Home » Viren, Trojaner & Malware Forum » TR/Vundo.Gen - akuter Notstand » Themenansicht

TR/Vundo.Gen - akuter Notstand
#0
16.05.2008, 11:02
Ratlo_ser
...neu hier

Beiträge: 6
#1 Hallo Leute,

hab mir TR/Vundo.Gen eingefangen. Macht mich wahnsinn!!
Hier mein HJT log-file. Wär schön wenn jemand helfen könnte!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:44, on 16.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Andi\Desktop\HJT\HiJackThis.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [50662247] rundll32.exe "C:\WINDOWS\system32\hctaamgo.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O21 - SSODL: mpfanvqg - {9204D37D-CF00-4A91-A235-5D4A1B2F5765} - C:\WINDOWS\mpfanvqg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4538 bytes


Grüße
Seitenanfang Seitenende
16.05.2008, 12:04
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#2 Ratlo_ser

1..
mit dem HijackThis löschen ("fixen")

Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

O4 - HKLM\..\Run: [50662247] rundll32.exe "C:\WINDOWS\system32\hctaamgo.dll",b

O21 - SSODL: mpfanvqg - {9204D37D-CF00-4A91-A235-5D4A1B2F5765} - C:\WINDOWS\mpfanvqg.dll
------------

2.
wende rvaxo an + poste hier den report
http://virus-protect.org/artikel/tools/rvaxo.html

3.
cleaner anwenden + die temp-Dateien löschen
http://www.ccleaner.de/?protecus.de

4.
scanne mit malwarebytes, lasse alles gefundene entfernen + post hier den report
http://virus-protect.org/artikel/tools/malwarebytes.html

5.
wende Combofix an + Warnmeldung wegklicken - poste hier den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.05.2008, 12:42
Ratlo_ser
...neu hier

Themenstarter

Beiträge: 6
#3 ******************* RVAXO ***************************


---RVAXO.exe Updated: 2008-05-16---first run---
Uninstallers:

Files found:
C:\WINDOWS\system32\wvvuBcfe.ini2
C:\WINDOWS\fvowketqmvg.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\system32\clkcnt.txt
C:\WINDOWS\system32\mcrh.tmp

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------
Not deleted items:

--------------RVAXO.exe finished----------------
Seitenanfang Seitenende
16.05.2008, 13:17
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#4 ««
cleaner anwenden + die temp-Dateien löschen
http://www.ccleaner.de/?protecus.de

««
scanne mit malwarebytes, lasse alles gefundene entfernen + post hier den report
http://virus-protect.org/artikel/tools/malwarebytes.html

««
wende Combofix an + Warnmeldung wegklicken - poste hier den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.05.2008, 13:31
Ratlo_ser
...neu hier

Themenstarter

Beiträge: 6
#5 Malwarebytes' Anti-Malware 1.12
Datenbank Version: 722

Scan Art: Komplett Scan (C:\|D:\|I:\|)
Objekte gescannt: 132165
Scan Dauer: 38 minute(s), 15 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 2
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 1
Infizierte Datei Objekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
C:\WINDOWS\system32\efcBuvvw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tuvUOhFU.dll (Trojan.Vundo) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{de20bd88-ea0c-4fec-ba6d-71577c227a5a} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{de20bd88-ea0c-4fec-ba6d-71577c227a5a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d1277e3-ad9f-4677-a977-725c7e20602d} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1277e3-ad9f-4677-a977-725c7e20602d} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvuohfu (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
{4d1277e3-ad9f-4677-a977-725c7e20602d} (Trojan.Vundo) -> No action taken.

Infizierte Datei Objekte der Registrierung:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcbuvvw -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcbuvvw -> No action taken.

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\system32\efcBuvvw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvvuBcfe.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvvuBcfe.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hctaamgo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ogmaatch.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tuvUOhFU.dll (Trojan.Vundo) -> No action taken.

####################################

ComboFix 08-05-15.3 - Andi 2008-05-16 14:27:47.2 - NTFSx86
ausgeführt von:: C:\Dokumente und Einstellungen\Andi\Desktop\HJT\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((( Dateien erstellt von 2008-04-16 bis 2008-05-16 ))))))))))))))))))))))))))))))
.

2008-05-16 12:47 . 2008-05-16 13:29 <DIR> d-------- C:\Programme\Malwarebytes' Anti-Malware
2008-05-16 12:47 . 2008-05-16 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\Malwarebytes
2008-05-16 12:47 . 2008-05-16 12:47 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-05-16 12:47 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-16 12:47 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-16 12:43 . 2008-05-16 12:43 <DIR> d-------- C:\Programme\CCleaner
2008-05-16 12:35 . 2008-05-16 12:38 <DIR> d-------- C:\RVAXO
2008-05-16 12:32 . 2008-05-16 07:10 822,165 --a------ C:\WINDOWS\system32\RVAXO.bat
2008-05-16 12:32 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
2008-05-16 10:29 . 2008-05-16 10:29 <DIR> d-------- C:\VundoFix Backups
2008-05-16 10:19 . 2008-05-16 10:19 0 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-16 09:24 . 2008-05-16 09:24 <DIR> d-------- C:\Dokumente und Einstellungen\LocalService\Eigene Dateien
2008-05-14 21:52 . 2008-05-14 21:52 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Talkback
2008-05-14 21:50 . 2008-05-14 21:50 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
2008-05-14 21:49 . 2007-11-08 21:28 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Vorlagen
2008-05-14 21:49 . 2007-11-08 20:21 <DIR> dr------- C:\Dokumente und Einstellungen\Administrator\Startmen
2008-05-14 21:49 . 2007-11-08 20:21 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
2008-05-14 21:49 . 2008-05-16 14:30 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
2008-05-14 21:49 . 2007-11-08 20:21 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Favoriten
2008-05-14 21:49 . 2007-11-08 20:21 <DIR> d--h----- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
2008-05-14 21:49 . 2008-05-14 21:52 <DIR> dr-h----- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
2008-05-14 21:49 . 2008-05-14 21:50 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator
2008-05-14 21:49 . 2008-05-16 13:34 1,024 --ah----- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
2008-05-14 21:44 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-14 21:44 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-14 21:44 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-14 21:44 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-14 21:44 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-14 21:44 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-14 21:44 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-14 21:44 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-14 21:44 . 2008-05-16 10:44 2,126 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-14 20:25 . 2008-05-14 20:25 <DIR> d-------- C:\Programme\Lavasoft
2008-05-14 20:24 . 2008-05-14 20:29 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-05-14 20:17 . 2008-05-14 20:17 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2008-05-14 19:59 . 2008-05-14 19:59 <DIR> d-------- C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\TmpRecentIcons
2008-04-16 20:01 . 2008-04-16 20:01 <DIR> d-------- C:\Programme\TVAnts
3 Datei(en) . 525,502 C:\ComboFix\Bytes
2 Datei(en) . 0 C:\ComboFix\Bytes
1 Datei(en) . 62 C:\ComboFix\Bytes

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 12:33 11,001,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-16 12:33 --------- d-----w C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\Skype
2008-05-16 12:31 130,976 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-16 12:31 1,870,399 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-16 10:35 1,700,352 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-16 10:35 1,568,256 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-05-16 07:19 --------- d-----w C:\Dokumente und Einstellungen\Andi\Anwendungsdaten\skypePM
2008-04-03 20:47 --------- d--h--w C:\Programme\InstallShield Installation Information
2008-04-01 18:43 --------- d-----w C:\Programme\SopCast
2008-03-30 21:26 --------- d-----w C:\Programme\MSXML 4.0
2008-03-30 10:16 --------- d-----w C:\Programme\Gemeinsame Dateien\Adobe
2008-03-30 09:48 --------- d-----w C:\Programme\TeXnicCenter
2008-03-30 09:48 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MiKTeX
2008-03-30 09:46 --------- d-----w C:\Programme\MiKTeX 2.7
2008-03-29 14:31 --------- d-----w C:\Programme\TVUPlayer
2008-03-29 14:29 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TVU networks
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 187,168 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:03 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 08:59 665,088 ----a-w C:\WINDOWS\system32\wininet.dll
2002-01-01 19:58 32 ----a-w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-16_13.44.07.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2007-11-01 05:15:30 187,168 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-11-01 05:15:31 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:14:12 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:14:17 217,312 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:14:11 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:14:35 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:15:25 377,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
- 2008-05-16 11:39:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-16 12:31:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2006-02-28 12:00:00 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-02-28 12:00:00 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2006-02-28 12:00:00 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-02-28 12:00:00 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2006-02-28 12:00:00 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2006-02-28 12:00:00 180,255 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-25 04:51:12 187,168 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll
- 2006-02-28 12:00:00 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2006-02-28 12:00:00 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2006-02-28 12:00:00 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2006-02-28 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-02-28 12:00:00 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2006-02-28 12:00:00 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2006-02-28 12:00:00 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2006-02-28 12:00:00 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2006-02-28 12:00:00 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2006-02-28 12:00:00 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:51:12 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2006-02-28 12:00:00 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-02-28 12:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2006-02-28 12:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2006-02-28 12:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2006-02-28 12:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2006-02-28 12:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2006-02-28 12:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2006-02-28 12:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2006-02-28 12:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2006-02-28 12:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2006-02-28 12:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2006-02-28 12:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2006-02-28 12:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2006-02-28 12:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2006-02-28 12:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2007-03-06 01:14:08 15,584 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-06 01:14:12 15,584 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F09AA833-093B-4018-866A-2968357821B3}]
C:\WINDOWS\fvowketqmvg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 14:00 15360]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568]
"MSMSGS"="C:\Programme\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="C:\Programme\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 03:36 81920]
"nForce Tray Options"="sstray.exe" [2002-10-27 01:02 77824 C:\WINDOWS\system32\sstray.exe]
"CARPService"="carpserv.exe" [2002-05-14 07:36 4608 C:\WINDOWS\system32\carpserv.exe]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"ZoneAlarm Client"="C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2002-12-13 04:00 294912 C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-04-16 00:11 262401 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programme\\Skype\\Phone\\Skype.exe"=

R0 PDDSLHND;PDDSLHND;C:\WINDOWS\system32\drivers\PDDSLHND.sys [2005-10-09 17:13]
R3 Cap7134;TV-Station (SAA7134Capture with MK3-Tuner);C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-10-23 14:46]
R3 PDDSLADP;ProDyne DSL Adapter;C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS [2005-10-09 17:13]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 14:32:49
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-05-16 14:35:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 12:35:05
ComboFix2.txt 2008-05-16 11:44:55

9 Verzeichnis(se), 34,957,328,384 Bytes frei
10 Verzeichnis(se), 34,966,642,688 Bytes frei

234 --- E O F --- 2008-05-16 11:45:19
Dieser Beitrag wurde am 16.05.2008 um 14:40 Uhr von Ratlo_ser editiert.
Seitenanfang Seitenende
16.05.2008, 15:18
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#6 Hallo,

wende otscanit an (laut Anleitung) + poste den report
http://virus-protect.org/artikel/tools/otscanit.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
16.05.2008, 17:49
Ratlo_ser
...neu hier

Themenstarter

Beiträge: 6
#7

Code

OTScanIt logfile created on: 16.05.2008 17:06:21
OTScanIt by OldTimer - Version 1.0.14.0     Folder = C:\Dokumente und Einstellungen\Andi\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
255,48 Mb Total Physical Memory | 93,34 Mb Available Physical Memory | 36,54% Memory free
618,11 Mb Paging File | 332,87 Mb Available in Paging File | 53,85% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 32,55 Gb Free Space | 83,33% Space Free | Partition Type: NTFS
Drive D: | 5,33 Gb Total Space | 2,22 Gb Free Space | 41,68% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 67,39 Gb Total Space | 39,92 Gb Free Space | 59,24% Space Free | Partition Type: NTFS

Computer Name: STRESSER
Current User Name: Andi
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 13.12.2007 20:27:10 | Attr =    ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 19.03.2008 17:08:58 | Attr =    ]
avguard.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.15 | Size = 147201 bytes | Modified Date = 16.04.2008 00:11:19 | Attr =    ]
winampa.exe -> %ProgramFiles%\Winamp\winampa.exe ->  [Ver =  | Size = 36352 bytes | Modified Date = 10.10.2007 07:28:32 | Attr =    ]
ssaad.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 07.01.2006 03:36:10 | Attr =    ]
sstray.exe -> %SystemRoot%\system32\sstray.exe -> NVIDIA Corporation [Ver = 1.00.00.0298 | Size = 77824 bytes | Modified Date = 27.10.2002 01:02:06 | Attr =    ]
carpserv.exe -> %SystemRoot%\system32\carpserv.exe -> Conexant Systems [Ver = 5.03.13.00 | Size = 4608 bytes | Modified Date = 14.05.2002 07:36:04 | Attr =    ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22.02.2008 05:25:21 | Attr =    ]
zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 13.12.2007 20:27:10 | Attr =    ]
sched.exe -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 16.04.2008 00:11:20 | Attr =    ]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe ->  [Ver =  | Size = 147456 bytes | Modified Date = 13.12.2002 05:43:28 | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 17.04.2008 22:26:48 | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.0 | Size = 372224 bytes | Modified Date = 09.05.2008 21:51:12 | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 19.03.2008 17:08:58 | Attr =    ]
(AntiVirScheduler) AntiVir PersonalEdition Classic Planer [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 8.00.00.12 | Size = 68865 bytes | Modified Date = 16.04.2008 00:11:20 | Attr =    ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avguard.exe -> Avira GmbH [Ver = 8.00.01.15 | Size = 147201 bytes | Modified Date = 16.04.2008 00:11:19 | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe ->  [Ver =  | Size = 147456 bytes | Modified Date = 13.12.2002 05:43:28 | Attr =    ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0004 | Size = 110677 bytes | Modified Date = 13.12.2002 04:00:00 | Attr =    ]
(dmadmin) Verwaltungsdienst für die Verwaltung logischer Datenträger [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
(MSCSPTISRV) MSCSPTISRV [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\MSCSPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24.11.2005 18:03:22 | Attr =    ]
(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 53337 bytes | Modified Date = 24.11.2005 17:57:44 | Attr =    ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 4.4.00.11241 | Size = 69718 bytes | Modified Date = 24.11.2005 17:47:30 | Attr =    ]
(SSScsiSV) SonicStage SCSI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SSScsiSV.exe -> Sony Corporation [Ver = 3.4.01.13062 | Size = 69632 bytes | Modified Date = 06.01.2006 23:25:12 | Attr =    ]
(vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 75304 bytes | Modified Date = 13.12.2007 20:27:10 | Attr =    ]

[Driver Services - Non-Microsoft Only]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.01.6255 | Size = 546560 bytes | Modified Date = 13.12.2002 05:53:10 | Attr =    ]
(avgio) avgio [Kernel | System | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgio.sys -> Avira GmbH [Ver = 1.0.0.30 | Size = 11840 bytes | Modified Date = 27.02.2007 16:25:04 | Attr =    ]
(avgntflt) avgntflt [File_System | On_Demand | Running] -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -> Avira GmbH [Ver = 7.00.01.08 | Size = 49472 bytes | Modified Date = 16.04.2008 00:11:21 | Attr =    ]
(avipbb) avipbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avipbb.sys -> Avira GmbH [Ver = 1.00.02.22 | Size = 79424 bytes | Modified Date = 16.04.2008 00:11:22 | Attr =    ]
(Cap7134) TV-Station (SAA7134Capture with MK3-Tuner) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Cap7134.sys -> Philips Semiconductors [Ver = 1, 6, 0, 1 | Size = 423008 bytes | Modified Date = 23.10.2002 14:46:14 | Attr = R  ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 800384 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 154112 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> Conexant Systems [Ver = 5.03.13.00 | Size = 167491 bytes | Modified Date = 14.05.2002 07:33:32 | Attr =    ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems [Ver = 5.03.13.00 | Size = 1172000 bytes | Modified Date = 14.05.2002 07:32:58 | Attr =    ]
(KLIF) KLIF [File_System | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 7.0.0.122 | Size = 127768 bytes | Modified Date = 19.07.2007 16:10:28 | Attr =    ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 101.001 | Size = 9855 bytes | Modified Date = 22.10.2001 08:46:42 | Attr =    ]
(nvax) Service for NVIDIA(R) nForce(TM) Audio Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvax.sys -> NVIDIA Corporation [Ver = 5.10.2896.0 built by: WinDDK | Size = 12928 bytes | Modified Date = 25.10.2002 14:11:00 | Attr =    ]
(NVENET) NVIDIA nForce MCP Networking Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENET.sys -> NVIDIA Corporation [Ver = 4.14.01.0281 | Size = 80896 bytes | Modified Date = 24.09.2002 04:37:00 | Attr =    ]
(nvnforce) Service for NVIDIA(R) nForce(TM) Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvapu.sys -> NVIDIA Corporation [Ver = 5.10.2896.0 built by: WinDDK | Size = 236672 bytes | Modified Date = 25.10.2002 14:11:00 | Attr =    ]
(nv_agp) NVIDIA nForce AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nv_agp.SYS -> NVIDIA Corporation [Ver = 4.12.01.0278 | Size = 13568 bytes | Modified Date = 07.09.2002 05:24:00 | Attr =    ]
(PDDSLADP) ProDyne DSL Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PDDSLADP.SYS -> ProDyne [Ver = 3.0.0.0 | Size = 15571 bytes | Modified Date = 09.10.2005 17:13:58 | Attr =    ]
(PDDSLHND) PDDSLHND [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PDDSLHND.SYS -> ProDyne [Ver = 3 | Size = 15187 bytes | Modified Date = 09.10.2005 17:13:58 | Attr =    ]
(Ptilink) Treiber für direkte Parallelverbindung [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 08.03.2007 01:51:00 | Attr =    ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13.11.2007 12:25:53 | Attr =    ]
(srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> Zone Labs, LLC [Ver = 5, 0, 187, 0 | Size = 51176 bytes | Modified Date = 18.10.2007 21:18:44 | Attr =    ]
(ssmdrv) ssmdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ssmdrv.sys -> AVIRA GmbH [Ver = 7.00.01.02 | Size = 21248 bytes | Modified Date = 16.04.2008 00:11:22 | Attr =    ]
(StreamDispatcher) StreamDispatcher [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\strmdisp.sys -> Conexant Systems [Ver = 5.03.13.00 | Size = 35580 bytes | Modified Date = 14.05.2002 07:36:18 | Attr =    ]
(vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 394952 bytes | Modified Date = 13.12.2007 20:27:14 | Attr =    ]
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems [Ver = 5.03.13.00 | Size = 600560 bytes | Modified Date = 14.05.2002 07:26:50 | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11.01.2008 22:16:38 | Attr =    ]
CARPService -> %SystemRoot%\system32\carpserv.exe [carpserv.exe] -> Conexant Systems [Ver = 5.03.13.00 | Size = 4608 bytes | Modified Date = 14.05.2002 07:36:04 | Attr =    ]
nForce Tray Options -> %SystemRoot%\system32\sstray.exe [sstray.exe /r] -> NVIDIA Corporation [Ver = 1.00.00.0298 | Size = 77824 bytes | Modified Date = 27.10.2002 01:02:06 | Attr =    ]
SsAAD.exe -> %ProgramFiles%\Sony\SonicStage\SSAAD.exe [C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] ->  [Ver = 3.4.01.13062 | Size = 81920 bytes | Modified Date = 07.01.2006 03:36:10 | Attr =    ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22.02.2008 05:25:21 | Attr =    ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe [C:\Programme\Winamp\winampa.exe] ->  [Ver =  | Size = 36352 bytes | Modified Date = 10.10.2007 07:28:32 | Attr =    ]
ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.462.000 | Size = 919016 bytes | Modified Date = 13.12.2007 20:27:10 | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe ["C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 07.12.2007 16:08:02 | Attr = R  ]
< All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> 
< Andi Startup Folder > -> C:\Dokumente und Einstellungen\Andi\Startmenü\Programme\Autostart -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM-Laufwerktreiber -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTOSHIBA_DVD-ROM_SD-M1712________________1004____\5&14576fb3&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomTOSHIBA_DVD-ROM_SD-R5002________________1031____\3259555030323234353620202020202020202020 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 08.11.2007 21:32:11 | Attr =    ]
Autorun.inf [[autorun] | OPEN=Setup.exe | ICON=bin\install.ico,0 | ] -> D:\Autorun.inf [ FAT32 ] ->  [Ver =  | Size = 51 bytes | Modified Date = 24.01.2002 15:22:02 | Attr =    ]
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22.10.2006 23:08:42 | Attr =    ]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 07.12.2007 16:08:02 | Attr =    ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 05:25:19 | Attr =    ]
{F09AA833-093B-4018-866A-2968357821B3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\fvowketqmvg.dll [QXK Rhythm] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22.02.2008 05:25:19 | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22.02.2008 05:25:19 | Attr =    ]
{77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 07.12.2007 16:08:02 | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Konsole] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22.02.2008 05:25:19 | Attr =    ]
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 07.12.2007 16:08:02 | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{6A3EEFAA-DE0A-4D9B-9EBF-4B149E7D5FC6} ->    (1394-Netzwerkadapter) -> 
{8C466742-5132-436F-B78F-72305657FDEA} ->    () -> 
{CE18E522-1DA1-46DF-BC0B-43A873029925} ->    (NVIDIA nForce MCP Networking Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 07.12.2007 16:08:02 | Attr = R  ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15.06.2005 19:49:56 | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25.04.2007 16:22:27 | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 752 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 186880 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119296 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> AD 4F 48 1A 01 05 93 1F 98 B0 3A B3 4D A5 07 B9 34 38 34 30 62 38 62 34 00 FD 07 00 02 7B 00 00 34 FA 07 00 56 82 46 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 FF CE 8C 19 91 70 40 1C 38 02 D3 48  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> A6 CB EE 56 A6 E4 AF 6B 2C  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 2F 94 CB 7C E5 51  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 81 A7 82 EF FF 82 45 8E 1E 51 A4 20 C0 92 8D 18  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 16 93 97 C4 50 B7 C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 A0 13 80 5E 3C C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 A0 13 80 5E 3C C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 A0 13 80 5E 3C C6 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows-Firewall/Gemeinsame Nutzung der Internetverbindung -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 334336 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\
%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142848 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\
%windir%\system32\
sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142848 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\
Programme\Skype\Phone\Skype.exe -> C:\Programme\Skype\Phone\Skype.exe [C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 07.12.2007 16:08:02 | Attr = R  ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatische Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Aktiviert den Download und die Installation von Windows-Updates. Der Computer kann automatische Updates oder die Windows Update-Website nicht verwenden, falls der Dienst deaktiviert wird. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 28.02.2006 14:00:00 | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 267964416 bytes | Created Date = 14.05.2008 22:01:00 | Attr =  HS]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 16.05.2008 13:33:15 | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 16.05.2008 17:04:51 | Attr =  HS]
RVAXO -> %SystemDrive%\RVAXO ->  [Folder | Created Date = 16.05.2008 12:35:57 | Attr =    ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Created Date = 16.05.2008 10:29:53 | Attr =    ]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Created Date = 16.05.2008 12:47:36 | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Created Date = 16.05.2008 12:47:36 | Attr =    ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 14.05.2008 21:44:18 | Attr =    ]
dumphive.exe -> %SystemRoot%\System32\dumphive.exe ->  [Ver =  | Size = 51200 bytes | Created Date = 14.05.2008 21:44:18 | Attr =    ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Created Date = 14.05.2008 21:44:18 | Attr =    ]
Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 14.05.2008 21:44:17 | Attr =    ]
remove.exe -> %SystemRoot%\System32\remove.exe ->  [Ver =  | Size = 69632 bytes | Created Date = 16.05.2008 12:32:04 | Attr =    ]
RVAXO.bat -> %SystemRoot%\System32\RVAXO.bat ->  [Ver =  | Size = 822165 bytes | Created Date = 16.05.2008 12:32:04 | Attr =    ]
SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver =  | Size = 288417 bytes | Created Date = 14.05.2008 21:44:18 | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2126 bytes | Created Date = 14.05.2008 21:44:46 | Attr =    ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Created Date = 14.05.2008 21:44:18 | Attr =    ]
VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver =  | Size = 289144 bytes | Created Date = 14.05.2008 21:44:18 | Attr =    ]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Created Date = 14.05.2008 21:44:18 | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Created Date = 16.05.2008 13:33:48 | Attr =    ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 16.05.2008 13:33:11 | Attr =    ]

[Files/Folders - Modified Within 30 days]
Dokumente und Einstellungen -> %SystemDrive%\Dokumente und Einstellungen ->  [Folder | Modified Date = 14.05.2008 21:49:49 | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 267964416 bytes | Modified Date = 16.05.2008 14:31:28 | Attr =  HS]
Programme -> %ProgramFiles% ->  [Folder | Modified Date = 16.05.2008 12:47:36 | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 16.05.2008 14:35:15 | Attr =    ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 16.05.2008 17:04:51 | Attr =  HS]
RVAXO -> %SystemDrive%\RVAXO ->  [Folder | Modified Date = 16.05.2008 12:38:02 | Attr =    ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups ->  [Folder | Modified Date = 16.05.2008 10:29:53 | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 16.05.2008 14:36:58 | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 16.05.2008 14:31:49 | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 27 bytes | Modified Date = 16.05.2008 14:31:49 | Attr =    ]
fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat ->  [Ver =  | Size = 11046944 bytes | Modified Date = 16.05.2008 17:02:55 | Attr =  HS]
fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx ->  [Ver =  | Size = 130976 bytes | Modified Date = 16.05.2008 14:31:11 | Attr =  HS]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys ->  [Ver =  | Size = 15864 bytes | Modified Date = 05.05.2008 20:46:32 | Attr =    ]
mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys ->  [Ver =  | Size = 27048 bytes | Modified Date = 05.05.2008 20:46:36 | Attr =    ]
404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Modified Date = 28.04.2008 08:03:00 | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 16.05.2008 14:32:50 | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 16.05.2008 14:30:21 | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 16.05.2008 13:45:12 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 16.05.2008 14:35:25 | Attr =    ]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82944 bytes | Modified Date = 28.04.2008 08:03:00 | Attr =    ]
RVAXO.bat -> %SystemRoot%\System32\RVAXO.bat ->  [Ver =  | Size = 822165 bytes | Modified Date = 16.05.2008 07:10:02 | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 2126 bytes | Modified Date = 16.05.2008 10:44:25 | Attr =    ]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86528 bytes | Modified Date = 24.04.2008 08:10:00 | Attr =    ]
vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml ->  [Ver =  | Size = 358830 bytes | Modified Date = 16.05.2008 14:33:11 | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2422 bytes | Modified Date = 13.05.2008 18:54:34 | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 14.05.2008 17:53:56 | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 16.05.2008 14:31:30 | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 16.05.2008 12:45:22 | Attr =    ]
erdnt -> %SystemRoot%\erdnt ->  [Folder | Modified Date = 16.05.2008 14:30:14 | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 16.05.2008 14:33:03 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 14.05.2008 20:29:01 | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 16.05.2008 17:05:44 | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 16.05.2008 12:31:31 | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 16.05.2008 14:32:36 | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 16.05.2008 14:35:26 | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 16.05.2008 17:04:40 | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 16.05.2008 12:27:18 | Attr =  H ]
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader ->  [Folder | Modified Date = 07.01.2008 19:00:01 | Attr =    ]
qmgr0.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6776 bytes | Modified Date = 16.05.2008 14:33:53 | Attr =    ]
qmgr1.dat -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6776 bytes | Modified Date = 16.05.2008 14:33:53 | Attr =    ]

< End of report >
Seitenanfang Seitenende
16.05.2008, 21:47
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#8 ««

http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

{F09AA833-093B-4018-866A-2968357821B3}

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
17.05.2008, 17:36
Ratlo_ser
...neu hier

Themenstarter

Beiträge: 6
#9 Warnung ist weg, ist das jetzt noch nötig ?
Seitenanfang Seitenende
17.05.2008, 20:16
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#10

Zitat

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F09AA833-093B-4018-866A-2968357821B3}]
C:\WINDOWS\fvowketqmvg.dll
das muss noch raus....
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
25.05.2008, 18:02
Ratlo_ser
...neu hier

Themenstarter

Beiträge: 6
#11 REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "F09AA833-093B-4018-866A-2968357821B3" 25.05.2008 18:00:07

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

Zitat

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09AA833-093B-4018-866A-2968357821B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09AA833-093B-4018-866A-2968357821B3}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09AA833-093B-4018-866A-2968357821B3}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09AA833-093B-4018-866A-2968357821B3}\Programmable]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09AA833-093B-4018-866A-2968357821B3}\TypeLib]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09AA833-093B-4018-866A-2968357821B3}\VersionIndependentProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F09AA833-093B-4018-866A-2968357821B3}]

[HKEY_USERS\S-1-5-21-1645522239-1364589140-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F09AA833-093B-4018-866A-2968357821B3}]

hat etwas gedauert, war länger nicht da. Danke!
Seitenanfang Seitenende
25.05.2008, 19:02
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#12 ««
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als fixme.reg mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden.

Zitat

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F09AA833-093B-4018-866A-2968357821B3}]
[-HKEY_USERS\S-1-5-21-1645522239-1364589140-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F09AA833-093B-4018-866A-2968357821B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F09AA833-093B-4018-866A-2968357821B3}]
Die Datei "fixme.reg" auf dem Desktop doppelklicken
+
der Registry beifuegen

Rechner neustarten
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
04.06.2008, 08:01
coco100
Member

Beiträge: 23
#13 Hallo

Ich habe auch das Problem mit dem TR/Vundo.HG .Ic bitte um Hilfe .Hier ist der HJT Logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:50, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Java\jre1.6.0_05\bin\jusched.exe
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\INCRED~1\bin\ImApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\DeTeWe\TA 33 USB\Capictrl.exe
C:\Programme\internet explorer\iexplore.exe
J:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freenet.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Programme\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programme\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Programme\1&1\1&1 EasyLogin\EasyLogin.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: CAPIControl.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programme\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .UVR: C:\Programme\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hyrican.de
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://de.midas.games.yahoo.net/midasa.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://webgames.d.tmsrv.com/c=dfbe7dae52de86e2debdfba2ec7afb4f/aff=t_25oa_deca_wg/p/release/sonypictures/wg_davincicode/davincicode/DVCDownloadControl.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{77DC5182-3F94-4D04-A6B1-3311CBDC0E48}: NameServer = 192.168.2.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Dienst (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Programme\Gemeinsame Dateien\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: License Management Service ESD - Unknown owner - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe (file missing)

--
End of file - 9403 bytes


Vielen Dank schon mal im vorraus
Seitenanfang Seitenende
04.06.2008, 10:51
Sasa87
...neu hier

Beiträge: 1
#14 Hallo..
ich hatte bis gestern auch den Vundo auf dem Rechner.. der hätte mich fast dazu gebracht meinen PC zu verschrotten..
Bis ich dann endlich nach Zahllosen suchen auf ne super Freespyware gekommen bin...
selbst mit Hijackthis und Vundoremover bin ich verzweifelt... diese konnten mir den Trojaner auch nicht entfernen.. und ich habe 2 wochen gebraucht..
nunja..
gestern bin ich dann letztendlich auf SUPERAntispyware Free Edition gestoßen...
diese Vundo entfernt sowie auch Malware und Spyware die man auf normalen Virenpropgrammen nicht entfernen kann..

http://virus-protect.org/artikel/tools/superantispyware.html
http://www.SUPERAntiSpyware.com

vielleicht kann der euch ja helfen und euch besänftigen;)ich bin glücklich
Seitenanfang Seitenende
04.06.2008, 11:55
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#15 Hallo coco100

1.
wende bitte windowsscan an + poste den report
http://virus-protect.org/artikel/tools/windowsscan.html

2.
entferne alle temporären Dateien
http://www.ccleaner.de/?protecus.de

3.
wende Combofix an , klicke die warnmeldung weg + poste den report hier
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1