Winfixxer will nicht weg!

#1 Habe folgendes Problem....habe irgendwie diesen winfixxer auf den pc bekommen. hab ihn jezt irgendiw ezur hälfte gelöscht (registry n bissle und software n bissle usw.) aber er nervt immer noch (kein desktop-hintergrund kein taskmanager, werbung im browser)...deswegen wollte ich fragen ob jemand wweis wie ich ihn ganz löschen kann... hab mit hijackthis mal eine logfile gemacht...ich hoffe ihr könnt mir helfen:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:44, on 14.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\USB Sharing\usbshare.exe
C:\Programme\TuneUp Utilities 2008\Integrator.exe
C:\Programme\TuneUp Utilities 2008\ProcessManager.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [bc47e9fd] rundll32.exe "C:\WINDOWS\system32\etpyfitb.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: USB Sharing.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208596842390
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1209311714
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: vbksrofa - {CDC2A1C5-41E6-4DD5-8334-356BA1132963} - C:\WINDOWS\vbksrofa.dll (file missing)
O21 - SSODL: mpfanvqg - {E740BF25-0F86-4BDD-9226-E78BD6FF9C5A} - C:\WINDOWS\mpfanvqg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Personal Security Suite V (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7317 bytes



thx im voraus

#2 Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O4 - HKLM\..\Run: [bc47e9fd] rundll32.exe "C:\WINDOWS\system32\etpyfitb.dll",b
O21 - SSODL: vbksrofa - {CDC2A1C5-41E6-4DD5-8334-356BA1132963} - C:\WINDOWS\vbksrofa.dll (file missing)
O21 - SSODL: mpfanvqg - {E740BF25-0F86-4BDD-9226-E78BD6FF9C5A} - C:\WINDOWS\mpfanvqg.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

RVAXO
Download: RVAXO by Smeenk,zum Desktop RVAXO.zip entpacken
Starte dein Recher in abgesicherten Modus

Öffne die Datei RVAXO und doppelklick “RunMe.cmd”
Moeglich startet der Uninstaller von ein Roquescanner schliesse es nicht ab aber lass es seine Arbeit tun
Dein Rechner wird neu gestartet, das cmd-fenster von RVAXO oeffnet sich von neuem
Und warte bis ein logfile sich oeffnet:C:\RVAXO-results.log
Poste dessen inhalt hier ins Forum
Wenn dein Rechner nicht neu startet mach es manuel sowie auch RunMe.cmd

Download Smitfraudfix by S!Ri zum Desktop

Starte dein Recher in
abgesicherten Modus

Doppelklick Smitfraudfix.exe.
Wähle die 2 und drücke auf Enter um die infizierten Dateien zu löschen

Du wirst dann gefragt: Do you want to clean the registry? antworte mit Y (ja) und drücke auf Enter, um das DesktopBild zu entfernen und die Registry Schlüssel der Infektion zu bereinigen.

Das Programm wird nun überprüfen, ob die wininet.dll infiziert ist. Man wird möglicherweise gefragt, die infizierte Datei entfernen zu lassen (wenn sie gefunden wird): Replace infected file ? antworte Y (ja) und drücke auf Enter, um eine saubere Datei zu bekommen.
die Taskleiste verschwindet + Bildschirm..alles wird blau werden...warte...

Wenn dein rechner nicht automatisch selbst neu startet,starte dan selbst neu in normal Modus
Kopiere den Inhalt des Berichts in diesen Thread (C:\rapport.txt )

ComboFix
Download ComboFix und speichert es auf den Desktop!
Alle Fenster schliessen und combofix.exe starten
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Wenn dein Virenscanner meckert,ignorieren !

zusammen mit ein neuen log von HijackThis
__________
MfG Argus

#3 Danke klappte alles wunderbar!
Was mir aufgefallen ist:
Bei Hijackthis gab es folgenden eintrag nicht:
O4 - HKLM\..\Run: [bc47e9fd] rundll32.exe "C:\WINDOWS\system32\etpyfitb.dll",b

Rvaxo zeigte fast die ganze zeit das er nichts finden konnte (die datei oder den Pfad)

S!ri zeigte dreimal dass er was nicht fidnen konnte
sonst klappte alles.
ich glaube wenn er was nicht fidnet ist das das zeug was ich schon gelöscht hab.

Aber hier mal die Logfiles

Logfile Hijack This

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:41, on 15.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: USB Sharing.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208596842390
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1209311714
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Personal Security Suite V (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6522 bytes


Rvaxo Logfile

---RVAXO.exe Updated: 2008-05-14---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\StCdKRqr.ini2

Folders Found:
C:\WINDOWS\privacy_danger

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:
C:\WINDOWS\privacy_danger

--------------RVAXO.exe finished----------------



Smitfraudfix




SmitFraudFix v2.320

Scan done at 19:47:47,04, 15.05.2008
Run from C:\Dokumente und Einstellungen\Maximilian\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

Problem while deleting C:\WINDOWS\privacy_danger

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A9E6EBD-87F8-47B6-9614-7F2036CC70AC}: DhcpNameServer=217.17.22.2 217.17.24.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=217.17.22.2 217.17.24.2


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End




Combofix Logfile




ComboFix 08-05-12.1 - Maximilian 2008-05-15 20:00:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.635 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Maximilian\Desktop\trojaner-töten\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\WinIFixer.com
C:\WINDOWS\system32\btifypte.ini
C:\WINDOWS\system32\qarbcsud.ini
C:\WINDOWS\system32\StCdKRqr.ini
C:\WINDOWS\system32\StCdKRqr.ini2

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-15 bis 2008-05-15 ))))))))))))))))))))))))))))))
.

2008-05-15 19:48 . 2008-05-15 19:48 1,594 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 19:47 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-15 19:47 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-15 19:47 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-15 19:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-15 19:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-15 19:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-15 19:47 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-15 19:47 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-15 07:14 . 2008-05-15 07:17 <DIR> d-------- C:\RVAXO
2008-05-15 07:03 . 2008-05-14 20:32 820,210 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-15 07:03 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-14 23:27 . 2008-05-14 23:27 <DIR> d-------- C:\Programme\Trend Micro
2008-05-14 22:28 . 2008-05-14 22:28 <DIR> d-------- C:\Programme\Windows Defender
2008-05-14 22:22 . 2008-05-14 22:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-14 21:25 . 2008-05-14 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\TmpRecentIcons
2008-05-14 16:06 . 2008-05-14 16:06 <DIR> d-------- C:\WINDOWS\privacy_danger
2008-05-14 16:06 . 2008-05-14 16:06 90,816 --a------ C:\WINDOWS\system32\etpyfitb.dll
2008-05-13 21:21 . 2008-05-13 21:22 114,919 --a------ C:\WINDOWS\system32\khfFVOef.dll
2008-05-13 20:33 . 2008-05-15 00:06 <DIR> d-------- C:\Programme\Enigma Software Group
2008-05-13 20:19 . 2008-05-13 20:19 318,080 --a------ C:\WINDOWS\system32\rqRKdCtS.dll
2008-05-13 20:11 . 2008-05-13 20:11 28,800 --a------ C:\WINDOWS\system32\opnnnnOF.dll
2008-05-13 20:04 . 2008-05-13 20:04 <DIR> d-------- C:\Programme\Xilisoft
2008-05-10 18:51 . 2008-05-10 19:38 <DIR> d-------- C:\Mp3 Output
2008-05-10 13:46 . 2008-05-10 13:46 <DIR> d-------- C:\WINDOWS\PreviewSoft
2008-05-10 13:46 . 2008-05-10 13:46 4,808 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-05-10 13:46 . 2008-05-10 13:46 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-05-10 13:46 . 2008-05-10 18:25 527 --ah----- C:\os466477.bin
2008-05-10 13:46 . 2008-05-10 18:25 461 --ah----- C:\WINDOWS\system32\ws344069.ocx
2008-05-10 13:46 . 2008-05-10 18:24 409 --a------ C:\WINDOWS\ULEAD32.INI
2008-05-10 13:45 . 2008-05-10 13:45 <DIR> d-------- C:\WINDOWS\Noslip
2008-05-10 13:45 . 2008-05-10 13:45 <DIR> d-------- C:\Programme\Ulead Systems
2008-05-10 13:45 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-05-10 13:45 . 1999-01-28 15:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-05-08 20:55 . 2008-05-09 21:15 <DIR> d-------- C:\Programme\Webocton - Scriptly
2008-05-01 22:03 . 2008-05-01 22:03 <DIR> d-------- C:\Programme\DAEMON Tools Lite
2008-05-01 21:50 . 2008-05-01 21:50 <DIR> dr-h----- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\SecuROM
2008-05-01 21:50 . 2008-05-01 21:50 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-01 21:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-01 21:11 . 2008-05-01 21:11 <DIR> d-------- C:\Programme\SEGA
2008-05-01 21:08 . 2008-05-01 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\InstallShield
2008-05-01 20:53 . 2008-05-01 20:53 <DIR> d-------- C:\Programme\Alcohol Soft
2008-05-01 20:34 . 2008-05-01 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\DAEMON Tools
2008-05-01 20:34 . 2008-05-01 20:34 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 22:03 . 2008-04-29 22:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-29 20:58 . 2008-04-29 20:58 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\dvdcss
2008-04-29 20:40 . 2008-04-29 20:40 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Windows-Optimierer
2008-04-27 20:42 . 2008-04-27 20:45 <DIR> d--h----- C:\WINDOWS\Icons
2008-04-27 15:24 . 2008-04-27 15:24 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Windows Desktop Search
2008-04-27 15:07 . 2008-04-27 15:07 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Windows Desktop Search
2008-04-27 15:06 . 2008-04-27 15:06 <DIR> d-------- C:\Programme\Windows Desktop Search
2008-04-27 15:04 . 2006-09-15 14:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-04-27 15:04 . 2006-09-15 14:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-04-27 14:54 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-27 14:49 . 2008-04-27 14:49 <DIR> d-------- C:\Programme\MSBuild
2008-04-27 14:49 . 2008-04-27 14:49 <DIR> d-------- C:\Programme\Microsoft Works
2008-04-27 14:46 . 2008-04-27 14:46 <DIR> d-------- C:\Programme\Microsoft.NET
2008-04-27 14:42 . 2008-04-27 14:42 <DIR> d-------- C:\Programme\Microsoft Visual Studio 8
2008-04-27 14:40 . 2008-04-27 14:48 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-27 14:39 . 2008-04-27 14:39 <DIR> dr-h----- C:\MSOCache
2008-04-26 17:29 . 2008-04-26 17:29 <DIR> d-------- C:\WINDOWS\Sun
2008-04-26 17:26 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-26 17:24 . 2008-04-26 17:26 <DIR> d-------- C:\Programme\Java
2008-04-26 17:22 . 2008-04-26 17:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-04-24 20:51 . 2008-04-24 20:51 <DIR> d-------- C:\Programme\AviSynth 2.5
2008-04-24 20:51 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-24 20:51 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-04-24 20:51 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll
2008-04-24 20:51 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-24 20:51 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-04-24 20:51 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-04-24 20:51 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-24 20:51 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-04-24 20:51 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-04-24 20:51 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-04-24 20:49 . 2008-04-24 20:49 <DIR> d-------- C:\Programme\eRightSoft
2008-04-23 20:35 . 2008-04-23 20:35 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\AVS4YOU
2008-04-23 12:09 . 2008-04-23 12:09 <DIR> d-------- C:\Programme\Xvid
2008-04-23 12:08 . 2008-04-23 12:08 <DIR> d-------- C:\Programme\DsNET Corp
2008-04-22 22:04 . 2008-04-22 22:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU
2008-04-22 21:53 . 2008-04-23 20:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2008-04-22 21:52 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-04-21 22:14 . 2008-04-21 22:14 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Skype
2008-04-21 19:26 . 2008-05-10 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 19:26 . 2008-04-21 19:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\Programme\DivX
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\DivX
2008-04-20 18:01 . 2008-04-20 18:14 <DIR> d-------- C:\Programme\ffdshow
2008-04-20 18:01 . 2007-11-29 12:52 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-20 18:01 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-20 18:01 . 2007-12-24 13:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-20 18:01 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-20 17:54 . 2008-04-20 17:56 <DIR> d-------- C:\Programme\XP Codec Pack
2008-04-20 17:15 . 2008-04-20 17:15 <DIR> d-------- C:\Programme\Smallvideosoft
2008-04-20 17:15 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-04-20 17:15 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-20 17:15 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-04-20 16:27 . 2008-04-29 20:57 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-20 16:22 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-20 16:22 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-20 09:59 . 2008-04-20 09:59 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\IEPro
2008-04-20 09:46 . 2008-04-23 22:01 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Canon
2008-04-19 21:03 . 2008-04-19 21:03 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Nero
2008-04-19 20:28 . 2008-04-20 12:29 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\UseNeXT
2008-04-19 20:18 . 2008-04-19 20:18 <DIR> d-------- C:\Programme\NeroInstall.bak
2008-04-19 20:15 . 2008-04-19 20:15 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Nero
2008-04-19 20:06 . 2008-04-19 20:06 <DIR> d-------- C:\Programme\Nero
2008-04-19 20:06 . 2008-04-19 20:10 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-04-19 20:06 . 2008-04-19 20:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-04-19 18:51 . 2008-04-19 18:51 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\skypePM
2008-04-19 18:51 . 2008-04-19 18:51 32 --a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-04-19 18:46 . 2008-04-19 18:46 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Contacts
2008-04-19 18:17 . 2008-04-19 18:17 <DIR> d-------- C:\Programme\Zattoo
2008-04-19 18:14 . 2008-04-19 18:14 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-04-19 17:23 . 2008-04-19 17:23 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-04-19 16:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-19 16:42 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-19 16:00 . 2008-04-20 17:10 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\dwhelper
2008-04-19 15:50 . 2008-04-19 15:52 <DIR> d-------- C:\Programme\Free Download Manager
2008-04-19 15:34 . 2008-05-08 22:14 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-04-19 14:11 . 2008-04-19 14:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office Genuine Advantage
2008-04-19 14:09 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-19 14:09 . 2008-04-19 18:42 400 --a------ C:\WINDOWS\ODBC.INI
2008-04-19 13:43 . 2008-04-20 17:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-19 13:38 . 2008-04-19 13:38 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Apple Computer

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 06:51 --------- d-----w C:\Programme\microsoft frontpage
2008-04-19 06:50 --------- d-----w C:\Programme\Online-Dienste
2008-04-19 06:49 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:54 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 14:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240A2128-ACD4-4124-87AF-527124CAAC38}]
2008-05-13 20:11 28800 --a------ C:\WINDOWS\system32\opnnnnOF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{828F799E-1C92-4695-B24A-27CA16D7EA1E}]
2008-05-13 20:19 318080 --a------ C:\WINDOWS\system32\rqRKdCtS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"Windows Defender"="C:\Programme\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [2007-03-09 20:50 200768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoUserNameInStartMenu"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{240A2128-ACD4-4124-87AF-527124CAAC38}"= C:\WINDOWS\system32\opnnnnOF.dll [2008-05-13 20:11 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnnnOF]
opnnnnOF.dll 2008-05-13 20:11 28800 C:\WINDOWS\system32\opnnnnOF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqRKdCtS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"SpyHunter Security Suite"=C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
"ctfmona"=C:\WINDOWS\system32\ctfmona.exe
"WinIFixer"=C:\Programme\WinIFixer\WinIFixer.exe
"SBI"=C:\Dokumente und Einstellungen\Maximilian\Desktop\install_sbd_de.exe
"bc47e9fd"=rundll32.exe "C:\WINDOWS\system32\etpyfitb.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programme\\SEGA\\Medieval II Total War\\medieval2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:58]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 14:14]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-19 12:30]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-05-14 20:32:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programme\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 20:10:47
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\opnnnnOF.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\rqRKdCtS.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-15 20:18:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 18:17:49

10 Verzeichnis(se), 72,954,322,944 Bytes frei
14 Verzeichnis(se), 72,976,764,928 Bytes frei

293 --- E O F --- 2008-04-27 19:28:05







Mein desktop hintergrund geht wieder und der taskmanager auch usw.
Allerdings geht das windows-update nicht - automatische updates bei services.msc lassen sich net starten.

Ich hoffe ihr könnt mir weiter helfen!

Thx und grüße von mir

#4 Oeffne die Datei RVAXO auf dein Desktop
Doppleklick Uninstall.cmd um alles von RVAXO zu entfernen

cfscript
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

File::
C:\WINDOWS\system32\etpyfitb.dll
C:\WINDOWS\system32\khfFVOef.dll
C:\WINDOWS\system32\rqRKdCtS.dll
C:\WINDOWS\system32\opnnnnOF.dll

Folder::
C:\WINDOWS\privacy_danger

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{240A2128-ACD4-4124-87AF-527124CAAC38}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{828F799E-1C92-4695-B24A-27CA16D7EA1E}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{240A2128-ACD4-4124-87AF-527124CAAC38}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnnnOF]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinIFixer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"bc47e9fd"=-

CFScript.txt mit der rechten Maustaste auf das Symbol von Combofix ziehen


Combofix noch mal anwenden
poste dann nach neustart das neue Log

Zitat

__________
MfG Argus

#5 Logfile Combofix mit cfscript.txt


ComboFix 08-05-12.1 - Maximilian 2008-05-15 21:32:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.622 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Maximilian\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Maximilian\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\abvgxsdm.ini
C:\WINDOWS\system32\StCdKRqr.ini
C:\WINDOWS\system32\StCdKRqr.ini2

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-15 bis 2008-05-15 ))))))))))))))))))))))))))))))
.

2008-05-15 21:40 . 2008-05-15 21:40 294 ---hs---- C:\WINDOWS\system32\abvgxsdm.ini
2008-05-15 21:28 . 2008-05-15 21:28 91,328 --a------ C:\WINDOWS\system32\mdsxgvba.dll
2008-05-15 19:48 . 2008-05-15 19:48 1,594 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-15 19:47 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-15 19:47 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-15 19:47 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-15 19:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-15 19:47 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-15 19:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-15 19:47 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-15 19:47 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-14 23:27 . 2008-05-14 23:27 <DIR> d-------- C:\Programme\Trend Micro
2008-05-14 22:28 . 2008-05-14 22:28 <DIR> d-------- C:\Programme\Windows Defender
2008-05-14 22:22 . 2008-05-14 22:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-14 21:25 . 2008-05-14 21:25 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\TmpRecentIcons
2008-05-14 16:06 . 2008-05-14 16:06 <DIR> d-------- C:\WINDOWS\privacy_danger
2008-05-14 16:06 . 2008-05-14 16:06 90,816 --a------ C:\WINDOWS\system32\etpyfitb.dll
2008-05-13 21:21 . 2008-05-13 21:22 114,919 --a------ C:\WINDOWS\system32\khfFVOef.dll
2008-05-13 20:33 . 2008-05-15 00:06 <DIR> d-------- C:\Programme\Enigma Software Group
2008-05-13 20:19 . 2008-05-13 20:19 318,080 --a------ C:\WINDOWS\system32\rqRKdCtS.dll
2008-05-13 20:04 . 2008-05-13 20:04 <DIR> d-------- C:\Programme\Xilisoft
2008-05-10 18:51 . 2008-05-10 19:38 <DIR> d-------- C:\Mp3 Output
2008-05-10 13:46 . 2008-05-10 13:46 <DIR> d-------- C:\WINDOWS\PreviewSoft
2008-05-10 13:46 . 2008-05-10 13:46 4,808 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-05-10 13:46 . 2008-05-10 13:46 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-05-10 13:46 . 2008-05-10 18:25 527 --ah----- C:\os466477.bin
2008-05-10 13:46 . 2008-05-10 18:25 461 --ah----- C:\WINDOWS\system32\ws344069.ocx
2008-05-10 13:46 . 2008-05-10 18:24 409 --a------ C:\WINDOWS\ULEAD32.INI
2008-05-10 13:45 . 2008-05-10 13:45 <DIR> d-------- C:\WINDOWS\Noslip
2008-05-10 13:45 . 2008-05-10 13:45 <DIR> d-------- C:\Programme\Ulead Systems
2008-05-10 13:45 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-05-10 13:45 . 1999-01-28 15:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-05-08 20:55 . 2008-05-09 21:15 <DIR> d-------- C:\Programme\Webocton - Scriptly
2008-05-01 22:03 . 2008-05-01 22:03 <DIR> d-------- C:\Programme\DAEMON Tools Lite
2008-05-01 21:50 . 2008-05-01 21:50 <DIR> dr-h----- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\SecuROM
2008-05-01 21:50 . 2008-05-01 21:50 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-01 21:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-01 21:11 . 2008-05-01 21:11 <DIR> d-------- C:\Programme\SEGA
2008-05-01 21:08 . 2008-05-01 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\InstallShield
2008-05-01 20:53 . 2008-05-01 20:53 <DIR> d-------- C:\Programme\Alcohol Soft
2008-05-01 20:34 . 2008-05-01 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\DAEMON Tools
2008-05-01 20:34 . 2008-05-01 20:34 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 22:03 . 2008-04-29 22:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-29 20:58 . 2008-04-29 20:58 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\dvdcss
2008-04-29 20:40 . 2008-04-29 20:40 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Windows-Optimierer
2008-04-27 20:42 . 2008-04-27 20:45 <DIR> d--h----- C:\WINDOWS\Icons
2008-04-27 15:24 . 2008-04-27 15:24 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Windows Desktop Search
2008-04-27 15:07 . 2008-04-27 15:07 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Windows Desktop Search
2008-04-27 15:06 . 2008-04-27 15:06 <DIR> d-------- C:\Programme\Windows Desktop Search
2008-04-27 15:04 . 2006-09-15 14:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-04-27 15:04 . 2006-09-15 14:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-04-27 14:54 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-27 14:49 . 2008-04-27 14:49 <DIR> d-------- C:\Programme\MSBuild
2008-04-27 14:49 . 2008-04-27 14:49 <DIR> d-------- C:\Programme\Microsoft Works
2008-04-27 14:46 . 2008-04-27 14:46 <DIR> d-------- C:\Programme\Microsoft.NET
2008-04-27 14:42 . 2008-04-27 14:42 <DIR> d-------- C:\Programme\Microsoft Visual Studio 8
2008-04-27 14:40 . 2008-04-27 14:48 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-27 14:39 . 2008-04-27 14:39 <DIR> dr-h----- C:\MSOCache
2008-04-26 17:29 . 2008-04-26 17:29 <DIR> d-------- C:\WINDOWS\Sun
2008-04-26 17:26 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-26 17:24 . 2008-04-26 17:26 <DIR> d-------- C:\Programme\Java
2008-04-26 17:22 . 2008-04-26 17:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-04-24 20:51 . 2008-04-24 20:51 <DIR> d-------- C:\Programme\AviSynth 2.5
2008-04-24 20:51 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-24 20:51 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-04-24 20:51 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll
2008-04-24 20:51 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-24 20:51 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-04-24 20:51 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-04-24 20:51 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-24 20:51 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-04-24 20:51 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-04-24 20:51 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-04-24 20:49 . 2008-04-24 20:49 <DIR> d-------- C:\Programme\eRightSoft
2008-04-23 20:35 . 2008-04-23 20:35 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\AVS4YOU
2008-04-23 12:09 . 2008-04-23 12:09 <DIR> d-------- C:\Programme\Xvid
2008-04-23 12:08 . 2008-04-23 12:08 <DIR> d-------- C:\Programme\DsNET Corp
2008-04-22 22:04 . 2008-04-22 22:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU
2008-04-22 21:53 . 2008-04-23 20:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2008-04-22 21:52 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-04-21 22:14 . 2008-04-21 22:14 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Skype
2008-04-21 19:26 . 2008-05-10 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 19:26 . 2008-04-21 19:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\Programme\DivX
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\DivX
2008-04-20 18:01 . 2008-04-20 18:14 <DIR> d-------- C:\Programme\ffdshow
2008-04-20 18:01 . 2007-11-29 12:52 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-20 18:01 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-20 18:01 . 2007-12-24 13:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-20 18:01 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-20 17:54 . 2008-04-20 17:56 <DIR> d-------- C:\Programme\XP Codec Pack
2008-04-20 17:15 . 2008-04-20 17:15 <DIR> d-------- C:\Programme\Smallvideosoft
2008-04-20 17:15 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-04-20 17:15 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-20 17:15 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-04-20 16:27 . 2008-04-29 20:57 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-20 16:22 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-20 16:22 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-20 09:59 . 2008-04-20 09:59 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\IEPro
2008-04-20 09:46 . 2008-04-23 22:01 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Canon
2008-04-19 21:03 . 2008-04-19 21:03 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Nero
2008-04-19 20:28 . 2008-04-20 12:29 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\UseNeXT
2008-04-19 20:18 . 2008-04-19 20:18 <DIR> d-------- C:\Programme\NeroInstall.bak
2008-04-19 20:15 . 2008-04-19 20:15 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Nero
2008-04-19 20:06 . 2008-04-19 20:06 <DIR> d-------- C:\Programme\Nero
2008-04-19 20:06 . 2008-04-19 20:10 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-04-19 20:06 . 2008-04-19 20:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-04-19 18:51 . 2008-04-19 18:51 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\skypePM
2008-04-19 18:51 . 2008-04-19 18:51 32 --a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-04-19 18:46 . 2008-04-19 18:46 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Contacts
2008-04-19 18:17 . 2008-04-19 18:17 <DIR> d-------- C:\Programme\Zattoo
2008-04-19 18:14 . 2008-04-19 18:14 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-04-19 17:23 . 2008-04-19 17:23 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-04-19 16:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-19 16:42 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-19 16:00 . 2008-04-20 17:10 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\dwhelper
2008-04-19 15:50 . 2008-04-19 15:52 <DIR> d-------- C:\Programme\Free Download Manager
2008-04-19 15:34 . 2008-05-08 22:14 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-04-19 14:11 . 2008-04-19 14:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office Genuine Advantage
2008-04-19 14:09 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-19 14:09 . 2008-04-19 18:42 400 --a------ C:\WINDOWS\ODBC.INI
2008-04-19 13:43 . 2008-04-20 17:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-19 13:38 . 2008-04-19 13:38 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Apple Computer
2008-04-19 13:37 . 2008-04-19 13:37 <DIR> d-------- C:\Programme\iTunes
2008-04-19 13:37 . 2008-04-19 13:37 <DIR> d-------- C:\Programme\iPod

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 06:51 --------- d-----w C:\Programme\microsoft frontpage
2008-04-19 06:50 --------- d-----w C:\Programme\Online-Dienste
2008-04-19 06:49 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-05-15_20.16.50.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-15 18:07:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 19:38:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-05-15 18:12:05 13,495,584 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
+ 2008-05-15 19:41:45 13,549,344 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
- 2008-05-15 18:10:39 864,544 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
+ 2008-05-15 19:38:54 869,408 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07615609-FCF3-4D09-B163-E441F16A1129}]
2008-05-13 20:19 318080 --a------ C:\WINDOWS\system32\rqRKdCtS.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [2007-03-09 20:50 200768]
"bc47e9fd"="C:\WINDOWS\system32\mdsxgvba.dll" [2008-05-15 21:28 91328]
"combofix"="C:\WINDOWS\system32\CF11470.exe" [2004-08-04 00:57 401408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoUserNameInStartMenu"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programme\\SEGA\\Medieval II Total War\\medieval2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:58]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 14:14]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-19 12:30]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-05-14 20:32:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programme\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 21:40:03
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\mdsxgvba.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\USB Sharing\usbshare.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-15 21:47:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 19:47:17
ComboFix2.txt 2008-05-15 18:18:08

9 Verzeichnis(se), 72,995,954,688 Bytes frei
12 Verzeichnis(se), 72,974,532,608 Bytes frei

265 --- E O F --- 2008-04-27 19:28:05







mir ist gard aufgefallen, dass als ich die windows-sicherheistwarnung geöffnet hab er eine neue seite im firefox geöffnet hat(werbung). da is wohl noch irgendwas

#6 De-aktiviere Windows Defender
- Start Windows Defender.
- Klick Tools
- Klick General Settings
- Scroll nach Real-time protection options
- Entferne das häckchen bei Turn on Real-time protection (recommended)
- Klick Save
http://windowshelp.microsoft.com/Windows/de-DE/Help/13f74d76-344a-4dcc-9284-7ab43d9171b21031.mspx

OTMoveIt.exe
Download OTMoveIt2 zum Desktop
Oeffne:OTMoveIt.exe
(Vista benutzer, rechtsklick auf OTMoveit2.exe und waehle "Run as Administrator")

Kopiere (selektiere en klick Ctrl-C) alle unterstehende

Zitat

C:\WINDOWS\system32\abvgxsdm.ini
C:\WINDOWS\system32\mdsxgvba.dll
C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\TmpRecentIcons
C:\WINDOWS\privacy_danger
C:\WINDOWS\system32\etpyfitb.dll
C:\WINDOWS\system32\khfFVOef.dll
C:\WINDOWS\system32\rqRKdCtS.dll

im linken Fenster,wo steht "Paste List of Files/Folders to be moved"
Klicke auf den Roten MoveIt! knopf
Wenn das Tool fertig ist wird ein log erstellt (*******_******.log *steht fuer datum und zeit
In Datei C:\_OTMoveIt\MovedFiles\
Mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Argus

#7 Logfile OTMoveIT



C:\WINDOWS\system32\abvgxsdm.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mdsxgvba.dll
C:\WINDOWS\system32\mdsxgvba.dll NOT unregistered.
C:\WINDOWS\system32\mdsxgvba.dll moved successfully.
C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\TmpRecentIcons moved successfully.
Folder move failed. C:\WINDOWS\privacy_danger scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\etpyfitb.dll
C:\WINDOWS\system32\etpyfitb.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\etpyfitb.dll scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\khfFVOef.dll
C:\WINDOWS\system32\khfFVOef.dll NOT unregistered.
C:\WINDOWS\system32\khfFVOef.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rqRKdCtS.dll
C:\WINDOWS\system32\rqRKdCtS.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\rqRKdCtS.dll scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05152008_221254[/u]




PS: Wollte jezt schonmal danke sagen, dass mir hier so geholfen wird und dann auch noch nach so kurzer zeit! DANKE!
Und nochwas: kann ich den windows defender auch einfach deinstalieren?

#8 CombiFix entfernen
Start > Ausführen>Kopiere rein ComboFix /U OK

Starte OTMoveIt nochmal und klicke den CleanUp! button
Begin cleanup process? klicke: Yes. - "Do you want to reboot?" klicke Yes
so wird von OTMoveIt2 automatisch alles an Tools entfernt, die zur Virenreinigung geladen wurden.

Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista
Download MBAM
Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet
Waehle bei Reiter “Scanner”> "Komplett Scan durchfuehren" .
Waehle alle Laufwerke>Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen
Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)
Poste dessen inhalt hier ins Forum
Note:
Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK
Danach wird gefragt den Rechner neu zu starten,lass es zu

Scanne mit SDFix - muss im abgesicherten Modus sein. Poste dann hier den Report
http://virus-protect.org/artikel/tools/sdfix.html

Benutze CrapCleaner
http://www.ccleaner.de/?protecus.de

ComboFix
Download ComboFix und speichert es auf den Desktop!
Alle Fenster schliessen und combofix.exe starten
Folge den Instruktionen in das Fenster
Waehrend Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
Wenn dein Virenscanner meckert,ignorieren !
__________
MfG Argus

#9 so hab mal das gemacht was du gesacht hast
windows updates funcen wieder(thx)
und ich wollt nch fragen ob es ein gutes progamm zum trojaner finden/abwehren gibt, da kaspersky alleine wohl nicht reicht. was könnte ich da nehmen?
Aber hier mal die Logfiles:



MBAM-Logfile
Malwarebytes' Anti-Malware 1.12
Datenbank Version: 755

Scan Art: Komplett Scan (C:\|D:\|E:\|F:\|)
Objekte gescannt: 165053
Scan Dauer: 1 hour(s), 1 minute(s), 23 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 3
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 16

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\system32\rqRKdCtS.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wcknrggj.dll (Trojan.Vundo) -> Unloaded module successfully.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e19a4305-6efc-440f-af48-1210799c743e} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e19a4305-6efc-440f-af48-1210799c743e} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bc47e9fd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrkdcts -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\rqrkdcts -> Delete on reboot.

Infizierte Verzeichnisse:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\WINDOWS\system32\rqRKdCtS.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\StCdKRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\StCdKRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcknrggj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\jggrnkcw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Birgid\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Birgid\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Birgid\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Birgid\Favoriten\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Birgid\Favoriten\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Birgid\Favoriten\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.


SDFIX-Logfile

SDFix: Version 1.182
Run by Maximilian on 16.05.2008 at 14:52

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOKUME~1\MAXIMI~1\Desktop\TROJAN~1\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 15:09:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:4e,49,0c,f9,37,bf,2f,0e,2c,83,dd,cf,7c,b5,50,a8,55,ed,6e,45,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:09,94,ef,60,58,4c,c8,cd,76,82,0e,f2,25,59,1e,5f,7a,ae,76,5b,64,..
"p0"="C:\Programme\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,33,31,31,91,d9,7a,d3,92,67,77,57,01,85,70,96,af,f5,..
"khjeh"=hex:f0,2e,da,29,2d,44,22,1c,49,38,ff,54,f6,6e,01,7e,89,b1,b5,d3,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,4c,26,b1,68,b8,5a,51,e2,cd,41,5b,51,43,e1,c6,41,2f,39,06,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:4e,49,0c,f9,37,bf,2f,0e,2c,83,dd,cf,7c,b5,50,a8,55,ed,6e,45,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:09,94,ef,60,58,4c,c8,cd,76,82,0e,f2,25,59,1e,5f,7a,ae,76,5b,64,..
"p0"="C:\Programme\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,33,31,31,91,d9,7a,d3,92,67,77,57,01,85,70,96,af,f5,..
"khjeh"=hex:f0,2e,da,29,2d,44,22,1c,49,38,ff,54,f6,6e,01,7e,89,b1,b5,d3,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,4c,26,b1,68,b8,5a,51,e2,cd,41,5b,51,43,e1,c6,41,2f,39,06,25,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:4e,49,0c,f9,37,bf,2f,0e,2c,83,dd,cf,7c,b5,50,a8,55,ed,6e,45,f0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:09,94,ef,60,58,4c,c8,cd,76,82,0e,f2,25,59,1e,5f,7a,ae,76,5b,64,..
"p0"="C:\Programme\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,33,31,31,91,d9,7a,d3,92,67,77,57,01,85,70,96,af,f5,..
"khjeh"=hex:f0,2e,da,29,2d,44,22,1c,49,38,ff,54,f6,6e,01,7e,89,b1,b5,d3,79,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,4c,26,b1,68,b8,5a,51,e2,cd,41,5b,51,43,e1,c6,41,2f,39,06,25,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"OfflineDetectionPending"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\ICQ6\\ICQ.exe"="C:\\Programme\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Programme\\Bonjour\\mDNSResponder.exe"="C:\\Programme\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Programme\\iTunes\\iTunes.exe"="C:\\Programme\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Programme\\SEGA\\Medieval II Total War\\medieval2.exe"="C:\\Programme\\SEGA\\Medieval II Total War\\medieval2.exe:*:Enabled:Medieval 2: Total War"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"="C:\\Programme\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\DOKUME~1\MAXIMI~1\Desktop\TROJAN~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Wed 23 Apr 2008 4,348 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Programme\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Programme\eRightSoft\SUPER\cygz.dll"
Wed 23 Apr 2008 72,704 ..SHR --- "C:\Programme\eRightSoft\SUPER\Setup.exe"
Tue 2 Oct 2007 16,896 A.SHR --- "C:\Programme\eRightSoft\SUPER\_Setup.dll"
Sat 19 Apr 2008 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Programme\eRightSoft\SUPER\mencoder\tokr3260.dll"
Thu 20 Mar 2008 5,632 ..SHR --- "C:\Programme\eRightSoft\SUPER\spk\1stRun.exe"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT6.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT2.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2d9afc485ff57441ce14a08241df89e8\BIT8.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\52ce26fea0efba79c7052e71b88e981f\BIT9.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad2d37be81d37204b0a12680c06ffd51\BIT5.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ccba472a05828aa2a3ee32c96c6466ca\BIT7.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT7.tmp"
Sat 19 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ed6c7531380802fe7c2504f3909edb19\BIT4.tmp"
Wed 21 Nov 2007 34,304 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\A- Thermodur 07\Marketing\~WRL1738.tmp"
Mon 5 Feb 2007 111,104 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\A- Thermodur 07\Strategie\~WRL0002.tmp"
Tue 6 Feb 2007 131,072 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\A- Thermodur 07\Strategie\~WRL2320.tmp"
Thu 8 Feb 2007 162,304 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\A- Thermodur 07\Strategie\~WRL2480.tmp"
Fri 10 Aug 2007 65,536 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\Thermodur-Alt\Sonstiges\~WRL0004.tmp"
Mon 13 Aug 2007 65,536 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\Thermodur-Alt\Sonstiges\~WRL0005.tmp"
Thu 1 Nov 2007 32,256 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\Thermodur-Alt\Sonstiges\~WRL1726.tmp"
Tue 20 Nov 2007 31,744 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\Thermodur-Alt\Tubag\~WRL0910.tmp"
Mon 5 Feb 2007 111,104 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\Thermodur 07\Strategie\~WRL0002.tmp"
Tue 6 Feb 2007 131,072 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\Thermodur 07\Strategie\~WRL2320.tmp"
Thu 8 Feb 2007 162,304 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Thermodur\Thermodur 07\Strategie\~WRL2480.tmp"
Mon 2 Feb 1998 32,256 A..H. --- "C:\Dokumente und Einstellungen\Bernhard\Eigene Dateien\Y Eigenes Archiv\Programme und Tools\Programme Alt\SAGPROG\ZUBEH™R\MSPCX32.DLL"

Finished!





Combofix-Logfile

ComboFix 08-05-15.3 - Maximilian 2008-05-16 15:24:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.513 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Maximilian\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
* Resident AV is active


[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\rqRKdCtS.dll
C:\WINDOWS\system32\StCdKRqr.ini
C:\WINDOWS\system32\StCdKRqr.ini2

.
((((((((((((((((((((((( Dateien erstellt von 2008-04-16 bis 2008-05-16 ))))))))))))))))))))))))))))))
.

2008-05-16 15:19 . 2008-05-16 15:19 <DIR> d-------- C:\Programme\CCleaner
2008-05-16 14:43 . 2008-05-16 14:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-16 13:39 . 2008-05-16 14:34 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\tor
2008-05-16 13:38 . 2008-05-16 13:39 <DIR> d-------- C:\Programme\Vidalia Bundle
2008-05-16 13:38 . 2008-05-16 14:00 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Vidalia
2008-05-16 13:16 . 2008-05-16 13:16 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-16 13:16 . 2008-05-16 13:16 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Malwarebytes
2008-05-16 13:16 . 2008-05-16 13:16 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-16 13:16 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 13:16 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-15 22:06 . 2008-05-15 22:06 <DIR> d-------- C:\Programme\Windows Defender
2008-05-15 21:55 . 2008-05-16 14:32 91,328 --------- C:\WINDOWS\system32\wcknrggj.dll
2008-05-15 19:47 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-15 19:47 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-14 23:27 . 2008-05-14 23:27 <DIR> d-------- C:\Programme\Trend Micro
2008-05-14 22:22 . 2008-05-14 22:24 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-05-14 16:06 . 2008-05-14 16:06 90,816 --a------ C:\WINDOWS\system32\etpyfitb.dll
2008-05-13 20:33 . 2008-05-15 00:06 <DIR> d-------- C:\Programme\Enigma Software Group
2008-05-10 18:51 . 2008-05-10 19:38 <DIR> d-------- C:\Mp3 Output
2008-05-10 13:46 . 2008-05-10 13:46 <DIR> d-------- C:\WINDOWS\PreviewSoft
2008-05-10 13:46 . 2008-05-10 13:46 4,808 --a------ C:\WINDOWS\system32\gaeffect.sti
2008-05-10 13:46 . 2008-05-10 13:46 3,176 --a------ C:\WINDOWS\system32\gafilter.sti
2008-05-10 13:46 . 2008-05-10 18:25 527 --ah----- C:\os466477.bin
2008-05-10 13:46 . 2008-05-10 18:25 461 --ah----- C:\WINDOWS\system32\ws344069.ocx
2008-05-10 13:46 . 2008-05-10 18:24 409 --a------ C:\WINDOWS\ULEAD32.INI
2008-05-10 13:45 . 2008-05-10 13:45 <DIR> d-------- C:\WINDOWS\Noslip
2008-05-10 13:45 . 2008-05-10 13:45 <DIR> d-------- C:\Programme\Ulead Systems
2008-05-10 13:45 . 1999-10-15 12:50 1,056,768 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-05-10 13:45 . 1999-01-28 15:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-05-08 20:55 . 2008-05-09 21:15 <DIR> d-------- C:\Programme\Webocton - Scriptly
2008-05-01 22:03 . 2008-05-01 22:03 <DIR> d-------- C:\Programme\DAEMON Tools Lite
2008-05-01 21:50 . 2008-05-01 21:50 <DIR> dr-h----- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\SecuROM
2008-05-01 21:50 . 2008-05-01 21:50 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-01 21:32 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-01 21:11 . 2008-05-01 21:11 <DIR> d-------- C:\Programme\SEGA
2008-05-01 21:08 . 2008-05-01 21:08 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\InstallShield
2008-05-01 20:53 . 2008-05-01 20:53 <DIR> d-------- C:\Programme\Alcohol Soft
2008-05-01 20:34 . 2008-05-01 20:34 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\DAEMON Tools
2008-05-01 20:34 . 2008-05-01 20:34 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-29 22:03 . 2008-04-29 22:05 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-04-29 20:58 . 2008-04-29 20:58 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\dvdcss
2008-04-29 20:40 . 2008-04-29 20:40 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Windows-Optimierer
2008-04-27 20:42 . 2008-04-27 20:45 <DIR> d--h----- C:\WINDOWS\Icons
2008-04-27 15:24 . 2008-04-27 15:24 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Windows Desktop Search
2008-04-27 15:07 . 2008-04-27 15:07 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Windows Desktop Search
2008-04-27 15:06 . 2008-04-27 15:06 <DIR> d-------- C:\Programme\Windows Desktop Search
2008-04-27 15:04 . 2006-09-15 14:36 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-04-27 15:04 . 2006-09-15 14:36 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-04-27 14:54 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-27 14:49 . 2008-04-27 14:49 <DIR> d-------- C:\Programme\MSBuild
2008-04-27 14:49 . 2008-04-27 14:49 <DIR> d-------- C:\Programme\Microsoft Works
2008-04-27 14:46 . 2008-04-27 14:46 <DIR> d-------- C:\Programme\Microsoft.NET
2008-04-27 14:42 . 2008-04-27 14:42 <DIR> d-------- C:\Programme\Microsoft Visual Studio 8
2008-04-27 14:40 . 2008-04-27 14:48 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-27 14:39 . 2008-04-27 14:39 <DIR> dr-h----- C:\MSOCache
2008-04-26 17:29 . 2008-04-26 17:29 <DIR> d-------- C:\WINDOWS\Sun
2008-04-26 17:26 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-26 17:24 . 2008-04-26 17:26 <DIR> d-------- C:\Programme\Java
2008-04-26 17:22 . 2008-04-26 17:22 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Java
2008-04-24 20:51 . 2008-04-24 20:51 <DIR> d-------- C:\Programme\AviSynth 2.5
2008-04-24 20:51 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll
2008-04-24 20:51 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe
2008-04-24 20:51 . 2008-02-07 16:15 408,576 --a------ C:\WINDOWS\system32\Smab.dll
2008-04-24 20:51 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll
2008-04-24 20:51 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe
2008-04-24 20:51 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe
2008-04-24 20:51 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-04-24 20:51 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll
2008-04-24 20:51 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe
2008-04-24 20:51 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll
2008-04-24 20:49 . 2008-04-24 20:49 <DIR> d-------- C:\Programme\eRightSoft
2008-04-23 20:35 . 2008-04-23 20:35 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\AVS4YOU
2008-04-23 12:09 . 2008-04-23 12:09 <DIR> d-------- C:\Programme\Xvid
2008-04-23 12:08 . 2008-04-23 12:08 <DIR> d-------- C:\Programme\DsNET Corp
2008-04-22 22:04 . 2008-04-22 22:04 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVS4YOU
2008-04-22 21:53 . 2008-04-23 20:44 <DIR> d-------- C:\Programme\Gemeinsame Dateien\AVSMedia
2008-04-22 21:52 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-04-21 22:14 . 2008-04-21 22:14 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Skype
2008-04-21 19:26 . 2008-05-10 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-21 19:26 . 2008-04-21 19:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\Programme\DivX
2008-04-20 18:37 . 2008-04-20 18:37 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\DivX
2008-04-20 18:01 . 2008-04-20 18:14 <DIR> d-------- C:\Programme\ffdshow
2008-04-20 18:01 . 2007-11-29 12:52 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-04-20 18:01 . 2007-11-29 12:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
2008-04-20 18:01 . 2007-12-24 13:47 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-04-20 18:01 . 2007-11-29 12:52 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-04-20 17:54 . 2008-04-20 17:56 <DIR> d-------- C:\Programme\XP Codec Pack
2008-04-20 17:15 . 2008-04-20 17:15 <DIR> d-------- C:\Programme\Smallvideosoft
2008-04-20 17:15 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-04-20 17:15 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-20 17:15 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-04-20 16:27 . 2008-04-29 20:57 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-20 16:22 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-20 16:22 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-20 09:59 . 2008-04-20 09:59 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\IEPro
2008-04-20 09:46 . 2008-04-23 22:01 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Canon
2008-04-19 21:03 . 2008-04-19 21:03 <DIR> d-------- C:\Dokumente und Einstellungen\Bernhard\Anwendungsdaten\Nero
2008-04-19 20:28 . 2008-04-20 12:29 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\UseNeXT
2008-04-19 20:18 . 2008-04-19 20:18 <DIR> d-------- C:\Programme\NeroInstall.bak
2008-04-19 20:15 . 2008-04-19 20:15 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Nero
2008-04-19 20:06 . 2008-04-19 20:06 <DIR> d-------- C:\Programme\Nero
2008-04-19 20:06 . 2008-04-19 20:10 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Nero
2008-04-19 20:06 . 2008-04-19 20:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero
2008-04-19 18:51 . 2008-04-19 18:51 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\skypePM
2008-04-19 18:51 . 2008-04-19 18:51 32 --a------ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
2008-04-19 18:46 . 2008-04-19 18:46 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Contacts
2008-04-19 18:17 . 2008-04-19 18:17 <DIR> d-------- C:\Programme\Zattoo
2008-04-19 18:14 . 2008-04-19 18:14 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FLEXnet
2008-04-19 17:23 . 2008-04-19 17:23 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Macrovision Shared
2008-04-19 16:42 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-19 16:42 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-19 16:00 . 2008-04-20 17:10 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\dwhelper
2008-04-19 15:50 . 2008-04-19 15:52 <DIR> d-------- C:\Programme\Free Download Manager
2008-04-19 15:34 . 2008-05-16 15:20 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
2008-04-19 14:11 . 2008-04-19 14:11 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office Genuine Advantage
2008-04-19 14:09 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-04-19 14:09 . 2008-04-19 18:42 400 --a------ C:\WINDOWS\ODBC.INI
2008-04-19 13:43 . 2008-04-20 17:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-19 13:38 . 2008-04-19 13:38 <DIR> d-------- C:\Dokumente und Einstellungen\Maximilian\Anwendungsdaten\Apple Computer
2008-04-19 13:37 . 2008-04-19 13:37 <DIR> d-------- C:\Programme\iTunes
2008-04-19 13:37 . 2008-04-19 13:37 <DIR> d-------- C:\Programme\iPod
2008-04-19 13:36 . 2008-04-20 11:55 <DIR> d-------- C:\Programme\Bonjour
2008-04-19 13:35 . 2008-04-19 13:36 <DIR> d-------- C:\Programme\QuickTime
2008-04-19 13:35 . 2008-04-19 13:35 <DIR> d-------- C:\Programme\Apple Software Update

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 06:51 --------- d-----w C:\Programme\microsoft frontpage
2008-04-19 06:50 --------- d-----w C:\Programme\Online-Dienste
2008-04-19 06:49 --------- d-----w C:\Programme\Gemeinsame Dateien\Dienste
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 12:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [2007-06-26 20:27 312320]
"NeroFilterCheck"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"AVP"="C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe" [2007-03-09 20:50 200768]
"combofix"="C:\WINDOWS\system32\CF24741.exe" [2004-08-04 00:57 401408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:57 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"NoUserNameInStartMenu"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe"
"NBKeyScan"="C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"GrooveMonitor"="C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"Windows Defender"="C:\Programme\Windows Defender\MSASCui.exe" -hide
"bc47e9fd"=rundll32.exe "C:\WINDOWS\system32\wcknrggj.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programme\\ICQ6\\ICQ.exe"=
"C:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programme\\Bonjour\\mDNSResponder.exe"=
"C:\\Programme\\iTunes\\iTunes.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=
"C:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programme\\SEGA\\Medieval II Total War\\medieval2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:58]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2004-11-03 14:14]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-19 12:30]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Inhalt des "geplante Tasks" Ordners
"2008-05-16 13:32:56 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programme\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 15:30:57
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\BRSS01A.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\USB Sharing\usbshare.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-16 15:36:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 13:36:39

9 Verzeichnis(se), 73,435,443,200 Bytes frei
13 Verzeichnis(se), 73,380,274,176 Bytes frei

248 --- E O F --- 2008-05-16 13:20:32[/b]

#10 custommax

««
http://virus-protect.org/artikel/tools/otmoveIt.html
öffne: OTMoveIt.exe
OTMoveIt Kopiere rein: im linken Fenster ,wo steht: Paste List of Files/Folders to Move

Zitat

C:\WINDOWS\system32\wcknrggj.dll
C:\WINDOWS\system32\etpyfitb.dll

Klicke auf den Roten MoveIt!

««
wende otscanit an (laut Anleitung) + poste den report
http://virus-protect.org/artikel/tools/otscanit.html
__________
MfG Sabina

rund um die PC-Sicherheit

#11 Logifile OTScanit

Code

OTScanIt logfile created on: 16.05.2008 19:40:38
OTScanIt by OldTimer - Version 1.0.14.0     Folder = C:\Dokumente und Einstellungen\Maximilian\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 633,98 Mb Available Physical Memory | 61,94% Memory free
2,41 Gb Paging File | 2,12 Gb Available in Paging File | 87,97% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 68,35 Gb Free Space | 45,86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FAMILIEN-COMP
Current User Name: Maximilian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 03.05.2006 18:43:46 | Attr =    ]
brsvc01a.exe -> %SystemRoot%\system32\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12.04.2002 02:00:00 | Attr =    ]
brss01a.exe -> %SystemRoot%\system32\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Modified Date = 13.12.2001 02:01:00 | Attr =    ]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18.02.2008 11:16:30 | Attr =    ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Security Suite V\avp.exe -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09.03.2007 20:50:58 | Attr =    ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24.07.2007 15:17:08 | Attr =    ]
nbservice.exe -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 5, 1, 0 | Size = 877864 bytes | Modified Date = 18.02.2008 16:29:12 | Attr =    ]
ioctlsvc.exe -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 6, 0, 0 | Size = 81920 bytes | Modified Date = 19.12.2006 09:30:26 | Attr =    ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 03.05.2006 18:43:46 | Attr =    ]
fpassist.exe -> %ProgramFiles%\FreePDF_XP\fpassist.exe -> shbox.de [Ver = 3.20.0008 | Size = 312320 bytes | Modified Date = 26.06.2007 20:27:46 | Attr =    ]
avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Security Suite V\avp.exe -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09.03.2007 20:50:58 | Attr =    ]
usbshare.exe -> %ProgramFiles%\USB Sharing\usbshare.exe ->  [Ver =  | Size = 139264 bytes | Modified Date = 23.05.2003 12:04:40 | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09.05.2008 21:51:12 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 18.02.2008 11:16:30 | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 413696 bytes | Modified Date = 03.05.2006 18:43:46 | Attr =    ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 03.05.2006 11:57:00 | Attr =    ]
(AVP) Kaspersky Personal Security Suite V [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Security Suite V\avp.exe -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09.03.2007 20:50:58 | Attr =    ]
(Bonjour Service) Bonjour-Dienst [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24.07.2007 15:17:08 | Attr =    ]
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Modified Date = 12.04.2002 02:00:00 | Attr =    ]
(dmadmin) Verwaltungsdienst für die Verwaltung logischer Datenträger [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 04.08.2004 00:57:52 | Attr =    ]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 19.04.2008 17:23:55 | Attr =    ]
(iPod Service) iPod-Dienst [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 30.03.2008 10:36:30 | Attr =    ]
(Nero BackItUp Scheduler 3) Nero BackItUp Scheduler 3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBService.exe -> Nero AG [Ver = 3, 5, 1, 0 | Size = 877864 bytes | Modified Date = 18.02.2008 16:29:12 | Attr =    ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Nero\Lib\NMIndexingService.exe -> Nero AG [Ver = 3.3.3.0 | Size = 529704 bytes | Modified Date = 28.02.2008 17:07:48 | Attr =    ]
(PLFlash DeviceIoControl Service) PLFlash DeviceIoControl Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\IoctlSvc.exe -> Prolific Technology Inc. [Ver = 1, 6, 0, 0 | Size = 81920 bytes | Modified Date = 19.12.2006 09:30:26 | Attr =    ]
(TuneUp.Defrag) TuneUp Drive Defrag-Dienst [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 19.04.2008 12:30:57 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6614 | Size = 1540608 bytes | Modified Date = 03.05.2006 18:50:42 | Attr =    ]
(BrPar) BrPar [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Modified Date = 24.07.2000 01:01:00 | Attr =    ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800384 bytes | Modified Date = 04.08.2004 00:47:02 | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154112 bytes | Modified Date = 04.08.2004 00:47:08 | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 02.04.2003 14:00:00 | Attr =    ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 29.01.2008 12:01:28 | Attr =    ]
(kl1) kl1 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.18.0 | Size = 110360 bytes | Modified Date = 03.03.2007 21:39:06 | Attr =    ]
(klif) klif [Kernel | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.261 | Size = 175888 bytes | Modified Date = 27.01.2007 18:52:46 | Attr =    ]
(Ptilink) Treiber für direkte Parallelverbindung [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 02.04.2003 14:00:00 | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13.11.2007 12:25:53 | Attr =    ]
(SiS7012) Service for AC'97 Sample Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sis7012.sys -> Silicon Integrated Systems Corporation [Ver = 5.10.00.6120 | Size = 267136 bytes | Modified Date = 03.11.2004 14:14:26 | Attr =    ]
(SISNIC) SiS-PCI-Fast Ethernet- Adaptertreiber [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Modified Date = 03.08.2004 22:31:36 | Attr =    ]
(sptd) sptd [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sptd.sys ->  [Ver =  | Size = 717296 bytes | Modified Date = 01.05.2008 20:34:40 | Attr =    ]
(TSP) TSP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.261 | Size = 175888 bytes | Modified Date = 27.01.2007 18:52:46 | Attr =    ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 18.02.2008 11:16:24 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Security Suite V\avp.exe ["C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe"] -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09.03.2007 20:50:58 | Attr =    ]
FreePDF Assistant -> %ProgramFiles%\FreePDF_XP\fpassist.exe [C:\Programme\FreePDF_XP\fpassist.exe] -> shbox.de [Ver = 3.20.0008 | Size = 312320 bytes | Modified Date = 26.06.2007 20:27:46 | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 7 | Size = 570664 bytes | Modified Date = 28.02.2008 09:59:20 | Attr =    ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Programme\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.5 | Size = 413696 bytes | Modified Date = 28.03.2008 23:37:20 | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
< All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> 
%AllUsersProfile%\Startmenü\Programme\Autostart\USB Sharing.lnk -> %ProgramFiles%\USB Sharing\usbshare.exe ->  [Ver =  | Size = 139264 bytes | Modified Date = 23.05.2003 12:04:40 | Attr =    ]
< Maximilian Startup Folder > -> C:\Dokumente und Einstellungen\Maximilian\Startmenü\Programme\Autostart -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4132 | Size = 61440 bytes | Modified Date = 03.05.2006 18:44:54 | Attr =    ]
klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 200768 bytes | Modified Date = 09.03.2007 20:52:52 | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoUserNameInStartMenu -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\TaskbarNoNotification -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM-Laufwerktreiber -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03.08.2004 22:59:54 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CD/DVDW_TS-H552U_______________US09____\5&38663351&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomATAPI_CD-RW_52XMax______________________210D____\5&38663351&0&0.1.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_DO7012M&Prod_ZOL842P&Rev_1.01\5&36e5972&1&000 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 08:51:33 | Attr =    ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{00011268-E188-40DF-A514-835FCD78B1BF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro BHO] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 02.01.2008 10:34:10 | Attr =    ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 04:25:19 | Attr =    ]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 
{32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro Preferences] -> IE7Pro.com [Ver = 2, 0, 0, 7 | Size = 699496 bytes | Modified Date = 02.01.2008 10:34:10 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22.02.2008 04:25:19 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 04:25:19 | Attr =    ]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Security Suite V\scieplugin.dll [Statistik für Web-Anti-Virus] -> Kaspersky Lab [Ver = 6.0.2.621 | Size = 222896 bytes | Modified Date = 09.03.2007 22:27:42 | Attr =    ]
{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.6059 | Size = 172280 bytes | Modified Date = 01.04.2008 12:40:42 | Attr =    ]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Nach Microsoft &Excel exportieren -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9A9E6EBD-87F8-47B6-9614-7F2036CC70AC} ->    (SiS 900-basierte PCI-Fast Ethernet-Adapter) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24.07.2007 15:17:08 | Attr =    ]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 01.02.2008 17:22:12 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208596842390[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{BA162249-F2C5-4851-8ADC-FC58CB424243}[HKEY_LOCAL_MACHINE] -> http://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1209311714[Image Uploader Control] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {BA162249-F2C5-4851-8ADC-FC58CB424243} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\{BA162249-F2C5-4851-8ADC-FC58CB424243} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {BA162249-F2C5-4851-8ADC-FC58CB424243} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{BA162249-F2C5-4851-8ADC-FC58CB424243} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 00:57:30 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15.06.2005 19:49:56 | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04.08.2004 00:57:30 | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25.04.2007 16:22:27 | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24.03.2006 06:37:55 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 620 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186880 bytes | Modified Date = 04.08.2004 00:57:34 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119296 bytes | Modified Date = 04.08.2004 00:57:32 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> F3 6E 94 7E 7E 97 DF 99 BD F2 D5 D6 35 4D 66 B9 65 33 66 65 63 37 37 30 00 68 07 00 01 00 00 00 DC 00 00 00 E0 00 00 00 48 FA 06 00 D6 48 52 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 36 69 7F 83  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 96 88 A3 EE C3 43 CA C1 48  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 2D 5A F4 C5 B6 25  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> FF DE A6 EC AD 4A 55 F2 8D 3D 36 19 CB 83 15 54  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> EC 61 49 E8 58 B7 C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 5B D8 39 AD 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 0F 9D 3E AD 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 3C CE 3F AD 79 C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 00:58:16 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows-Firewall/Gemeinsame Nutzung der Internetverbindung -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11483 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 334336 bytes | Modified Date = 04.08.2004 00:57:22 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> 
-> Reg Error: Key does not exist or could not be opened. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 288 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04.08.2004 00:58:16 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatische Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Aktiviert das Herunterladen und die Installation von Windows-Updates. Wenn der Dienst deaktiviert ist, kann der Computer die Funktion "Automatische Updates" oder die Website "Windows Update" nicht verwenden. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04.08.2004 00:57:42 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
26ad8db213dfc7379aa2f5cd5a2d1a -> %SystemDrive%\26ad8db213dfc7379aa2f5cd5a2d1a ->  [Folder | Created Date = 19.04.2008 10:40:54 | Attr =    ]
a2d25a175c4579739a0344 -> %SystemDrive%\a2d25a175c4579739a0344 ->  [Folder | Created Date = 19.04.2008 12:08:28 | Attr =    ]
ATI -> %SystemDrive%\ATI ->  [Folder | Created Date = 19.04.2008 10:38:46 | Attr =    ]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 08:51:33 | Attr =    ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Created Date = 19.04.2008 01:01:20 | Attr = RHS]
CanoScan -> %SystemDrive%\CanoScan ->  [Folder | Created Date = 19.04.2008 12:37:43 | Attr =  H ]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 08:51:33 | Attr =    ]
Dokumente und Einstellungen -> %SystemDrive%\Dokumente und Einstellungen ->  [Folder | Created Date = 19.04.2008 09:30:20 | Attr =    ]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 08:51:33 | Attr = RHS]
Mp3 Output -> %SystemDrive%\Mp3 Output ->  [Folder | Created Date = 10.05.2008 18:51:34 | Attr =    ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 08:51:33 | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Created Date = 27.04.2008 14:39:03 | Attr = RH ]
os466477.bin -> %SystemDrive%\os466477.bin ->  [Ver =  | Size = 527 bytes | Created Date = 10.05.2008 13:46:54 | Attr =  H ]
Programme -> %ProgramFiles% ->  [Folder | Created Date = 19.04.2008 09:31:40 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 16.05.2008 15:23:20 | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Created Date = 19.04.2008 08:55:20 | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 16.05.2008 19:34:44 | Attr =    ]
a3d.dll -> %SystemRoot%\System32\dllcache\a3d.dll -> Silicon Integrated Systems Corporation [Ver = 5.0.0.6080 | Size = 115864 bytes | Created Date = 19.04.2008 09:00:41 | Attr =    ]
apphelp.sdb -> %SystemRoot%\System32\dllcache\apphelp.sdb ->  [Ver =  | Size = 217118 bytes | Created Date = 19.04.2008 10:15:55 | Attr =    ]
apph_sp.sdb -> %SystemRoot%\System32\dllcache\apph_sp.sdb ->  [Ver =  | Size = 764868 bytes | Created Date = 19.04.2008 10:15:55 | Attr =    ]
ati2mtag.sys -> %SystemRoot%\System32\dllcache\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6614 | Size = 1540608 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 19.04.2008 08:51:58 | Attr =    ]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 19.04.2008 08:52:02 | Attr =    ]
dgrpsetu.dll -> %SystemRoot%\System32\dllcache\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
dgsetup.dll -> %SystemRoot%\System32\dllcache\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 86556 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
eqnclass.dll -> %SystemRoot%\System32\dllcache\eqnclass.dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103936 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 19.04.2008 08:52:10 | Attr =    ]
esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 19.04.2008 08:52:10 | Attr =    ]
esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45568 bytes | Created Date = 19.04.2008 08:52:10 | Attr =    ]
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 19.04.2008 08:52:18 | Attr =    ]
HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 19.04.2008 09:31:12 | Attr =    ]
htrn_jis.dll -> %SystemRoot%\System32\dllcache\htrn_jis.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 13312 bytes | Created Date = 19.04.2008 08:48:56 | Attr =    ]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 19.04.2008 08:52:25 | Attr =    ]
IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 19.04.2008 09:31:12 | Attr =    ]
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 19.04.2008 08:52:41 | Attr =    ]
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 19.04.2008 08:52:45 | Attr =    ]
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 19.04.2008 08:52:46 | Attr =    ]
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 19.04.2008 08:52:58 | Attr =    ]
locale.nls -> %SystemRoot%\System32\dllcache\locale.nls ->  [Ver =  | Size = 265948 bytes | Created Date = 19.04.2008 09:45:29 | Attr =    ]
ltts1033.lxa -> %SystemRoot%\System32\dllcache\ltts1033.lxa ->  [Ver =  | Size = 643717 bytes | Created Date = 19.04.2008 09:31:41 | Attr =    ]
MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 19.04.2008 09:31:12 | Attr =    ]
micross.ttf -> %SystemRoot%\System32\dllcache\micross.ttf ->  [Ver =  | Size = 461672 bytes | Created Date = 19.04.2008 09:45:29 | Attr =    ]
MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT ->  [Ver =  | Size = 41270 bytes | Created Date = 19.04.2008 09:31:12 | Attr =    ]
nls302en.lex -> %SystemRoot%\System32\dllcache\nls302en.lex ->  [Ver =  | Size = 4399505 bytes | Created Date = 19.04.2008 08:50:28 | Attr =    ]
NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 817199 bytes | Created Date = 19.04.2008 09:31:12 | Attr =    ]
OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 19.04.2008 09:31:12 | Attr =    ]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 19.04.2008 08:53:15 | Attr =    ]
r1033tts.lxa -> %SystemRoot%\System32\dllcache\r1033tts.lxa ->  [Ver =  | Size = 605050 bytes | Created Date = 19.04.2008 09:31:41 | Attr =    ]
rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 19.04.2008 08:53:22 | Attr =    ]
rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 81408 bytes | Created Date = 19.04.2008 08:53:22 | Attr =    ]
rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 81408 bytes | Created Date = 19.04.2008 08:53:22 | Attr =    ]
sam.sdf -> %SystemRoot%\System32\dllcache\sam.sdf ->  [Ver =  | Size = 888 bytes | Created Date = 19.04.2008 09:31:42 | Attr =    ]
sam.spd -> %SystemRoot%\System32\dllcache\sam.spd ->  [Ver =  | Size = 1685606 bytes | Created Date = 19.04.2008 09:31:42 | Attr =    ]
sortkey.nls -> %SystemRoot%\System32\dllcache\sortkey.nls ->  [Ver =  | Size = 262148 bytes | Created Date = 19.04.2008 09:45:29 | Attr =    ]
sorttbls.nls -> %SystemRoot%\System32\dllcache\sorttbls.nls ->  [Ver =  | Size = 23044 bytes | Created Date = 19.04.2008 09:45:29 | Attr =    ]
spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
srframe.mmf -> %SystemRoot%\System32\dllcache\srframe.mmf ->  [Ver =  | Size = 984 bytes | Created Date = 19.04.2008 08:49:56 | Attr =    ]
sysmain.sdb -> %SystemRoot%\System32\dllcache\sysmain.sdb ->  [Ver =  | Size = 1197294 bytes | Created Date = 19.04.2008 10:15:56 | Attr =    ]
tahoma.ttf -> %SystemRoot%\System32\dllcache\tahoma.ttf ->  [Ver =  | Size = 383804 bytes | Created Date = 19.04.2008 09:45:29 | Attr =    ]
tahomabd.ttf -> %SystemRoot%\System32\dllcache\tahomabd.ttf ->  [Ver =  | Size = 355680 bytes | Created Date = 19.04.2008 09:45:29 | Attr =    ]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 4255 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3967 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3615 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3647 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3135 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3711 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3775 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 19.04.2008 09:31:11 | Attr =    ]
ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327168 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
ati2mtag.sys -> %SystemRoot%\System32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6614 | Size = 1540608 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod ->  [Ver =  | Size = 64352 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 21183 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11359 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 14143 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 17279 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
BRPAR.SYS -> %SystemRoot%\System32\drivers\BRPAR.SYS -> Brother Industries Ltd. [Ver = 5.00.2178.1 | Size = 19537 bytes | Created Date = 19.04.2008 12:16:10 | Attr =    ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 15423 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty ->  [Ver =  | Size = 129045 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
disdn -> %SystemRoot%\System32\drivers\disdn ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 13810976 bytes | Created Date = 19.04.2008 10:47:52 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 187040 bytes | Created Date = 19.04.2008 10:47:52 | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 889376 bytes | Created Date = 19.04.2008 10:47:52 | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 85448 bytes | Created Date = 19.04.2008 10:47:52 | Attr =  HS]
hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 19.04.2008 09:31:10 | Attr =    ]
hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 87941 bytes | Created Date = 19.04.2008 10:48:04 | Attr =    ]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 96645 bytes | Created Date = 19.04.2008 10:48:04 | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 16.05.2008 13:16:03 | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Created Date = 16.05.2008 13:16:03 | Attr =    ]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img ->  [Ver =  | Size = 67866 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 19.04.2008 09:31:09 | Attr =    ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3901 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
sis7012.sys -> %SystemRoot%\System32\drivers\sis7012.sys -> Silicon Integrated Systems Corporation [Ver = 5.10.00.6120 | Size = 267136 bytes | Created Date = 19.04.2008 09:00:41 | Attr =    ]
sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
sisnic.sys -> %SystemRoot%\System32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.05 built by: WinDDK | Size = 32768 bytes | Created Date = 19.04.2008 09:33:04 | Attr =    ]
slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys ->  [Ver =  | Size = 717296 bytes | Created Date = 01.05.2008 20:34:40 | Attr =    ]
umdf -> %SystemRoot%\System32\drivers\umdf ->  [Folder | Created Date = 19.04.2008 10:15:44 | Attr =    ]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 13:18:56 | Attr =  H ]
usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Created Date = 19.04.2008 13:35:04 | Attr =    ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11325 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11807 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11295 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11871 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11935 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 22271 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Created Date = 19.04.2008 01:01:19 | Attr =    ]
1025 -> %SystemRoot%\System32\1025 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %SystemRoot%\System32\1028 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
1031 -> %SystemRoot%\System32\1031 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
1037 -> %SystemRoot%\System32\1037 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
1041 -> %SystemRoot%\System32\1041 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
1042 -> %SystemRoot%\System32\1042 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
1054 -> %SystemRoot%\System32\1054 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
2052 -> %SystemRoot%\System32\2052 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
3076 -> %SystemRoot%\System32\3076 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
3com_dmi -> %SystemRoot%\System32\3com_dmi ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
a3d.dll -> %SystemRoot%\System32\a3d.dll -> Silicon Integrated Systems Corporation [Ver = 5.0.0.6080 | Size = 115864 bytes | Created Date = 19.04.2008 09:00:41 | Attr =    ]
aac_parser.ax -> %SystemRoot%\System32\aac_parser.ax ->  [Ver = 1.1 | Size = 81920 bytes | Created Date = 24.04.2008 20:50:02 | Attr = RHS]
AC3ACM.acm -> %SystemRoot%\System32\AC3ACM.acm -> fccHandler [Ver = 0, 7, 0, 0 | Size = 81920 bytes | Created Date = 22.04.2008 21:52:32 | Attr =    ]
ac3DX.ax -> %SystemRoot%\System32\ac3DX.ax ->  [Ver = 1.01a | Size = 227328 bytes | Created Date = 24.04.2008 20:50:03 | Attr = RHS]
alf2cd.acm -> %SystemRoot%\System32\alf2cd.acm -> NCT Company [Ver = 2.03 | Size = 38912 bytes | Created Date = 22.04.2008 21:52:32 | Attr =    ]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Created Date = 19.04.2008 08:51:29 | Attr =    ]
ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0313 | Size = 282624 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6614 | Size = 258048 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ati2sgag.exe -> %SystemRoot%\System32\ati2sgag.exe ->  [Ver = 5.13.0025 | Size = 520192 bytes | Created Date = 19.04.2008 10:40:38 | Attr =    ]
ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.0399 | Size = 2693280 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc.  [Ver = 6.14.01.0099 | Size = 1408000 bytes | Created Date = 19.04.2008 09:31:08 | Attr =    ]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT ->  [Ver =  | Size = 1806 bytes | Created Date = 19.04.2008 09:31:21 | Attr =    ]
AVCDX.ax -> %SystemRoot%\System32\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 24.04.2008 20:50:03 | Attr = RHS]
avisynth.dll -> %SystemRoot%\System32\avisynth.dll -> The Public [Ver = 2, 5, 8, 0 | Size = 318976 bytes | Created Date = 24.04.2008 20:51:37 | Attr =    ]
AVSredirect.dll -> %SystemRoot%\System32\AVSredirect.dll ->  [Ver =  | Size = 27648 bytes | Created Date = 24.04.2008 20:51:36 | Attr =    ]
bopomofo.uce -> %SystemRoot%\System32\bopomofo.uce ->  [Ver =  | Size = 22984 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
BRDIAG.HLP -> %SystemRoot%\System32\BRDIAG.HLP ->  [Ver =  | Size = 171962 bytes | Created Date = 19.04.2008 12:16:13 | Attr =    ]
Brdiag2.exe -> %SystemRoot%\System32\Brdiag2.exe -> brother Industries, Ltd [Ver = 2.47 | Size = 176128 bytes | Created Date = 19.04.2008 12:16:13 | Attr =    ]
BRDIAG2.HLP -> %SystemRoot%\System32\BRDIAG2.HLP ->  [Ver =  | Size = 157945 bytes | Created Date = 19.04.2008 12:16:13 | Attr =    ]
BRGSRC16.DLL -> %SystemRoot%\System32\BRGSRC16.DLL ->  [Ver =  | Size = 4608 bytes | Created Date = 19.04.2008 12:16:13 | Attr =    ]
BRGSRC32.DLL -> %SystemRoot%\System32\BRGSRC32.DLL ->  [Ver =  | Size = 26624 bytes | Created Date = 19.04.2008 12:16:13 | Attr =    ]
BROSNMP.DLL -> %SystemRoot%\System32\BROSNMP.DLL ->  [Ver =  | Size = 77824 bytes | Created Date = 19.04.2008 12:16:12 | Attr =    ]
brrbtool.exe -> %SystemRoot%\System32\brrbtool.exe -> Brother Industries Ltd [Ver = 1.12 | Size = 73728 bytes | Created Date = 19.04.2008 12:16:12 | Attr =    ]
BRSPL01A.DLL -> %SystemRoot%\System32\BRSPL01A.DLL -> Brother Industries, Ltd [Ver = 1.01 | Size = 163840 bytes | Created Date = 19.04.2008 12:15:11 | Attr =    ]
BRSPL01A.EXE -> %SystemRoot%\System32\BRSPL01A.EXE -> Brother Industries,ltd [Ver = 3.48 | Size = 102400 bytes | Created Date = 19.04.2008 12:15:11 | Attr =    ]
BRSPL2KB.DLL -> %SystemRoot%\System32\BRSPL2KB.DLL -> Brother Industries, Ltd [Ver = 1.06 | Size = 77824 bytes | Created Date = 19.04.2008 12:15:11 | Attr =    ]
BRSPLWMK.DLL -> %SystemRoot%\System32\BRSPLWMK.DLL -> brother Industries Ltd [Ver = 1.04 | Size = 81920 bytes | Created Date = 19.04.2008 12:15:11 | Attr =    ]
BRSS01A.EXE -> %SystemRoot%\System32\BRSS01A.EXE -> brother Industries Ltd [Ver = 1.004 | Size = 45056 bytes | Created Date = 19.04.2008 12:15:11 | Attr =    ]
brss01a.ini -> %SystemRoot%\System32\brss01a.ini ->  [Ver =  | Size = 30 bytes | Created Date = 19.04.2008 12:15:40 | Attr =    ]
brsvc01a.bsi -> %SystemRoot%\System32\brsvc01a.bsi ->  [Ver =  | Size = 184 bytes | Created Date = 19.04.2008 12:15:40 | Attr =    ]
BRSVC01A.EXE -> %SystemRoot%\System32\BRSVC01A.EXE -> brother Industries Ltd [Ver = 1, 0, 0, 3 | Size = 57344 bytes | Created Date = 19.04.2008 12:15:12 | Attr =    ]
BRVPD95A.DLL -> %SystemRoot%\System32\BRVPD95A.DLL -> brother industries, ltd   [Ver = 1.03 | Size = 40960 bytes | Created Date = 19.04.2008 12:16:13 | Attr =    ]
BRVPDNTA.DLL -> %SystemRoot%\System32\BRVPDNTA.DLL -> brother Industries Ltd [Ver = 1, 0, 2, 0 | Size = 49152 bytes | Created Date = 19.04.2008 12:16:14 | Attr =    ]
BrWebIns.dll -> %SystemRoot%\System32\BrWebIns.dll -> brother [Ver = 1, 0, 9, 1 | Size = 81920 bytes | Created Date = 19.04.2008 12:14:59 | Attr =    ]
BRWEBUP.EXE -> %SystemRoot%\System32\BRWEBUP.EXE -> brother [Ver = 1, 0, 8, 1 | Size = 65536 bytes | Created Date = 19.04.2008 12:14:59 | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Created Date = 19.04.2008 09:31:01 | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Created Date = 19.04.2008 09:31:01 | Attr =    ]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Created Date = 29.04.2008 22:03:53 | Attr =    ]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 19.04.2008 08:50:37 | Attr = RH ]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,221,0 | Size = 107888 bytes | Created Date = 01.05.2008 21:50:24 | Attr =    ]
CNQL1213.DLL -> %SystemRoot%\System32\CNQL1213.DLL -> CANON INC. [Ver = 1.0.4.0 | Size = 352256 bytes | Created Date = 19.04.2008 12:37:43 | Attr =    ]
CNQU110.DLL -> %SystemRoot%\System32\CNQU110.DLL -> CANON INC. [Ver = 1, 0, 3, 4 | Size = 57344 bytes | Created Date = 19.04.2008 12:37:43 | Attr =    ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Created Date = 19.04.2008 08:48:35 | Attr =    ]
config -> %SystemRoot%\System32\config ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2951 bytes | Created Date = 19.04.2008 08:51:33 | Attr =    ]
c_10006.nls -> %SystemRoot%\System32\c_10006.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:32 | Attr =    ]
c_10007.nls -> %SystemRoot%\System32\c_10007.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:34 | Attr =    ]
c_10010.nls -> %SystemRoot%\System32\c_10010.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:27 | Attr =    ]
c_10017.nls -> %SystemRoot%\System32\c_10017.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:34 | Attr =    ]
c_10029.nls -> %SystemRoot%\System32\c_10029.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:27 | Attr =    ]
c_10081.nls -> %SystemRoot%\System32\c_10081.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:36 | Attr =    ]
c_10082.nls -> %SystemRoot%\System32\c_10082.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:27 | Attr =    ]
c_20127.nls -> %SystemRoot%\System32\c_20127.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:25 | Attr =    ]
C_28594.NLS -> %SystemRoot%\System32\C_28594.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:30 | Attr =    ]
C_28595.NLS -> %SystemRoot%\System32\C_28595.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:34 | Attr =    ]
C_28597.NLS -> %SystemRoot%\System32\C_28597.NLS ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:32 | Attr =    ]
c_28599.nls -> %SystemRoot%\System32\c_28599.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:36 | Attr =    ]
c_28603.nls -> %SystemRoot%\System32\c_28603.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:38 | Attr =    ]
c_737.nls -> %SystemRoot%\System32\c_737.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 19.04.2008 09:31:31 | Attr =    ]
c_852.nls -> %SystemRoot%\System32\c_852.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 19.04.2008 09:31:27 | Attr =    ]
c_855.nls -> %SystemRoot%\System32\c_855.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 19.04.2008 09:31:30 | Attr =    ]
c_857.nls -> %SystemRoot%\System32\c_857.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 19.04.2008 09:31:36 | Attr =    ]
c_866.nls -> %SystemRoot%\System32\c_866.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 19.04.2008 09:31:30 | Attr =    ]
c_869.nls -> %SystemRoot%\System32\c_869.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 19.04.2008 09:31:31 | Attr =    ]
c_875.nls -> %SystemRoot%\System32\c_875.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 19.04.2008 09:31:32 | Attr =    ]
de -> %SystemRoot%\System32\de ->  [Folder | Created Date = 19.04.2008 09:49:53 | Attr =    ]
de-de -> %SystemRoot%\System32\de-de ->  [Folder | Created Date = 19.04.2008 10:11:43 | Attr =    ]
desktop.ini -> %SystemRoot%\System32\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 19.04.2008 08:50:00 | Attr =    ]
devil.dll -> %SystemRoot%\System32\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 24.04.2008 20:51:37 | Attr =    ]
dgrpsetu.dll -> %SystemRoot%\System32\dgrpsetu.dll -> Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
dgsetup.dll -> %SystemRoot%\System32\dgsetup.dll -> Digi International [Ver = v3.7.3.0 | Size = 86556 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
dhcp -> %SystemRoot%\System32\dhcp ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
DiracSplitter.ax -> %SystemRoot%\System32\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 24.04.2008 20:50:04 | Attr = RHS]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Created Date = 19.04.2008 08:50:22 | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Created Date = 19.04.2008 13:33:12 | Attr =    ]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 21740 bytes | Created Date = 19.04.2008 08:49:29 | Attr =    ]
EqnClass.Dll -> %SystemRoot%\System32\EqnClass.Dll -> Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103936 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
etpyfitb.dll -> %SystemRoot%\System32\etpyfitb.dll ->  [Ver =  | Size = 90816 bytes | Created Date = 14.05.2008 16:06:54 | Attr =    ]
EUupdate.installed -> %SystemRoot%\System32\EUupdate.installed ->  [Ver =  | Size = 3 bytes | Created Date = 19.04.2008 10:16:45 | Attr =    ]
export -> %SystemRoot%\System32\export ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
ff_vfw.dll -> %SystemRoot%\System32\ff_vfw.dll ->  [Ver =  | Size = 7680 bytes | Created Date = 20.04.2008 18:01:35 | Attr =    ]
ff_vfw.dll.manifest -> %SystemRoot%\System32\ff_vfw.dll.manifest ->  [Ver =  | Size = 547 bytes | Created Date = 20.04.2008 18:01:35 | Attr =    ]
flvDX.dll -> %SystemRoot%\System32\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 24.04.2008 20:50:04 | Attr = RHS]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1564144 bytes | Created Date = 19.04.2008 09:30:19 | Attr =    ]
gaeffect.sti -> %SystemRoot%\System32\gaeffect.sti ->  [Ver =  | Size = 4808 bytes | Created Date = 10.05.2008 13:46:56 | Attr =    ]
gafilter.sti -> %SystemRoot%\System32\gafilter.sti ->  [Ver =  | Size = 3176 bytes | Created Date = 10.05.2008 13:46:57 | Attr =    ]
gb2312.uce -> %SystemRoot%\System32\gb2312.uce ->  [Ver =  | Size = 24006 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 19.04.2008 09:31:07 | Attr =    ]
hticons.dll -> %SystemRoot%\System32\hticons.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 19.04.2008 08:48:56 | Attr =    ]
hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.2563 | Size = 356352 bytes | Created Date = 19.04.2008 08:48:56 | Attr =    ]
i420vfw.dll -> %SystemRoot%\System32\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 24.04.2008 20:51:36 | Attr =    ]
iac25_32.ax -> %SystemRoot%\System32\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Created Date = 19.04.2008 09:31:07 | Attr =    ]
ias -> %SystemRoot%\System32\ias ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
ideograf.uce -> %SystemRoot%\System32\ideograf.uce ->  [Ver =  | Size = 60458 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
IME -> %SystemRoot%\System32\IME ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
INETWH32.dll -> %SystemRoot%\System32\INETWH32.dll -> Blue Sky Software Corporation. [Ver = 7.00.133 | Size = 49152 bytes | Created Date = 10.05.2008 13:45:57 | Attr =    ]
ir41_32.ax -> %SystemRoot%\System32\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
ir41_qc.dll -> %SystemRoot%\System32\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
ir41_qcx.dll -> %SystemRoot%\System32\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
ir50_32.dll -> %SystemRoot%\System32\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Created Date = 19.04.2008 08:49:55 | Attr =    ]
ivfsrc.ax -> %SystemRoot%\System32\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 26.04.2008 17:26:16 | Attr =    ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 26.04.2008 17:26:16 | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 26.04.2008 17:26:16 | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 26.04.2008 17:26:16 | Attr =    ]
kanji_1.uce -> %SystemRoot%\System32\kanji_1.uce ->  [Ver =  | Size = 6948 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
kanji_2.uce -> %SystemRoot%\System32\kanji_2.uce ->  [Ver =  | Size = 8484 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
korean.uce -> %SystemRoot%\System32\korean.uce ->  [Ver =  | Size = 12876 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
l3codecp.acm -> %SystemRoot%\System32\l3codecp.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 3, 4, 0, 0 | Size = 232448 bytes | Created Date = 19.04.2008 10:16:16 | Attr =    ]
libmp3lame-0.dll -> %SystemRoot%\System32\libmp3lame-0.dll ->  [Ver =  | Size = 383238 bytes | Created Date = 20.04.2008 17:15:23 | Attr =    ]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Created Date = 19.04.2008 13:18:52 | Attr =    ]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 19.04.2008 08:50:43 | Attr = RH ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Created Date = 19.04.2008 08:49:44 | Attr =    ]
MatroskaDX.ax -> %SystemRoot%\System32\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 24.04.2008 20:50:04 | Attr = RHS]
mcdvd_32.dll -> %SystemRoot%\System32\mcdvd_32.dll -> MainConcept [Ver = 2.0.4 | Size = 261632 bytes | Created Date = 22.04.2008 21:52:32 | Attr =    ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
Microsoft -> %SystemRoot%\System32\Microsoft ->  [Folder | Created Date = 19.04.2008 09:35:15 | Attr =   S]
mpeg2data.ax -> %SystemRoot%\System32\mpeg2data.ax ->  [Ver =  | Size = 118272 bytes | Created Date = 19.04.2008 09:31:06 | Attr =    ]
MsDtc -> %SystemRoot%\System32\MsDtc ->  [Folder | Created Date = 19.04.2008 08:48:35 | Attr =    ]
msdtcprf.h -> %SystemRoot%\System32\msdtcprf.h ->  [Ver =  | Size = 768 bytes | Created Date = 19.04.2008 08:48:48 | Attr =    ]
msdtcprf.ini -> %SystemRoot%\System32\msdtcprf.ini ->  [Ver =  | Size = 3999 bytes | Created Date = 19.04.2008 08:48:48 | Attr =    ]
msfDX.dll -> %SystemRoot%\System32\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Created Date = 24.04.2008 20:50:05 | Attr = RHS]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 19.04.2008 09:31:05 | Attr =    ]
mui -> %SystemRoot%\System32\mui ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
NCMedia.dll -> %SystemRoot%\System32\NCMedia.dll ->  [Ver =  | Size = 4762112 bytes | Created Date = 20.04.2008 17:15:22 | Attr =    ]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 19.04.2008 08:50:37 | Attr = RH ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Created Date = 19.04.2008 08:51:29 | Attr =    ]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Created Date = 19.04.2008 13:43:13 | Attr =    ]
nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 19.04.2008 09:31:05 | Attr =    ]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 19.04.2008 08:50:37 | Attr = RH ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
PDRVINST.DLL -> %SystemRoot%\System32\PDRVINST.DLL -> brother [Ver = 1, 1, 8, 0 | Size = 180224 bytes | Created Date = 19.04.2008 12:15:06 | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 973496 bytes | Created Date = 19.04.2008 09:31:46 | Attr =    ]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Created Date = 19.04.2008 11:29:33 | Attr =    ]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 15.05.2008 19:47:15 | Attr =    ]
pthreadGC2.dll -> %SystemRoot%\System32\pthreadGC2.dll -> Open Source Software community project [Ver = 2, 8, 0, 0 | Size = 60273 bytes | Created Date = 20.04.2008 18:01:34 | Attr =    ]
ras -> %SystemRoot%\System32\ras ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
RealMediaDX.ax -> %SystemRoot%\System32\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 24.04.2008 20:50:05 | Attr = RHS]
redmon.hlp -> %SystemRoot%\System32\redmon.hlp ->  [Ver =  | Size = 119152 bytes | Created Date = 19.04.2008 12:27:46 | Attr =    ]
redmonnt.dll -> %SystemRoot%\System32\redmonnt.dll ->  [Ver =  | Size = 116224 bytes | Created Date = 19.04.2008 12:27:46 | Attr =    ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Created Date = 19.04.2008 09:27:00 | Attr =    ]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Created Date = 19.04.2008 08:49:40 | Attr =    ]
RLAPEDec.ax -> %SystemRoot%\System32\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 24.04.2008 20:50:05 | Attr = RHS]
RLMPCDec.ax -> %SystemRoot%\System32\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 24.04.2008 20:50:05 | Attr = RHS]
RLOgg.ax -> %SystemRoot%\System32\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 24.04.2008 20:50:05 | Attr = RHS]
RLSpeexDec.ax -> %SystemRoot%\System32\RLSpeexDec.ax ->  [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 24.04.2008 20:50:06 | Attr = RHS]
RLTheoraDec.ax -> %SystemRoot%\System32\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 24.04.2008 20:50:06 | Attr = RHS]
RLVorbisDec.ax -> %SystemRoot%\System32\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 24.04.2008 20:50:06 | Attr = RHS]
ROBOEX32.DLL -> %SystemRoot%\System32\ROBOEX32.DLL -> Blue Sky Software Corporation. [Ver = 8.00.133 | Size = 1056768 bytes | Created Date = 10.05.2008 13:45:57 | Attr =    ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 19.04.2008 09:31:04 | Attr =    ]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 19.04.2008 08:50:37 | Attr = RH ]
Scg726.acm -> %SystemRoot%\System32\Scg726.acm -> SHARP Corporation [Ver = 1, 0, 0, 3 | Size = 13239 bytes | Created Date = 22.04.2008 21:52:32 | Attr =    ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
ShellExt -> %SystemRoot%\System32\ShellExt ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
shiftjis.uce -> %SystemRoot%\System32\shiftjis.uce ->  [Ver =  | Size = 16740 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 19.04.2008 09:31:04 | Attr =    ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 19.04.2008 09:31:04 | Attr =    ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 19.04.2008 09:31:04 | Attr =    ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 19.04.2008 09:31:04 | Attr =    ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 19.04.2008 09:31:04 | Attr =    ]
Smab.dll -> %SystemRoot%\System32\Smab.dll ->  [Ver =  | Size = 408576 bytes | Created Date = 24.04.2008 20:51:37 | Attr =    ]
Smab0.dll -> %SystemRoot%\System32\Smab0.dll ->  [Ver =  | Size = 27648 bytes | Created Date = 24.04.2008 20:50:06 | Attr =  HS]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Created Date = 19.04.2008 11:16:14 | Attr =    ]
spool -> %SystemRoot%\System32\spool ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 19.04.2008 09:31:24 | Attr =    ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 15.05.2008 19:47:15 | Attr =    ]
subrange.uce -> %SystemRoot%\System32\subrange.uce ->  [Ver =  | Size = 93702 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
tslabels.h -> %SystemRoot%\System32\tslabels.h ->  [Ver =  | Size = 3286 bytes | Created Date = 19.04.2008 08:48:49 | Attr =    ]
tslabels.ini -> %SystemRoot%\System32\tslabels.ini ->  [Ver =  | Size = 27055 bytes | Created Date = 19.04.2008 08:48:49 | Attr =    ]
TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Created Date = 19.04.2008 12:30:57 | Attr =    ]
unredmon.exe -> %SystemRoot%\System32\unredmon.exe ->  [Ver =  | Size = 45056 bytes | Created Date = 19.04.2008 12:27:46 | Attr =    ]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
usrlogon.cmd -> %SystemRoot%\System32\usrlogon.cmd ->  [Ver =  | Size = 1237 bytes | Created Date = 19.04.2008 08:48:49 | Attr =    ]
uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.11 | Size = 28416 bytes | Created Date = 19.04.2008 12:30:59 | Attr =    ]
vbrun60sp6.installed -> %SystemRoot%\System32\vbrun60sp6.installed ->  [Ver =  | Size = 3 bytes | Created Date = 19.04.2008 09:59:13 | Attr =    ]
vct3216.acm -> %SystemRoot%\System32\vct3216.acm -> Voxware, Inc. [Ver = 1.6.0.17 | Size = 82944 bytes | Created Date = 22.04.2008 21:52:32 | Attr =    ]
VGAunistlog.ini -> %SystemRoot%\System32\VGAunistlog.ini ->  [Ver =  | Size = 33 bytes | Created Date = 19.04.2008 10:37:00 | Attr =    ]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 19.04.2008 08:50:43 | Attr = RH ]
wins -> %SystemRoot%\System32\wins ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
wmimgmt.msc -> %SystemRoot%\System32\wmimgmt.msc ->  [Ver =  | Size = 63488 bytes | Created Date = 19.04.2008 08:48:41 | Attr =    ]
wmpscheme.xml -> %SystemRoot%\System32\wmpscheme.xml ->  [Ver =  | Size = 25065 bytes | Created Date = 19.04.2008 08:51:30 | Attr =    ]
Wordpad-Converter-ZLib-update.installed -> %SystemRoot%\System32\Wordpad-Converter-ZLib-update.installed ->  [Ver =  | Size = 3 bytes | Created Date = 19.04.2008 09:51:29 | Attr =    ]
wpa.bak -> %SystemRoot%\System32\wpa.bak ->  [Ver =  | Size = 13646 bytes | Created Date = 19.04.2008 11:12:43 | Attr =    ]
ws344069.ocx -> %SystemRoot%\System32\ws344069.ocx ->  [Ver =  | Size = 461 bytes | Created Date = 10.05.2008 13:46:54 | Attr =  H ]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 19.04.2008 08:50:37 | Attr = RH ]
x.264.exe -> %SystemRoot%\System32\x.264.exe ->  [Ver =  | Size = 240128 bytes | Created Date = 24.04.2008 20:51:36 | Attr =    ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Created Date = 19.04.2008 08:51:36 | Attr =    ]
xvid.ax -> %SystemRoot%\System32\xvid.ax ->  [Ver =  | Size = 77824 bytes | Created Date = 22.04.2008 21:52:33 | Attr =    ]
xvidcore.dll -> %SystemRoot%\System32\xvidcore.dll ->  [Ver =  | Size = 765952 bytes | Created Date = 20.04.2008 17:15:23 | Attr =    ]
xvidvfw.dll -> %SystemRoot%\System32\xvidvfw.dll ->  [Ver =  | Size = 180224 bytes | Created Date = 22.04.2008 21:52:33 | Attr =    ]
yv12vfw.dll -> %SystemRoot%\System32\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 24.04.2008 20:51:36 | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 19.04.2008 09:41:18 | Attr =  H ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Created Date = 19.04.2008 09:52:48 | Attr =  H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 19.04.2008 09:24:38 | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Created Date = 19.04.2008 10:10:26 | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Created Date = 19.04.2008 10:10:13 | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
Angler.bmp -> %SystemRoot%\Angler.bmp ->  [Ver =  | Size = 17336 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
assembly -> %SystemRoot%\assembly ->  [Folder | Created Date = 19.04.2008 11:03:30 | Attr = R S]
Blaue Spitzen 16.bmp -> %SystemRoot%\Blaue Spitzen 16.bmp ->  [Ver =  | Size = 1272 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Created Date = 19.04.2008 08:54:00 | Attr =   S]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI ->  [Ver =  | Size = 312 bytes | Created Date = 19.04.2008 12:16:45 | Attr =    ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 12:16:46 | Attr =    ]
BROHL143.INI -> %SystemRoot%\BROHL143.INI ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 12:16:46 | Attr =    ]
Brownie.ini -> %SystemRoot%\Brownie.ini ->  [Ver =  | Size = 23 bytes | Created Date = 19.04.2008 12:16:45 | Attr =    ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI ->  [Ver =  | Size = 26 bytes | Created Date = 19.04.2008 12:15:40 | Attr =    ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI ->  [Ver =  | Size = 137 bytes | Created Date = 19.04.2008 12:16:45 | Attr =    ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI ->  [Ver =  | Size = 453 bytes | Created Date = 19.04.2008 12:15:40 | Attr =    ]
Config -> %SystemRoot%\Config ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 08:51:33 | Attr =    ]
CSTBox.INI -> %SystemRoot%\CSTBox.INI ->  [Ver =  | Size = 36363 bytes | Created Date = 19.04.2008 12:58:40 | Attr =    ]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
Debug -> %SystemRoot%\Debug ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
desktop.ini -> %SystemRoot%\desktop.ini ->  [Ver =  | Size = 2 bytes | Created Date = 19.04.2008 08:50:00 | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Created Date = 14.05.2008 22:22:45 | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
EHome -> %SystemRoot%\EHome ->  [Folder | Created Date = 19.04.2008 09:24:33 | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 16.05.2008 15:23:39 | Attr =    ]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 16.05.2008 14:43:13 | Attr =    ]
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
Feder.bmp -> %SystemRoot%\Feder.bmp ->  [Ver =  | Size = 16730 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr = R S]
Fächer.bmp -> %SystemRoot%\Fächer.bmp ->  [Ver =  | Size = 26680 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
Granit.bmp -> %SystemRoot%\Granit.bmp ->  [Ver =  | Size = 26582 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
gswin32.ini -> %SystemRoot%\gswin32.ini ->  [Ver =  | Size = 43 bytes | Created Date = 19.04.2008 12:27:22 | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
HL-1430.INI -> %SystemRoot%\HL-1430.INI ->  [Ver =  | Size = 13109 bytes | Created Date = 19.04.2008 12:16:07 | Attr =    ]
Icons -> %SystemRoot%\Icons ->  [Folder | Created Date = 27.04.2008 20:42:29 | Attr =  H ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Created Date = 19.04.2008 10:10:40 | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Created Date = 19.04.2008 10:18:50 | Attr =    ]
ime -> %SystemRoot%\ime ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Created Date = 19.04.2008 08:58:45 | Attr =  HS]
IsUn0407.exe -> %SystemRoot%\IsUn0407.exe -> InstallShield Software Corporation  [Ver = 5.10.146.0 | Size = 305664 bytes | Created Date = 19.04.2008 12:13:42 | Attr =    ]
java -> %SystemRoot%\java ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
Kaffeetasse.bmp -> %SystemRoot%\Kaffeetasse.bmp ->  [Ver =  | Size = 17062 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
Media -> %SystemRoot%\Media ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
meta4.exe -> %SystemRoot%\meta4.exe ->  [Ver =  | Size = 217073 bytes | Created Date = 24.04.2008 20:51:36 | Attr =    ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Created Date = 19.04.2008 11:02:15 | Attr =    ]
MOTA113.exe -> %SystemRoot%\MOTA113.exe ->  [Ver =  | Size = 66560 bytes | Created Date = 24.04.2008 20:51:36 | Attr =    ]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1672 bytes | Created Date = 19.04.2008 10:57:12 | Attr =    ]
msagent -> %SystemRoot%\msagent ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
msapps -> %SystemRoot%\msapps ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
mui -> %SystemRoot%\mui ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Created Date = 20.04.2008 16:27:21 | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 19.04.2008 11:58:57 | Attr =    ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
Noslip -> %SystemRoot%\Noslip ->  [Folder | Created Date = 10.05.2008 13:45:51 | Attr =    ]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 19.04.2008 10:43:23 | Attr =    ]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 400 bytes | Created Date = 19.04.2008 14:09:35 | Attr =    ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Created Date = 19.04.2008 09:31:45 | Attr =    ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Created Date = 19.04.2008 08:50:43 | Attr = R  ]
opt_1430.ini -> %SystemRoot%\opt_1430.ini ->  [Ver =  | Size = 40 bytes | Created Date = 19.04.2008 12:16:46 | Attr =    ]
PCHealth -> %SystemRoot%\PCHealth ->  [Folder | Created Date = 19.04.2008 08:49:40 | Attr =    ]
peernet -> %SystemRoot%\peernet ->  [Folder | Created Date = 19.04.2008 09:31:01 | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 19.04.2008 09:36:18 | Attr =    ]
PreviewSoft -> %SystemRoot%\PreviewSoft ->  [Folder | Created Date = 10.05.2008 13:46:23 | Attr =    ]
provisioning -> %SystemRoot%\provisioning ->  [Folder | Created Date = 19.04.2008 09:31:00 | Attr =    ]
Präriewind.bmp -> %SystemRoot%\Präriewind.bmp ->  [Ver =  | Size = 65954 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Created Date = 21.04.2008 19:26:06 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Created Date = 21.04.2008 19:26:06 | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Created Date = 19.04.2008 10:15:05 | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Created Date = 19.04.2008 08:49:27 | Attr =    ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Created Date = 19.04.2008 08:54:56 | Attr =    ]
repair -> %SystemRoot%\repair ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
Resources -> %SystemRoot%\Resources ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp ->  [Ver =  | Size = 17362 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
Santa Fe-Stuck.bmp -> %SystemRoot%\Santa Fe-Stuck.bmp ->  [Ver =  | Size = 65832 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
Seifenblase.bmp -> %SystemRoot%\Seifenblase.bmp ->  [Ver =  | Size = 65978 bytes | Created Date = 19.04.2008 08:48:51 | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 19.04.2008 09:29:24 | Attr =    ]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Created Date = 27.04.2008 14:40:49 | Attr =    ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 19.04.2008 09:31:02 | Attr =    ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Created Date = 19.04.2008 09:36:22 | Attr =    ]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Created Date = 19.04.2008 08:49:45 | Attr =    ]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 26.04.2008 17:29:00 | Attr =    ]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Created Date = 19.04.2008 08:49:50 | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 16.05.2008 15:36:55 | Attr =    ]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
ULEAD32.INI -> %SystemRoot%\ULEAD32.INI ->  [Ver =  | Size = 409 bytes | Created Date = 10.05.2008 13:46:17 | Attr =    ]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Created Date = 19.04.2008 08:49:28 | Attr =    ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Created Date = 19.04.2008 08:49:28 | Attr =    ]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Created Date = 19.04.2008 10:11:44 | Attr =    ]
Web -> %SystemRoot%\Web ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr = R  ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 19.04.2008 08:50:37 | Attr = RH ]
winnt.bmp -> %SystemRoot%\winnt.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 19.04.2008 08:50:00 | Attr =  HS]
winnt256.bmp -> %SystemRoot%\winnt256.bmp ->  [Ver =  | Size = 48680 bytes | Created Date = 19.04.2008 08:50:00 | Attr =  HS]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Created Date = 19.04.2008 00:55:27 | Attr =    ]
WMSysPr8.prx -> %SystemRoot%\WMSysPr8.prx ->  [Ver =  | Size = 156910 bytes | Created Date = 22.04.2008 21:52:33 | Attr =    ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Created Date = 19.04.2008 09:32:03 | Attr =    ]
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx ->  [Ver =  | Size = 299552 bytes | Created Date = 19.04.2008 08:51:28 | Attr =    ]
x2.64.exe -> %SystemRoot%\x2.64.exe ->  [Ver =  | Size = 502784 bytes | Created Date = 24.04.2008 20:51:36 | Attr =    ]
Zapotek.bmp -> %SystemRoot%\Zapotek.bmp ->  [Ver =  | Size = 9522 bytes | Created Date = 19.04.2008 08:48:52 | Attr =    ]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 16.05.2008 15:23:17 | Attr =    ]
desktop.ini -> %SystemRoot%\tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Created Date = 19.04.2008 08:49:50 | Attr = RH ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 322 bytes | Created Date = 15.05.2008 22:09:52 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Created Date = 19.04.2008 08:51:25 | Attr =  H ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Anwendungsdaten\Adobe ->  [Folder | Created Date = 19.04.2008 13:21:56 | Attr =    ]
Apple -> %AllUsersProfile%\Anwendungsdaten\Apple ->  [Folder | Created Date = 19.04.2008 13:34:38 | Attr =    ]
Apple Computer -> %AllUsersProfile%\Anwendungsdaten\Apple Computer ->  [Folder | Created Date = 19.04.2008 13:35:40 | Attr =    ]
AVS4YOU -> %AllUsersProfile%\Anwendungsdaten\AVS4YOU ->  [Folder | Created Date = 22.04.2008 22:04:08 | Attr =    ]
desktop.ini -> %AllUsersProfile%\Anwendungsdaten\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 19.04.2008 09:31:13 | Attr =  HS]
ezsid.dat -> %AllUsersProfile%\Anwendungsdaten\ezsid.dat ->  [Ver =  | Size = 32 bytes | Created Date = 19.04.2008 18:51:26 | Attr =    ]
FLEXnet -> %AllUsersProfile%\Anwendungsdaten\FLEXnet ->  [Folder | Created Date = 19.04.2008 18:14:03 | Attr =    ]
Kaspersky Lab -> %AllUsersProfile%\Anwendungsdaten\Kaspersky Lab ->  [Folder | Created Date = 19.04.2008 10:47:54 | Attr =    ]
Malwarebytes -> %AllUsersProfile%\Anwendungsdaten\Malwarebytes ->  [Folder | Created Date = 16.05.2008 13:16:03 | Attr =    ]
Microsoft -> %AllUsersProfile%\Anwendungsdaten\Microsoft ->  [Folder | Created Date = 19.04.2008 09:30:55 | Attr =   S]
Microsoft Help -> %AllUsersProfile%\Anwendungsdaten\Microsoft Help ->  [Folder | Created Date = 19.04.2008 15:34:19 | Attr =    ]
Nero -> %AllUsersProfile%\Anwendungsdaten\Nero ->  [Folder | Created Date = 19.04.2008 20:06:24 | Attr =    ]
Office Genuine Advantage -> %AllUsersProfile%\Anwendungsdaten\Office Genuine Advantage ->  [Folder | Created Date = 19.04.2008 14:11:21 | Attr =    ]
Skype -> %AllUsersProfile%\Anwendungsdaten\Skype ->  [Folder | Created Date = 19.04.2008 13:24:32 | Attr =    ]
TuneUp Software -> %AllUsersProfile%\Anwendungsdaten\TuneUp Software ->  [Folder | Created Date = 19.04.2008 12:30:02 | Attr =    ]
Windows Genuine Advantage -> %AllUsersProfile%\Anwendungsdaten\Windows Genuine Advantage ->  [Folder | Created Date = 19.04.2008 13:05:18 | Attr =    ]
WLInstaller -> %AllUsersProfile%\Anwendungsdaten\WLInstaller ->  [Folder | Created Date = 19.04.2008 13:29:08 | Attr =    ]
Adobe -> %AppData%\Adobe ->  [Folder | Created Date = 19.04.2008 10:57:23 | Attr =    ]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Created Date = 19.04.2008 13:38:27 | Attr =    ]
ATI -> %AppData%\ATI ->  [Folder | Created Date = 19.04.2008 11:14:53 | Attr =    ]
AVS4YOU -> %AppData%\AVS4YOU ->  [Folder | Created Date = 23.04.2008 20:35:18 | Attr =    ]
Canon -> %AppData%\Canon ->  [Folder | Created Date = 19.04.2008 12:56:41 | Attr =    ]
DAEMON Tools -> %AppData%\DAEMON Tools ->  [Folder | Created Date = 01.05.2008 20:34:27 | Attr =    ]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 19.04.2008 08:58:34 | Attr =  HS]
DivX -> %AppData%\DivX ->  [Folder | Created Date = 20.04.2008 18:37:59 | Attr =    ]
dvdcss -> %AppData%\dvdcss ->  [Folder | Created Date = 29.04.2008 20:58:21 | Attr =    ]
Help -> %AppData%\Help ->  [Folder | Created Date = 10.05.2008 14:20:59 | Attr =    ]
ICQ -> %AppData%\ICQ ->  [Folder | Created Date = 19.04.2008 13:23:02 | Attr =    ]
Identities -> %AppData%\Identities ->  [Folder | Created Date = 19.04.2008 08:58:42 | Attr =    ]
IEPro -> %AppData%\IEPro ->  [Folder | Created Date = 19.04.2008 11:49:23 | Attr =    ]
InstallShield -> %AppData%\InstallShield ->  [Folder | Created Date = 01.05.2008 21:08:10 | Attr =    ]
Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 19.04.2008 10:57:23 | Attr =    ]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 16.05.2008 13:16:13 | Attr =    ]
Microsoft -> %AppData%\Microsoft ->  [Folder | Created Date = 19.04.2008 08:58:34 | Attr =   S]
MiniDm -> %AppData%\MiniDm ->  [Folder | Created Date = 19.04.2008 12:20:48 | Attr =    ]
Mozilla -> %AppData%\Mozilla ->  [Folder | Created Date = 19.04.2008 10:43:20 | Attr =    ]
Nero -> %AppData%\Nero ->  [Folder | Created Date = 19.04.2008 20:15:00 | Attr =    ]
SecuROM -> %AppData%\SecuROM ->  [Folder | Created Date = 01.05.2008 21:50:25 | Attr = RH ]
Skype -> %AppData%\Skype ->  [Folder | Created Date = 19.04.2008 13:27:56 | Attr =    ]
skypePM -> %AppData%\skypePM ->  [Folder | Created Date = 19.04.2008 18:51:26 | Attr =    ]
Sun -> %AppData%\Sun ->  [Folder | Created Date = 26.04.2008 17:29:00 | Attr =    ]
tor -> %AppData%\tor ->  [Folder | Created Date = 16.05.2008 13:39:46 | Attr =    ]
TuneUp Software -> %AppData%\TuneUp Software ->  [Folder | Created Date = 19.04.2008 12:30:54 | Attr =    ]
UseNeXT -> %AppData%\UseNeXT ->  [Folder | Created Date = 19.04.2008 20:28:25 | Attr =    ]
Vidalia -> %AppData%\Vidalia ->  [Folder | Created Date = 16.05.2008 13:38:59 | Attr =    ]
vlc -> %AppData%\vlc ->  [Folder | Created Date = 19.04.2008 13:06:59 | Attr =    ]
Windows Desktop Search -> %AppData%\Windows Desktop Search ->  [Folder | Created Date = 27.04.2008 15:07:54 | Attr =    ]
Windows-Optimierer -> %AppData%\Windows-Optimierer ->  [Folder | Created Date = 29.04.2008 20:40:00 | Attr =    ]
WinRAR -> %AppData%\WinRAR ->  [Folder | Created Date = 19.04.2008 16:11:49 | Attr =    ]
Adobe -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Adobe ->  [Folder | Created Date = 19.04.2008 13:23:57 | Attr =    ]
Ahead -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Ahead ->  [Folder | Created Date = 19.04.2008 20:18:55 | Attr =    ]
Apple -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Apple ->  [Folder | Created Date = 19.04.2008 13:35:17 | Attr =    ]
Apple Computer -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Apple Computer ->  [Folder | Created Date = 19.04.2008 13:32:39 | Attr =    ]
ATI -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\ATI ->  [Folder | Created Date = 19.04.2008 11:14:53 | Attr =    ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 17408 bytes | Created Date = 20.04.2008 18:08:57 | Attr =    ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 71456 bytes | Created Date = 19.04.2008 09:37:05 | Attr =    ]
Help -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Help ->  [Folder | Created Date = 10.05.2008 14:20:59 | Attr =    ]
IconCache.db -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\IconCache.db ->  [Ver =  | Size = 4847862 bytes | Created Date = 19.04.2008 09:35:08 | Attr =  H ]
Identities -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Identities ->  [Folder | Created Date = 27.04.2008 15:07:57 | Attr =    ]
Microsoft -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Microsoft ->  [Folder | Created Date = 19.04.2008 08:58:35 | Attr =    ]
Microsoft Help -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Microsoft Help ->  [Folder | Created Date = 19.04.2008 15:34:44 | Attr =    ]
Mozilla -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Mozilla ->  [Folder | Created Date = 19.04.2008 10:43:20 | Attr =    ]
Nero -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Nero ->  [Folder | Created Date = 20.04.2008 21:35:25 | Attr =    ]
Zattoo -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Zattoo ->  [Folder | Created Date = 19.04.2008 18:17:27 | Attr =    ]
ZattooPlayer -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\ZattooPlayer ->  [Folder | Created Date = 19.04.2008 18:17:43 | Attr =    ]
desktop.ini -> %AllUsersProfile%\Dokumente\desktop.ini ->  [Ver =  | Size = 62 bytes | Created Date = 19.04.2008 09:31:13 | Attr =  HS]
Eigene Bilder -> %AllUsersProfile%\Dokumente\Eigene Bilder ->  [Folder | Created Date = 19.04.2008 08:49:33 | Attr = R  ]
Eigene Musik -> %AllUsersProfile%\Dokumente\Eigene Musik ->  [Folder | Created Date = 19.04.2008 08:49:33 | Attr = R  ]
Eigene Videos -> %AllUsersProfile%\Dokumente\Eigene Videos ->  [Folder | Created Date = 19.04.2008 13:27:36 | Attr = R  ]
cut assistan + virtual dub -> %UserProfile%\Eigene Dateien\cut assistan + virtual dub ->  [Folder | Created Date = 20.04.2008 17:37:46 | Attr =    ]
daguggste -> %UserProfile%\Eigene Dateien\daguggste ->  [Folder | Created Date = 09.05.2008 14:33:34 | Attr =    ]
desktop.ini -> %UserProfile%\Eigene Dateien\desktop.ini ->  [Ver =  | Size = 83 bytes | Created Date = 19.04.2008 08:58:36 | Attr =  HS]
Eigene Bilder -> %UserProfile%\Eigene Dateien\Eigene Bilder ->  [Folder | Created Date = 19.04.2008 08:58:36 | Attr = R  ]
Eigene Musik -> %UserProfile%\Eigene Dateien\Eigene Musik ->  [Folder | Created Date = 19.04.2008 08:58:36 | Attr = R  ]
Eigene Videos -> %UserProfile%\Eigene Dateien\Eigene Videos ->  [Folder | Created Date = 19.04.2008 13:27:36 | Attr = R  ]
ICQ -> %UserProfile%\Eigene Dateien\ICQ ->  [Folder | Created Date = 19.04.2008 19:49:46 | Attr =    ]
Meine empfangenen Dateien -> %UserProfile%\Eigene Dateien\Meine empfangenen Dateien ->  [Folder | Created Date = 19.04.2008 18:46:31 | Attr =    ]
Meine freigegebenen Ordner.lnk -> %UserProfile%\Eigene Dateien\Meine freigegebenen Ordner.lnk ->  [Ver =  | Size = 584 bytes | Created Date = 19.04.2008 18:47:17 | Attr =    ]
Multidecoder_1.0.0.41 -> %UserProfile%\Eigene Dateien\Multidecoder_1.0.0.41 ->  [Folder | Created Date = 13.05.2008 19:26:11 | Attr =    ]
Nero -> %UserProfile%\Eigene Dateien\Nero ->  [Folder | Created Date = 20.04.2008 13:58:59 | Attr =    ]
Nero Home -> %UserProfile%\Eigene Dateien\Nero Home ->  [Folder | Created Date = 20.04.2008 21:37:03 | Attr =    ]
Microsoft Office Outlook 2007.lnk -> %AllUsersProfile%\Desktop\Microsoft Office Outlook 2007.lnk ->  [Ver =  | Size = 2607 bytes | Created Date = 27.04.2008 20:51:36 | Attr =    ]
Microsoft Office Word 2007.lnk -> %AllUsersProfile%\Desktop\Microsoft Office Word 2007.lnk ->  [Ver =  | Size = 2503 bytes | Created Date = 27.04.2008 20:51:36 | Attr =    ]
Ulead GIF Animator 5.lnk -> %AllUsersProfile%\Desktop\Ulead GIF Animator 5.lnk ->  [Ver =  | Size = 1597 bytes | Created Date = 10.05.2008 13:46:17 | Attr =    ]
129838.zip -> %UserProfile%\Desktop\129838.zip ->  [Ver =  | Size = 382619 bytes | Created Date = 06.05.2008 18:00:11 | Attr =    ]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21031280 bytes | Created Date = 15.05.2008 22:26:02 | Attr =    ]
aaw2007.exe.part -> %UserProfile%\Desktop\aaw2007.exe.part ->  [Ver =  | Size = 5227267 bytes | Created Date = 15.05.2008 22:26:01 | Attr =    ]
Baseballfeld.png -> %UserProfile%\Desktop\Baseballfeld.png ->  [Ver =  | Size = 12486 bytes | Created Date = 23.04.2008 20:52:16 | Attr =    ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1916951 bytes | Created Date = 16.05.2008 15:22:53 | Attr =    ]
deutsch-ordner-der gelbe vogel -> %UserProfile%\Desktop\deutsch-ordner-der gelbe vogel ->  [Folder | Created Date = 26.04.2008 17:44:38 | Attr =    ]
Dokument.ncd -> %UserProfile%\Desktop\Dokument.ncd ->  [Ver =  | Size = 956102 bytes | Created Date = 20.04.2008 18:58:31 | Attr =    ]
downloade -> %UserProfile%\Desktop\downloade ->  [Folder | Created Date = 20.04.2008 12:45:47 | Attr =    ]
flug.doc -> %UserProfile%\Desktop\flug.doc ->  [Ver =  | Size = 27648 bytes | Created Date = 01.05.2008 13:06:22 | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1698 bytes | Created Date = 14.05.2008 23:27:40 | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 14.05.2008 23:27:30 | Attr =    ]
hp04.zip -> %UserProfile%\Desktop\hp04.zip ->  [Ver =  | Size = 114176 bytes | Created Date = 09.05.2008 14:52:38 | Attr =    ]
hp04z -> %UserProfile%\Desktop\hp04z ->  [Folder | Created Date = 09.05.2008 14:54:56 | Attr =    ]
hp88.zip -> %UserProfile%\Desktop\hp88.zip ->  [Ver =  | Size = 99248 bytes | Created Date = 09.05.2008 14:51:51 | Attr =    ]
lizenzschlüssel -> %UserProfile%\Desktop\lizenzschlüssel ->  [Folder | Created Date = 20.04.2008 09:26:53 | Attr =    ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes                                                 [Ver = 1.0.0.0              | Size = 1649976 bytes | Created Date = 16.05.2008 13:14:03 | Attr =    ]
Neu Bitmap.bmp -> %UserProfile%\Desktop\Neu Bitmap.bmp ->  [Ver =  | Size = 921654 bytes | Created Date = 10.05.2008 13:49:13 | Attr =    ]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Created Date = 16.05.2008 19:34:24 | Attr =    ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 16.05.2008 19:38:27 | Attr =    ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 543023 bytes | Created Date = 16.05.2008 19:38:16 | Attr =    ]
ratchet und clank -> %UserProfile%\Desktop\ratchet und clank ->  [Folder | Created Date = 06.05.2008 18:17:36 | Attr =    ]
SEGA -> %UserProfile%\Desktop\SEGA ->  [Folder | Created Date = 01.05.2008 21:31:43 | Attr =    ]
Start.psd -> %UserProfile%\Desktop\Start.psd ->  [Ver =  | Size = 0 bytes | Created Date = 08.05.2008 20:24:49 | Attr =    ]
trojaner-töten -> %UserProfile%\Desktop\trojaner-töten ->  [Folder | Created Date = 15.05.2008 06:48:24 | Attr =    ]
Unbenannt.uga -> %UserProfile%\Desktop\Unbenannt.uga ->  [Ver =  | Size = 355328 bytes | Created Date = 10.05.2008 16:08:30 | Attr =    ]
vidalia-bundle-0.1.2.19-0.0.16.exe -> %UserProfile%\Desktop\vidalia-bundle-0.1.2.19-0.0.16.exe ->  [Ver = 0.1.2.19-0.0.16 | Size = 6696679 bytes | Created Date = 16.05.2008 13:37:23 | Attr =    ]
vivaldi -> %UserProfile%\Desktop\vivaldi ->  [Folder | Created Date = 10.05.2008 18:40:03 | Attr =    ]
windowsdefender.msi -> %UserProfile%\Desktop\windowsdefender.msi ->  [Ver =  | Size = 5155328 bytes | Created Date = 15.05.2008 22:05:34 | Attr =    ]
zeugs -> %UserProfile%\Desktop\zeugs ->  [Folder | Created Date = 08.05.2008 20:50:49 | Attr =    ]
desktop.ini -> %AllUsersProfile%\Startmenü\Programme\Autostart\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 19.04.2008 09:31:13 | Attr =  HS]
USB Sharing.lnk -> %AllUsersProfile%\Startmenü\Programme\Autostart\USB Sharing.lnk ->  [Ver =  | Size = 459 bytes | Created Date = 19.04.2008 12:54:56 | Attr =    ]
desktop.ini -> %UserProfile%\Startmenü\Programme\Autostart\desktop.ini ->  [Ver =  | Size = 84 bytes | Created Date = 19.04.2008 08:58:34 | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Created Date = 19.04.2008 13:21:11 | Attr =    ]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Created Date = 19.04.2008 13:34:40 | Attr =    ]
AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Created Date = 22.04.2008 21:53:38 | Attr =    ]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Created Date = 27.04.2008 14:48:30 | Attr =    ]
Dienste -> %CommonProgramFiles%\Dienste ->  [Folder | Created Date = 19.04.2008 08:49:53 | Attr =    ]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Created Date = 19.04.2008 10:34:07 | Attr =    ]
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 26.04.2008 17:22:40 | Attr =    ]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Created Date = 19.04.2008 17:23:55 | Attr =    ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Created Date = 19.04.2008 09:31:40 | Attr =    ]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Created Date = 19.04.2008 08:49:48 | Attr =    ]
Nero -> %CommonProgramFiles%\Nero ->  [Folder | Created Date = 19.04.2008 20:06:23 | Attr =    ]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Created Date = 19.04.2008 09:31:45 | Attr =    ]
Skype -> %CommonProgramFiles%\Skype ->  [Folder | Created Date = 19.04.2008 13:24:59 | Attr =    ]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Created Date = 19.04.2008 09:31:40 | Attr =    ]
System -> %CommonProgramFiles%\System ->  [Folder | Created Date = 19.04.2008 08:49:34 | Attr =    ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Created Date = 19.04.2008 13:29:33 | Attr =  HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Created Date = 19.04.2008 12:28:33 | Attr =    ]
Adobe -> %ProgramFiles%\Adobe ->  [Folder | Created Date = 19.04.2008 13:21:11 | Attr =    ]
Alcohol Soft -> %ProgramFiles%\Alcohol Soft ->  [Folder | Created Date = 01.05.2008 20:53:57 | Attr =    ]
Apple Software Update -> %ProgramFiles%\Apple Software Update ->  [Folder | Created Date = 19.04.2008 13:35:13 | Attr =    ]
ATI Technologies -> %ProgramFiles%\ATI Technologies ->  [Folder | Created Date = 19.04.2008 10:40:22 | Attr =    ]
AviSynth 2.5 -> %ProgramFiles%\AviSynth 2.5 ->  [Folder | Created Date = 24.04.2008 20:51:35 | Attr =    ]
Bonjour -> %ProgramFiles%\Bonjour ->  [Folder | Created Date = 19.04.2008 13:36:58 | Attr =    ]
Brother -> %ProgramFiles%\Brother ->  [Folder | Created Date = 19.04.2008 12:14:42 | Attr =    ]
Brownie -> %ProgramFiles%\Brownie ->  [Folder | Created Date = 19.04.2008 12:16:08 | Attr =    ]
Canon -> %ProgramFiles%\Canon ->  [Folder | Created Date = 19.04.2008 12:38:27 | Attr =    ]
[url="http://www.ccleaner.de"]CCleaner[/url] -> %ProgramFiles%\[url="http://www.ccleaner.de"]CCleaner[/url] ->  [Folder | Created Date = 16.05.2008 15:19:45 | Attr =    ]
DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite ->  [Folder | Created Date = 01.05.2008 22:03:57 | Attr =    ]
DirectX -> %ProgramFiles%\DirectX ->  [Folder | Created Date = 19.04.2008 10:37:33 | Attr =    ]
DivX -> %ProgramFiles%\DivX ->  [Folder | Created Date = 20.04.2008 18:37:14 | Attr =    ]
DsNET Corp -> %ProgramFiles%\DsNET Corp ->  [Folder | Created Date = 23.04.2008 12:08:49 | Attr =    ]
Enigma Software Group -> %ProgramFiles%\Enigma Software Group ->  [Folder | Created Date = 13.05.2008 20:33:22 | Attr =    ]
eRightSoft -> %ProgramFiles%\eRightSoft ->  [Folder | Created Date = 24.04.2008 20:49:16 | Attr =    ]
ffdshow -> %ProgramFiles%\ffdshow ->  [Folder | Created Date = 20.04.2008 18:01:31 | Attr =    ]
Free Download Manager -> %ProgramFiles%\Free Download Manager ->  [Folder | Created Date = 19.04.2008 15:50:50 | Attr =    ]
FreePDF_XP -> %ProgramFiles%\FreePDF_XP ->  [Folder | Created Date = 19.04.2008 12:27:40 | Attr =    ]
Gemeinsame Dateien -> %CommonProgramFiles% ->  [Folder | Created Date = 19.04.2008 09:31:40 | Attr =    ]
gs -> %ProgramFiles%\gs ->  [Folder | Created Date = 19.04.2008 12:25:40 | Attr =    ]
ICQ6 -> %ProgramFiles%\ICQ6 ->  [Folder | Created Date = 19.04.2008 13:19:41 | Attr =    ]
IEPro -> %ProgramFiles%\IEPro ->  [Folder | Created Date = 19.04.2008 11:49:05 | Attr =    ]
InstallShield Installation Information -> %ProgramFiles%\InstallShield Installation Information ->  [Folder | Created Date = 19.04.2008 10:39:51 | Attr =  H ]
Internet Explorer -> %ProgramFiles%\Internet Explorer ->  [Folder | Created Date = 19.04.2008 08:49:34 | Attr =    ]
iPod -> %ProgramFiles%\iPod ->  [Folder | Created Date = 19.04.2008 13:37:38 | Attr =    ]
iTunes -> %ProgramFiles%\iTunes ->  [Folder | Created Date = 19.04.2008 13:37:25 | Attr =    ]
Java -> %ProgramFiles%\Java ->  [Folder | Created Date = 26.04.2008 17:24:48 | Attr =    ]
Kaspersky Lab -> %ProgramFiles%\Kaspersky Lab ->  [Folder | Created Date = 19.04.2008 10:47:54 | Attr =    ]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 16.05.2008 13:16:03 | Attr =    ]
Messenger -> %ProgramFiles%\Messenger ->  [Folder | Created Date = 19.04.2008 08:49:07 | Attr =    ]
microsoft frontpage -> %ProgramFiles%\microsoft frontpage ->  [Folder | Created Date = 19.04.2008 08:51:36 | Attr =    ]
Microsoft Office -> %ProgramFiles%\Microsoft Office ->  [Folder | Created Date = 27.04.2008 14:40:04 | Attr =    ]
Microsoft Visual Studio -> %ProgramFiles%\Microsoft Visual Studio ->  [Folder | Created Date = 19.04.2008 17:09:29 | Attr =    ]
Microsoft Visual Studio 8 -> %ProgramFiles%\Microsoft Visual Studio 8 ->  [Folder | Created Date = 27.04.2008 14:42:24 | Attr =    ]
Microsoft Works -> %ProgramFiles%\Microsoft Works ->  [Folder | Created Date = 27.04.2008 14:49:49 | Attr =    ]
Microsoft.NET -> %ProgramFiles%\Microsoft.NET ->  [Folder | Created Date = 27.04.2008 14:46:44 | Attr =    ]
Movie Maker -> %ProgramFiles%\Movie Maker ->  [Folder | Created Date = 19.04.2008 08:49:43 | Attr =    ]
Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox ->  [Folder | Created Date = 19.04.2008 10:42:05 | Attr =    ]
MSBuild -> %ProgramFiles%\MSBuild ->  [Folder | Created Date = 27.04.2008 14:49:26 | Attr =    ]
MSN -> %ProgramFiles%\MSN ->  [Folder | Created Date = 19.04.2008 08:48:37 | Attr =    ]
MSN Gaming Zone -> %ProgramFiles%\MSN Gaming Zone ->  [Folder | Created Date = 19.04.2008 08:49:03 | Attr =    ]
MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 ->  [Folder | Created Date = 19.04.2008 10:23:48 | Attr =    ]
MSXML 6.0 -> %ProgramFiles%\MSXML 6.0 ->  [Folder | Created Date = 19.04.2008 10:23:52 | Attr =    ]
Nero -> %ProgramFiles%\Nero ->  [Folder | Created Date = 19.04.2008 20:06:24 | Attr =    ]
NeroInstall.bak -> %ProgramFiles%\NeroInstall.bak ->  [Folder | Created Date = 19.04.2008 20:18:49 | Attr =    ]
NetMeeting -> %ProgramFiles%\NetMeeting ->  [Folder | Created Date = 19.04.2008 08:49:38 | Attr =    ]
Online Services -> %ProgramFiles%\Online Services ->  [Folder | Created Date = 19.04.2008 08:49:09 | Attr =    ]
Online-Dienste -> %ProgramFiles%\Online-Dienste ->  [Folder | Created Date = 19.04.2008 08:50:34 | Attr =    ]
Outlook Express -> %ProgramFiles%\Outlook Express ->  [Folder | Created Date = 19.04.2008 08:49:37 | Attr =    ]
QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 19.04.2008 13:35:42 | Attr =    ]
SEGA -> %ProgramFiles%\SEGA ->  [Folder | Created Date = 01.05.2008 21:11:33 | Attr =    ]
SiS7012 -> %ProgramFiles%\SiS7012 ->  [Folder | Created Date = 19.04.2008 10:34:27 | Attr =    ]
Skype -> %ProgramFiles%\Skype ->  [Folder | Created Date = 19.04.2008 13:25:01 | Attr =    ]
Smallvideosoft -> %ProgramFiles%\Smallvideosoft ->  [Folder | Created Date = 20.04.2008 17:15:20 | Attr =    ]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 14.05.2008 23:27:39 | Attr =    ]
TuneUp Utilities 2008 -> %ProgramFiles%\TuneUp Utilities 2008 ->  [Folder | Created Date = 19.04.2008 12:29:38 | Attr =    ]
Ulead Systems -> %ProgramFiles%\Ulead Systems ->  [Folder | Created Date = 10.05.2008 13:45:57 | Attr =    ]
Uninstall Information -> %ProgramFiles%\Uninstall Information ->  [Folder | Created Date = 19.04.2008 08:58:37 | Attr =  H ]
USB Sharing -> %ProgramFiles%\USB Sharing ->  [Folder | Created Date = 19.04.2008 12:54:56 | Attr =    ]
Vidalia Bundle -> %ProgramFiles%\Vidalia Bundle ->  [Folder | Created Date = 16.05.2008 13:38:59 | Attr =    ]
VideoLAN -> %ProgramFiles%\VideoLAN ->  [Folder | Created Date = 19.04.2008 13:06:29 | Attr =    ]
Webocton - Scriptly -> %ProgramFiles%\Webocton - Scriptly ->  [Folder | Created Date = 08.05.2008 20:55:57 | Attr =    ]
Windows Defender -> %ProgramFiles%\Windows Defender ->  [Folder | Created Date = 15.05.2008 22:06:37 | Attr =    ]
Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search ->  [Folder | Created Date = 27.04.2008 15:06:10 | Attr =    ]
Windows Live -> %ProgramFiles%\Windows Live ->  [Folder | Created Date = 19.04.2008 13:29:22 | Attr =    ]
Windows Media Connect 2 -> %ProgramFiles%\Windows Media Connect 2 ->  [Folder | Created Date = 19.04.2008 10:16:31 | Attr =    ]
Windows Media Player -> %ProgramFiles%\Windows Media Player ->  [Folder | Created Date = 19.04.2008 08:49:09 | Attr =    ]
Windows NT -> %ProgramFiles%\Windows NT ->  [Folder | Created Date = 19.04.2008 08:48:37 | Attr =    ]
WindowsUpdate -> %ProgramFiles%\WindowsUpdate ->  [Folder | Created Date = 19.04.2008 08:49:09 | Attr =  H ]
WinRAR -> %ProgramFiles%\WinRAR ->  [Folder | Created Date = 19.04.2008 16:11:00 | Attr =    ]
xerox -> %ProgramFiles%\xerox ->  [Folder | Created Date = 19.04.2008 08:51:36 | Attr =    ]
XP Codec Pack -> %ProgramFiles%\XP Codec Pack ->  [Folder | Created Date = 20.04.2008 17:54:42 | Attr =    ]
Xvid -> %ProgramFiles%\Xvid ->  [Folder | Created Date = 23.04.2008 12:09:23 | Attr =    ]
Zattoo -> %ProgramFiles%\Zattoo ->  [Folder | Created Date = 19.04.2008 18:17:01 | Attr =    ]

[Files/Folders - Modified Within 30 days]
26ad8db213dfc7379aa2f5cd5a2d1a -> %SystemDrive%\26ad8db213dfc7379aa2f5cd5a2d1a ->  [Folder | Modified Date = 19.04.2008 10:42:18 | Attr =    ]
a2d25a175c4579739a0344 -> %SystemDrive%\a2d25a175c4579739a0344 ->  [Folder | Modified Date = 19.04.2008 12:09:14 | Attr =    ]
ATI -> %SystemDrive%\ATI ->  [Folder | Modified Date = 19.04.2008 10:38:46 | Attr =    ]
AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 08:51:33 | Attr =    ]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 19.04.2008 09:32:11 | Attr = RHS]
CanoScan -> %SystemDrive%\CanoScan ->  [Folder | Modified Date = 19.04.2008 12:37:43 | Attr =  H ]
CONFIG.SYS -> %SystemDrive%\CONFIG.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 08:51:33 | Attr =    ]
Dokumente und Einstellungen -> %SystemDrive%\Dokumente und Einstellungen ->  [Folder | Modified Date = 19.04.2008 11:42:13 | Attr =    ]
IO.SYS -> %SystemDrive%\IO.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 08:51:33 | Attr = RHS]
Mp3 Output -> %SystemDrive%\Mp3 Output ->  [Folder | Modified Date = 10.05.2008 19:38:47 | Attr =    ]
MSDOS.SYS -> %SystemDrive%\MSDOS.SYS ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 08:51:33 | Attr = RHS]
MSOCache -> %SystemDrive%\MSOCache ->  [Folder | Modified Date = 27.04.2008 14:39:04 | Attr = RH ]
NTDETECT.COM -> %SystemDrive%\NTDETECT.COM ->  [Ver =  | Size = 47564 bytes | Modified Date = 19.04.2008 09:27:41 | Attr = RHS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 251184 bytes | Modified Date = 19.04.2008 09:27:41 | Attr = RHS]
os466477.bin -> %SystemDrive%\os466477.bin ->  [Ver =  | Size = 527 bytes | Modified Date = 10.05.2008 18:25:00 | Attr =  H ]
Programme -> %ProgramFiles% ->  [Folder | Modified Date = 16.05.2008 15:19:45 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 16.05.2008 15:36:52 | Attr =    ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 15.05.2008 22:31:06 | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 16.05.2008 15:36:55 | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 16.05.2008 19:34:44 | Attr =    ]
disdn -> %SystemRoot%\System32\drivers\disdn ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 16.05.2008 15:30:33 | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 16.05.2008 15:30:33 | Attr =    ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 13810976 bytes | Modified Date = 16.05.2008 19:38:05 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 187040 bytes | Modified Date = 16.05.2008 19:35:39 | Attr =  HS]
fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat ->  [Ver =  | Size = 889376 bytes | Modified Date = 16.05.2008 19:38:28 | Attr =  HS]
fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx ->  [Ver =  | Size = 85448 bytes | Modified Date = 16.05.2008 19:35:39 | Attr =  HS]
klick.dat -> %SystemRoot%\System32\drivers\klick.dat ->  [Ver =  | Size = 87941 bytes | Modified Date = 19.04.2008 10:52:51 | Attr =    ]
klin.dat -> %SystemRoot%\System32\drivers\klin.dat ->  [Ver =  | Size = 96645 bytes | Modified Date = 19.04.2008 10:52:51 | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 05.05.2008 20:46:32 | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Modified Date = 05.05.2008 20:46:36 | Attr =    ]
sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys ->  [Ver =  | Size = 717296 bytes | Modified Date = 01.05.2008 20:34:40 | Attr =    ]
umdf -> %SystemRoot%\System32\drivers\umdf ->  [Folder | Modified Date = 19.04.2008 13:18:56 | Attr =    ]
MsftWdf_user_01_00_00.Wdf -> %SystemRoot%\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 13:18:56 | Attr =  H ]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 261 bytes | Modified Date = 19.04.2008 08:54:00 | Attr =    ]
1025 -> %SystemRoot%\System32\1025 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
1028 -> %SystemRoot%\System32\1028 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
1031 -> %SystemRoot%\System32\1031 ->  [Folder | Modified Date = 19.04.2008 09:27:49 | Attr =    ]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Modified Date = 19.04.2008 00:57:27 | Attr =    ]
1037 -> %SystemRoot%\System32\1037 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
1041 -> %SystemRoot%\System32\1041 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
1042 -> %SystemRoot%\System32\1042 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
1054 -> %SystemRoot%\System32\1054 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
2052 -> %SystemRoot%\System32\2052 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
3076 -> %SystemRoot%\System32\3076 ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
3com_dmi -> %SystemRoot%\System32\3com_dmi ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 19.04.2008 13:23:25 | Attr =    ]
brss01a.ini -> %SystemRoot%\System32\brss01a.ini ->  [Ver =  | Size = 30 bytes | Modified Date = 19.04.2008 12:15:40 | Attr =    ]
brsvc01a.bsi -> %SystemRoot%\System32\brsvc01a.bsi ->  [Ver =  | Size = 184 bytes | Modified Date = 19.04.2008 12:15:40 | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 29.04.2008 22:05:30 | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 16.05.2008 19:39:07 | Attr =    ]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Modified Date = 29.04.2008 22:05:30 | Attr =    ]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 19.04.2008 08:50:37 | Attr = RH ]
CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> Sony DADC Austria AG. [Ver = 1,1,221,0 | Size = 107888 bytes | Modified Date = 01.05.2008 21:50:24 | Attr =    ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 19.04.2008 09:52:05 | Attr =    ]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 16.05.2008 15:28:06 | Attr =    ]
CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT ->  [Ver =  | Size = 2951 bytes | Modified Date = 19.04.2008 08:51:33 | Attr =    ]
de -> %SystemRoot%\System32\de ->  [Folder | Modified Date = 19.04.2008 09:49:53 | Attr =    ]
de-de -> %SystemRoot%\System32\de-de ->  [Folder | Modified Date = 27.04.2008 15:06:13 | Attr =    ]
dhcp -> %SystemRoot%\System32\dhcp ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
DirectX -> %SystemRoot%\System32\DirectX ->  [Folder | Modified Date = 01.05.2008 21:32:47 | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 16.05.2008 15:16:32 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 16.05.2008 15:37:04 | Attr =    ]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 19.04.2008 13:35:04 | Attr =    ]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 21740 bytes | Modified Date = 19.04.2008 08:49:29 | Attr =    ]
etpyfitb.dll -> %SystemRoot%\System32\etpyfitb.dll ->  [Ver =  | Size = 90816 bytes | Modified Date = 14.05.2008 16:06:54 | Attr =    ]
EUupdate.installed -> %SystemRoot%\System32\EUupdate.installed ->  [Ver =  | Size = 3 bytes | Modified Date = 19.04.2008 10:16:45 | Attr =    ]
export -> %SystemRoot%\System32\export ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 1564144 bytes | Modified Date = 11.05.2008 09:49:06 | Attr =    ]
gaeffect.sti -> %SystemRoot%\System32\gaeffect.sti ->  [Ver =  | Size = 4808 bytes | Modified Date = 10.05.2008 13:46:56 | Attr =    ]
gafilter.sti -> %SystemRoot%\System32\gafilter.sti ->  [Ver =  | Size = 3176 bytes | Modified Date = 10.05.2008 13:46:57 | Attr =    ]
ias -> %SystemRoot%\System32\ias ->  [Folder | Modified Date = 19.04.2008 08:51:13 | Attr =    ]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Modified Date = 19.04.2008 00:58:19 | Attr =    ]
IME -> %SystemRoot%\System32\IME ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
inetsrv -> %SystemRoot%\System32\inetsrv ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 19.04.2008 13:18:52 | Attr =    ]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 19.04.2008 08:50:43 | Attr = RH ]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 19.04.2008 08:49:44 | Attr =    ]
Microsoft -> %SystemRoot%\System32\Microsoft ->  [Folder | Modified Date = 19.04.2008 09:35:15 | Attr =   S]
MsDtc -> %SystemRoot%\System32\MsDtc ->  [Folder | Modified Date = 19.04.2008 08:49:26 | Attr =    ]
mui -> %SystemRoot%\System32\mui ->  [Folder | Modified Date = 19.04.2008 11:02:22 | Attr =    ]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 19.04.2008 08:50:37 | Attr = RH ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 19.04.2008 09:29:19 | Attr =    ]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 19.04.2008 13:23:25 | Attr =    ]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 20.04.2008 17:24:39 | Attr =    ]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 19.04.2008 08:50:37 | Attr = RH ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 19.04.2008 09:31:14 | Attr =    ]
perfc007.dat -> %SystemRoot%\System32\perfc007.dat ->  [Ver =  | Size = 81404 bytes | Modified Date = 27.04.2008 15:06:27 | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 59440 bytes | Modified Date = 19.04.2008 17:37:41 | Attr =    ]
perfh007.dat -> %SystemRoot%\System32\perfh007.dat ->  [Ver =  | Size = 433430 bytes | Modified Date = 27.04.2008 15:06:27 | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 395200 bytes | Modified Date = 19.04.2008 17:37:41 | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 973496 bytes | Modified Date = 27.04.2008 15:06:27 | Attr =    ]
PreInstall -> %SystemRoot%\System32\PreInstall ->  [Folder | Modified Date = 19.04.2008 11:29:33 | Attr =    ]
ras -> %SystemRoot%\System32\ras ->  [Folder | Modified Date = 19.04.2008 00:58:27 | Attr =    ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 19.04.2008 09:27:00 | Attr =    ]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 15.05.2008 22:31:06 | Attr =    ]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 19.04.2008 08:50:37 | Attr = RH ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 19.04.2008 09:31:14 | Attr =    ]
ShellExt -> %SystemRoot%\System32\ShellExt ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
SoftwareDistribution -> %SystemRoot%\System32\SoftwareDistribution ->  [Folder | Modified Date = 19.04.2008 11:16:14 | Attr =    ]
spool -> %SystemRoot%\System32\spool ->  [Folder | Modified Date = 19.04.2008 08:47:39 | Attr =    ]
TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.15 | Size = 354560 bytes | Modified Date = 19.04.2008 12:30:57 | Attr =    ]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 19.04.2008 09:28:56 | Attr =    ]
vbrun60sp6.installed -> %SystemRoot%\System32\vbrun60sp6.installed ->  [Ver =  | Size = 3 bytes | Modified Date = 19.04.2008 09:59:13 | Attr =    ]
VGAunistlog.ini -> %SystemRoot%\System32\VGAunistlog.ini ->  [Ver =  | Size = 33 bytes | Modified Date = 19.04.2008 10:37:05 | Attr =    ]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 19.04.2008 17:37:42 | Attr =    ]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 19.04.2008 08:50:43 | Attr = RH ]
wins -> %SystemRoot%\System32\wins ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
wmpscheme.xml -> %SystemRoot%\System32\wmpscheme.xml ->  [Ver =  | Size = 25065 bytes | Modified Date = 19.04.2008 08:58:43 | Attr =    ]
Wordpad-Converter-ZLib-update.installed -> %SystemRoot%\System32\Wordpad-Converter-ZLib-update.installed ->  [Ver =  | Size = 3 bytes | Modified Date = 19.04.2008 09:51:29 | Attr =    ]
wpa.bak -> %SystemRoot%\System32\wpa.bak ->  [Ver =  | Size = 13646 bytes | Modified Date = 19.04.2008 11:12:42 | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 15.05.2008 22:08:48 | Attr =    ]
ws344069.ocx -> %SystemRoot%\System32\ws344069.ocx ->  [Ver =  | Size = 461 bytes | Modified Date = 10.05.2008 18:25:00 | Attr =  H ]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 19.04.2008 08:50:37 | Attr = RH ]
xircom -> %SystemRoot%\System32\xircom ->  [Folder | Modified Date = 19.04.2008 08:51:36 | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 15.05.2008 21:48:11 | Attr =  H ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 19.04.2008 09:52:54 | Attr =  H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 19.04.2008 09:26:16 | Attr =  H ]
$NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ ->  [Folder | Modified Date = 19.04.2008 10:10:26 | Attr =  H ]
$NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ ->  [Folder | Modified Date = 19.04.2008 10:10:13 | Attr =  H ]
addins -> %SystemRoot%\addins ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 19.04.2008 10:33:21 | Attr =    ]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 01.05.2008 21:32:45 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 16.05.2008 19:36:30 | Attr =   S]
BRDIAG.INI -> %SystemRoot%\BRDIAG.INI ->  [Ver =  | Size = 312 bytes | Modified Date = 19.04.2008 13:12:18 | Attr =    ]
brmx2001.ini -> %SystemRoot%\brmx2001.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 12:16:46 | Attr =    ]
BROHL143.INI -> %SystemRoot%\BROHL143.INI ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 12:16:46 | Attr =    ]
Brownie.ini -> %SystemRoot%\Brownie.ini ->  [Ver =  | Size = 23 bytes | Modified Date = 19.04.2008 13:12:25 | Attr =    ]
BRPP2KA.INI -> %SystemRoot%\BRPP2KA.INI ->  [Ver =  | Size = 26 bytes | Modified Date = 19.04.2008 18:06:43 | Attr =    ]
BRVIDEO.INI -> %SystemRoot%\BRVIDEO.INI ->  [Ver =  | Size = 137 bytes | Modified Date = 19.04.2008 13:00:15 | Attr =    ]
BRWMARK.INI -> %SystemRoot%\BRWMARK.INI ->  [Ver =  | Size = 453 bytes | Modified Date = 22.04.2008 21:16:30 | Attr =    ]
Config -> %SystemRoot%\Config ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
Connection Wizard -> %SystemRoot%\Connection Wizard ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
control.ini -> %SystemRoot%\control.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 08:51:33 | Attr =    ]
CSTBox.INI -> %SystemRoot%\CSTBox.INI ->  [Ver =  | Size = 36363 bytes | Modified Date = 13.05.2008 21:28:55 | Attr =    ]
Cursors -> %SystemRoot%\Cursors ->  [Folder | Modified Date = 19.04.2008 20:06:07 | Attr =    ]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 16.05.2008 15:21:36 | Attr =    ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 14.05.2008 22:24:49 | Attr =   S]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
EHome -> %SystemRoot%\EHome ->  [Folder | Modified Date = 19.04.2008 09:24:33 | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 16.05.2008 15:27:50 | Attr =    ]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 16.05.2008 14:43:36 | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 10.05.2008 13:46:17 | Attr = R S]
gswin32.ini -> %SystemRoot%\gswin32.ini ->  [Ver =  | Size = 43 bytes | Modified Date = 19.04.2008 12:27:22 | Attr =    ]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 19.04.2008 17:09:11 | Attr =    ]
HL-1430.INI -> %SystemRoot%\HL-1430.INI ->  [Ver =  | Size = 13109 bytes | Modified Date = 19.04.2008 13:00:15 | Attr =    ]
Icons -> %SystemRoot%\Icons ->  [Folder | Modified Date = 27.04.2008 20:45:12 | Attr =  H ]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 19.04.2008 10:11:28 | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 19.04.2008 13:08:44 | Attr =    ]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 19.04.2008 09:31:13 | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 16.05.2008 15:16:44 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 16.05.2008 15:20:31 | Attr =  HS]
java -> %SystemRoot%\java ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 19.04.2008 12:40:51 | Attr =    ]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 01.05.2008 21:32:19 | Attr =    ]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1672 bytes | Modified Date = 19.04.2008 13:15:42 | Attr =    ]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 19.04.2008 10:33:22 | Attr =    ]
msapps -> %SystemRoot%\msapps ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 29.04.2008 20:57:55 | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 19.04.2008 11:58:58 | Attr =    ]
Noslip -> %SystemRoot%\Noslip ->  [Folder | Modified Date = 10.05.2008 13:45:51 | Attr =    ]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 19.04.2008 10:43:23 | Attr =    ]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 400 bytes | Modified Date = 19.04.2008 18:42:14 | Attr =    ]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4161 bytes | Modified Date = 19.04.2008 08:51:24 | Attr =    ]
Offline Web Pages -> %SystemRoot%\Offline Web Pages ->  [Folder | Modified Date = 19.04.2008 08:50:43 | Attr = R  ]
opt_1430.ini -> %SystemRoot%\opt_1430.ini ->  [Ver =  | Size = 40 bytes | Modified Date = 19.04.2008 12:17:48 | Attr =    ]
PCHealth -> %SystemRoot%\PCHealth ->  [Folder | Modified Date = 19.04.2008 08:50:03 | Attr =    ]
peernet -> %SystemRoot%\peernet ->  [Folder | Modified Date = 19.04.2008 09:31:01 | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 15.05.2008 06:44:27 | Attr =    ]
PreviewSoft -> %SystemRoot%\PreviewSoft ->  [Folder | Modified Date = 10.05.2008 13:46:23 | Attr =    ]
provisioning -> %SystemRoot%\provisioning ->  [Folder | Modified Date = 19.04.2008 09:31:00 | Attr =    ]
QTFont.for -> %SystemRoot%\QTFont.for ->  [Ver =  | Size = 1409 bytes | Modified Date = 21.04.2008 19:26:06 | Attr =    ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 10.05.2008 18:31:11 | Attr =  H ]
RegisteredPackages -> %SystemRoot%\RegisteredPackages ->  [Folder | Modified Date = 19.04.2008 10:15:22 | Attr =    ]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 01.05.2008 21:04:46 | Attr =    ]
REGLOCS.OLD -> %SystemRoot%\REGLOCS.OLD ->  [Ver =  | Size = 8192 bytes | Modified Date = 19.04.2008 08:54:56 | Attr =    ]
repair -> %SystemRoot%\repair ->  [Folder | Modified Date = 01.05.2008 21:05:05 | Attr =    ]
Resources -> %SystemRoot%\Resources ->  [Folder | Modified Date = 19.04.2008 00:55:27 | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 19.04.2008 10:32:38 | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 19.04.2008 09:45:42 | Attr =    ]
SHELLNEW -> %SystemRoot%\SHELLNEW ->  [Folder | Modified Date = 27.04.2008 14:48:19 | Attr =    ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 19.04.2008 11:19:49 | Attr =    ]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 19.04.2008 09:29:18 | Attr =    ]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 26.04.2008 17:29:00 | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 19.04.2008 16:58:44 | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 16.05.2008 15:30:52 | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 16.05.2008 19:34:46 | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 16.05.2008 19:39:36 | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 16.05.2008 19:40:32 | Attr =    ]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 19.04.2008 12:40:49 | Attr =    ]
ULEAD32.INI -> %SystemRoot%\ULEAD32.INI ->  [Ver =  | Size = 409 bytes | Modified Date = 10.05.2008 18:24:59 | Attr =    ]
vb.ini -> %SystemRoot%\vb.ini ->  [Ver =  | Size = 36 bytes | Modified Date = 19.04.2008 08:49:28 | Attr =    ]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 37 bytes | Modified Date = 19.04.2008 08:49:28 | Attr =    ]
WBEM -> %SystemRoot%\WBEM ->  [Folder | Modified Date = 19.04.2008 10:11:44 | Attr =    ]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 19.04.2008 09:27:49 | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 643 bytes | Modified Date = 27.04.2008 14:41:29 | Attr =    ]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 19.04.2008 08:50:37 | Attr = RH ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 19.04.2008 20:20:56 | Attr =    ]
WMSysPrx.prx -> %SystemRoot%\WMSysPrx.prx ->  [Ver =  | Size = 299552 bytes | Modified Date = 19.04.2008 08:51:28 | Attr =    ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job ->  [Ver =  | Size = 322 bytes | Modified Date = 16.05.2008 19:39:36 | Attr =  H ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 15.05.2008 06:59:14 | Attr =  H ]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader ->  [Folder | Modified Date = 19.04.2008 11:25:45 | Attr =    ]
qmgr0.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 16294 bytes | Modified Date = 16.05.2008 19:37:53 | Attr =    ]
qmgr1.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 16294 bytes | Modified Date = 16.05.2008 19:37:53 | Attr =    ]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\OFFICE\DATA\ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 27.04.2008 14:48:01 | Attr =    ]
opa11.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 19.04.2008 14:19:32 | Attr =    ]
opa12.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8406 bytes | Modified Date = 19.04.2008 16:18:01 | Attr =    ]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Temp\usgthrsvc ->  [Folder | Modified Date = 16.05.2008 19:36:54 | Attr =    ]
Perflib_Perfdata_7f4.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_7f4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 16.05.2008 19:36:54 | Attr =    ]
2 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Temp\usgthrsvc\*.tmp -> 
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Adobe -> %AllUsersProfile%\Anwendungsdaten\Adobe ->  [Folder | Modified Date = 19.04.2008 17:44:07 | Attr =    ]
Apple -> %AllUsersProfile%\Anwendungsdaten\Apple ->  [Folder | Modified Date = 19.04.2008 13:34:38 | Attr =    ]
Apple Computer -> %AllUsersProfile%\Anwendungsdaten\Apple Computer ->  [Folder | Modified Date = 19.04.2008 13:37:25 | Attr =    ]
AVS4YOU -> %AllUsersProfile%\Anwendungsdaten\AVS4YOU ->  [Folder | Modified Date = 22.04.2008 22:04:08 | Attr =    ]
desktop.ini -> %AllUsersProfile%\Anwendungsdaten\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 19.04.2008 09:31:13 | Attr =  HS]
ezsid.dat -> %AllUsersProfile%\Anwendungsdaten\ezsid.dat ->  [Ver =  | Size = 32 bytes | Modified Date = 19.04.2008 18:51:26 | Attr =    ]
FLEXnet -> %AllUsersProfile%\Anwendungsdaten\FLEXnet ->  [Folder | Modified Date = 19.04.2008 18:14:03 | Attr =    ]
Kaspersky Lab -> %AllUsersProfile%\Anwendungsdaten\Kaspersky Lab ->  [Folder | Modified Date = 16.05.2008 19:37:07 | Attr =    ]
Malwarebytes -> %AllUsersProfile%\Anwendungsdaten\Malwarebytes ->  [Folder | Modified Date = 16.05.2008 13:16:03 | Attr =    ]
Microsoft -> %AllUsersProfile%\Anwendungsdaten\Microsoft ->  [Folder | Modified Date = 15.05.2008 22:06:37 | Attr =   S]
Microsoft Help -> %AllUsersProfile%\Anwendungsdaten\Microsoft Help ->  [Folder | Modified Date = 16.05.2008 15:20:12 | Attr =    ]
Nero -> %AllUsersProfile%\Anwendungsdaten\Nero ->  [Folder | Modified Date = 19.04.2008 20:06:30 | Attr =    ]
Office Genuine Advantage -> %AllUsersProfile%\Anwendungsdaten\Office Genuine Advantage ->  [Folder | Modified Date = 19.04.2008 14:11:21 | Attr =    ]
Skype -> %AllUsersProfile%\Anwendungsdaten\Skype ->  [Folder | Modified Date = 19.04.2008 13:25:10 | Attr =    ]
TuneUp Software -> %AllUsersProfile%\Anwendungsdaten\TuneUp Software ->  [Folder | Modified Date = 19.04.2008 12:30:02 | Attr =    ]
Windows Genuine Advantage -> %AllUsersProfile%\Anwendungsdaten\Windows Genuine Advantage ->  [Folder | Modified Date = 19.04.2008 13:05:18 | Attr =    ]
WLInstaller -> %AllUsersProfile%\Anwendungsdaten\WLInstaller ->  [Folder | Modified Date = 19.04.2008 13:29:08 | Attr =    ]
Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 09.05.2008 20:04:53 | Attr =    ]
Apple Computer -> %AppData%\Apple Computer ->  [Folder | Modified Date = 19.04.2008 13:38:27 | Attr =    ]
ATI -> %AppData%\ATI ->  [Folder | Modified Date = 19.04.2008 11:14:53 | Attr =    ]
AVS4YOU -> %AppData%\AVS4YOU ->  [Folder | Modified Date = 23.04.2008 20:35:18 | Attr =    ]
Canon -> %AppData%\Canon ->  [Folder | Modified Date = 19.04.2008 12:58:38 | Attr =    ]
DAEMON Tools -> %AppData%\DAEMON Tools ->  [Folder | Modified Date = 01.05.2008 20:34:27 | Attr =    ]
desktop.ini -> %AppData%\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 19.04.2008 09:31:13 | Attr =  HS]
DivX -> %AppData%\DivX ->  [Folder | Modified Date = 20.04.2008 18:37:59 | Attr =    ]
dvdcss -> %AppData%\dvdcss ->  [Folder | Modified Date = 29.04.2008 20:58:21 | Attr =    ]
Help -> %AppData%\Help ->  [Folder | Modified Date = 10.05.2008 14:20:59 | Attr =    ]
ICQ -> %AppData%\ICQ ->  [Folder | Modified Date = 19.04.2008 13:37:32 | Attr =    ]
Identities -> %AppData%\Identities ->  [Folder | Modified Date = 19.04.2008 08:58:42 | Attr =    ]
IEPro -> %AppData%\IEPro ->  [Folder | Modified Date = 19.04.2008 11:49:55 | Attr =    ]
InstallShield -> %AppData%\InstallShield ->  [Folder | Modified Date = 01.05.2008 21:08:10 | Attr =    ]
Macromedia -> %AppData%\Macromedia ->  [Folder | Modified Date = 19.04.2008 10:57:23 | Attr =    ]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 16.05.2008 13:16:13 | Attr =    ]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 09.05.2008 15:19:03 | Attr =   S]
MiniDm -> %AppData%\MiniDm ->  [Folder | Modified Date = 19.04.2008 12:23:15 | Attr =    ]
Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 19.04.2008 10:43:20 | Attr =    ]
Nero -> %AppData%\Nero ->  [Folder | Modified Date = 19.04.2008 20:15:00 | Attr =    ]
SecuROM -> %AppData%\SecuROM ->  [Folder | Modified Date = 01.05.2008 21:50:25 | Attr = RH ]
Skype -> %AppData%\Skype ->  [Folder | Modified Date = 19.04.2008 19:18:27 | Attr =    ]
skypePM -> %AppData%\skypePM ->  [Folder | Modified Date = 19.04.2008 18:51:27 | Attr =    ]
Sun -> %AppData%\Sun ->  [Folder | Modified Date = 26.04.2008 17:29:00 | Attr =    ]
tor -> %AppData%\tor ->  [Folder | Modified Date = 16.05.2008 14:34:28 | Attr =    ]
TuneUp Software -> %AppData%\TuneUp Software ->  [Folder | Modified Date = 19.04.2008 12:30:54 | Attr =    ]
UseNeXT -> %AppData%\UseNeXT ->  [Folder | Modified Date = 20.04.2008 12:29:40 | Attr =    ]
Vidalia -> %AppData%\Vidalia ->  [Folder | Modified Date = 16.05.2008 14:00:37 | Attr =    ]
vlc -> %AppData%\vlc ->  [Folder | Modified Date = 19.04.2008 13:06:59 | Attr =    ]
Windows Desktop Search -> %AppData%\Windows Desktop Search ->  [Folder | Modified Date = 27.04.2008 15:07:54 | Attr =    ]
Windows-Optimierer -> %AppData%\Windows-Optimierer ->  [Folder | Modified Date = 29.04.2008 20:40:07 | Attr =    ]
WinRAR -> %AppData%\WinRAR ->  [Folder | Modified Date = 19.04.2008 16:11:49 | Attr =    ]
Adobe -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Adobe ->  [Folder | Modified Date = 09.05.2008 20:04:53 | Attr =    ]
Ahead -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Ahead ->  [Folder | Modified Date = 20.04.2008 21:38:18 | Attr =    ]
Apple -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Apple ->  [Folder | Modified Date = 19.04.2008 13:35:17 | Attr =    ]
Apple Computer -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Apple Computer ->  [Folder | Modified Date = 19.04.2008 13:38:28 | Attr =    ]
ATI -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\ATI ->  [Folder | Modified Date = 19.04.2008 11:14:53 | Attr =    ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 17408 bytes | Modified Date = 13.05.2008 20:01:46 | Attr =    ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 71456 bytes | Modified Date = 11.05.2008 12:52:06 | Attr =    ]
Help -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Help ->  [Folder | Modified Date = 10.05.2008 14:20:59 | Attr =    ]
IconCache.db -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\IconCache.db ->  [Ver =  | Size = 4847862 bytes | Modified Date = 16.05.2008 14:34:29 | Attr =  H ]
Identities -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Identities ->  [Folder | Modified Date = 27.04.2008 15:07:57 | Attr =    ]
Microsoft -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Microsoft ->  [Folder | Modified Date = 14.05.2008 22:29:29 | Attr =    ]
Microsoft Help -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Microsoft Help ->  [Folder | Modified Date = 19.04.2008 15:34:44 | Attr =    ]
Mozilla -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Mozilla ->  [Folder | Modified Date = 19.04.2008 10:43:20 | Attr =    ]
Nero -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Nero ->  [Folder | Modified Date = 20.04.2008 21:35:25 | Attr =    ]
Zattoo -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\Zattoo ->  [Folder | Modified Date = 19.04.2008 18:45:17 | Attr =    ]
ZattooPlayer -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\ZattooPlayer ->  [Folder | Modified Date = 19.04.2008 18:17:43 | Attr =    ]
desktop.ini -> %AllUsersProfile%\Dokumente\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 19.04.2008 09:31:13 | Attr =  HS]
Eigene Bilder -> %AllUsersProfile%\Dokumente\Eigene Bilder ->  [Folder | Modified Date = 19.04.2008 08:50:00 | Attr = R  ]
Eigene Musik -> %AllUsersProfile%\Dokumente\Eigene Musik ->  [Folder | Modified Date = 20.04.2008 16:14:21 | Attr = R  ]
Eigene Videos -> %AllUsersProfile%\Dokumente\Eigene Videos ->  [Folder | Modified Date = 19.04.2008 13:27:36 | Attr = R  ]
cut assistan + virtual dub -> %UserProfile%\Eigene Dateien\cut assistan + virtual dub ->  [Folder | Modified Date = 20.04.2008 18:25:30 | Attr =    ]
daguggste -> %UserProfile%\Eigene Dateien\daguggste ->  [Folder | Modified Date = 10.05.2008 18:51:43 | Attr =    ]
desktop.ini -> %UserProfile%\Eigene Dateien\desktop.ini ->  [Ver =  | Size = 83 bytes | Modified Date = 19.04.2008 10:14:05 | Attr =  HS]
Eigene Bilder -> %UserProfile%\Eigene Dateien\Eigene Bilder ->  [Folder | Modified Date = 27.04.2008 20:47:24 | Attr = R  ]
Eigene Musik -> %UserProfile%\Eigene Dateien\Eigene Musik ->  [Folder | Modified Date = 27.04.2008 20:47:24 | Attr = R  ]
Eigene Videos -> %UserProfile%\Eigene Dateien\Eigene Videos ->  [Folder | Modified Date = 20.04.2008 18:37:14 | Attr = R  ]
ICQ -> %UserProfile%\Eigene Dateien\ICQ ->  [Folder | Modified Date = 19.04.2008 19:49:46 | Attr =    ]
Meine empfangenen Dateien -> %UserProfile%\Eigene Dateien\Meine empfangenen Dateien ->  [Folder | Modified Date = 19.04.2008 18:46:31 | Attr =    ]
Meine freigegebenen Ordner.lnk -> %UserProfile%\Eigene Dateien\Meine freigegebenen Ordner.lnk ->  [Ver =  | Size = 584 bytes | Modified Date = 19.04.2008 18:47:17 | Attr =    ]
Multidecoder_1.0.0.41 -> %UserProfile%\Eigene Dateien\Multidecoder_1.0.0.41 ->  [Folder | Modified Date = 13.05.2008 19:26:12 | Attr =    ]
Nero -> %UserProfile%\Eigene Dateien\Nero ->  [Folder | Modified Date = 20.04.2008 13:58:59 | Attr =    ]
Nero Home -> %UserProfile%\Eigene Dateien\Nero Home ->  [Folder | Modified Date = 20.04.2008 21:37:03 | Attr =    ]
Microsoft Office Outlook 2007.lnk -> %AllUsersProfile%\Desktop\Microsoft Office Outlook 2007.lnk ->  [Ver =  | Size = 2607 bytes | Modified Date = 15.05.2008 22:34:43 | Attr =    ]
Microsoft Office Word 2007.lnk -> %AllUsersProfile%\Desktop\Microsoft Office Word 2007.lnk ->  [Ver =  | Size = 2503 bytes | Modified Date = 15.05.2008 22:51:04 | Attr =    ]
Ulead GIF Animator 5.lnk -> %AllUsersProfile%\Desktop\Ulead GIF Animator 5.lnk ->  [Ver =  | Size = 1597 bytes | Modified Date = 10.05.2008 13:46:17 | Attr =    ]
129838.zip -> %UserProfile%\Desktop\129838.zip ->  [Ver =  | Size = 382619 bytes | Modified Date = 06.05.2008 18:00:09 | Attr =    ]
aaw2007.exe -> %UserProfile%\Desktop\aaw2007.exe ->  [Ver =  | Size = 21031280 bytes | Modified Date = 16.05.2008 13:15:36 | Attr =    ]
aaw2007.exe.part -> %UserProfile%\Desktop\aaw2007.exe.part ->  [Ver =  | Size = 5227267 bytes | Modified Date = 15.05.2008 22:32:01 | Attr =    ]
Baseballfeld.png -> %UserProfile%\Desktop\Baseballfeld.png ->  [Ver =  | Size = 12486 bytes | Modified Date = 23.04.2008 21:46:23 | Attr =    ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1916951 bytes | Modified Date = 16.05.2008 13:26:31 | Attr =    ]
deutsch-ordner-der gelbe vogel -> %UserProfile%\Desktop\deutsch-ordner-der gelbe vogel ->  [Folder | Modified Date = 26.04.2008 18:42:25 | Attr =    ]
Dokument.ncd -> %UserProfile%\Desktop\Dokument.ncd ->  [Ver =  | Size = 956102 bytes | Modified Date = 20.04.2008 18:58:44 | Attr =    ]
downloade -> %UserProfile%\Desktop\downloade ->  [Folder | Modified Date = 15.05.2008 21:54:30 | Attr =    ]
flug.doc -> %UserProfile%\Desktop\flug.doc ->  [Ver =  | Size = 27648 bytes | Modified Date = 01.05.2008 13:09:38 | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1698 bytes | Modified Date = 14.05.2008 23:27:41 | Attr =    ]
HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 14.05.2008 23:27:33 | Attr =    ]
hp04.zip -> %UserProfile%\Desktop\hp04.zip ->  [Ver =  | Size = 114176 bytes | Modified Date = 09.05.2008 14:52:37 | Attr =    ]
hp04z -> %UserProfile%\Desktop\hp04z ->  [Folder | Modified Date = 09.05.2008 15:53:38 | Attr =    ]
hp88.zip -> %UserProfile%\Desktop\hp88.zip ->  [Ver =  | Size = 99248 bytes | Modified Date = 09.05.2008 14:51:48 | Attr =    ]
lizenzschlüssel -> %UserProfile%\Desktop\lizenzschlüssel ->  [Folder | Modified Date = 13.05.2008 20:05:26 | Attr =    ]
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes                                                 [Ver = 1.0.0.0              | Size = 1649976 bytes | Modified Date = 16.05.2008 13:14:10 | Attr =    ]
Neu Bitmap.bmp -> %UserProfile%\Desktop\Neu Bitmap.bmp ->  [Ver =  | Size = 921654 bytes | Modified Date = 10.05.2008 13:49:41 | Attr =    ]
OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Modified Date = 16.05.2008 19:34:22 | Attr =    ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 16.05.2008 19:38:27 | Attr =    ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 543023 bytes | Modified Date = 16.05.2008 19:38:15 | Attr =    ]
ratchet und clank -> %UserProfile%\Desktop\ratchet und clank ->  [Folder | Modified Date = 06.05.2008 18:23:03 | Attr =    ]
SEGA -> %UserProfile%\Desktop\SEGA ->  [Folder | Modified Date = 01.05.2008 21:31:43 | Attr =    ]
Start.psd -> %UserProfile%\Desktop\Start.psd ->  [Ver =  | Size = 0 bytes | Modified Date = 08.05.2008 20:24:49 | Attr =    ]
trojaner-töten -> %UserProfile%\Desktop\trojaner-töten ->  [Folder | Modified Date = 16.05.2008 14:42:34 | Attr =    ]
Unbenannt.uga -> %UserProfile%\Desktop\Unbenannt.uga ->  [Ver =  | Size = 355328 bytes | Modified Date = 10.05.2008 18:24:56 | Attr =    ]
vidalia-bundle-0.1.2.19-0.0.16.exe -> %UserProfile%\Desktop\vidalia-bundle-0.1.2.19-0.0.16.exe ->  [Ver = 0.1.2.19-0.0.16 | Size = 6696679 bytes | Modified Date = 16.05.2008 13:38:12 | Attr =    ]
vivaldi -> %UserProfile%\Desktop\vivaldi ->  [Folder | Modified Date = 11.05.2008 12:51:27 | Attr =    ]
windowsdefender.msi -> %UserProfile%\Desktop\windowsdefender.msi ->  [Ver =  | Size = 5155328 bytes | Modified Date = 15.05.2008 22:05:59 | Attr =    ]
zeugs -> %UserProfile%\Desktop\zeugs ->  [Folder | Modified Date = 08.05.2008 20:55:38 | Attr =    ]
desktop.ini -> %AllUsersProfile%\Startmenü\Programme\Autostart\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 19.04.2008 08:51:33 | Attr =  HS]
USB Sharing.lnk -> %AllUsersProfile%\Startmenü\Programme\Autostart\USB Sharing.lnk ->  [Ver =  | Size = 459 bytes | Modified Date = 19.04.2008 12:54:56 | Attr =    ]
desktop.ini -> %UserProfile%\Startmenü\Programme\Autostart\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 19.04.2008 08:51:33 | Attr =  HS]
Adobe -> %CommonProgramFiles%\Adobe ->  [Folder | Modified Date = 19.04.2008 17:42:38 | Attr =    ]
Apple -> %CommonProgramFiles%\Apple ->  [Folder | Modified Date = 19.04.2008 13:34:40 | Attr =    ]
AVSMedia -> %CommonProgramFiles%\AVSMedia ->  [Folder | Modified Date = 23.04.2008 20:44:40 | Attr =    ]
DESIGNER -> %CommonProgramFiles%\DESIGNER ->  [Folder | Modified Date = 27.04.2008 14:48:30 | Attr =    ]
Dienste -> %CommonProgramFiles%\Dienste ->  [Folder | Modified Date = 19.04.2008 08:49:54 | Attr =    ]
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 19.04.2008 12:14:43 | Attr =    ]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 26.04.2008 17:22:40 | Attr =    ]
Macrovision Shared -> %CommonProgramFiles%\Macrovision Shared ->  [Folder | Modified Date = 19.04.2008 17:23:55 | Attr =    ]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 27.04.2008 14:49:34 | Attr =    ]
MSSoap -> %CommonProgramFiles%\MSSoap ->  [Folder | Modified Date = 19.04.2008 08:49:48 | Attr =    ]
Nero -> %CommonProgramFiles%\Nero ->  [Folder | Modified Date = 19.04.2008 20:10:02 | Attr =    ]
ODBC -> %CommonProgramFiles%\ODBC ->  [Folder | Modified Date = 19.04.2008 09:31:45 | Attr =    ]
Skype -> %CommonProgramFiles%\Skype ->  [Folder | Modified Date = 19.04.2008 13:25:00 | Attr =    ]
SpeechEngines -> %CommonProgramFiles%\SpeechEngines ->  [Folder | Modified Date = 19.04.2008 09:31:40 | Attr =    ]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 27.04.2008 14:41:19 | Attr =    ]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Modified Date = 19.04.2008 13:32:37 | Attr =  HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 19.04.2008 12:28:33 | Attr =    ]

< End of report >

#12 Hallo,

avenger
http://virus-protect.org/artikel/tools/avenger.html

kopiere in das weisse Feld:

Zitat

Files to delete:
%SystemRoot%\System32\etpyfitb.dll
%SystemRoot%\System32\wcknrggj.dll
%UserProfile%\Desktop\129838.zip

schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

Klicke: Execute

bestätige, dass der Rechner neu gestartet wird - klicke "yes"
nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), wenn es im Sicherheitsforum verlangt wird, kopiere es ab - mit rechtem Mausklick - kopieren - einfügen
__________
MfG Sabina

rund um die PC-Sicherheit

#13 was meinst du denn damit: "wenn es im sicherheistforum verlang wird"
ich mach einfach immer das was du mir sagst auch wenn mein pc eigentlich im moment wieder normal funktioniert^^
aber hier mal die Logfile:

Avenger-Logfile

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System32\etpyfitb.dll" deleted successfully.

Error: file "C:\WINDOWS\System32\wcknrggj.dll" not found!
Deletion of file "C:\WINDOWS\System32\wcknrggj.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Dokumente und Einstellungen\Maximilian\Desktop\129838.zip" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#14 hallo,
danke fürs posten vom Avenger-log, das wollte ich sehen
scanne mit Bitdefender + poste hier den report
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

#15 Es tut mir leid aber der Bitdefender funktioniert bei mir garnicht.
Sobald ich ihn gestartet hab hat der computer sich aufgeongen.
Da sich das Programm nicht starten lies ging der uninstaller auch nicht. Es ging eigentlich garnichst mehr.
Also bin ich in den abgesicherten modus gegangen und hab mal irg was rumversucht(autostart programme verändedrt usw...) ging aber immer noch nicht. dann hab ich ihm in abgesicherten modus per Hand also so manuel gelsöcht. Das Ding is ja noch schlimmer wie der Winfixxer^^
Ich glaub irg nicht das es an mir lag dass das ding net functe. Aber es geht halt nicht
sry