.url:favicon 1406 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\LEO Deutsch-Englisches Wörterbuch.url:favicon 894 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\online-tools Int-Hex-Char-Converter und Entity-Generator gegen EMail-Spam.url:favicon 4462 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\SAP-Bibliothek - mySAP Customer Relationship Management.url:favicon 3638 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\SAP-Bibliothek - SAP Business Workflow Deu.url:favicon 3638 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\SAP-Bibliothek - SAP Business Workflow- Doku.url:favicon 3638 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\SAP-Bibliothek - SAP Business Workflow.url:favicon 3638 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\SAP-Bibliothek - Verpackungslogistik.url:favicon 1406 bytes C:\Dokumente und Einstellungen\majaendres\Favoriten\LEO D-E Ergebnisse für debit memo.url:favicon 894 bytes scan completed successfully hidden files: 20 < End of report > [/code]