[code] OTScanIt logfile created on: 18.05.2008 17:17:25 OTScanIt by OldTimer - Version 1.0.14.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,53% Memory free 2,60 Gb Paging File | 2,03 Gb Available in Paging File | 77,93% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 15,46 Gb Free Space | 39,58% Space Free | Partition Type: NTFS Drive D: | 9,77 Gb Total Space | 8,96 Gb Free Space | 91,75% Space Free | Partition Type: NTFS Drive E: | 9,77 Gb Total Space | 6,76 Gb Free Space | 69,21% Space Free | Partition Type: NTFS Drive F: | 654,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 19,52 Gb Total Space | 9,37 Gb Free Space | 48,01% Space Free | Partition Type: FAT32 Drive H: | 54,99 Gb Total Space | 10,00 Gb Free Space | 18,19% Space Free | Partition Type: NTFS Drive I: | 564,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARCEL-QN9W86TQ Current User Name: Admin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 75304 bytes | Modified Date = 02.04.2008 21:07:54 | Attr = ] sched.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] avguard.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.15 | Size = 147201 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 14.05.2007 14:54:16 | Attr = ] nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 5, 1, 0 | Size = 877864 bytes | Modified Date = 18.02.2008 17:29:12 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 05.12.2007 01:41:00 | Attr = ] ioctlsvc.exe -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 6, 0, 0 | Size = 81920 bytes | Modified Date = 19.12.2006 10:30:26 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22.02.2008 05:25:21 | Attr = ] avgnt.exe -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] e_fatiahe.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 25.04.2005 07:00:00 | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 69632 bytes | Modified Date = 16.09.2004 14:39:44 | Attr = ] winampa.exe -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 36352 bytes | Modified Date = 01.04.2008 20:49:42 | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 919016 bytes | Modified Date = 02.04.2008 21:07:54 | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28.01.2008 11:43:40 | Attr = RHS] icq.exe -> %ProgramFiles%\ICQ6\ICQ.exe -> ICQ, Inc. [Ver = 6.0.0.6059 | Size = 172280 bytes | Modified Date = 01.04.2008 12:40:42 | Attr = ] audiodeck.exe -> %ProgramFiles%\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe -> [Ver = 1, 0, 0, 1 | Size = 581632 bytes | Modified Date = 08.07.2003 03:44:40 | Attr = ] psi.exe -> %ProgramFiles%\Secunia\PSI (RC1)\psi.exe -> Secunia [Ver = 0.9.0.1 | Size = 626688 bytes | Modified Date = 22.02.2008 11:09:52 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 18.04.2008 18:26:44 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09.05.2008 21:51:12 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.43.000 | Size = 68096 bytes | Modified Date = 24.10.2005 20:40:46 | Attr = ] (AntiVirScheduler) AntiVir Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] (AntiVirService) AntiVir PersonalEdition Classic Service [Win32_Own | Auto | Running] -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.15 | Size = 147201 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] (dmadmin) Verwaltungsdienst für die Verwaltung logischer Datenträger [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 04.08.2004 00:57:52 | Attr = ] (EPSONStatusAgent2) EPSON Printer Status Agent2 [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\EPSON\EBAPI\SAgent2.exe -> SEIKO EPSON CORPORATION [Ver = 2, 3, 0, 0 | Size = 94208 bytes | Modified Date = 17.07.2002 02:03:00 | Attr = ] (EPSON_PM_RPCV2_01) EPSON V3 Service2(03) [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\E_S00RP1.EXE -> SEIKO EPSON CORPORATION [Ver = 2.03 | Size = 65536 bytes | Modified Date = 19.02.2004 05:03:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 14.05.2007 14:54:16 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04.04.2005 01:41:10 | Attr = ] (Mrxstvcip) Mrxstvcip [Win32_Own | Disabled | Stopped] -> -> File not found (Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 5, 1, 0 | Size = 877864 bytes | Modified Date = 18.02.2008 17:29:12 | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.3.3.0 | Size = 529704 bytes | Modified Date = 28.02.2008 18:07:48 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 05.12.2007 01:41:00 | Attr = ] (PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 6, 0, 0 | Size = 81920 bytes | Modified Date = 19.12.2006 10:30:26 | Attr = ] (TuneUp.Defrag) TuneUp Drive Defrag-Dienst [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 27.04.2008 21:37:27 | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 75304 bytes | Modified Date = 02.04.2008 21:07:54 | Attr = ] (Norman ZANDA) Norman ZANDA [Win32_Own | Auto | Stopped] -> %SystemDrive%\VIRUSfighter\Bin\Zanda.exe -> File not found (Norman NJeeves) Norman NJeeves [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\VIRUSfighter\bin\NJEEVES.EXE -> File not found [Driver Services - Non-Microsoft Only] (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> Realtek Semiconductor Corp. [Ver = 5.10.5720 built by: WinDDK | Size = 2278784 bytes | Modified Date = 21.09.2004 13:53:18 | Attr = ] (avgntdd) avgntdd [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.30 | Size = 41792 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] (avgntmgr) avgntmgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] (avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] (cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0044.1 (39g) | Size = 818496 bytes | Modified Date = 23.04.2004 09:14:04 | Attr = R ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800384 bytes | Modified Date = 04.08.2004 00:47:02 | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154112 bytes | Modified Date = 04.08.2004 00:47:08 | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 02.04.2003 14:00:00 | Attr = ] (dtscsi) dtscsi [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dtscsi.sys -> [Ver = | Size = 223128 bytes | Modified Date = 28.01.2007 04:00:17 | Attr = ] (EagleNT) EagleNT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\EagleNT.sys -> File not found (ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 1, 0 | Size = 25160 bytes | Modified Date = 07.08.2007 21:48:33 | Attr = ] (ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 16.02.2007 02:56:49 | Attr = ] (FETNDIS) VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 17.08.2001 13:13:08 | Attr = ] (FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5b.sys -> VIA Technologies, Inc. [Ver = 3.32.00.0417 | Size = 42496 bytes | Modified Date = 15.04.2004 04:57:20 | Attr = R ] (GMSIPCI) GMSIPCI [Kernel | On_Demand | Stopped] -> F:\INSTALL\GMSIPCI.SYS -> File not found (hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 02.05.2008 18:17:38 | Attr = ] (k510bus) Sony Ericsson K510 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\k510bus.sys -> MCCI [Ver = V4.34 | Size = 58288 bytes | Modified Date = 17.02.2006 22:34:10 | Attr = R ] (k510mdfl) Sony Ericsson K510 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\k510mdfl.sys -> MCCI [Ver = V4.34 | Size = 8336 bytes | Modified Date = 17.02.2006 22:34:16 | Attr = R ] (k510mdm) Sony Ericsson K510 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\k510mdm.sys -> MCCI [Ver = V4.34 | Size = 94064 bytes | Modified Date = 17.02.2006 22:34:18 | Attr = R ] (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\k510mgmt.sys -> MCCI [Ver = V4.34 | Size = 85408 bytes | Modified Date = 17.02.2006 22:34:22 | Attr = R ] (k510obex) Sony Ericsson K510 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\k510obex.sys -> MCCI [Ver = V4.34 | Size = 83344 bytes | Modified Date = 17.02.2006 22:34:24 | Attr = R ] (KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19.07.2007 16:10:28 | Attr = ] (L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042Kbd.sys -> Logitech, Inc. [Ver = 2.31.522.00 | Size = 13056 bytes | Modified Date = 10.03.2005 14:08:16 | Attr = ] (L8042pr2) Logitech PS/2 Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\L8042PR2.SYS -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 51486 bytes | Modified Date = 07.11.2003 11:50:00 | Attr = ] (LHidFlt2) Logitech HID/USB Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHIDFLT2.SYS -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 25502 bytes | Modified Date = 07.11.2003 11:50:00 | Attr = ] (LHidUsb) Logitech USB Receiver device driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHIDUSB.SYS -> Logitech, Inc. [Ver = 9.79.200.0 | Size = 37884 bytes | Modified Date = 07.11.2003 11:50:00 | Attr = ] (LMouFlt2) Logitech Mouse Class Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\lmouflt2.sys -> Logitech, Inc. [Ver = 9.79.16.0 | Size = 70798 bytes | Modified Date = 07.11.2003 11:50:00 | Attr = ] (LUsbKbd) Logitech SetPoint USB Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LUsbKbd.sys -> Logitech, Inc. [Ver = 2.31.522.00 | Size = 14592 bytes | Modified Date = 10.03.2005 14:08:40 | Attr = ] (NTACCESS) NTACCESS [Kernel | On_Demand | Stopped] -> F:\NTACCESS.sys -> File not found (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 7435392 bytes | Modified Date = 05.12.2007 01:41:00 | Attr = ] (ovt519) TRUST 320 SPACEC@M [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ov519vid.sys -> OmniVision Technologies, Inc. [Ver = 2.2.0.2607 | Size = 163072 bytes | Modified Date = 06.05.2003 18:00:00 | Attr = ] (pcouffin) VSO Software pcouffin [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pcouffin.sys -> VSO Software [Ver = 1.37 | Size = 47360 bytes | Modified Date = 08.04.2008 18:29:46 | Attr = ] (PSI) PSI [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\psi_mf.sys -> Secunia [Ver = 0.1.0.0 | Size = 7808 bytes | Modified Date = 19.02.2008 10:24:58 | Attr = ] (Ptilink) Treiber für direkte Parallelverbindung [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 02.04.2003 14:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 08.03.2007 01:51:00 | Attr = ] (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27bus.sys -> MCCI [Ver = V4.34 | Size = 61600 bytes | Modified Date = 28.04.2006 17:24:42 | Attr = R ] (SE27mdfl) Sony Ericsson Device 039 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdfl.sys -> MCCI [Ver = V4.34 | Size = 9360 bytes | Modified Date = 28.04.2006 17:25:40 | Attr = R ] (SE27mdm) Sony Ericsson Device 039 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SE27mdm.sys -> MCCI [Ver = V4.34 | Size = 97184 bytes | Modified Date = 28.04.2006 17:25:44 | Attr = R ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13.11.2007 12:25:53 | Attr = ] (SetupNTGLM7X) SetupNTGLM7X [Kernel | On_Demand | Stopped] -> F:\NTGLM7X.sys -> File not found (sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [Ver = | Size = 664064 bytes | Modified Date = 28.01.2007 03:37:51 | Attr = ] (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 189, 0 | Size = 51176 bytes | Modified Date = 27.02.2008 04:10:44 | Attr = ] (ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> AVIRA GmbH [Ver = 7.00.01.02 | Size = 21248 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] (SVKP) SVKP [Kernel | Auto | Running] -> %SystemRoot%\system32\SVKP.sys -> AntiCracking [Ver = 4.00 | Size = 2368 bytes | Modified Date = 25.11.2005 16:24:15 | Attr = ] (viaagp1) VIA AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP1.SYS -> VIA Technologies, Inc. [Ver = 5.1.0.3442 built by: VIA | Size = 27904 bytes | Modified Date = 02.07.2003 04:42:00 | Attr = ] (VIAudio) VIA AC'97 Audio Controller (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\viaudios.sys -> VIA Technologies, Inc. [Ver = 6.14.01.3870s built by: VIA | Size = 369920 bytes | Modified Date = 16.06.2003 05:05:40 | Attr = R ] (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 394952 bytes | Modified Date = 02.04.2008 21:08:00 | Attr = ] (Vsp) Vsp [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\vsp.sys -> [Ver = | Size = 3351 bytes | Modified Date = 27.05.2003 16:45:06 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> \\Lorenz-feeb2d34\EPSON Stylus Photo R240 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P48 "\\Lorenz-feeb2d34\EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240"] -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 25.04.2005 07:00:00 | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11.01.2008 23:16:38 | Attr = ] avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.00.07 | Size = 262401 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] Cmaudio -> [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found EPSON Stylus C42 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"] -> SEIKO EPSON CORPORATION [Ver = 3.05 | Size = 74752 bytes | Modified Date = 01.07.2002 03:05:00 | Attr = ] EPSON Stylus Photo R240 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATIAHE.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /F "C:\WINDOWS\TEMP\E_S71.tmp" /EF "HKLM"] -> SEIKO EPSON CORPORATION [Ver = 4.00 | Size = 98304 bytes | Modified Date = 25.04.2005 07:00:00 | Attr = ] HotKey -> %SystemRoot%\twain_32\SlimU2TA\HotKey.Exe [C:\WINDOWS\Twain_32\SlimU2TA\HotKey.exe] -> Pmx. Electronics Ltd. [Ver = 1,1,3,7 | Size = 610304 bytes | Modified Date = 06.01.2004 14:02:02 | Attr = ] Logitech Utility -> %SystemRoot%\LOGI_MWX.EXE [Logi_MwX.Exe] -> Logitech Inc. [Ver = 9.79.016 | Size = 19968 bytes | Modified Date = 07.11.2003 11:50:00 | Attr = ] NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> Nero AG [Ver = 3, 5, 1, 0 | Size = 2221352 bytes | Modified Date = 18.02.2008 17:29:02 | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 7 | Size = 570664 bytes | Modified Date = 28.02.2008 10:59:20 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 05.12.2007 01:41:00 | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 05.12.2007 01:41:00 | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1626112 bytes | Modified Date = 05.12.2007 01:41:00 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Programme\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1 | Size = 282624 bytes | Modified Date = 20.07.2006 23:14:32 | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 69632 bytes | Modified Date = 16.09.2004 14:39:44 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22.02.2008 05:25:21 | Attr = ] UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [C:\Programme\Winamp\winampa.exe] -> [Ver = | Size = 36352 bytes | Modified Date = 01.04.2008 20:49:42 | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 919016 bytes | Modified Date = 02.04.2008 21:07:54 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found ICQ -> %ProgramFiles%\ICQ6\ICQ.exe ["C:\Programme\ICQ6\ICQ.exe" silent] -> ICQ, Inc. [Ver = 6.0.0.6059 | Size = 172280 bytes | Modified Date = 01.04.2008 12:40:42 | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Programme\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28.01.2008 11:43:40 | Attr = RHS] Veoh -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe ["C:\Programme\Veoh Networks\Veoh\VeohClient.exe" /VeohHide] -> Veoh Networks [Ver = 3.9.4.1036 | Size = 3640368 bytes | Modified Date = 08.05.2008 16:53:02 | Attr = ] < Admin Startup Folder > -> C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart -> %UserProfile%\Startmenü\Programme\Autostart\hamachi.lnk -> %ProgramFiles%\Hamachi\hamachi.exe -> LogMeIn Inc. [Ver = 1, 0, 2, 5 | Size = 624416 bytes | Modified Date = 02.05.2008 18:17:37 | Attr = ] %UserProfile%\Startmenü\Programme\Autostart\Secunia PSI (RC1).lnk -> %ProgramFiles%\Secunia\PSI (RC1)\psi.exe -> Secunia [Ver = 0.9.0.1 | Size = 626688 bytes | Modified Date = 22.02.2008 11:09:52 | Attr = ] < All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> %AllUsersProfile%\Startmenü\Programme\Autostart\AudioDeck.lnk -> %ProgramFiles%\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe -> [Ver = 1, 0, 0, 1 | Size = 581632 bytes | Modified Date = 08.07.2003 03:44:40 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM-Laufwerktreiber -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03.08.2004 22:59:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 0 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_SH-S182M_______________SB03____\5&2074b2de&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_OP7427F&Prod_SNT254D&Rev_1.0\5&387260db&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 22.10.2005 21:36:30 | Attr = ] AUTOEXEC.BAT [@ECHO OFF | LH /L:1 MOUSE.COM | SET BLASTER=A220 I5 D1 H5 P330 | SET CTSYN=C:\dosdrv | C:\dosdrv\SBEINIT.COM | prompt $p$g | ] -> D:\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 244 bytes | Modified Date = 26.10.2002 12:58:24 | Attr = ] AutoRun [] -> F:\AutoRun.exe [ CDFS ] -> [Ver = | Size = 1101824 bytes | Modified Date = 01.09.2003 23:50:21 | Attr = R ] Autorun.csf [ FSC | ] -> F:\Autorun.csf [ CDFS ] -> [Ver = | Size = 2046 bytes | Modified Date = 31.08.2003 05:36:09 | Attr = R ] Autorun.exe [MZ | ] -> F:\Autorun.exe [ CDFS ] -> [Ver = | Size = 1101824 bytes | Modified Date = 01.09.2003 23:50:21 | Attr = R ] autorun.inf [[autorun] | OPEN=autorun.exe | ] -> F:\autorun.inf [ CDFS ] -> [Ver = | Size = 27 bytes | Modified Date = 31.08.2003 05:15:46 | Attr = R ] AUTOEXEC.BAT [] -> G:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 31.01.2007 15:52:58 | Attr = ] AUTORUN.EXE [MZP | ] -> I:\AUTORUN.EXE [ CDFS ] -> [Ver = | Size = 1641984 bytes | Modified Date = 29.10.1998 13:34:42 | Attr = R ] AUTORUN.INF [[autorun] | open=autorun.exe | icon=autorun.exe, 0 |  | ] -> I:\AUTORUN.INF [ CDFS ] -> [Ver = | Size = 51 bytes | Modified Date = 04.06.1996 21:07:26 | Attr = R ] < HOSTS File > (847 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://google.icq.com/search/search_frame.php -> HKEY_CURRENT_USER\: Main\\Search Page -> http://google.icq.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://start.icq.com/ -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR[MSN] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> localhost -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1533 domain(s) found. -> 82 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 63 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23.10.2006 00:08:42 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28.01.2008 11:43:28 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 22.04.2008 21:37:59 | Attr = ] {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker BHO] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 14.05.2008 20:00:09 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {D0943516-5076-4020-A3B5-AEFAF26AB263} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [Veoh Browser Plug-in] -> Veoh Networks Inc [Ver = 1.0.1.6 | Size = 352256 bytes | Modified Date = 08.05.2008 16:40:40 | Attr = ] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [ZoneAlarm Spy Blocker] -> ZoneAlarm [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 14.05.2008 20:00:09 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28.01.2008 11:43:28 | Attr = ] {E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6059 | Size = 172280 bytes | Modified Date = 01.04.2008 12:40:42 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22.02.2008 05:25:19 | Attr = ] CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28.01.2008 11:43:28 | Attr = ] CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6059 | Size = 172280 bytes | Modified Date = 01.04.2008 12:40:42 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Windows Live Search -> Reg Error: Value does not exist or could not be read. -> File not found In neuer Registerkarte im Hintergrund öffnen -> Reg Error: Value does not exist or could not be read. -> File not found In neuer Registerkarte im Vordergrund öffnen -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {B7DE4A35-2004-4D14-A00E-DFE594FB05F4} -> () -> {E5EF6F0B-0DA0-44DC-B26A-9FADD5B76342} -> 192.168.2.1 (VIA-kompatibler Fast Ethernet-Adapter) -> {F7DA5CCD-95D5-421E-AA4F-EDC9E6E49B67} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 02.07.2007 17:10:58 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://arcade.icq.com/online/online2/bejeweled2/popcaploader_v6.cab[PopCapLoader Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\\.Owner -> {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/messengerstatsclient.dll\\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {14B87622-7E19-4EA8-93B3-97215F77A6BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{14B87622-7E19-4EA8-93B3-97215F77A6BC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\.Owner -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\.Owner -> {00B71CFB-6864-4346-A978-C0A14556272C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/msgrchkr.dll\\{00B71CFB-6864-4346-A978-C0A14556272C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/solitaireshowdown.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/solitaireshowdown.dll\\.Owner -> {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/solitaireshowdown.dll\\{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Zintro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Zintro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Zintro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 00:57:30 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15.06.2005 19:49:56 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 00:57:30 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25.04.2007 16:22:27 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24.03.2006 06:37:55 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 916 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186880 bytes | Modified Date = 04.08.2004 00:57:34 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119296 bytes | Modified Date = 04.08.2004 00:57:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> E7 63 15 B6 EC 14 BD 01 86 8E 3E B7 24 32 F9 CC 31 65 34 34 62 38 39 37 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 52 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 38 E3 B5 EF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 49 D6 7A 47 AA 5C 5C 67 5C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 76 13 3D EE CB 6E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 3F C4 3B 6B 02 57 88 5C 74 13 85 92 44 AB 0A 31 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 46 B7 4D 93 A9 D8 C5 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 5B D8 39 AD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 0F 9D 3E AD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 3C CE 3F AD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 00:58:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows-Firewall/Gemeinsame Nutzung der Internetverbindung -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 197544 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 334336 bytes | Modified Date = 04.08.2004 00:57:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142848 bytes | Modified Date = 04.08.2004 00:58:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 13.07.2006 02:52:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programme\MSN Messenger\msncall.exe -> C:\Programme\MSN Messenger\msncall.exe [C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10.10.2006 14:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programme\MSN Messenger\msnmsgr.exe -> C:\Programme\MSN Messenger\msnmsgr.exe [C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programme\MSN Messenger\livecall.exe -> C:\Programme\MSN Messenger\livecall.exe [C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142848 bytes | Modified Date = 04.08.2004 00:58:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\ICQLite\ICQLite.exe -> C:\Programme\ICQLite\ICQLite.exe [C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Trillian\trillian.exe -> C:\Programme\Trillian\trillian.exe [C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian] -> Cerulean Studios [Ver = 3, 1, 9, 0 | Size = 1873280 bytes | Modified Date = 11.12.2007 01:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Teamspeak2_RC2\server_windows.exe -> C:\Programme\Teamspeak2_RC2\server_windows.exe [C:\Programme\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Mozilla Firefox\firefox.exe -> C:\Programme\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 18.04.2008 18:26:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\HLSW\hlsw.exe -> C:\Programme\HLSW\hlsw.exe [C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Dokumente und Einstellungen\Admin\Desktop\cstrike\CSTRIKE.EXE -> C:\Dokumente und Einstellungen\Admin\Desktop\cstrike\CSTRIKE.EXE [C:\Dokumente und Einstellungen\Admin\Desktop\cstrike\CSTRIKE.EXE:*:Enabled:CounterStrike Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Dokumente und Einstellungen\Admin\Desktop\alles\cstrike\CSTRIKE.EXE -> C:\Dokumente und Einstellungen\Admin\Desktop\alles\cstrike\CSTRIKE.EXE [C:\Dokumente und Einstellungen\Admin\Desktop\alles\cstrike\CSTRIKE.EXE:*:Enabled:CounterStrike Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe -> C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\emule.exe -> C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\emule.exe [C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\emule.exe:*:Enabled:eMule] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\eMule\eMule.exe -> C:\Programme\eMule\eMule.exe [C:\Programme\eMule\eMule.exe:*:Enabled:eMule Plus] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\counter-strike\hl.exe -> C:\Programme\Steam\SteamApps\saliath\counter-strike\hl.exe [C:\Programme\Steam\SteamApps\saliath\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 23.08.2007 14:15:13 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\ricochet\hl.exe -> C:\Programme\Steam\SteamApps\saliath\ricochet\hl.exe [C:\Programme\Steam\SteamApps\saliath\ricochet\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 02.12.2006 21:58:20 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\deathmatch classic\hl.exe -> C:\Programme\Steam\SteamApps\saliath\deathmatch classic\hl.exe [C:\Programme\Steam\SteamApps\saliath\deathmatch classic\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\day of defeat\hl.exe -> C:\Programme\Steam\SteamApps\saliath\day of defeat\hl.exe [C:\Programme\Steam\SteamApps\saliath\day of defeat\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\condition zero\hl.exe -> C:\Programme\Steam\SteamApps\saliath\condition zero\hl.exe [C:\Programme\Steam\SteamApps\saliath\condition zero\hl.exe:*:Enabled:Half-Life Launcher] -> Valve [Ver = 1, 1, 1, 1 | Size = 81920 bytes | Modified Date = 29.11.2006 22:25:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\condition zero deleted scenes\hl.exe -> C:\Programme\Steam\SteamApps\saliath\condition zero deleted scenes\hl.exe [C:\Programme\Steam\SteamApps\saliath\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\counter-strike source\hl2.exe -> C:\Programme\Steam\SteamApps\saliath\counter-strike source\hl2.exe [C:\Programme\Steam\SteamApps\saliath\counter-strike source\hl2.exe:*:Enabled:hl2] -> [Ver = | Size = 106496 bytes | Modified Date = 13.05.2008 16:35:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Xfire\Xfire.exe -> C:\Programme\Xfire\Xfire.exe [C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire] -> Xfire Inc. [Ver = 13133 | Size = 2836304 bytes | Modified Date = 15.11.2007 03:00:40 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Westwood\AR2\Game.exe -> C:\Westwood\AR2\Game.exe [C:\Westwood\AR2\Game.exe:*:Enabled:Main executable for Red Alert 2] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\SteamApps\saliath\dedicated server\hlds.exe -> C:\Programme\Steam\SteamApps\saliath\dedicated server\hlds.exe [C:\Programme\Steam\SteamApps\saliath\dedicated server\hlds.exe:*:Enabled:HLDS Launcher] -> Valve [Ver = 4, 1, 1, 1 | Size = 397312 bytes | Modified Date = 25.07.2006 05:05:23 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\SmartFTP Client 2.0\SmartFTP.exe -> C:\Programme\SmartFTP Client 2.0\SmartFTP.exe [C:\Programme\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Palm\PPLTReg.exe -> C:\Palm\PPLTReg.exe [C:\Palm\PPLTReg.exe:*:Enabled:PPLTReg] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Messenger\msmsgs.exe -> C:\Programme\Messenger\msmsgs.exe [C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13.10.2004 18:24:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 13.07.2006 02:52:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\MSN Messenger\msncall.exe -> C:\Programme\MSN Messenger\msncall.exe [C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\QIP\qip.exe -> C:\Programme\QIP\qip.exe [C:\Programme\QIP\qip.exe:*:Enabled:Quiet Internet Pager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Hamachi\hamachi.exe -> C:\Programme\Hamachi\hamachi.exe [C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi Client] -> LogMeIn Inc. [Ver = 1, 0, 2, 5 | Size = 624416 bytes | Modified Date = 02.05.2008 18:17:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\THQ\MotoGP URT 3 Demo\motogp_demo.exe -> C:\Programme\THQ\MotoGP URT 3 Demo\motogp_demo.exe [C:\Programme\THQ\MotoGP URT 3 Demo\motogp_demo.exe:*:Enabled:motogp_demo] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10.10.2006 14:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\mIRC\mirc.exe -> C:\Programme\mIRC\mirc.exe [C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Media Player Classic\mplayerc.exe -> C:\Programme\Media Player Classic\mplayerc.exe [C:\Programme\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic] -> Gabest [Ver = 6, 4, 9, 0 | Size = 5828608 bytes | Modified Date = 20.03.2006 15:37:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Teamspeak2_RC2\server_windows.exe -> E:\Teamspeak2_RC2\server_windows.exe [E:\Teamspeak2_RC2\server_windows.exe:*:Enabled:server_windows] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Tor\tor.exe -> C:\Programme\Tor\tor.exe [C:\Programme\Tor\tor.exe:*:Enabled:tor] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\IEXPLORE.EXE -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Programme\ICQLite\ICQLite.exe -> H:\Programme\ICQLite\ICQLite.exe [H:\Programme\ICQLite\ICQLite.exe:*:Disabled:ICQLite] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\MSN Messenger\msnmsgr.exe -> C:\Programme\MSN Messenger\msnmsgr.exe [C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\MSN Messenger\livecall.exe -> C:\Programme\MSN Messenger\livecall.exe [C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\game.dat -> G:\game.dat [G:\game.dat:*:Enabled:game] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\c&c generäle\game.dat -> G:\c&c generäle\game.dat [G:\c&c generäle\game.dat:*:Enabled:game] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\EA Games\Command and Conquer Generäle\game.dat -> C:\Programme\EA Games\Command and Conquer Generäle\game.dat [C:\Programme\EA Games\Command and Conquer Generäle\game.dat:*:Enabled:game] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE -> C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE [C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4] -> SEIKO EPSON CORPORATION [Ver = 1, 7, 0, 0 | Size = 122880 bytes | Modified Date = 30.04.2004 04:07:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\ICQ6\ICQ.exe -> C:\Programme\ICQ6\ICQ.exe [C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6059 | Size = 172280 bytes | Modified Date = 01.04.2008 12:40:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\JoWooD\SpellForce\spellforce.exe -> C:\Programme\JoWooD\SpellForce\spellforce.exe [C:\Programme\JoWooD\SpellForce\spellforce.exe:*:Enabled:spellforce] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Microsoft ActiveSync\WCESMgr.exe -> C:\Programme\Microsoft ActiveSync\WCESMgr.exe [C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Microsoft ActiveSync\wcescomm.exe -> C:\Programme\Microsoft ActiveSync\wcescomm.exe [C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Sierra On-Line\SIGSPat.exe -> C:\Programme\Sierra On-Line\SIGSPat.exe [C:\Programme\Sierra On-Line\SIGSPat.exe:*:Enabled:SIGSPat] -> Havas Interactive [Ver = 4,0,4,1 | Size = 565248 bytes | Modified Date = 08.09.1999 13:45:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe -> C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe [C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\BitTorrent\bittorrent.exe -> C:\Programme\BitTorrent\bittorrent.exe [C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Steam\steam.exe -> C:\Programme\Steam\Steam.exe [C:\Programme\Steam\steam.exe:*:Enabled:Steam] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 13.05.2008 16:32:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\CabalTemp\ESTSetupLoader.exe -> G:\CabalTemp\ESTSetupLoader.exe [G:\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\cabal\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe -> G:\cabal\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe [G:\cabal\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe -> C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe [C:\Programme\Gemeinsame Dateien\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter] -> Nero AG [Ver = 1, 10, 2, 0 | Size = 2577704 bytes | Modified Date = 28.02.2008 10:59:20 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Winamp Remote\bin\Orb.exe -> C:\Programme\Winamp Remote\bin\Orb.exe [C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Winamp Remote\bin\OrbTray.exe -> C:\Programme\Winamp Remote\bin\OrbTray.exe [C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe -> C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe [C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Skype\Phone\Skype.exe -> C:\Programme\Skype\Phone\Skype.exe [C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.2.0.175 | Size = 23237416 bytes | Modified Date = 02.07.2007 17:10:58 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 04.08.2004 00:57:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:Eine DLL-Datei als Anwendung ausführen] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 04.08.2004 00:58:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Neuer Ordner\game.dat -> E:\Neuer Ordner\game.dat [E:\Neuer Ordner\game.dat:*:Enabled:game] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\patchget.dat -> E:\patchget.dat [E:\patchget.dat:*:Enabled:patchgrabber] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\game.dat -> E:\game.dat [E:\game.dat:*:Enabled:game] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\c&c - generäle\game.dat -> E:\c&c - generäle\game.dat [E:\c&c - generäle\game.dat:*:Enabled:game] -> [Ver = | Size = 5701632 bytes | Modified Date = 10.11.2005 10:44:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\c&c - generäle stunde null\game.dat -> E:\c&c - generäle stunde null\game.dat [E:\c&c - generäle stunde null\game.dat:*:Enabled:game] -> [Ver = | Size = 6483968 bytes | Modified Date = 10.03.2005 13:47:10 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programme\Veoh Networks\Veoh\VeohClient.exe -> C:\Programme\Veoh Networks\Veoh\VeohClient.exe [C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client] -> Veoh Networks [Ver = 3.9.4.1036 | Size = 3640368 bytes | Modified Date = 08.05.2008 16:53:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{B38120B4-F0B9-48A4-B94D-15429134F7BC} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 00:58:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatische Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Aktiviert den Download und die Installation für wichtige Updates von Windows Update. Das Betriebssystem kann manuell über die Windows Update-Website aktualisiert werden, falls der Dienst deaktiviert wird. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04.08.2004 00:57:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> EPSON_PM_RPCV2_01 -> -> EPSONStatusAgent2 -> -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1111.1511.beta | Size = 125624 bytes | Modified Date = 22.04.2008 21:37:55 | Attr = ] < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Ahead\lib\NMBgMonitor.exe -> File not found BitTorrent hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\BitTorrent\bittorrent.exe -> File not found DAEMON Tools hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> D:\DAEMON Tools\daemon.exe -> File not found iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> File not found LDM hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 13.07.2006 02:52:42 | Attr = ] lycosInside hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\lycos\Lyc_SysTray.exe -> File not found MsnMsgr hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\MSN Messenger\MsnMsgr.Exe -> File not found Skype hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.2.0.175 | Size = 23237416 bytes | Modified Date = 02.07.2007 17:10:58 | Attr = R ] SpybotSD TeaTimer hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 28.01.2008 11:43:40 | Attr = RHS] Steam hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 13.05.2008 16:32:02 | Attr = ] VirusBursters hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\VirusBursters\virusbursters.exe -> File not found [Files/Folders - Created Within 30 days] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Created Date = 13.05.2008 21:32:06 | Attr = ] VIRUSfighter -> %SystemDrive%\VIRUSfighter -> [Folder | Created Date = 18.05.2008 15:34:39 | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 456736 bytes | Created Date = 14.05.2008 20:01:24 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 4700 bytes | Created Date = 14.05.2008 20:01:24 | Attr = HS] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Created Date = 14.05.2008 19:58:17 | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 07.05.2008 22:25:37 | Attr = ] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 14.05.2008 19:57:56 | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 163353 bytes | Created Date = 13.05.2008 21:32:50 | Attr = ] nvdisp.nvu -> %SystemRoot%\System32\nvdisp.nvu -> [Ver = | Size = 17737 bytes | Created Date = 13.05.2008 21:32:44 | Attr = ] nvudisp.exe -> %SystemRoot%\System32\nvudisp.exe -> NVIDIA Corporation [Ver = 1 , 1 , 1 , 0 | Size = 356352 bytes | Created Date = 13.05.2008 21:32:44 | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 1 , 1 , 0 | Size = 356352 bytes | Created Date = 13.05.2008 21:32:28 | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Created Date = 27.04.2008 21:37:26 | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.11 | Size = 28416 bytes | Created Date = 27.04.2008 21:37:27 | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 352918 bytes | Created Date = 14.05.2008 19:57:47 | Attr = ] vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 83432 bytes | Created Date = 14.05.2008 19:56:48 | Attr = ] vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 394952 bytes | Created Date = 14.05.2008 19:57:47 | Attr = ] vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 157160 bytes | Created Date = 14.05.2008 19:56:47 | Attr = ] vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 103912 bytes | Created Date = 14.05.2008 19:57:47 | Attr = ] vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 275944 bytes | Created Date = 14.05.2008 19:57:47 | Attr = ] vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 71144 bytes | Created Date = 14.05.2008 19:57:56 | Attr = ] vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 472552 bytes | Created Date = 14.05.2008 19:56:47 | Attr = ] vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 46568 bytes | Created Date = 14.05.2008 19:57:49 | Attr = ] vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 99816 bytes | Created Date = 14.05.2008 19:57:48 | Attr = ] zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 83432 bytes | Created Date = 14.05.2008 19:57:54 | Attr = ] zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 71144 bytes | Created Date = 14.05.2008 19:57:54 | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 14.05.2008 19:58:36 | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Created Date = 14.05.2008 19:57:47 | Attr = ] zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 14.05.2008 19:57:48 | Attr = ] Icons -> %SystemRoot%\Icons -> [Folder | Created Date = 01.05.2008 19:06:50 | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 14.05.2008 19:31:50 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 18.05.2008 17:04:49 | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Created Date = 13.05.2008 21:32:44 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 02.05.2008 22:37:14 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 02.05.2008 22:37:14 | Attr = H ] zllsputility.exe -> %SystemRoot%\zllsputility.exe -> Zone Labs, LLC [Ver = 7.0.473.000 | Size = 75248 bytes | Created Date = 14.05.2008 19:58:27 | Attr = ] 1-Klick-Wartung.job -> %SystemRoot%\tasks\1-Klick-Wartung.job -> [Ver = | Size = 492 bytes | Created Date = 27.04.2008 21:37:32 | Attr = ] [Files/Folders - Modified Within 30 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 389 bytes | Modified Date = 01.05.2008 19:09:20 | Attr = RHS] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 13.05.2008 21:32:06 | Attr = ] Programme -> %ProgramFiles% -> [Folder | Modified Date = 18.05.2008 17:04:18 | Attr = R ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 27.04.2008 22:18:54 | Attr = HS] VIRUSfighter -> %SystemDrive%\VIRUSfighter -> [Folder | Modified Date = 18.05.2008 15:49:19 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 18.05.2008 17:04:51 | Attr = ] avgntdd.sys -> %SystemRoot%\System32\drivers\avgntdd.sys -> Avira GmbH [Ver = 6.39.00.30 | Size = 41792 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] avgntmgr.sys -> %SystemRoot%\System32\drivers\avgntmgr.sys -> Avira GmbH [Ver = 6.37.01.02 | Size = 22336 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] avipbb.sys -> %SystemRoot%\System32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 456736 bytes | Modified Date = 18.05.2008 17:15:57 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 4700 bytes | Modified Date = 16.05.2008 16:14:33 | Attr = HS] hamachi.sys -> %SystemRoot%\System32\drivers\hamachi.sys -> LogMeIn, Inc. [Ver = 6.0.2.2 | Size = 25280 bytes | Modified Date = 02.05.2008 18:17:38 | Attr = ] ssmdrv.sys -> %SystemRoot%\System32\drivers\ssmdrv.sys -> AVIRA GmbH [Ver = 7.00.01.02 | Size = 21248 bytes | Modified Date = 21.04.2008 17:08:15 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 13.05.2008 20:46:10 | Attr = ] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 18.05.2008 16:15:12 | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 07.05.2008 22:25:37 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 27.04.2008 22:25:31 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 13.05.2008 21:32:42 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 18.05.2008 17:12:17 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 07.05.2008 20:13:34 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 145216 bytes | Modified Date = 03.05.2008 16:03:57 | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 163353 bytes | Modified Date = 13.05.2008 21:37:28 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 27.04.2008 22:18:54 | Attr = ] ShellDHCP -> %SystemRoot%\System32\ShellDHCP -> [Folder | Modified Date = 15.05.2008 21:47:45 | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 27.04.2008 21:37:27 | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 352918 bytes | Modified Date = 18.05.2008 15:11:47 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13682 bytes | Modified Date = 18.05.2008 15:12:20 | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 14.05.2008 20:00:15 | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 14.05.2008 19:58:32 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13.05.2008 20:50:30 | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 18.05.2008 15:10:47 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 15.05.2008 21:12:28 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 15.05.2008 20:37:58 | Attr = S] eReg.dat -> %SystemRoot%\eReg.dat -> [Ver = | Size = 1063 bytes | Modified Date = 05.05.2008 14:29:54 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 02.05.2008 20:01:24 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 13.05.2008 21:32:50 | Attr = ] Icons -> %SystemRoot%\Icons -> [Folder | Modified Date = 01.05.2008 19:07:31 | Attr = H ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 18.05.2008 17:04:49 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11.05.2008 22:46:12 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 18.05.2008 17:15:08 | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 18.05.2008 17:04:49 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 15.05.2008 21:12:00 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 7282 bytes | Modified Date = 18.05.2008 17:04:20 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 06.05.2008 17:17:07 | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 13.05.2008 21:32:44 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 18.05.2008 15:41:03 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 02.05.2008 22:37:14 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 12.05.2008 18:32:55 | Attr = H ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 14.05.2008 21:15:28 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 27.04.2008 21:37:32 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 18.05.2008 17:16:04 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 941 bytes | Modified Date = 01.05.2008 20:53:24 | Attr = ] 1-Klick-Wartung.job -> %SystemRoot%\tasks\1-Klick-Wartung.job -> [Ver = | Size = 492 bytes | Modified Date = 18.05.2008 17:00:03 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 18.05.2008 15:11:06 | Attr = H ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\HTML Help\ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\HTML Help -> [Folder | Modified Date = 21.05.2006 13:47:01 | Attr = ] hhcolreg.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 1307 bytes | Modified Date = 21.05.2006 13:47:01 | Attr = ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader -> [Folder | Modified Date = 23.10.2005 22:01:50 | Attr = ] qmgr0.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 13.05.2008 20:50:47 | Attr = ] qmgr1.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5500 bytes | Modified Date = 13.05.2008 20:50:47 | Attr = ] C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\~nsu.tmp\ -> C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\~nsu.tmp\ -> [Folder | Modified Date = 18.05.2008 15:53:09 | Attr = ] Au_.exe -> C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\~nsu.tmp\Au_.exe -> [Ver = | Size = 72011 bytes | Modified Date = 14.05.2008 21:15:30 | Attr = ] C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\ -> C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp -> [Folder | Modified Date = 18.05.2008 17:15:38 | Attr = ] Perflib_Perfdata_f9c.dat -> C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\Perflib_Perfdata_f9c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 18.05.2008 16:43:06 | Attr = ] 4 C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\*.tmp files -> C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\*.tmp -> C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 18.05.2008 17:05:22 | Attr = S] index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 18.05.2008 17:05:22 | Attr = ] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 18.05.2008 17:05:16 | Attr = S] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 49152 bytes | Modified Date = 18.05.2008 17:05:23 | Attr = ] C:\WINDOWS\Temp\Verlauf\History.IE5\ -> C:\WINDOWS\Temp\Verlauf\History.IE5\ -> [Folder | Modified Date = 18.05.2008 17:05:16 | Attr = S] index.dat -> C:\WINDOWS\Temp\Verlauf\History.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 18.05.2008 17:05:22 | Attr = ] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 18.05.2008 17:05:16 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 18.05.2008 17:05:16 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\05ULE101\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\05ULE101 -> [Folder | Modified Date = 18.05.2008 17:05:23 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\05ULE101\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 18.05.2008 17:05:16 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HBGV2EWN\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HBGV2EWN -> [Folder | Modified Date = 18.05.2008 17:05:23 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\HBGV2EWN\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 18.05.2008 17:05:16 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IP21O3E5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IP21O3E5 -> [Folder | Modified Date = 18.05.2008 17:05:23 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\IP21O3E5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 18.05.2008 17:05:16 | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QXIZOXWZ\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QXIZOXWZ -> [Folder | Modified Date = 18.05.2008 17:05:23 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QXIZOXWZ\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 18.05.2008 17:05:16 | Attr = HS] C:\WINDOWS\Temp\Verlauf\History.IE5\ -> C:\WINDOWS\Temp\Verlauf\History.IE5\ -> [Folder | Modified Date = 18.05.2008 17:05:16 | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Verlauf\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 18.05.2008 17:05:16 | Attr = HS] < End of report > [/code]