W32/Rbot-PJ / Spyware-Wurm??

#0
01.01.2007, 16:43
Moderator

Beiträge: 5694
#1 Zuerst einmal ein frohes neues Jahr!

Nun zu meinem Problem:

Kann mir jemand etwas über diesen Eintrag des Hijack-logfiles sagen?

O23 - Service: Messenger Sharing USN Journal Reader-Service (usnsvc) - Unknown owner - C:\Programme\MSN.exe (file missing)


Auf einem anderen Forum wurde mir gesagt dass es sich dabei um diesen Wurm handelt:

http://www.sophos.de/security/analyses/w32rbotpj.html

Da wurde mir eine Neuinstallation geraten. --> http://www.trojaner-board.de/34849-langsamer-pc-wurm.html#post246299

Kann man diesen Eintrag nicht einfach fixen?

Hier noch das ganze LOGFILE:


Logfile of HijackThis v1.99.1
Scan saved at 16:38:53, on 01.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Programme\QuickTime\qttask.exe
C:\Programme\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe
C:\Programme\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programme\panda software\panda internet security 2007\WebProxy.exe
C:\Programme\Cablecom Assistant\bin\mpbtn.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.azonline.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Workflow] F:\Installs\Workflow.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programme\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programme\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155363507890
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155731611468
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web1.photocolor.net/webupload/ActiveX/PhotocolorUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - The Firebird Project - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programme\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Programme\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Messenger Sharing USN Journal Reader-Service (usnsvc) - Unknown owner - C:\Programme\MSN.exe (file missing)




Und das Adaware-Logfile

Ad-Aware SE Build 1.06r1
Logfile Created on:Montag, 1. Januar 2007 17:14:45
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R141 27.12.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


01.01.2007 17:14:45 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 560
ThreadCreationTime : 01.01.2007 14:03:40
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 01.01.2007 14:03:44
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 640
ThreadCreationTime : 01.01.2007 14:03:47
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 01.01.2007 14:03:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 696
ThreadCreationTime : 01.01.2007 14:03:49
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 872
ThreadCreationTime : 01.01.2007 14:03:52
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 01.01.2007 14:03:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 01.01.2007 14:03:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [pavsrv51.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1072
ThreadCreationTime : 01.01.2007 14:03:54
BasePriority : High
FileVersion : 2, 0, 1840, 32
ProductVersion : 2, 0, 1840, 32
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : On-Access Antivirus Scanner Service.
LegalCopyright : © Panda Software 2006

#:10 [avengine.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1108
ThreadCreationTime : 01.01.2007 14:03:54
BasePriority : Normal
FileVersion : 2, 0, 1840, 33
ProductVersion : 2, 0, 1840, 33
ProductName : Panda Antimalware File Protection
CompanyName : Panda Software International
FileDescription : Enhanced On-Access Antivirus Scanner Process.
InternalName : avengine
LegalCopyright : © Panda Software 2006
OriginalFilename : avengine.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1256
ThreadCreationTime : 01.01.2007 14:03:59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [tpsrv.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1296
ThreadCreationTime : 01.01.2007 14:04:00
BasePriority : Normal
FileVersion : 7, 0, 2, 0
ProductVersion : 7, 0, 2, 0
ProductName : TPSrv Application
CompanyName : Panda Software
FileDescription : TPSrv Application
InternalName : TPSrv
LegalCopyright : © 2005 Panda Software. All rights reserved.
OriginalFilename : TPSrv.exe

#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1416
ThreadCreationTime : 01.01.2007 14:04:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1508
ThreadCreationTime : 01.01.2007 14:04:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:15 [pnmsrv.exe]
FilePath : c:\programme\panda software\panda internet security 2007\firewall\
ProcessID : 1592
ThreadCreationTime : 01.01.2007 14:04:04
BasePriority : Normal
FileVersion : 3, 0, 0,21
ProductVersion : 3, 0, 0, 0
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : Panda Network Manager Service
InternalName : PNMSRV
LegalCopyright : © Panda Software 2006
OriginalFilename : PNMSRV.EXE

#:16 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1736
ThreadCreationTime : 01.01.2007 14:04:06
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:17 [pavfnsvr.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1880
ThreadCreationTime : 01.01.2007 14:04:11
BasePriority : Normal
FileVersion : 7.06.03.00
ProductVersion : 7.06.03.00
ProductName : Panda Residents
CompanyName : Panda Software International
FileDescription : Panda Function Service
InternalName : PavFnSvr
LegalCopyright : © Panda Software 2006
OriginalFilename : PAVFNSVR.EXE

#:18 [pavprsrv.exe]
FilePath : C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\
ProcessID : 1900
ThreadCreationTime : 01.01.2007 14:04:12
BasePriority : Normal
FileVersion : 1.3.0.0
ProductVersion : 1.3.0.0
ProductName : PandaShield
CompanyName : Panda Software
FileDescription : Panda Process Protection Service
InternalName : PavPrSrv
LegalCopyright : Copyright © 2004, Panda Software
OriginalFilename : PavPrSrv.exe

#:19 [pskmssvc.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\AntiSpam\
ProcessID : 1924
ThreadCreationTime : 01.01.2007 14:04:12
BasePriority : Normal
FileVersion : 1, 3, 1, 0
ProductVersion : 1, 3, 1, 0
ProductName : Panda Anti-malware
CompanyName : Panda Software International
FileDescription : Anti-Malware protection service library
InternalName : pskmssvc.exe
LegalCopyright : © Panda Software 2006

#:20 [psimsvc.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 2012
ThreadCreationTime : 01.01.2007 14:04:15
BasePriority : Normal
FileVersion : 2, 6, 36, 0
ProductVersion : 2, 6, 36, 0
ProductName : Panda Antivirus
CompanyName : Panda Software
FileDescription : Panda Interface Manager Service
InternalName : PsImSvc
LegalCopyright : © Panda Software 2006.
OriginalFilename : PsImSvc.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 124
ThreadCreationTime : 01.01.2007 14:04:15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1688
ThreadCreationTime : 01.01.2007 14:04:24
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [msmpeng.exe]
FilePath : C:\Programme\Windows Defender\
ProcessID : 2320
ThreadCreationTime : 01.01.2007 14:22:56
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:24 [ati2evxx.exe]
FilePath : C:\WINDOWS\SYSTEM32\
ProcessID : 440
ThreadCreationTime : 01.01.2007 15:09:56
BasePriority : Normal
FileVersion : 6.14.10.4149
ProductVersion : 6.14.10.4149
ProductName : ATI External Event Utility for Windows
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2006 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:25 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 784
ThreadCreationTime : 01.01.2007 15:10:22
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:26 [rthdcpl.exe]
FilePath : C:\WINDOWS\
ProcessID : 2916
ThreadCreationTime : 01.01.2007 15:10:26
BasePriority : Normal
FileVersion : 1.1.1.7
ProductVersion : 1.1.1.7
ProductName : Realtek HD Audio Sound Effect Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek HD Audio Control Panel
LegalCopyright : Copyright (c) 2004 Realtek Semiconductor Corp.
OriginalFilename : RTHDCPL.EXE

#:27 [apvxdwin.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 1504
ThreadCreationTime : 01.01.2007 15:10:26
BasePriority : Normal
FileVersion : 7.10.06.02
ProductVersion : 11.00.02.00
ProductName : Panda Internet Security 2007
CompanyName : Panda Software International
FileDescription : Protección permanente Platinum
InternalName : APVXDWIN
LegalCopyright : © Panda Software 2006
OriginalFilename : APVXDWIN.EXE

#:28 [qttask.exe]
FilePath : C:\Programme\QuickTime\
ProcessID : 2000
ThreadCreationTime : 01.01.2007 15:10:26
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [msascui.exe]
FilePath : C:\Programme\Windows Defender\
ProcessID : 476
ThreadCreationTime : 01.01.2007 15:10:27
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3176
ThreadCreationTime : 01.01.2007 15:10:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [cablecom_assistant.exe]
FilePath : C:\Programme\Cablecom Assistant\bin\
ProcessID : 1064
ThreadCreationTime : 01.01.2007 15:10:30
BasePriority : Normal
FileVersion : 5.08.01
ProductVersion : 5.8.12.asst_classic.asst_mad
ProductName : cablecom assistant
CompanyName : Motive Communications, Inc.
FileDescription : cablecom assistant
InternalName : mad
LegalCopyright : Copyright 1998-2003
OriginalFilename : mad

#:32 [srvload.exe]
FilePath : C:\Programme\Panda Software\Panda Internet Security 2007\
ProcessID : 3204
ThreadCreationTime : 01.01.2007 15:10:33
BasePriority : Normal
FileVersion : 6.01.01.00
ProductVersion : 6.01.01.00
ProductName : Panda AntiSpam Trainer
CompanyName : Panda Software International
FileDescription : Panda AntiSpam Trainer
InternalName : SRVLOAD
LegalCopyright : © Panda Software International 2006
OriginalFilename : SRVLOAD.EXE

#:33 [webproxy.exe]
FilePath : c:\programme\panda software\panda internet security 2007\
ProcessID : 2264
ThreadCreationTime : 01.01.2007 15:10:33
BasePriority : Normal
FileVersion : 6, 2, 22, 533
ProductVersion : 6, 2, 16, 0
ProductName : Panda residents
CompanyName : Panda Software International
FileDescription : Internet resident proxy
InternalName : WebProxy.exe
LegalCopyright : © Panda Software 2006

#:34 [mpbtn.exe]
FilePath : C:\Programme\Cablecom Assistant\bin\
ProcessID : 3244
ThreadCreationTime : 01.01.2007 15:10:38
BasePriority : Normal


#:35 [motive~1.exe]
FilePath : C:\PROGRA~1\Motive\ASSTCO~1\
ProcessID : 2972
ThreadCreationTime : 01.01.2007 15:10:39
BasePriority : Normal
FileVersion : 5.01.00
ProductVersion : 5.8.7.asst_classic.asst_motivedirectory
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive Directory
InternalName : motivedirectory
LegalCopyright : Copyright 1998-2003
OriginalFilename : motivedirectory

#:36 [outlook.exe]
FilePath : C:\Programme\Microsoft Office\Office10\
ProcessID : 1272
ThreadCreationTime : 01.01.2007 15:28:18
BasePriority : Normal


#:37 [winword.exe]
FilePath : C:\Programme\Microsoft Office\Office10\
ProcessID : 2968
ThreadCreationTime : 01.01.2007 15:28:23
BasePriority : Normal


#:38 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 2040
ThreadCreationTime : 01.01.2007 15:28:53
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:39 [agentsvr.exe]
FilePath : C:\WINDOWS\msagent\
ProcessID : 1060
ThreadCreationTime : 01.01.2007 15:28:55
BasePriority : Normal
FileVersion : 2.00.0.3424
ProductVersion : 2.00.0.3424
ProductName : Microsoft Agent Server
CompanyName : Microsoft Corporation
FileDescription : Microsoft Agent Server
InternalName : AgentServer
LegalCopyright : Copyright (C) Microsoft Corp. 1997-98
OriginalFilename : AgentSvr.exe

#:40 [iexplore.exe]
FilePath : C:\Programme\Internet Explorer\
ProcessID : 3864
ThreadCreationTime : 01.01.2007 15:34:28
BasePriority : Normal
FileVersion : 7.00.5730.11 (winmain(wmbla).061017-1135)
ProductVersion : 7.00.5730.11
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:41 [msmsgs.exe]
FilePath : C:\Programme\Messenger\
ProcessID : 3640
ThreadCreationTime : 01.01.2007 15:55:48
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:42 [ad-aware.exe]
FilePath : C:\PROGRA~1\VIRENP~1\ADAWAR~1\AD-AWA~1\
ProcessID : 2260
ThreadCreationTime : 01.01.2007 16:14:32
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adtech[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@adtech.de/
Expires : 29.12.2016 17:04:06
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@revsci[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@revsci.net/
Expires : 27.12.2026 17:12:50
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adopt.euroclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:user@adopt.euroclick.com/
Expires : 29.12.2016 17:04:28
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3



Deep scanning and examining files (C;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (D;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (E;)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

17:23:10 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:25.203
Objects scanned:166804
Objects identified:3
Objects ignored:0
New critical objects:3
Dieser Beitrag wurde am 01.01.2007 um 17:24 Uhr von Tonstudio editiert.
Seitenanfang Seitenende
01.01.2007, 22:16
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Tonstudio

ServiceFilter.zip
http://virus-protect.org/artikel/tools/ServiceFilter.zip

- entzippen
- doppelklick auf die datei ServiceFilter.vbs
- versions-nummer bestätigen
- scannen
- öffnen von wordpad oder editor erlauben
- POST_THIS.TXT abkopieren
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
01.01.2007, 22:41
Moderator
Themenstarter

Beiträge: 5694
#3 Danke Dir..

Ich komme bis zur Bestätigung der Version, danach kommt folgende Meldung:
Cannot run from ZIP

You need to extract de skript from the ZIP File before running it.

Aber ich habe diese doch bereits entpackt?!?

Zuvor hab ich noch die Skriptblockierung aufgehoben, war das der richtige Weg?
Seitenanfang Seitenende
01.01.2007, 22:47
Moderator
Themenstarter

Beiträge: 5694
#4 Ist doch noch gegangen. Hier mein Resultat:



The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Professional
Version: 5.1.2600 Service Pack 2
Jan 1, 2007 22:47:21


===> Begin Service Listing <===

Unknown Service #1
Service Name: aspnet_state
Display Name: ASP.NET-Zustandsdienst
Start Mode: Manual
Start Name: NT AUTHORITY\NetworkService
Description: Stellt die Unterstützung für nicht aktive Sitzungszustände von ASP.NET bereit. Wenn der Dienst ...
Service Type: Own Process
Path: c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 2
Service Name: clr_optimization_v2.0.50727_32
Display Name: .NET Runtime Optimization Service v2.0.50727_X86
Start Mode: Manual
Start Name: LocalSystem
Description: Microsoft .NET Framework ...
Service Type: Own Process
Path: c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 3
Service Name: FirebirdServerMAGIXInstance
Display Name: Firebird Server - MAGIX Instance
Start Mode: Manual
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\magix\common\database\bin\fbserver.exe
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 4
Service Name: PAVFNSVR
Display Name: Panda Function Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\panda software\panda internet security 2007\pavfnsvr.exe"
State: Running
Process ID: 1880
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 5
Service Name: PavPrSrv
Display Name: Panda Process Protection Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\gemeinsame dateien\panda software\pavshld\pavprsrv.exe"
State: Running
Process ID: 1900
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 6
Service Name: PAVSRV
Display Name: Panda anti-virus service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\panda software\panda internet security 2007\pavsrv51.exe"
State: Running
Process ID: 1072
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 7
Service Name: pmshellsrv
Display Name: Panda Antispam Engine
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\programme\panda software\panda internet security 2007\antispam\pskmssvc.exe
State: Running
Process ID: 1924
Started: Wahr
Exit Code: 0
Accept Pause: Wahr
Accept Stop: Wahr

Unknown Service # 8
Service Name: PNMSRV
Display Name: Panda Network Manager
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\panda software\panda internet security 2007\firewall\pnmsrv.exe"
State: Running
Process ID: 1592
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 9
Service Name: PSIMSVC
Display Name: Panda IManager Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\panda software\panda internet security 2007\psimsvc.exe"
State: Running
Process ID: 2012
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service #10
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Verwaltet Software-basierte Schattenkopien des Volumeschattenkopie-Dienstes. Software-basierte ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{65ac2283-abcd-4d9b-ad0b-f5d5483ad67f}
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 11
Service Name: TPSrv
Display Name: Panda TPSrv
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: "c:\programme\panda software\panda internet security 2007\tpsrv.exe"
State: Running
Process ID: 1296
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 12
Service Name: usnsvc
Display Name: Messenger Sharing USN Journal Reader-Service
Start Mode: Manual
Start Name: LocalSystem
Description: Ein von Messenger installierter Service, der Freigabeszenarien ...
Service Type: Own Process
Path: "c:\programme\msn messenger\usnsvc.dll"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 13
Service Name: WinDefend
Display Name: Windows Defender
Start Mode: Auto
Start Name: LocalSystem
Description: Helps protect users from malicious software, spyware, and other potentially unwanted ...
Service Type: Own Process
Path: "c:\programme\windows defender\msmpeng.exe"
State: Running
Process ID: 2320
Started: Wahr
Exit Code: 0
Accept Pause: Falsch
Accept Stop: Wahr

Unknown Service # 14
Service Name: WMPNetworkSvc
Display Name: Windows Media Player-Netzwerkfreigabedienst
Start Mode: Manual
Start Name: NT AUTHORITY\NetworkService
Description: Gibt Windows Media Player-Bibliotheken mithilfe des universellen Plug & Play für andere Players ...
Service Type: Own Process
Path: "c:\programme\windows media player\wmpnetwk.exe"
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

Unknown Service # 15
Service Name: WudfSvc
Display Name: Windows Driver Foundation - User-mode Driver Framework
Start Mode: Manual
Start Name: LocalSystem
Description: Manages user-mode driver host ...
Service Type: Share Process
Path: c:\windows\system32\svchost.exe -k wudfservicegroup
State: Stopped
Process ID: 0
Started: Falsch
Exit Code: 1077
Accept Pause: Falsch
Accept Stop: Falsch

---> End Service Listing <---

There are 95 Win32 services on this machine.
15 were unrecognized.

Script Execution Time: 1.265625 seconds.
Seitenanfang Seitenende
01.01.2007, 23:01
Moderator
Themenstarter

Beiträge: 5694
#5 Zudem fand ich in der Eregnissanzeige folgenden Fehler welcher sich wiederholt seit einiger Zeit:


Der Dienst "Messenger Sharing USN Journal Reader-Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Messenger Sharing USN Journal Reader-Service ist keine zulässige Win32-Anwendung.

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.
Seitenanfang Seitenende
02.01.2007, 01:58
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6

Zitat

Unknown Service # 12
Service Name: usnsvc
Display Name: Messenger Sharing USN Journal Reader-Service
Start Mode: Manual
Start Name: LocalSystem
Description: Ein von Messenger installierter Service, der Freigabeszenarien ...
Service Type: Own Process
Path: "c:\programme\msn messenger\usnsvc.dll"
Description of usnsvc.dll
This is a component of Microsoft Windows Live Messenger. Windows Live Messenger Beta, from Microsoft, is an Instant Messenger that allows users to chat with and send files to other users.

hast du den Microsoft Windows Live Messenger installiert ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2007, 02:20
Moderator
Themenstarter

Beiträge: 5694
#7 Ja den hab ich installiert?! Ist das also nichts schädliches??
Seitenanfang Seitenende
02.01.2007, 11:47
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 eigenartig ist, dass der pfad oben im hijackthis, nicht mit dem anderen uebereinstimmt ;)

««
Registry Search Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

Messenger Sharing USN Journal Reader-Service

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

MSN.exe

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

usnsvc

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.
________________________________________________________

««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2007, 13:46
Moderator
Themenstarter

Beiträge: 5694
#9 Hi, danke für die Antwort, hier die Logs:


Messenger Sharing USN Journal Reader-Service:

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 02.01.2007 13:44:15 for strings:
; 'messenger sharing usn journal reader-service'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC\0000]
"DeviceDesc"="Messenger Sharing USN Journal Reader-Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc]
"DisplayName"="Messenger Sharing USN Journal Reader-Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC\0000]
"DeviceDesc"="Messenger Sharing USN Journal Reader-Service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usnsvc]
"DisplayName"="Messenger Sharing USN Journal Reader-Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC\0000]
"DeviceDesc"="Messenger Sharing USN Journal Reader-Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc]
"DisplayName"="Messenger Sharing USN Journal Reader-Service"

; End Of The Log...

MSN.exe:
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 02.01.2007 13:53:51 for strings:
; 'msn.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"=dword:00000001

; End Of The Log...


'usnsvc':

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 02.01.2007 13:58:56 for strings:
; 'usnsvc'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\usnsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F07EFF1B-88F7-4076-ADAC-185F393785E9}]
"LocalService"="usnsvc"
@="usnsvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736F8997-C651-4C45-BC43-8AF8369890F1}]
@="MSN USNSVC"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736F8997-C651-4C45-BC43-8AF8369890F1}\LocalServer32]
@="C:\\PROGRA~1\\MSNMES~1\\usnsvc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736F8997-C651-4C45-BC43-8AF8369890F1}\ProgID]
@="Microsoft.MSN.MCC.USNSVC.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A48025A-1E84-4132-B068-D222912F5094}\InProcServer32]
@="C:\\Programme\\MSN Messenger\\usnsvcps.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.MSN.MCC.USNSVC.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.MSN.MCC.USNSVC.1]
@="MSN USNSVC"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.MSN.MCC.USNSVC.1\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1175CA230BCB5154CAEA6695BEDA5F4F]
"1B4DBCD803DDA9A4DA7FAF13265B694C"="C:\\Programme\\MSN Messenger\\usnsvcps.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5BF9BC30C149E56469F230993E70E174]
"1B4DBCD803DDA9A4DA7FAF13265B694C"="C:\\Programme\\MSN Messenger\\usnsvc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
; Contents of value:
; usnsvc
;
"Usnsvc"=hex(7):75,00,73,00,6e,00,73,00,76,00,63,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN\USNSVC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN\USNSVC\UsnSvcTraceProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_USNSVC\0000]
"Service"="usnsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WinDefendRtp
; WebClient
; VSS
; VBRuntime
; usnsvc
; Userinit
; Userenv
; UploadM
; Tlntsvr
; SysmonLog
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; Sentinel
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; MPSampleSubmission
; mnmsrvc
; Microsoft Office 10
; Microsoft H.323 Telephony Service Provider
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; Java VM
; HelpSvc
; fsbwsys
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; EAPOL
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; BackWeb Plug-in - 9038346
; AutoEnrollment
; Autochk
; ATI Smart
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; apphelp
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,\
00,64,00,52,00,74,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,\
00,69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,73,00,76,00,63,00,00,00,55,00,\
73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,65,\
00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,00,4d,00,00,00,54,00,\
6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,\
00,4c,00,6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,\
74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,\
00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,\
50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,65,00,6e,00,74,00,69,00,6e,00,65,\
00,6c,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\
6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\
00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\
6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,\
00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,\
20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,\
00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,\
4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,\
00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,\
62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,\
00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,\
6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,\
00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,\
4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,\
00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,\
45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,\
00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,44,00,4d,\
00,69,00,6e,00,65,00,00,00,4d,00,50,00,53,00,61,00,6d,00,70,00,6c,00,65,00,\
53,00,75,00,62,00,6d,00,69,00,73,00,73,00,69,00,6f,00,6e,00,00,00,6d,00,6e,\
00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,30,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\
2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\
00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\
6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\
61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\
00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\
65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,20,00,56,00,4d,00,00,00,48,\
00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,66,00,73,00,62,00,77,00,73,00,\
79,00,73,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,\
00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,\
65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,\
45,00,53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,\
00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,\
51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,\
00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,\
00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,42,00,61,00,63,00,6b,00,57,\
00,65,00,62,00,20,00,50,00,6c,00,75,00,67,00,2d,00,69,00,6e,00,20,00,2d,00,\
20,00,39,00,30,00,33,00,38,00,33,00,34,00,36,00,00,00,41,00,75,00,74,00,6f,\
00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,\
75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,54,00,49,00,20,00,53,00,6d,\
00,61,00,72,00,74,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\
32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,00,30,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,61,00,70,00,70,00,68,00,65,00,6c,00,70,00,00,00,2e,00,4e,00,45,00,\
54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,\
00,69,00,6d,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,\
72,00,76,00,69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,\
00,6e,00,74,00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,\
72,00,6f,00,72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,\
00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,\
65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\usnsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnsvc\Enum]
"0"="Root\\LEGACY_USNSVC\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_USNSVC\0000]
"Service"="usnsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WinDefendRtp
; WebClient
; VSS
; VBRuntime
; usnsvc
; Userinit
; Userenv
; UploadM
; Tlntsvr
; SysmonLog
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; Sentinel
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; MPSampleSubmission
; mnmsrvc
; Microsoft Office 10
; Microsoft H.323 Telephony Service Provider
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; Java VM
; HelpSvc
; fsbwsys
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; EAPOL
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; BackWeb Plug-in - 9038346
; AutoEnrollment
; Autochk
; ATI Smart
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; apphelp
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,\
00,64,00,52,00,74,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,\
00,69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,73,00,76,00,63,00,00,00,55,00,\
73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,65,\
00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,00,4d,00,00,00,54,00,\
6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,\
00,4c,00,6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,\
74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,\
00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,\
50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,65,00,6e,00,74,00,69,00,6e,00,65,\
00,6c,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\
6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\
00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\
6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,\
00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,\
20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,\
00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,\
4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,\
00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,\
62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,\
00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,\
6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,\
00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,\
4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,\
00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,\
45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,\
00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,44,00,4d,\
00,69,00,6e,00,65,00,00,00,4d,00,50,00,53,00,61,00,6d,00,70,00,6c,00,65,00,\
53,00,75,00,62,00,6d,00,69,00,73,00,73,00,69,00,6f,00,6e,00,00,00,6d,00,6e,\
00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,30,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\
2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\
00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\
6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\
61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\
00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\
65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,20,00,56,00,4d,00,00,00,48,\
00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,66,00,73,00,62,00,77,00,73,00,\
79,00,73,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,\
00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,\
65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,\
45,00,53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,\
00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,\
51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,\
00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,\
00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,42,00,61,00,63,00,6b,00,57,\
00,65,00,62,00,20,00,50,00,6c,00,75,00,67,00,2d,00,69,00,6e,00,20,00,2d,00,\
20,00,39,00,30,00,33,00,38,00,33,00,34,00,36,00,00,00,41,00,75,00,74,00,6f,\
00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,\
75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,54,00,49,00,20,00,53,00,6d,\
00,61,00,72,00,74,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\
32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,00,30,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,61,00,70,00,70,00,68,00,65,00,6c,00,70,00,00,00,2e,00,4e,00,45,00,\
54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,\
00,69,00,6d,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,\
72,00,76,00,69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,\
00,6e,00,74,00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,\
72,00,6f,00,72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,\
00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,\
65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\usnsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usnsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usnsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_USNSVC\0000]
"Service"="usnsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
; Contents of value:
; WSH
; WMIAdapter
; WmdmPmSN
; WinMgmt
; Winlogon
; Windows Product Activation
; Windows 3.1 Migration
; WinDefendRtp
; WebClient
; VSS
; VBRuntime
; usnsvc
; Userinit
; Userenv
; UploadM
; Tlntsvr
; SysmonLog
; SpoolerCtrs
; Software Restriction Policies
; Software Installation
; Sentinel
; SecurityCenter
; SclgNtfy
; SceSrv
; SceCli
; safrslv
; SAFrdms
; Remote Assistance
; PerfProc
; PerfOS
; PerfNet
; Perfmon
; Perflib
; PerfDisk
; Perfctrs
; Offline Files
; Oakley
; ntbackup
; NeroCheck
; MSSQLSERVER/MSDE
; MsiInstaller
; MSDTC Client
; MSDTC
; MSDMine
; MPSampleSubmission
; mnmsrvc
; Microsoft Office 10
; Microsoft H.323 Telephony Service Provider
; Microsoft (R) Visual C# 2005 Compiler
; LoadPerf
; Java VM
; HelpSvc
; fsbwsys
; Folder Redirection
; File Deployment
; EventSystem
; ESENT
; EAPOL
; DrWatson
; DiskQuota
; crypt32
; COM+
; COM
; Ci
; Chkdsk
; BackWeb Plug-in - 9038346
; AutoEnrollment
; Autochk
; ATI Smart
; ASP.NET 2.0.50727.0
; ASP.NET 1.1.4322.0
; Application Management
; Application Hang
; Application Error
; apphelp
; .NET Runtime Optimization Service
; .NET Runtime 2.0 Error Reporting
; .NET Runtime
; Application
;
"Sources"=hex(7):57,00,53,00,48,00,00,00,57,00,4d,00,49,00,41,00,64,00,61,00,\
70,00,74,00,65,00,72,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,\
00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,57,00,69,00,6e,00,\
6c,00,6f,00,67,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
00,20,00,50,00,72,00,6f,00,64,00,75,00,63,00,74,00,20,00,41,00,63,00,74,00,\
69,00,76,00,61,00,74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,64,00,6f,\
00,77,00,73,00,20,00,33,00,2e,00,31,00,20,00,4d,00,69,00,67,00,72,00,61,00,\
74,00,69,00,6f,00,6e,00,00,00,57,00,69,00,6e,00,44,00,65,00,66,00,65,00,6e,\
00,64,00,52,00,74,00,70,00,00,00,57,00,65,00,62,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,56,00,53,00,53,00,00,00,56,00,42,00,52,00,75,00,6e,00,74,\
00,69,00,6d,00,65,00,00,00,75,00,73,00,6e,00,73,00,76,00,63,00,00,00,55,00,\
73,00,65,00,72,00,69,00,6e,00,69,00,74,00,00,00,55,00,73,00,65,00,72,00,65,\
00,6e,00,76,00,00,00,55,00,70,00,6c,00,6f,00,61,00,64,00,4d,00,00,00,54,00,\
6c,00,6e,00,74,00,73,00,76,00,72,00,00,00,53,00,79,00,73,00,6d,00,6f,00,6e,\
00,4c,00,6f,00,67,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,43,00,\
74,00,72,00,73,00,00,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,\
00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,69,00,6f,00,6e,00,20,00,\
50,00,6f,00,6c,00,69,00,63,00,69,00,65,00,73,00,00,00,53,00,6f,00,66,00,74,\
00,77,00,61,00,72,00,65,00,20,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,\
61,00,74,00,69,00,6f,00,6e,00,00,00,53,00,65,00,6e,00,74,00,69,00,6e,00,65,\
00,6c,00,00,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,43,00,65,00,\
6e,00,74,00,65,00,72,00,00,00,53,00,63,00,6c,00,67,00,4e,00,74,00,66,00,79,\
00,00,00,53,00,63,00,65,00,53,00,72,00,76,00,00,00,53,00,63,00,65,00,43,00,\
6c,00,69,00,00,00,73,00,61,00,66,00,72,00,73,00,6c,00,76,00,00,00,53,00,41,\
00,46,00,72,00,64,00,6d,00,73,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,\
20,00,41,00,73,00,73,00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,00,00,50,\
00,65,00,72,00,66,00,50,00,72,00,6f,00,63,00,00,00,50,00,65,00,72,00,66,00,\
4f,00,53,00,00,00,50,00,65,00,72,00,66,00,4e,00,65,00,74,00,00,00,50,00,65,\
00,72,00,66,00,6d,00,6f,00,6e,00,00,00,50,00,65,00,72,00,66,00,6c,00,69,00,\
62,00,00,00,50,00,65,00,72,00,66,00,44,00,69,00,73,00,6b,00,00,00,50,00,65,\
00,72,00,66,00,63,00,74,00,72,00,73,00,00,00,4f,00,66,00,66,00,6c,00,69,00,\
6e,00,65,00,20,00,46,00,69,00,6c,00,65,00,73,00,00,00,4f,00,61,00,6b,00,6c,\
00,65,00,79,00,00,00,6e,00,74,00,62,00,61,00,63,00,6b,00,75,00,70,00,00,00,\
4e,00,65,00,72,00,6f,00,43,00,68,00,65,00,63,00,6b,00,00,00,4d,00,53,00,53,\
00,51,00,4c,00,53,00,45,00,52,00,56,00,45,00,52,00,2f,00,4d,00,53,00,44,00,\
45,00,00,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,65,\
00,72,00,00,00,4d,00,53,00,44,00,54,00,43,00,20,00,43,00,6c,00,69,00,65,00,\
6e,00,74,00,00,00,4d,00,53,00,44,00,54,00,43,00,00,00,4d,00,53,00,44,00,4d,\
00,69,00,6e,00,65,00,00,00,4d,00,50,00,53,00,61,00,6d,00,70,00,6c,00,65,00,\
53,00,75,00,62,00,6d,00,69,00,73,00,73,00,69,00,6f,00,6e,00,00,00,6d,00,6e,\
00,6d,00,73,00,72,00,76,00,63,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,\
6f,00,66,00,74,00,20,00,4f,00,66,00,66,00,69,00,63,00,65,00,20,00,31,00,30,\
00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,20,00,48,00,\
2e,00,33,00,32,00,33,00,20,00,54,00,65,00,6c,00,65,00,70,00,68,00,6f,00,6e,\
00,79,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,\
6f,00,76,00,69,00,64,00,65,00,72,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,\
00,6f,00,66,00,74,00,20,00,28,00,52,00,29,00,20,00,56,00,69,00,73,00,75,00,\
61,00,6c,00,20,00,43,00,23,00,20,00,32,00,30,00,30,00,35,00,20,00,43,00,6f,\
00,6d,00,70,00,69,00,6c,00,65,00,72,00,00,00,4c,00,6f,00,61,00,64,00,50,00,\
65,00,72,00,66,00,00,00,4a,00,61,00,76,00,61,00,20,00,56,00,4d,00,00,00,48,\
00,65,00,6c,00,70,00,53,00,76,00,63,00,00,00,66,00,73,00,62,00,77,00,73,00,\
79,00,73,00,00,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,00,64,\
00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,69,00,6c,00,\
65,00,20,00,44,00,65,00,70,00,6c,00,6f,00,79,00,6d,00,65,00,6e,00,74,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,\
45,00,53,00,45,00,4e,00,54,00,00,00,45,00,41,00,50,00,4f,00,4c,00,00,00,44,\
00,72,00,57,00,61,00,74,00,73,00,6f,00,6e,00,00,00,44,00,69,00,73,00,6b,00,\
51,00,75,00,6f,00,74,00,61,00,00,00,63,00,72,00,79,00,70,00,74,00,33,00,32,\
00,00,00,43,00,4f,00,4d,00,2b,00,00,00,43,00,4f,00,4d,00,00,00,43,00,69,00,\
00,00,43,00,68,00,6b,00,64,00,73,00,6b,00,00,00,42,00,61,00,63,00,6b,00,57,\
00,65,00,62,00,20,00,50,00,6c,00,75,00,67,00,2d,00,69,00,6e,00,20,00,2d,00,\
20,00,39,00,30,00,33,00,38,00,33,00,34,00,36,00,00,00,41,00,75,00,74,00,6f,\
00,45,00,6e,00,72,00,6f,00,6c,00,6c,00,6d,00,65,00,6e,00,74,00,00,00,41,00,\
75,00,74,00,6f,00,63,00,68,00,6b,00,00,00,41,00,54,00,49,00,20,00,53,00,6d,\
00,61,00,72,00,74,00,00,00,41,00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,\
32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,2e,00,30,00,00,00,41,\
00,53,00,50,00,2e,00,4e,00,45,00,54,00,20,00,31,00,2e,00,31,00,2e,00,34,00,\
33,00,32,00,32,00,2e,00,30,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,\
00,74,00,69,00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,\
65,00,6e,00,74,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,48,00,61,00,6e,00,67,00,00,00,41,00,70,00,70,00,6c,00,\
69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,45,00,72,00,72,00,6f,00,72,\
00,00,00,61,00,70,00,70,00,68,00,65,00,6c,00,70,00,00,00,2e,00,4e,00,45,00,\
54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,65,00,20,00,4f,00,70,00,74,\
00,69,00,6d,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,20,00,53,00,65,00,\
72,00,76,00,69,00,63,00,65,00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,\
00,6e,00,74,00,69,00,6d,00,65,00,20,00,32,00,2e,00,30,00,20,00,45,00,72,00,\
72,00,6f,00,72,00,20,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,\
00,00,00,2e,00,4e,00,45,00,54,00,20,00,52,00,75,00,6e,00,74,00,69,00,6d,00,\
65,00,00,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\usnsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usnsvc\Enum]
"0"="Root\\LEGACY_USNSVC\\0000"

; End Of The Log...



Listen.bat:

Datentr„ger in Laufwerk C: ist SYSTEM_XP
Volumeseriennummer: 4809-4B1D

Verzeichnis von C:\Programme

30.12.2006 17:43 <DIR> .
30.12.2006 17:43 <DIR> ..
12.08.2006 15:51 <DIR> Acronis
12.08.2006 06:12 <DIR> Adobe
12.08.2006 14:36 <DIR> Ahead
12.08.2006 06:11 <DIR> ASUS
02.12.2006 19:01 <DIR> ATI Technologies
15.08.2006 19:45 <DIR> BroadJump
01.10.2006 23:35 <DIR> cablecom
01.10.2006 23:30 <DIR> Cablecom Assistant
18.08.2006 14:05 <DIR> Canon
10.12.2006 15:52 <DIR> CleanUp!
15.08.2006 19:56 <DIR> Common Files
12.08.2006 05:52 <DIR> ComPlus Applications
12.08.2006 09:37 <DIR> CyberLink
16.08.2006 18:56 <DIR> EA Games
13.12.2006 20:41 <DIR> FreePDF_XP
11.10.2006 13:44 <DIR> Gemeinsame Dateien
12.08.2006 10:08 <DIR> Google
12.08.2006 06:12 <DIR> gs
12.08.2006 16:49 <DIR> HP
01.01.2007 14:40 <DIR> Internet Explorer
21.10.2006 13:48 <DIR> IrfanView
03.12.2006 15:15 <DIR> Java
06.12.2006 02:56 <DIR> Lavalys
11.10.2006 14:01 <DIR> Macromedia
17.08.2006 22:33 <DIR> MAGIX
17.08.2006 22:29 <DIR> MAGIX Online Druck Service
04.11.2006 15:31 <DIR> Messenger
12.08.2006 05:56 <DIR> microsoft frontpage
12.08.2006 14:09 <DIR> Microsoft Office
01.10.2006 23:30 <DIR> Motive
12.08.2006 09:46 <DIR> Movie Maker
12.08.2006 05:52 <DIR> MSN
12.08.2006 05:52 <DIR> MSN Gaming Zone
29.12.2006 20:12 <DIR> MSN Messenger
14.10.2006 16:06 <DIR> MSXML 4.0
12.08.2006 09:45 <DIR> NetMeeting
12.08.2006 05:52 <DIR> Online Services
12.08.2006 05:55 <DIR> Online-Dienste
25.12.2006 14:56 <DIR> Outlook Express
02.11.2006 23:22 <DIR> Panda Software
01.01.2007 14:41 <DIR> QuickTime
06.12.2006 02:48 <DIR> RAM Defrag
21.08.2006 19:47 <DIR> Realtek
30.12.2006 17:33 <DIR> Spiele
10.12.2006 18:48 <DIR> Spybot - Search & Destroy
12.08.2006 10:08 <DIR> TV-Browser
02.01.2007 13:39 <DIR> Virenprogramme
01.01.2007 14:41 <DIR> Windows Defender
06.12.2006 03:11 <DIR> Windows Media Connect 2
06.12.2006 03:11 <DIR> Windows Media Player
12.08.2006 09:45 <DIR> Windows NT
31.12.2006 17:33 <DIR> WinZip
12.08.2006 05:56 <DIR> xerox
16.12.2006 16:45 <DIR> xp-AntiSpy
0 Datei(en) 0 Bytes
56 Verzeichnis(se), 5'589'499'904 Bytes frei
Datentr„ger in Laufwerk C: ist SYSTEM_XP
Volumeseriennummer: 4809-4B1D

Verzeichnis von C:\Programme

30.12.2006 17:43 <DIR> .
30.12.2006 17:43 <DIR> ..
12.08.2006 15:51 <DIR> Acronis
12.08.2006 06:12 <DIR> Adobe
12.08.2006 14:36 <DIR> Ahead
12.08.2006 06:11 <DIR> ASUS
02.12.2006 19:01 <DIR> ATI Technologies
15.08.2006 19:45 <DIR> BroadJump
01.10.2006 23:35 <DIR> cablecom
01.10.2006 23:30 <DIR> Cablecom Assistant
18.08.2006 14:05 <DIR> Canon
10.12.2006 15:52 <DIR> CleanUp!
15.08.2006 19:56 <DIR> Common Files
12.08.2006 05:52 <DIR> ComPlus Applications
12.08.2006 09:37 <DIR> CyberLink
16.08.2006 18:56 <DIR> EA Games
13.12.2006 20:41 <DIR> FreePDF_XP
11.10.2006 13:44 <DIR> Gemeinsame Dateien
12.08.2006 10:08 <DIR> Google
12.08.2006 06:12 <DIR> gs
12.08.2006 16:49 <DIR> HP
01.01.2007 14:40 <DIR> Internet Explorer
21.10.2006 13:48 <DIR> IrfanView
03.12.2006 15:15 <DIR> Java
06.12.2006 02:56 <DIR> Lavalys
11.10.2006 14:01 <DIR> Macromedia
17.08.2006 22:33 <DIR> MAGIX
17.08.2006 22:29 <DIR> MAGIX Online Druck Service
04.11.2006 15:31 <DIR> Messenger
12.08.2006 05:56 <DIR> microsoft frontpage
12.08.2006 14:09 <DIR> Microsoft Office
01.10.2006 23:30 <DIR> Motive
12.08.2006 09:46 <DIR> Movie Maker
12.08.2006 05:52 <DIR> MSN
12.08.2006 05:52 <DIR> MSN Gaming Zone
29.12.2006 20:12 <DIR> MSN Messenger
14.10.2006 16:06 <DIR> MSXML 4.0
12.08.2006 09:45 <DIR> NetMeeting
12.08.2006 05:52 <DIR> Online Services
12.08.2006 05:55 <DIR> Online-Dienste
25.12.2006 14:56 <DIR> Outlook Express
02.11.2006 23:22 <DIR> Panda Software
01.01.2007 14:41 <DIR> QuickTime
06.12.2006 02:48 <DIR> RAM Defrag
21.08.2006 19:47 <DIR> Realtek
30.12.2006 17:33 <DIR> Spiele
10.12.2006 18:48 <DIR> Spybot - Search & Destroy
12.08.2006 10:08 <DIR> TV-Browser
02.01.2007 13:39 <DIR> Virenprogramme
01.01.2007 14:41 <DIR> Windows Defender
06.12.2006 03:11 <DIR> Windows Media Connect 2
06.12.2006 03:11 <DIR> Windows Media Player
12.08.2006 09:45 <DIR> Windows NT
31.12.2006 17:33 <DIR> WinZip
12.08.2006 05:56 <DIR> xerox
16.12.2006 16:45 <DIR> xp-AntiSpy
0 Datei(en) 0 Bytes
56 Verzeichnis(se), 5'589'483'520 Bytes frei
Dieser Beitrag wurde am 02.01.2007 um 14:05 Uhr von Tonstudio editiert.
Seitenanfang Seitenende
02.01.2007, 13:50
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10 in: "Enter search strings" (reinschreiben oder reinkopieren)

MSN.exe

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

in: "Enter search strings" (reinschreiben oder reinkopieren)

usnsvc

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

--------------------------------------------
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint

Zitat

cd\
dir "C:\Programme" >>files.txt
notepad files.txt

__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2007, 14:15
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#11 gib mal ein:

C:\Programme\MSN.exe

und poste, was erscheint
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2007, 14:20
Moderator
Themenstarter

Beiträge: 5694
#12 Wo eingeben?? Eingabeaufforderung?
Seitenanfang Seitenende
02.01.2007, 14:24
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#13 in: "Enter search strings" (reinschreiben oder reinkopieren)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
02.01.2007, 14:32
Moderator
Themenstarter

Beiträge: 5694
#14 Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 02.01.2007 14:31:03 for strings:
; 'c:\programme\msn.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...
Seitenanfang Seitenende
02.01.2007, 14:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 c:\programme\msn.exe - war definitiv nicht koscher - ist allerdings geloescht.

was die Eintraege in der Registry betrifft, so gibt es da einige , die auch nicht koscher sind, allerdings mag ich nicht dran rumstellen - und im net findet man leider auch nichts weiter zum Thema. - wenn dann der Messi nicht mehr funktioniert, wird es dir nicht gefallen. - was denkst du ?? raus mit den Werten, die eventuell "boese" sein koennten ???
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende