Home » Viren, Trojaner & Malware Forum » Problem mit Trojaner TR/Vundo.HI » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

Problem mit Trojaner TR/Vundo.HI

11.06.2008, 12:28

Sabina

Ehrenmitglied

Beiträge: 29434

#16 wende dialfix an + berichte, ob die windowsupdates wieder funktionieren
http://virus-protect.org/artikel/tools/dial_a_fix.html
__________
MfG Sabina

rund um die PC-Sicherheit

11.06.2008, 21:05

hugodepayns

Member

Themenstarter

Beiträge: 11

#17 Servus!

Das Windows Update funktioniert immer noch nicht.
Die gleiche Fehlermeldung, die ich beim letzten Mal gepostet habe, ist wieder erschienen. Habe vorher Dialfix durchlaufen lassen und auch dort wurden Fehlermeldungen angezeigt.
Hänge daher den log an. Vielleicht kannst Du ja was damit anfangen.

Greetz!

Tobi

Dialfix-log:

Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
dial-a-fix@DjLizard.net and include a copy of this log

DAF version: v0.60.0.24

--- System info ---
OS: Microsoft Windows XP Service Pack 2
IE version: 6.0.2900.2180
MPC: 55274-640
CPU: AMD Athlon(tm) XP 1800+ (~1490MHz)
BIOS: 06.10.2003
Memory (approx): 1023MB
Uptime: 0 hour(s)
Current directory: C:\Dokumente und Einstellungen\Tobias Härtling\Desktop\Dial-a-fix
---

31.12.2001 23:07:50 -- Dial-a-fix : [v0.60.0.24] -- started
23:07:50 | Policy scan started
23:07:50 | Policy scan ended - no restrictive policies were found
--- Emptying temp folders ---
23:07:57 | Deleting C:\Dokumente und Einstellungen\Tobias Härtling\Lokale Einstellungen\Temp...
23:07:58 | C:\Dokumente und Einstellungen\Tobias Härtling\Lokale Einstellungen\Temp could not be completely emptied, please reboot and try again
23:07:58 | Deleting C:\WINDOWS\temp...
23:07:58 | C:\WINDOWS\temp has been re-created
23:07:58 | Deleting C:\DOKUME~1\TOBIAS~1\LOKALE~1\Temp...
23:07:59 | C:\DOKUME~1\TOBIAS~1\LOKALE~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
20:16:48 | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
20:18:31 | Unregistered: C:\WINDOWS\system32\msxml.dll
20:18:31 | Registered: C:\WINDOWS\system32\msxml.dll
20:18:32 | Unregistered: C:\WINDOWS\system32\msxml2.dll
20:18:32 | Registered: C:\WINDOWS\system32\msxml2.dll
20:18:35 | Unregistered: C:\WINDOWS\system32\msxml3.dll
20:18:35 | Registered: C:\WINDOWS\system32\msxml3.dll
20:18:36 | Unregistered: C:\WINDOWS\system32\msxml4.dll
20:18:36 | Registered: C:\WINDOWS\system32\msxml4.dll
20:18:36 | Unregistered: C:\WINDOWS\system32\qmgr.dll
20:18:36 | Registered: C:\WINDOWS\system32\qmgr.dll
20:18:36 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
20:18:36 | Registered: C:\WINDOWS\system32\qmgrprxy.dll
20:18:37 | Unregistered: C:\WINDOWS\system32\muweb.dll
20:18:37 | Registered: C:\WINDOWS\system32\muweb.dll
20:18:37 | Unregistered: C:\WINDOWS\system32\winhttp.dll
20:18:37 | Registered: C:\WINDOWS\system32\winhttp.dll
20:18:37 | Registered: C:\WINDOWS\system32\wuapi.dll
20:18:48 | Unregistered: C:\WINDOWS\system32\wuaueng.dll
20:19:36 | Error during registration of C:\WINDOWS\system32\wuaueng.dll - version: 7.0.6000.381. The error returned is: Der angegebene Dienst wurde zum Löschen markiert.
(-2147023824)
20:19:36 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
20:19:36 | Registered: C:\WINDOWS\system32\wuaueng1.dll
20:19:36 | Unregistered: C:\WINDOWS\system32\wucltui.dll
20:19:37 | Registered: C:\WINDOWS\system32\wucltui.dll
20:19:37 | Unregistered: C:\WINDOWS\system32\wups.dll
20:19:37 | Registered: C:\WINDOWS\system32\wups.dll
20:19:37 | Unregistered: C:\WINDOWS\system32\wups2.dll
20:19:37 | Registered: C:\WINDOWS\system32\wups2.dll
20:19:37 | Unregistered: C:\WINDOWS\system32\wuweb.dll
20:19:37 | Registered: C:\WINDOWS\system32\wuweb.dll
20:19:37 | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
20:19:44 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
20:19:46 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
20:19:46 | Registered: C:\WINDOWS\system32\cryptdlg.dll
20:19:46 | Unregistered: C:\WINDOWS\system32\cryptui.dll
20:19:46 | Registered: C:\WINDOWS\system32\cryptui.dll
20:19:46 | Unregistered: C:\WINDOWS\system32\cryptext.dll
20:19:47 | Registered: C:\WINDOWS\system32\cryptext.dll
20:19:47 | Unregistered: C:\WINDOWS\system32\dssenh.dll
20:19:47 | Registered: C:\WINDOWS\system32\dssenh.dll
20:19:47 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
20:19:47 | Registered: C:\WINDOWS\system32\gpkcsp.dll
20:19:47 | Unregistered: C:\WINDOWS\system32\initpki.dll
20:21:15 | Registered: C:\WINDOWS\system32\initpki.dll
20:21:15 | Unregistered: C:\WINDOWS\system32\licdll.dll
20:21:15 | Registered: C:\WINDOWS\system32\licdll.dll
20:21:15 | Unregistered: C:\WINDOWS\system32\mssign32.dll
20:21:15 | Registered: C:\WINDOWS\system32\mssign32.dll
20:21:15 | Unregistered: C:\WINDOWS\system32\mssip32.dll
20:21:15 | Registered: C:\WINDOWS\system32\mssip32.dll
20:21:16 | Unregistered: C:\WINDOWS\system32\scardssp.dll
20:21:16 | Registered: C:\WINDOWS\system32\scardssp.dll
20:21:16 | Unregistered: C:\WINDOWS\system32\sccbase.dll
20:21:16 | Registered: C:\WINDOWS\system32\sccbase.dll
20:21:16 | Unregistered: C:\WINDOWS\system32\scecli.dll
20:21:17 | Registered: C:\WINDOWS\system32\scecli.dll
20:21:17 | Unregistered: C:\WINDOWS\system32\softpub.dll
20:21:17 | Registered: C:\WINDOWS\system32\softpub.dll
20:21:18 | Unregistered: C:\WINDOWS\system32\slbcsp.dll
20:21:18 | Registered: C:\WINDOWS\system32\slbcsp.dll
20:21:18 | Unregistered: C:\WINDOWS\system32\regwizc.dll
20:21:18 | Registered: C:\WINDOWS\system32\regwizc.dll
20:21:18 | Unregistered: C:\WINDOWS\system32\rsaenh.dll
20:21:18 | Registered: C:\WINDOWS\system32\rsaenh.dll
20:21:18 | Unregistered: C:\WINDOWS\system32\winhttp.dll
20:21:18 | Registered: C:\WINDOWS\system32\winhttp.dll
20:21:18 | Unregistered: C:\WINDOWS\system32\wintrust.dll
20:21:18 | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
20:21:19 | Registered: C:\WINDOWS\system32\acelpdec.ax
20:21:19 | Registered: C:\WINDOWS\system32\actxprxy.dll
20:21:19 | Registered: C:\WINDOWS\system32\asctrls.ocx
20:21:19 | Registered: C:\WINDOWS\system32\daxctle.ocx
20:21:19 | Registered: C:\WINDOWS\system32\hhctrl.ocx
20:21:19 | Registered: C:\WINDOWS\system32\l3codecx.ax
20:21:20 | Registered: C:\WINDOWS\system32\licmgr10.dll
20:21:20 | Registered: C:\WINDOWS\system32\mpg4ds32.ax
20:21:23 | Registered: C:\WINDOWS\system32\msdxm.ocx
20:21:23 | Registered: C:\WINDOWS\system32\proctexe.ocx
20:21:23 | Registered: C:\WINDOWS\system32\tdc.ocx
20:21:23 | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
20:21:25 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
20:21:25 | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
20:21:25 | Registered: C:\WINDOWS\system32\appwiz.cpl
20:21:25 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
20:21:25 | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
20:21:25 | Registered: C:\WINDOWS\system32\quartz.dll
20:21:26 | Registered: C:\WINDOWS\system32\danim.dll
20:21:26 | Registered: C:\WINDOWS\system32\dmscript.dll
20:21:26 | Registered: C:\WINDOWS\system32\dmstyle.dll
20:21:26 | Registered: C:\WINDOWS\system32\dxmasf.dll
20:21:27 | Registered: C:\WINDOWS\system32\dxtmsft.dll
20:21:27 | Registered: C:\WINDOWS\system32\dxtrans.dll
20:21:27 | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
20:21:27 | Registered: C:\WINDOWS\system32\atl.dll
20:21:27 | Registered: C:\WINDOWS\system32\corpol.dll
20:21:27 | Registered: C:\WINDOWS\system32\jscript.dll
20:21:27 | Registered: C:\WINDOWS\system32\dispex.dll
20:21:27 | Registered: C:\WINDOWS\system32\scrrun.dll
20:21:27 | Registered: C:\WINDOWS\system32\scrobj.dll
20:21:28 | Registered: C:\WINDOWS\system32\vbscript.dll
20:21:28 | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
20:21:28 | Registered: C:\WINDOWS\system32\activeds.dll
20:21:28 | Registered: C:\WINDOWS\system32\audiodev.dll
20:21:29 | DllInstalled: C:\WINDOWS\system32\browseui.dll
20:21:29 | Registered: C:\WINDOWS\system32\browseui.dll
20:21:29 | Registered: C:\WINDOWS\system32\browsewm.dll
20:21:29 | Registered: C:\WINDOWS\system32\cabview.dll
20:21:29 | Registered: C:\WINDOWS\system32\cdfview.dll
20:21:29 | Registered: C:\WINDOWS\system32\clbcatex.dll
20:21:30 | Registered: C:\WINDOWS\system32\clbcatq.dll
20:21:30 | Registered: C:\WINDOWS\system32\comcat.dll
20:21:30 | Registered: C:\WINDOWS\system32\cscui.dll
20:21:30 | Registered: C:\WINDOWS\system32\credui.dll
20:21:30 | Registered: C:\WINDOWS\system32\datime.dll
20:21:30 | Registered: C:\WINDOWS\system32\devmgr.dll
20:21:30 | Registered: C:\WINDOWS\system32\dfsshlex.dll
20:21:30 | Registered: C:\WINDOWS\system32\dmdlgs.dll
20:21:30 | Registered: C:\WINDOWS\system32\dmdskmgr.dll
20:21:30 | Registered: C:\WINDOWS\system32\dmloader.dll
20:21:31 | Registered: C:\WINDOWS\system32\dmocx.dll
20:21:31 | Registered: C:\WINDOWS\system32\dmview.ocx
20:21:31 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
20:21:31 | Registered: C:\WINDOWS\system32\dsuiext.dll
20:21:31 | DllInstalled: C:\WINDOWS\system32\dsquery.dll
20:21:31 | Registered: C:\WINDOWS\system32\dsquery.dll
20:21:31 | Registered: C:\WINDOWS\system32\dskquoui.dll
20:21:31 | Registered: C:\WINDOWS\system32\els.dll
20:21:32 | Registered: C:\WINDOWS\system32\es.dll
20:21:32 | Registered: C:\WINDOWS\system32\fontext.dll
20:21:32 | Registered: C:\WINDOWS\system32\hlink.dll
20:21:32 | Registered: C:\WINDOWS\system32\hnetcfg.dll
20:21:33 | Registered: C:\WINDOWS\system32\iedkcs32.dll
20:21:33 | Registered: C:\WINDOWS\system32\iepeers.dll
20:21:33 | DllInstalled: C:\WINDOWS\system32\iesetup.dll
20:21:33 | Registered: C:\WINDOWS\system32\iesetup.dll
20:21:33 | Registered: C:\WINDOWS\system32\ils.dll
20:21:34 | Registered: C:\WINDOWS\system32\imgutil.dll
20:21:34 | Registered: C:\WINDOWS\system32\inetcfg.dll
20:21:34 | Registered: C:\WINDOWS\system32\inetcomm.dll
20:21:34 | DllInstalled: C:\WINDOWS\system32\inseng.dll
20:21:34 | Registered: C:\WINDOWS\system32\inseng.dll
20:21:34 | Registered: C:\WINDOWS\system32\laprxy.dll
20:21:34 | Registered: C:\WINDOWS\system32\lmrt.dll
20:21:35 | Registered: C:\WINDOWS\system32\mlang.dll
20:21:35 | Registered: C:\WINDOWS\system32\mmcndmgr.dll
20:21:35 | Registered: C:\WINDOWS\system32\mmcshext.dll
20:21:36 | Registered: C:\WINDOWS\system32\mscoree.dll
20:21:36 | DllInstalled: C:\WINDOWS\system32\mshtml.dll
20:21:37 | Registered: C:\WINDOWS\system32\mshtml.dll
20:21:37 | Registered: C:\WINDOWS\system32\mshtmled.dll
20:21:37 | Registered: C:\WINDOWS\system32\msieftp.dll
20:21:38 | Registered: C:\WINDOWS\system32\msoeacct.dll
20:21:38 | Registered: C:\WINDOWS\system32\msr2c.dll
20:21:38 | Registered: C:\WINDOWS\system32\msrating.dll
20:21:38 | DllInstalled: C:\WINDOWS\system32\mydocs.dll
20:21:38 | Registered: C:\WINDOWS\system32\mydocs.dll
20:21:38 | Registered: C:\WINDOWS\system32\mstime.dll
20:21:39 | Registered: C:\WINDOWS\system32\netcfgx.dll
20:21:39 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
20:21:39 | Registered: C:\WINDOWS\system32\netplwiz.dll
20:21:39 | Registered: C:\WINDOWS\system32\netman.dll
20:21:40 | Registered: C:\WINDOWS\system32\netshell.dll
20:21:40 | Registered: C:\WINDOWS\system32\ntmsevt.dll
20:21:40 | Registered: C:\WINDOWS\system32\ntmsmgr.dll
20:21:40 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
20:21:40 | Registered: C:\WINDOWS\system32\ntmssvc.dll
20:21:40 | DllInstalled: C:\WINDOWS\system32\occache.dll
20:21:40 | Registered: C:\WINDOWS\system32\occache.dll
20:21:40 | Registered: C:\WINDOWS\system32\ole32.dll
20:21:40 | Registered: C:\WINDOWS\system32\oleaut32.dll
20:21:40 | Registered: C:\WINDOWS\system32\oleacc.dll
20:21:40 | Registered: C:\WINDOWS\system32\olepro32.dll
20:21:41 | DllInstalled: C:\WINDOWS\system32\photowiz.dll
20:21:41 | Registered: C:\WINDOWS\system32\photowiz.dll
20:21:41 | Registered: C:\WINDOWS\system32\pngfilt.dll
20:21:41 | Registered: C:\WINDOWS\system32\remotepg.dll
20:21:41 | Registered: C:\WINDOWS\system32\rpcrt4.dll
20:21:41 | Registered: C:\WINDOWS\system32\rshx32.dll
20:21:41 | Registered: C:\WINDOWS\system32\sendmail.dll
20:21:41 | Registered: C:\WINDOWS\system32\slayerxp.dll
20:21:44 | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
20:21:44 | Registered: C:\WINDOWS\system32\shdocvw.dll
20:21:44 | Registered: C:\WINDOWS\system32\shell32.dll
20:21:52 | DllInstalled: C:\WINDOWS\system32\shell32.dll
20:21:53 | Registered: C:\WINDOWS\system32\shmedia.dll
20:21:53 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
20:21:53 | Registered: C:\WINDOWS\system32\shimgvw.dll
20:21:53 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
20:21:53 | Registered: C:\WINDOWS\system32\shsvcs.dll
20:21:53 | Registered: C:\WINDOWS\system32\srclient.dll
20:21:53 | Unregistered: C:\WINDOWS\system32\stobject.dll
20:21:53 | Registered: C:\WINDOWS\system32\stobject.dll
20:21:54 | DllInstalled: C:\WINDOWS\system32\themeui.dll
20:21:54 | Registered: C:\WINDOWS\system32\themeui.dll
20:21:54 | Registered: C:\WINDOWS\system32\twext.dll
20:21:55 | DllInstalled: C:\WINDOWS\system32\urlmon.dll
20:21:55 | Registered: C:\WINDOWS\system32\urlmon.dll
20:21:55 | Registered: C:\WINDOWS\system32\userenv.dll
20:21:55 | DllInstalled: C:\WINDOWS\system32\webcheck.dll
20:21:55 | Registered: C:\WINDOWS\system32\webcheck.dll
20:21:55 | Registered: C:\WINDOWS\system32\webvw.dll
20:21:55 | Registered: C:\WINDOWS\system32\winhttp.dll
20:21:55 | DllInstalled: C:\WINDOWS\system32\wininet.dll
20:21:56 | Registered: C:\WINDOWS\system32\zipfldr.dll
20:21:56 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdadc.dll
20:21:56 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaenum.dll
20:21:56 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaer.dll
20:21:56 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaipp.dll
20:21:56 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaora.dll
20:21:56 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaosp.dll
20:21:57 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaps.dll
20:21:57 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdasc.dll
20:21:57 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdasql.dll
20:21:57 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdatt.dll
20:21:57 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdaurl.dll
20:21:58 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdmeng.dll
20:21:58 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msdmine.dll
20:21:58 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msmdcb80.dll
20:21:59 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msmdgd80.dll
20:21:59 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msolap80.dll
20:22:00 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msolui80.dll
20:22:00 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\msxactps.dll
20:22:00 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\oledb32.dll
20:22:00 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\oledb32r.dll
20:22:00 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\sq lol

edb.dll
20:22:00 | Registered: C:\Programme\Gemeinsame Dateien\system\Ole DB\sqlxmlx.dll

11.06.2008, 23:27

Sabina

Ehrenmitglied

Beiträge: 29434

#18 hugodepayns

1.
poste noch mal das log von regstuff zur kontrolle
http://virus-protect.org/registry_stuff.html

2.
bevor du die windowsupdates machst, deaktiviere den sysgate...und vergiss nicht, du musst die windowsupdates mit dem IE machen, nicht mit Firefox oder anderen browsern.

3.
wende sdfix im Normalmodus an ,
http://virus-protect.org/artikel/tools/sdfix.html
RunThis.bat doppelt klicken
schreibe rein: A
poste dann den report
__________
MfG Sabina

rund um die PC-Sicherheit

12.06.2008, 18:41

hugodepayns

Member

Themenstarter

Beiträge: 11

#19 Servus Sabina!

Untenanstehend erst mal die gewünschten logs.
Was das Windowsupdate angeht, so hatte ich das schon über den IE versucht (anders ging es auch gar nicht). Mit dem bekannten Ergebnis. Habe dazu dem IE bei Sygate erlaubt, eine Internetverbindung herzustellen. Ist es das, was Du meinst? Oder muss ich Sygate komplett ausstellen?

Greetz!

Tobi

findstuff-log:

doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz."
"DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00002d18

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000
"DoNotAllowExceptions"=dword:00000000
"DisableNotifications"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*

isabled:@xpsp2res.dll,-22019"
"C:\\Programme\\IncrediMail\\bin\\IMApp.exe"="C:\\Programme\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Programme\\IncrediMail\\bin\\IncMail.exe"="C:\\Programme\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Programme\\IncrediMail\\bin\\ImLc.exe"="C:\\Programme\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Programme\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"="C:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe"
"C:\\Programme\\IncrediMail\\incredimail_install.exe"="C:\\Programme\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Programme\\eMule\\emule.exe"="C:\\Programme\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Programme\\IncrediMail\\incredimail_install_okt.07.exe"="C:\\Programme\\IncrediMail\\incredimail_install_okt.07.exe:*:Enabled:IncrediMail Installer"
"C:\\Programme\\SPSSInc\\SPSS16DE\\spss.com"="C:\\Programme\\SPSSInc\\SPSS16DE\\spss.com:*

isabled:SPSS 16.0 fÃ¼r Windows (1031:com)"
"C:\\Programme\\SPSSInc\\SPSS16DE\\SPSSWinWrapIDE.exe"="C:\\Programme\\SPSSInc\\SPSS16DE\\SPSSWinWrapIDE.exe:*

isabled:SPSS Basic Script Editor (1031)"
"C:\\Programme\\SPSSInc\\SPSS16DE\\spss.exe"="C:\\Programme\\SPSSInc\\SPSS16DE\\spss.exe:*

isabled:SPSS 16.0 fÃ¼r Windows (1031:exe)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50053:TCP"="50053:TCP:*:Enabled:127.0.0.1 "
"20680:UDP"="20680:UDP:*:Enabled:127.0.0.1 "
"49854:TCP"="49854:TCP:*:Enabled:eMule"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Sicherheitscenter"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen."
"DependOnGroup"=hex(7):00
"Group"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]

[HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa]

[HKEY_CURRENT_USER\Software\Microsoft\OLE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger]
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,6d,73,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
"Description"="Ermöglicht Remotebenutzern, Registrierungseinstellungen dieses Computers zu verändern. Wenn dieser Dienst beendet wird, kann die Registrierung nur von lokalen Benutzern dieses Computers verändert werden. Wenn dieser Dienst deaktiviert wird, werden alle von diesem Dienst explizit abhängigen Dienste nicht gestartet werden können."
"DependOnService"=hex(7):52,50,43,53,53,00,00
"DisplayName"="Remote-Registrierung"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,4c,6f,63,61,6c,53,65,72,\
76,69,63,65,00
"ObjectName"="NT AUTHORITY\\LocalService"
"Group"=""
"Start"=dword:00000004
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,e0,ad,08,\
00,01,00,00,00,e8,03,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,72,65,67,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum]
"0"="Root\\LEGACY_REMOTEREGISTRY\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
"Type"=dword:00000010
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,6d,33,32,5c,\
74,6c,6e,74,73,76,72,2e,65,78,65,00
"DisplayName"="Telnet"
"DependOnService"=hex(7):52,50,43,53,53,00,54,43,50,49,50,00,4e,54,4c,4d,53,53,\
50,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"=hex(2):45,72,6d,f6,67,6c,69,63,68,74,20,65,69,6e,65,6d,20,52,65,\
6d,6f,74,65,62,65,6e,75,74,7a,65,72,2c,20,73,69,63,68,20,61,6e,20,64,69,65,\
73,65,6d,20,43,6f,6d,70,75,74,65,72,20,61,6e,7a,75,6d,65,6c,64,65,6e,20,75,\
6e,64,20,50,72,6f,67,72,61,6d,6d,65,20,61,75,73,7a,75,66,fc,68,72,65,6e,2e,\
20,55,6e,74,65,72,73,74,fc,74,7a,74,20,76,65,72,73,63,68,69,65,64,65,6e,65,\
20,54,43,50,2f,49,50,2d,54,65,6c,6e,65,74,63,6c,69,65,6e,74,73,2c,20,65,69,\
6e,73,63,68,6c,69,65,df,6c,69,63,68,20,55,4e,49,58,2d,62,61,73,69,65,72,74,\
65,6e,20,75,6e,64,20,57,69,6e,64,6f,77,73,2d,62,61,73,69,65,72,74,65,6e,20,\
43,6f,6d,70,75,74,65,72,6e,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,\
65,6e,73,74,20,61,6e,67,65,68,61,6c,74,65,6e,20,77,69,72,64,2c,20,69,73,74,\
20,64,65,72,20,52,65,6d,6f,74,65,7a,75,67,72,69,66,66,20,6d,f6,67,6c,69,63,\
68,65,72,77,65,69,73,65,20,6e,69,63,68,74,20,6d,65,68,72,20,76,65,72,66,fc,\
67,62,61,72,2e,20,57,65,6e,6e,20,64,69,65,73,65,72,20,44,69,65,6e,73,74,20,\
64,65,61,6b,74,69,76,69,65,72,74,20,77,69,72,64,2c,20,6b,f6,6e,6e,65,6e,20,\
61,6c,6c,65,20,44,69,65,6e,73,74,65,2c,20,64,69,65,20,65,78,70,6c,69,7a,69,\
74,20,76,6f,6e,20,64,69,65,73,65,6d,20,44,69,65,6e,73,74,20,61,62,68,e4,6e,\
67,65,6e,2c,20,6e,69,63,68,74,20,6d,65,68,72,20,67,65,73,74,61,72,74,65,74,\
20,77,65,72,64,65,6e,2e,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\
14,00,00,00,02,00,48,00,03,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,05,04,00,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00
"MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\
14,00,00,00,02,00,34,00,02,00,00,00,00,00,18,00,1f,00,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,0b,00,00,00,01,01,00,00,00,00,\
00,01,00,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,\
00,00,00,00,05,20,00,00,00,20,02,00,00
"MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\
14,00,00,00,02,00,30,00,02,00,00,00,00,00,14,00,03,00,00,00,01,01,00,00,00,\
00,00,05,07,00,00,00,00,00,14,00,07,00,00,00,01,01,00,00,00,00,00,01,00,00,\
00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,\
05,20,00,00,00,20,02,00,00
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList]
"{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1"
"{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1"
"{0040D221-54A1-11D1-9DE0-006097042D69}"="1"
"{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST]
"System.EnterpriseServices.Thunk.dll"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
"Bounds"=hex:00,30,00,00,00,20,00,00
"Security Packages"=hex(7):6b,65,72,62,65,72,6f,73,00,6d,73,76,31,5f,30,00,73,\
63,68,61,6e,6e,65,6c,00,77,64,69,67,65,73,74,00,00
"ImpersonatePrivilegeUpgradeToolHasRun"=dword:00000001
"LsaPid"=dword:000002f0
"SecureBoot"=dword:00000001
"auditbaseobjects"=dword:00000000
"crashonauditfail"=dword:00000000
"disabledomaincreds"=dword:00000000
"everyoneincludesanonymous"=dword:00000000
"fipsalgorithmpolicy"=dword:00000000
"forceguest"=dword:00000001
"fullprivilegeauditing"=hex:00
"limitblankpassworduse"=dword:00000001
"lmcompatibilitylevel"=dword:00000000
"nodefaultadminowner"=dword:00000001
"nolmhash"=dword:00000000
"restrictanonymous"=dword:00000000
"restrictanonymoussam"=dword:00000001
"Notification Packages"=hex(7):00,73,63,65,63,6c,69,00,73,63,65,63,6c,69,00,00
"enabledcom"="y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
"ProviderOrder"=hex(7):57,69,6e,64,6f,77,73,20,4e,54,20,41,63,63,65,73,73,20,\
50,72,6f,76,69,64,65,72,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider]
"ProviderPath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,6e,74,6d,61,72,74,61,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
"Pattern"=hex:e0,42,26,d0,54,33,dd,84,82,a3,2f,02,c2,fd,98,49,39,31,38,66,36,\
65,35,31,00,fd,07,00,fc,02,00,00,34,fa,07,00,56,82,46,75,20,fa,07,00,40,fd,\
07,00,4c,fd,07,00,4c,38,92,c1,86,5f,8f,40,25,5d,f1,91

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
"GrafBlumGroup"=hex:1c,93,31,0c,3c,3f,75,81,a8

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
"Lookup"=hex:6b,c8,5d,bf,12,f7

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
"Auth132"="IISSUBA"
"ntlmminclientsec"=dword:00000000
"ntlmminserversec"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
"SkewMatrix"=hex:13,7e,ec,76,25,54,2f,92,84,c6,63,0d,5f,26,35,81

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4]
"SSOURL"="http://www.passport.com"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
"Time"=hex:ee,cb,2f,9b,bf,c8,c8,01

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll]
"Name"="Digest"
"Comment"="Digest SSPI Authentication Package"
"Capabilities"=dword:00004050
"RpcId"=dword:0000ffff
"Version"=dword:00000001
"TokenSize"=dword:0000ffff
"Time"=hex:00,a0,ca,bb,e3,7a,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll]
"Name"="DPA"
"Comment"="DPA Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000011
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,a0,ca,bb,e3,7a,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll]
"Name"="MSN"
"Comment"="MSN Security Package"
"Capabilities"=dword:00000037
"RpcId"=dword:00000012
"Version"=dword:00000001
"TokenSize"=dword:00000300
"Time"=hex:00,a0,ca,bb,e3,7a,c4,01
"Type"=dword:00000031

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=dword:00000001
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

SDFix-log:

System Report
*************

Run on 12.06.2008 at 18:21

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [608]
\??\C:\WINDOWS\system32\csrss.exe [664]
\??\C:\WINDOWS\system32\winlogon.exe [692]
C:\WINDOWS\system32\services.exe [736]
C:\WINDOWS\system32\lsass.exe [752]
C:\WINDOWS\system32\svchost.exe [904]
C:\WINDOWS\system32\svchost.exe [996]
C:\WINDOWS\System32\svchost.exe [1092]
C:\Programme\Ahead\InCD\InCDsrv.exe [1116]
C:\Programme\Sygate\SPF\smc.exe [1288]
C:\WINDOWS\system32\svchost.exe [1332]
C:\WINDOWS\system32\svchost.exe [1412]
C:\WINDOWS\system32\spoolsv.exe [1648]
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [1840]
C:\WINDOWS\Explorer.EXE [444]
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [480]
C:\Programme\FRITZ!DSL\IGDCTRL.EXE [492]
C:\Programme\Executive Software\Diskeeper\DkService.exe [520]
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [1268]
C:\WINDOWS\system32\nvsvc32.exe [1196]
C:\WINDOWS\system32\svchost.exe [1372]
C:\Programme\Tenable\Nessus\nessusd.exe [1524]
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [1812]
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [1924]
C:\Programme\DayDisplay\DayDisplay.exe [136]
C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe [200]
C:\Programme\FRITZ!DSL\FwebProt.exe [328]
C:\Programme\Hardcopy\hardcopy.exe [368]
C:\Programme\FRITZ!DSL\StCenter.EXE [196]
C:\WINDOWS\System32\alg.exe [2580]
C:\Programme\Mozilla Firefox\firefox.exe [3008]
C:\PROGRA~1\INCRED~1\bin\IMApp.exe [3680]
C:\WINDOWS\system32\wuauclt.exe [3548]

Drivers - Running:

ACPI
AFD
AmdK7
Arp1394
atapi
audstub
avgio
avgntflt
avipbb
Beep
Cdfs
Cdrom
Disk
dmio
dmload
Fdc
Fips
Flpydisk
FltMgr
Ftdisk
gameenum
Gpc
i8042prt
Imapi
InCDfs
InCDPass
incdrm
IpNat
IPSec
is-0VSNJdrv
is-9RI60drv
is-T8JOQdrv
isapnp
Kbdclass
KSecDD
mnmdd
Mouclass
MountMgr
MRxDAV
Msfs
mssmbios
ms_mpu401
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBT
NIC1394
Npfs
Ntfs
Null
nv
nvax
NVENET
nvnforce
nv_agp
ohci1394
Parport
PartMgr
ParVdm
PCI
PCIIde
pfc
PptpMiniport
PSched
Ptilink
RasAcd
Rasl2tp
RasPppoe
Raspti
RDPCDD
rdpdr
redbook
SASDIFSV
SASENUM
SASKUTIL
sbp2port
serenum
Serial
Si3112r
sr
ssmdrv
swenum
sysaudio
Tcpip
Teefer
TermDD
Update
usbehci
usbhub
usbohci
VgaSave
VolSnap
Wanarp
wdmaud
wg3n
wpsdrvnt
WS2IFSL

Drivers - Stopped:

61883
Abiosdsk
abp480n5
ACPIEC
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
Avc
catchme
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
EL90Xbc
ENUM1394
Fastfat
HidUsb
hpn
HTTP
i2omgmt
i2omp
ini910u
IntelIde
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
kmixer
lbrtfdc
MaxtorFrontPanel1
Modem
mouhid
mraid35x
MSDV
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
NwlnkFlt
NwlnkFwd
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
ROOTMODEM
SE27bus
SE27mdfl
SE27mdm
SE27mgmt
se27nd5
SE27obex
se27unic
Secdrv
Sfloppy
Simbad
SLIP
Sparrow
splitter
streamip
swmidi
symc810
symc8xx
sym_hi
sym_u3
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbccgp
usbscan
USBSTOR
ViaIde
WDICA
WSTCODEC
WudfPf
WudfRd

Services - Running:

ALG
AntiVirScheduler
AntiVirService
AudioSrv
AVM
BITS
CryptSvc
DcomLaunch
Dhcp
Diskeeper
dmserver
Dnscache
ERSvc
Eventlog
EventSystem
helpsvc
InCDsrv
LmHosts
MDM
Netman
Nla
NVSvc
PlugPlay
ProtectedStorage
RasMan
RpcSs
SamSs
seclogon
SENS
SharedAccess
ShellHWDetection
SmcService
Spooler
srservice
stisvc
TapiSrv
Tenable
TermService
Themes
TrkWks
W32Time
WebClient
winmgmt
wscsvc
wuauserv
WZCSVC

Services - Stopped:

Adobe
AppMgmt
aspnet_state
CiSvc
ClipSrv
COMSysApp
de_serv
dmadmin
FastUserSwitchingCompatibility
HidServ
HTTPFilter
ImapiService
InCDsrvR
is-0VSNJ
is-9RI60
is-T8JOQ
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
NtmsSvc
ose
PolicyAgent
RasAuto
RDSessMgr
RemoteAccess
RemoteRegistry
RSVP
SCardSvr
Schedule
SSDPSRV
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
VSS
WmdmPmSN
Wmi
WmiApSrv
WMPNetworkSvc
WudfSvc
xmlprov

Files Created/Modified - 60 Days:

C:\

22 May 2008 15:57:54 14.152 A.... "C:\AVSCAN-20080522-142750-546343A1.LOG"
7 Jun 2008 19:36:00 13.045 A.... "C:\ComboFix.txt"
7 May 2008 15:28:32 8.540 A.... "C:\cp.reg"
7 May 2008 15:28:32 4.269 A.... "C:\Display.txt"

C:\WINDOWS\

11 Jun 2008 20:18:38 5.178 A.... "C:\WINDOWS\bitssetup.log"
30 May 2008 20:47:10 237 A.... "C:\WINDOWS\IE4 Error Log.txt"
5 Jun 2008 17:49:26 116 A.... "C:\WINDOWS\NeroDigital.ini"
9 Jun 2008 22:06:58 1.002 A.... "C:\WINDOWS\OEWABLog.txt"
9 Jun 2008 22:52:58 484.184 A.... "C:\WINDOWS\setupapi.log"
7 Jun 2008 19:32:40 227 A.... "C:\WINDOWS\system.ini"
12 Jun 2008 18:19:28 1.144.862 A.... "C:\WINDOWS\WindowsUpdate.log"
11 Jun 2008 20:21:42 65 ...H. "C:\WINDOWS\Downloaded Program Files\desktop.ini"
11 Jun 2008 20:21:34 67 A.SH. "C:\WINDOWS\Fonts\desktop.ini"
9 Jun 2008 21:52:14 40.552 A.... "C:\WINDOWS\inf\sceregvl.PNF"
17 Apr 2008 20:12:44 90.112 A.... "C:\WINDOWS\Minidump\Mini041708-03.dmp"
19 Apr 2008 20:43:08 90.112 A.... "C:\WINDOWS\Minidump\Mini041908-03.dmp"
18 Apr 2008 15:56:26 90.112 A.... "C:\WINDOWS\Minidump\Mini041808-01.dmp"
19 May 2008 19:00:30 90.112 A.... "C:\WINDOWS\Minidump\Mini051908-01.dmp"
11 May 2008 21:42:46 90.112 A.... "C:\WINDOWS\Minidump\Mini051108-01.dmp"
19 Apr 2008 19:12:20 90.112 A.... "C:\WINDOWS\Minidump\Mini041908-01.dmp"
10 Jun 2008 0:52:00 90.112 A.... "C:\WINDOWS\Minidump\Mini061008-01.dmp"
14 May 2008 19:13:34 90.112 A.... "C:\WINDOWS\Minidump\Mini051408-01.dmp"
30 Apr 2008 19:49:34 90.112 A.... "C:\WINDOWS\Minidump\Mini043008-01.dmp"
30 May 2008 18:13:48 90.112 A.... "C:\WINDOWS\Minidump\Mini053008-01.dmp"
19 Apr 2008 19:19:58 90.112 A.... "C:\WINDOWS\Minidump\Mini041908-02.dmp"
10 Jun 2008 7:16:06 90.112 A.... "C:\WINDOWS\Minidump\Mini061008-02.dmp"
30 May 2008 20:49:18 90.112 A.... "C:\WINDOWS\Minidump\Mini053008-02.dmp"
2 May 2008 3:50:58 90.112 A.... "C:\WINDOWS\Minidump\Mini050208-03.dmp"
7 Jun 2008 23:30:10 90.112 A.... "C:\WINDOWS\Minidump\Mini060708-03.dmp"
3 May 2008 23:33:32 90.112 A.... "C:\WINDOWS\Minidump\Mini050308-03.dmp"
6 Jun 2008 2:30:28 90.112 A.... "C:\WINDOWS\Minidump\Mini060608-03.dmp"
8 Jun 2008 13:07:18 90.112 A.... "C:\WINDOWS\Minidump\Mini060808-03.dmp"
22 May 2008 21:02:46 90.112 A.... "C:\WINDOWS\Minidump\Mini052208-03.dmp"
2 May 2008 22:57:14 90.112 A.... "C:\WINDOWS\Minidump\Mini050208-04.dmp"
7 Jun 2008 23:35:04 90.112 A.... "C:\WINDOWS\Minidump\Mini060708-04.dmp"
9 Jun 2008 23:12:38 90.112 A.... "C:\WINDOWS\Minidump\Mini060908-01.dmp"
7 Jun 2008 19:52:32 90.112 A.... "C:\WINDOWS\Minidump\Mini060708-01.dmp"
3 Jun 2008 18:20:20 90.112 A.... "C:\WINDOWS\Minidump\Mini060308-01.dmp"
5 May 2008 21:35:14 90.112 A.... "C:\WINDOWS\Minidump\Mini050508-01.dmp"
3 May 2008 19:19:32 90.112 A.... "C:\WINDOWS\Minidump\Mini050308-01.dmp"
6 Jun 2008 0:49:34 90.112 A.... "C:\WINDOWS\Minidump\Mini060608-01.dmp"
8 Jun 2008 10:34:04 90.112 A.... "C:\WINDOWS\Minidump\Mini060808-01.dmp"
6 May 2008 21:23:22 90.112 A.... "C:\WINDOWS\Minidump\Mini050608-01.dmp"
28 Apr 2008 22:31:50 90.112 A.... "C:\WINDOWS\Minidump\Mini042808-01.dmp"
24 Apr 2008 20:02:56 90.112 A.... "C:\WINDOWS\Minidump\Mini042408-01.dmp"
22 Apr 2008 0:13:50 90.112 A.... "C:\WINDOWS\Minidump\Mini042208-01.dmp"
20 Apr 2008 22:10:12 90.112 A.... "C:\WINDOWS\Minidump\Mini042008-01.dmp"
29 May 2008 0:12:18 90.112 A.... "C:\WINDOWS\Minidump\Mini052908-01.dmp"
25 Apr 2008 19:07:48 90.112 A.... "C:\WINDOWS\Minidump\Mini042508-01.dmp"
23 Apr 2008 1:54:20 90.112 A.... "C:\WINDOWS\Minidump\Mini042308-01.dmp"
22 May 2008 16:31:56 90.112 A.... "C:\WINDOWS\Minidump\Mini052208-01.dmp"
26 May 2008 19:16:00 90.112 A.... "C:\WINDOWS\Minidump\Mini052608-01.dmp"
24 May 2008 19:46:12 90.112 A.... "C:\WINDOWS\Minidump\Mini052408-01.dmp"
7 Jun 2008 20:41:00 65.536 A.... "C:\WINDOWS\Minidump\Mini060708-02.dmp"
3 Jun 2008 19:12:28 90.112 A.... "C:\WINDOWS\Minidump\Mini060308-02.dmp"
3 May 2008 21:42:34 90.112 A.... "C:\WINDOWS\Minidump\Mini050308-02.dmp"
6 Jun 2008 1:23:48 90.112 A.... "C:\WINDOWS\Minidump\Mini060608-02.dmp"
8 Jun 2008 12:49:12 90.112 A.... "C:\WINDOWS\Minidump\Mini060808-02.dmp"
24 Apr 2008 20:36:36 90.112 A.... "C:\WINDOWS\Minidump\Mini042408-02.dmp"
22 May 2008 19:26:30 90.112 A.... "C:\WINDOWS\Minidump\Mini052208-02.dmp"
26 May 2008 20:42:12 90.112 A.... "C:\WINDOWS\Minidump\Mini052608-02.dmp"
17 Apr 2008 5:12:32 90.112 A.... "C:\WINDOWS\Minidump\Mini041708-01.dmp"
17 Apr 2008 14:56:34 90.112 A.... "C:\WINDOWS\Minidump\Mini041708-02.dmp"
2 May 2008 3:29:56 90.112 A.... "C:\WINDOWS\Minidump\Mini050208-01.dmp"
2 May 2008 3:36:50 90.112 A.... "C:\WINDOWS\Minidump\Mini050208-02.dmp"
11 Jun 2008 20:21:56 65 ...H. "C:\WINDOWS\Offline Web Pages\desktop.ini"
11 Jun 2008 20:21:24 16.832 A.... "C:\WINDOWS\system32\amcompat.tlb"
17 Apr 2008 12:26:14 499.712 A.... "C:\WINDOWS\system32\msvcp71.dll"
11 Jun 2008 20:21:24 23.392 A.... "C:\WINDOWS\system32\nscompat.tlb"
17 Apr 2008 12:26:14 278.528 A.... "C:\WINDOWS\system32\pncrt.dll"
17 Apr 2008 12:26:18 6.656 A.... "C:\WINDOWS\system32\pndx5016.dll"
17 Apr 2008 12:26:18 5.632 A.... "C:\WINDOWS\system32\pndx5032.dll"
17 Apr 2008 12:26:34 185.944 A.... "C:\WINDOWS\system32\rmoc3260.dll"
12 Jun 2008 18:20:02 5.464 A.... "C:\WINDOWS\temp\scs90.tmp"
12 Jun 2008 17:08:38 112.448 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"
7 Jun 2008 19:30:00 315.392 A.... "C:\WINDOWS\erdnt\Hiv-backup\default"
7 Jun 2008 19:30:02 673 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.CON"
7 Jun 2008 19:30:02 1.245 A.... "C:\WINDOWS\erdnt\Hiv-backup\ERDNT.INF"
7 Jun 2008 19:30:00 28.672 A.... "C:\WINDOWS\erdnt\Hiv-backup\SAM"
7 Jun 2008 19:29:58 49.152 A.... "C:\WINDOWS\erdnt\Hiv-backup\SECURITY"
7 Jun 2008 19:30:00 25.993.216 A.... "C:\WINDOWS\erdnt\Hiv-backup\software"
7 Jun 2008 19:30:00 3.878.912 A.... "C:\WINDOWS\erdnt\Hiv-backup\system"
12 Jun 2008 18:19:54 8.960.032 A.SH. "C:\WINDOWS\system32\drivers\fidbox.dat"
12 Jun 2008 12:08:42 97.712 A.SH. "C:\WINDOWS\system32\drivers\fidbox.idx"
5 Jun 2008 16:04:12 15.864 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
5 Jun 2008 16:04:16 34.296 A.... "C:\WINDOWS\system32\drivers\mbamcatchme.sys"
22 May 2008 17:13:28 78 A.... "C:\WINDOWS\system32\Restore\MachineGuid.txt"
17 Apr 2008 12:26:58 2.595 A.... "C:\WINDOWS\srchasst\mui\0407\lclmm.xml"
11 Jun 2008 20:21:16 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"
11 Jun 2008 20:21:16 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
7 Jun 2008 19:03:08 31.917 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
7 Jun 2008 19:01:48 70.264 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"
11 Jun 2008 20:21:18 8.820 A.... "C:\WINDOWS\system32\wbem\AutoRecover\6FFF7467A5B40765D5740A413CA8BB8A.mof"
7 Jun 2008 19:30:00 229.376 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT"
7 Jun 2008 19:30:00 8.192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat"
7 Jun 2008 19:30:00 8.663.040 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT"
7 Jun 2008 19:30:00 237.568 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat"
7 Jun 2008 19:30:00 229.376 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT"
7 Jun 2008 19:30:00 8.192 A.... "C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat"

C:\Programme\

23 Apr 2008 5:30:52 22.322.568 A.... "C:\Programme\antivir_workstation_winu_de_h.exe"
23 Apr 2008 18:47:00 7.538.176 A.... "C:\Programme\spf.exe"
6 Jun 2008 3:13:28 6.467.096 A.... "C:\Programme\SUPERAntiSpyware.exe"
23 Apr 2008 19:02:52 24.792.728 A.... "C:\Programme\Adobe\AdbeRdr812_de_DE.exe"
30 May 2008 20:04:22 53.191.976 A.... "C:\Programme\Avira\rescuecd_23.05.08.exe"
30 Apr 2008 14:33:30 363.008 A.... "C:\Programme\Avira\tool_de3.exe"
7 May 2008 15:15:08 103 A.... "C:\Programme\HijackThis\Fix.bat"
7 May 2008 15:24:14 243 A.... "C:\Programme\HijackThis\LSA.zip"
6 Jun 2008 19:13:34 1.436.455 A.... "C:\Programme\HijackThis\SDFix.exe"
7 Jun 2008 19:26:02 20.322.704 A.... "C:\Programme\Kaspersky\setup_7.0.0.223_07.06.2008_19-20.exe"
5 Jun 2008 16:04:10 65.144 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbam.dll"
5 Jun 2008 16:04:10 1.191.544 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe"
30 May 2008 1:06:36 36.472 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll"
5 Jun 2008 16:04:14 102.008 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe"
5 Jun 2008 16:04:14 380.536 A.... "C:\Programme\Malwarebytes' Anti-Malware\mbamtrayctrl.exe"
5 Jun 2008 16:04:14 44.664 A.... "C:\Programme\Malwarebytes' Anti-Malware\ssubtmr6.dll"
6 Jun 2008 1:03:32 11.132 A.... "C:\Programme\Malwarebytes' Anti-Malware\unins000.dat"
6 Jun 2008 1:03:26 688.760 A.... "C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
5 Jun 2008 16:04:16 57.464 A.... "C:\Programme\Malwarebytes' Anti-Malware\zlib.dll"
17 Apr 2008 14:59:30 13.952 A.... "C:\Programme\Mozilla Firefox\AccessibleMarshal.dll"
17 Apr 2008 14:59:32 7.660.656 A.... "C:\Programme\Mozilla Firefox\firefox.exe"
17 Apr 2008 14:59:32 200.829 A.... "C:\Programme\Mozilla Firefox\freebl3.dll"
17 Apr 2008 14:59:32 458.856 A.... "C:\Programme\Mozilla Firefox\js3250.dll"
17 Apr 2008 14:59:32 161.392 A.... "C:\Programme\Mozilla Firefox\nspr4.dll"
17 Apr 2008 14:59:32 378.472 A.... "C:\Programme\Mozilla Firefox\nss3.dll"
17 Apr 2008 14:59:32 276.080 A.... "C:\Programme\Mozilla Firefox\nssckbi.dll"
17 Apr 2008 14:59:32 34.424 A.... "C:\Programme\Mozilla Firefox\plc4.dll"
17 Apr 2008 14:59:32 30.320 A.... "C:\Programme\Mozilla Firefox\plds4.dll"
17 Apr 2008 14:59:32 112.232 A.... "C:\Programme\Mozilla Firefox\smime3.dll"
17 Apr 2008 14:59:32 254.060 A.... "C:\Programme\Mozilla Firefox\softokn3.dll"
17 Apr 2008 14:59:32 132.712 A.... "C:\Programme\Mozilla Firefox\ssl3.dll"
17 Apr 2008 14:59:34 132.232 A.... "C:\Programme\Mozilla Firefox\updater.exe"
17 Apr 2008 14:59:34 13.416 A.... "C:\Programme\Mozilla Firefox\xpcom.dll"
17 Apr 2008 14:59:34 73.848 A.... "C:\Programme\Mozilla Firefox\xpcom_compat.dll"
17 Apr 2008 14:59:34 422.000 A.... "C:\Programme\Mozilla Firefox\xpcom_core.dll"
17 Apr 2008 14:59:34 73.336 A.... "C:\Programme\Mozilla Firefox\xpicleanup.exe"
17 Apr 2008 14:59:34 12.400 A.... "C:\Programme\Mozilla Firefox\xpistub.dll"
17 Apr 2008 12:23:18 333.360 A.... "C:\Programme\Real\RealPlayer11GOLD_de.exe"
28 May 2008 10:33:36 8.944 A.... "C:\Programme\SUPERAntiSpyware\sasdifsv.sys"
28 May 2008 10:33:38 7.408 A...R "C:\Programme\SUPERAntiSpyware\SASENUM.SYS"
28 May 2008 10:33:36 55.024 A.... "C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS"
13 May 2008 10:13:36 77.824 A.... "C:\Programme\SUPERAntiSpyware\SASSEH.DLL"
28 May 2008 10:33:32 158.960 A.... "C:\Programme\SUPERAntiSpyware\SSUpdate.exe"
28 May 2008 10:33:34 1.506.544 A.... "C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe"
7 Jun 2008 19:00:34 168.310 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aecore.dll"
22 May 2008 19:28:44 430.451 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeemu.dll"
7 Jun 2008 19:00:34 307.572 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aegen.dll"
30 May 2008 12:21:20 115.063 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aehelp.dll"
7 Jun 2008 19:00:36 1.253.750 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeheur.dll"
22 May 2008 19:28:48 192.890 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeoffice.dll"
22 May 2008 19:28:48 364.918 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aepack.dll"
22 May 2008 19:28:48 418.165 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aerdl.dll"
7 Jun 2008 19:00:36 119.156 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aescn.dll"
7 Jun 2008 19:00:36 266.618 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aescript.dll"
7 Jun 2008 19:00:38 2.043 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\aeset.dat"
30 May 2008 12:28:48 124.161 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.dll"
30 May 2008 12:28:50 52.032 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"
22 May 2008 19:31:04 147.201 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"
30 May 2008 12:28:48 208.592 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\avwsc.exe"
30 May 2008 12:28:50 16.478 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\build.dat"
30 May 2008 12:28:50 631.041 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\setup.exe"
30 May 2008 12:28:50 57.601 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\wksstats.dll"
4 May 2008 12:55:18 720 A.... "C:\Programme\Executive Software\Diskeeper\VolumeC.dat"
4 May 2008 12:55:02 720 A.... "C:\Programme\Executive Software\Diskeeper\VolumeD.dat"
6 Jun 2008 2:28:34 1.825.317 A.... "C:\Programme\HijackThis\ComboFix\ComboFix.exe"
5 Jun 2008 18:28:52 401.720 A.... "C:\Programme\HijackThis\HiJackThis\HiJackThis.exe"
6 Jun 2008 0:58:04 1.756.760 A.... "C:\Programme\HijackThis\mbam\mbam-setup.exe"
10 Jun 2008 0:38:48 117.282 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\unins000.dat"
10 Jun 2008 0:38:00 682.266 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\unins000.exe"
17 Apr 2008 14:59:30 67.696 A.... "C:\Programme\Mozilla Firefox\components\jar50.dll"
17 Apr 2008 14:59:30 54.376 A.... "C:\Programme\Mozilla Firefox\components\jsd3250.dll"
17 Apr 2008 14:59:32 34.952 A.... "C:\Programme\Mozilla Firefox\components\myspell.dll"
17 Apr 2008 14:59:32 46.720 A.... "C:\Programme\Mozilla Firefox\components\spellchk.dll"
17 Apr 2008 14:59:32 172.144 A.... "C:\Programme\Mozilla Firefox\components\xpinstal.dll"
17 Apr 2008 14:59:32 22.664 A.... "C:\Programme\Mozilla Firefox\plugins\npnul32.dll"
17 Apr 2008 12:26:34 144.984 A.... "C:\Programme\Mozilla Firefox\plugins\nppl3260.dll"
17 Apr 2008 12:26:46 8.192 A.... "C:\Programme\Mozilla Firefox\plugins\nprjplug.dll"
17 Apr 2008 12:26:20 94.208 A.... "C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll"
17 Apr 2008 14:59:34 451.928 A.... "C:\Programme\Mozilla Firefox\uninstall\helper.exe"
7 Jun 2008 19:00:34 168.310 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aecore.dll"
22 May 2008 19:28:44 430.451 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeemu.dll"
7 Jun 2008 19:00:34 307.572 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aegen.dll"
30 May 2008 12:21:20 115.063 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aehelp.dll"
7 Jun 2008 19:00:36 1.253.750 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeheur.dll"
22 May 2008 19:28:48 192.890 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeoffice.dll"
22 May 2008 19:28:48 364.918 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aepack.dll"
22 May 2008 19:28:48 418.165 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aerdl.dll"
7 Jun 2008 19:00:36 119.156 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescn.dll"
7 Jun 2008 19:00:36 266.618 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aescript.dll"
7 Jun 2008 19:00:38 2.043 A.... "C:\Programme\Avira\AntiVir PersonalEdition Classic\FAILSAFE\aeset.dat"
17 Apr 2008 12:26:38 172.032 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\amrn.dll"
17 Apr 2008 12:26:38 77.824 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\amrw.dll"
17 Apr 2008 12:26:32 90.112 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\atrc.dll"
17 Apr 2008 12:26:44 548.919 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\colorcvt.dll"
17 Apr 2008 12:26:32 77.824 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\cook.dll"
17 Apr 2008 12:26:38 212.992 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\dmp4.dll"
17 Apr 2008 12:26:32 106.496 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\drv1.dll"
17 Apr 2008 12:26:32 180.224 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\drv2.dll"
17 Apr 2008 12:26:32 286.720 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\drvc.dll"
17 Apr 2008 12:26:38 53.248 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\mp4v.dll"
17 Apr 2008 12:26:38 86.016 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\qclp.dll"
17 Apr 2008 12:26:32 557.056 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\raac.dll"
17 Apr 2008 12:26:32 35.328 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\rv10.dll"
17 Apr 2008 12:26:32 57.344 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\rv20.dll"
17 Apr 2008 12:26:32 53.248 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\rv30.dll"
17 Apr 2008 12:26:32 49.152 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\rv40.dll"
17 Apr 2008 12:26:32 139.264 A.... "C:\Programme\Gemeinsame Dateien\Real\Codecs\sipr.dll"
17 Apr 2008 12:26:36 163.840 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\objb3201.dll"
17 Apr 2008 12:26:14 1.486.848 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\pnen3260.dll"
17 Apr 2008 12:26:18 413.696 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\pngu3267.dll"
17 Apr 2008 12:26:18 12.800 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\pnrs3260.dll"
17 Apr 2008 12:26:36 147.456 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\rjbviz.dll"
17 Apr 2008 12:26:18 12.288 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\rppr3260.dll"
17 Apr 2008 12:26:50 26.112 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\rpun3260.dll"
17 Apr 2008 12:26:44 30.208 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\security.dll"
17 Apr 2008 12:26:20 81.920 A.... "C:\Programme\Gemeinsame Dateien\Real\Common\twebbrowse.dll"
17 Apr 2008 12:26:38 110.592 A.... "C:\Programme\Gemeinsame Dateien\Real\GToolbar\BarControl.dll"
17 Apr 2008 12:26:38 1.240.104 A.... "C:\Programme\Gemeinsame Dateien\Real\GToolbar\GoogleToolbarInstaller.exe"
17 Apr 2008 12:26:38 29.184 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\3gppttrenderer.dll"
17 Apr 2008 12:26:38 77.824 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\aacff.dll"
17 Apr 2008 12:26:38 36.864 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\amrff.dll"
17 Apr 2008 12:26:42 135.168 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\audplin.dll"
17 Apr 2008 12:26:14 45.056 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\authmgr.dll"
17 Apr 2008 12:26:14 17.408 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\cdda3260.dll"
17 Apr 2008 12:26:14 25.088 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\clbascauth.dll"
17 Apr 2008 12:26:14 44.032 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\clntxres.dll"
17 Apr 2008 12:26:42 73.728 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\cont3260.dll"
17 Apr 2008 12:26:38 45.056 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\flvff.dll"
17 Apr 2008 12:26:40 208.896 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\flvrender.dll"
17 Apr 2008 12:26:46 233.472 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\fpsechnd.dll"
17 Apr 2008 12:26:38 126.976 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\h263render.dll"
17 Apr 2008 12:26:14 204.800 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\httpfsys.dll"
17 Apr 2008 12:26:14 49.152 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\hxsdp.dll"
17 Apr 2008 12:26:38 90.112 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\hxxml.dll"
17 Apr 2008 12:26:32 53.248 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\imaprender.dll"
17 Apr 2008 12:26:34 507.904 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\imgrender.dll"
17 Apr 2008 12:26:14 86.016 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\memfsys.dll"
17 Apr 2008 12:26:36 53.248 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mp3fformat.dll"
17 Apr 2008 12:26:36 69.632 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mp3metaff.dll"
17 Apr 2008 12:26:36 163.840 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mp3render.dll"
17 Apr 2008 12:26:38 135.168 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mp4arender.dll"
17 Apr 2008 12:26:38 90.112 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mp4fformat.dll"
17 Apr 2008 12:26:38 151.552 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mp4vrender.dll"
17 Apr 2008 12:26:44 122.880 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mp4wrtr.dll"
17 Apr 2008 12:26:42 69.632 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mpgfformat.dll"
17 Apr 2008 12:26:42 184.320 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\mpgrender.dll"
17 Apr 2008 12:26:14 29.184 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\ntlmauth.dll"
17 Apr 2008 12:26:14 364.544 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\pacplin.dll"
17 Apr 2008 12:26:48 65.536 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\pdgenxferfsys.dll"
17 Apr 2008 12:26:14 73.728 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\plusplin.dll"
17 Apr 2008 12:26:14 24.064 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\pxcb3210.dll"
17 Apr 2008 12:26:14 31.744 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\ramfformat.dll"
17 Apr 2008 12:26:14 77.824 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\ramrender.dll"
17 Apr 2008 12:26:32 159.744 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rarender.dll"
17 Apr 2008 12:26:36 536.576 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\ravemgr.dll"
17 Apr 2008 12:26:42 19.968 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\recf3260.dll"
17 Apr 2008 12:26:14 184.320 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rmfformat.dll"
17 Apr 2008 12:26:44 278.528 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rmwrtr.dll"
17 Apr 2008 12:26:44 35.328 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rmxfpln.dll"
17 Apr 2008 12:26:44 90.112 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rmxrend.dll"
17 Apr 2008 12:26:14 53.248 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rn5auth.dll"
17 Apr 2008 12:26:34 114.688 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rtfformat.dll"
17 Apr 2008 12:26:34 135.168 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rtrender.dll"
17 Apr 2008 12:26:32 159.744 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\rvrender.dll"
17 Apr 2008 12:26:34 49.152 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\sdpplin.dll"
17 Apr 2008 12:26:44 30.208 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\security.dll"
17 Apr 2008 12:26:14 61.440 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\smlfformat.dll"
17 Apr 2008 12:26:14 520.192 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\smlrender.dll"
17 Apr 2008 12:26:14 61.440 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\smmrender.dll"
17 Apr 2008 12:26:14 86.016 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\smplfsys.dll"
17 Apr 2008 12:26:36 17.920 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\stubdrm.dll"
17 Apr 2008 12:26:32 114.688 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\swfformat.dll"
17 Apr 2008 12:26:32 630.784 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\swfrender.dll"
17 Apr 2008 12:26:44 57.344 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\tfilesys.dll"
17 Apr 2008 12:26:42 176.128 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\vidplin.dll"
17 Apr 2008 12:26:14 376.832 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\vidsite.dll"
17 Apr 2008 12:26:40 172.032 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\wm9fformat.dll"
17 Apr 2008 12:26:40 14.848 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\wm9writer.dll"
17 Apr 2008 12:26:40 172.032 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\wmsechnd.dll"
17 Apr 2008 12:26:14 167.936 A.... "C:\Programme\Gemeinsame Dateien\Real\Plugins\zipf3260.dll"
17 Apr 2008 12:26:36 139.264 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\gct23201.dll"
17 Apr 2008 12:26:38 77.824 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\gema3201.dll"
17 Apr 2008 12:26:38 450.560 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\gemx3201.dll"
17 Apr 2008 12:26:42 102.400 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\locd3210.dll"
17 Apr 2008 12:26:36 724.992 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\rpcontrols1.dll"
17 Apr 2008 12:26:36 647.168 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\rpcontrols2.dll"
17 Apr 2008 12:26:42 348.160 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\sonr3210.dll"
17 Apr 2008 12:26:36 389.120 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\uisy3201.dll"
17 Apr 2008 12:26:38 57.344 A.... "C:\Programme\Gemeinsame Dateien\Real\RCAPlugins\xmlc3201.dll"
17 Apr 2008 12:26:12 368.640 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\faus3270.dll"
17 Apr 2008 12:26:12 569.397 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\nprfxins.dll"
17 Apr 2008 12:26:12 24.064 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\pnmi3270.dll"
17 Apr 2008 12:26:10 192.512 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe"
17 Apr 2008 12:26:12 69.632 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe"
17 Apr 2008 12:26:12 185.896 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"
17 Apr 2008 12:26:12 98.304 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnad3201.dll"
17 Apr 2008 12:26:12 319.488 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnms3270.dll"
17 Apr 2008 12:26:10 303.104 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnqu3270.dll"
17 Apr 2008 12:26:10 176.128 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnup3270.dll"
17 Apr 2008 12:26:12 58.952 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe"
17 Apr 2008 12:26:10 79.424 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\RPElevation.dll"
17 Apr 2008 12:26:10 311.296 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\setu3270.dll"
17 Apr 2008 12:26:10 323.584 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\upgr3270.dll"
17 Apr 2008 12:26:10 136.768 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\upgrdhlp.exe"
17 Apr 2008 12:26:42 352.256 A.... "C:\Programme\Gemeinsame Dateien\xing shared\mpeg encode\xmencmp3.dll"
6 Jun 2008 2:39:00 581.855 A.... "C:\Programme\HijackThis\ComboFix\QooBox\snapshot@2008-06-06_ 2.38.58,51.dat"
6 Jun 2008 2:39:00 542.717 A.... "C:\Programme\HijackThis\ComboFix\QooBox\snapshot@2008-06-06_ 2.38.58,51_B.dat"
7 Jun 2008 15:27:20 2.013.696 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\avzkrnl.dll"
7 Jun 2008 15:26:40 28.672 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\fssync.dll"
7 Jun 2008 15:26:56 217.088 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\is-0VSNJ.exe"
7 Jun 2008 15:22:12 9.216 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\kldirobj.dll"
7 Jun 2008 15:22:12 28.160 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\klipc.dll"
7 Jun 2008 15:21:58 12.800 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\minst.exe"
7 Jun 2008 15:26:46 90.112 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\prremote.dll"
7 Jun 2008 15:27:20 2.013.696 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\avzkrnl.dll"
7 Jun 2008 15:26:40 28.672 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\fssync.dll"
7 Jun 2008 15:26:56 217.088 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\is-9RI60.exe"
7 Jun 2008 15:22:12 9.216 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\kldirobj.dll"
7 Jun 2008 15:22:12 28.160 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\klipc.dll"
7 Jun 2008 15:21:58 12.800 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\minst.exe"
7 Jun 2008 15:26:46 90.112 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\prremote.dll"
7 Jun 2008 15:27:20 2.013.696 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-T8JOQ\avzkrnl.dll"
7 Jun 2008 15:26:40 28.672 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-T8JOQ\fssync.dll"
7 Jun 2008 15:26:56 217.088 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-T8JOQ\is-T8JOQ.exe"
7 Jun 2008 15:22:12 9.216 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-T8JOQ\kldirobj.dll"
7 Jun 2008 15:22:12 28.160 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-T8JOQ\klipc.dll"
7 Jun 2008 15:21:58 12.800 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-T8JOQ\minst.exe"
7 Jun 2008 15:26:46 90.112 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-T8JOQ\prremote.dll"
17 Apr 2008 12:26:12 13.312 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\lang\faust_de.dll"
17 Apr 2008 12:26:12 32.768 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\lang\rpsearch_de.dll"
17 Apr 2008 12:26:12 3.215 A.... "C:\Programme\Gemeinsame Dateien\Real\Update_OB\UI\msgoff.htm"
6 Jun 2008 2:34:54 314 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\appdata.folder.dat"
6 Jun 2008 2:34:54 284 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\cache.folder.dat"
6 Jun 2008 2:34:54 110 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\desktop.folder.dat"
6 Jun 2008 2:34:54 114 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\favorites.folder.dat"
6 Jun 2008 2:34:54 257 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\localappdata.folder.dat"
6 Jun 2008 2:34:54 274 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\localsettings.folder.dat"
6 Jun 2008 2:34:54 147 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\mypictures.folder.dat"
6 Jun 2008 2:34:54 119 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\personal.folder.dat"
6 Jun 2008 2:34:52 317 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\profiles.folder.dat"
6 Jun 2008 2:34:54 134 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\programs.folder.dat"
6 Jun 2008 2:34:50 10.968 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\SetPath.bat"
6 Jun 2008 2:34:54 114 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\startmenu.folder.dat"
6 Jun 2008 2:34:54 154 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\startup.folder.dat"
6 Jun 2008 2:34:50 3.870 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\SysPath.dat"
6 Jun 2008 2:34:54 112 A.... "C:\Programme\HijackThis\ComboFix\QooBox\BackEnv\templates.folder.dat"
17 Apr 2008 12:26:12 569.397 A.... "C:\Programme\Internet Explorer\PLUGINS\RichFX\Player\nprfxins.dll"
10 Jun 2008 1:00:26 1.689 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\data\BTImages.dat"
10 Jun 2008 2:28:40 84 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-0VSNJ\data\sfdb.dat"
10 Jun 2008 0:49:06 84 A.... "C:\Programme\Kaspersky\Kaspersky Lab Tool\is-9RI60\data\sfdb.dat"
17 Apr 2008 14:59:32 99.840 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\BrandRes.dll"
17 Apr 2008 14:59:32 156.544 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\fullsoft.dll"
17 Apr 2008 14:59:32 14.456 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll"
17 Apr 2008 14:59:32 407.040 A.... "C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe"

Files with hidden attributes:

Thu 5 Aug 2004 93,184 A.SH. --- "C:\Programme\Internet Explorer\IEXPLORE.EXE"
Thu 5 Aug 2004 60,416 A.SH. --- "C:\Programme\Outlook Express\msimn.exe"
Tue 12 Dec 2006 0 A.SH. --- "C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\aeqropy.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\cu09hki.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\ddb98dt.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\e3pm4kg.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\edp1o4f.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\edua5ke.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\g9tx3rr.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\gkwvb5k.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\h4tyrw4.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\hedl6ou.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\hwrcbi4.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\jclhph8.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\kfk2342.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\kk4c2c5.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\kzb3lnw.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\lspxscx.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\o2vazgs.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\olgoxz5.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\pfkm45p.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\q1vm8p5.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\qjs1lo8.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\rctkp1o.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\s2gx20y.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\s9u9epc.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\stu9ydp.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\tcm23ph.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\td5abd2.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\tmfi44s.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\twby6sw.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\u4o1rac.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\u7me9kf.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\uu279hz.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\uygyd91.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\vrv11da.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\wq0qc6a.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\x8ewbni.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\xqbncu8.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\y9ifnus.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\yfhh6wk.dll"
Mon 17 Mar 2008 16 ...H. --- "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel\Sentinel RMS Development Kit\System\z8n806f.dll"

Program Folders:

C:\Programme\

1&1
Adobe
Ahead
Avira
BenQ
Canon
ChessBase
Common files
CyberLink
DAMN NFO Viewer
DayDisplay
DBpoweramp
Disc2Phone
DVD Shrink
eMule
EuroPoker
Executive Software
Firefly Studios
FOS
FRITZ!Box
FRITZ!BoxPrint
FRITZ!DSL
Gemeinsame Dateien
Google
Hardcopy
HijackThis
Illustrate
IncrediMail
InstallShield Installation Information
Internet Explorer
IrfanView
Java
Kaspersky
Kate's Video Converter
klickIdent Herbst 2004
klickTel
Malwarebytes' Anti-Malware
Messenger
mg10
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
Musicmatch
NetMeeting
Opera
Outlook Express
QuickTime
Real
Real Alternative
Sony
SPSSInc
SUPERAntiSpyware
Sygate
Tenable
The GodFather
TMPGEnc Plus - 2.610 German
TotalMovieConverter
Uninstall Information
VideoLAN
Viewpoint
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
XviD

C:\Programme\Gemeinsame Dateien\

Adobe
Adobe Systems Shared
Ahead
AVM
AVSMedia
DESIGNER
Dienste
G DATA
GIS
InstallShield
InterVideo
Java
mapserv
Microsoft Shared
MSSoap
ODBC
Real
SpeechEngines
SPSS
System
Wise Installation Wizard
xing shared

Add/Remove Programs:

1&1 SoftPhone
Adobe Flash Player Plugin
Avira AntiVir Personal – Free Antivirus
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
DayDisplay - Deinstallation
dBpowerAMP Music Converter
dBpowerAMP WMA V9.1 Codec
DVD Shrink 3.2
eMule
EuroPoker (remove only)
AVM FRITZ!DSL
Hardcopy (C:\Programme\Hardcopy)
HijackThis 2.0.2
IncrediMail Xe
Canon EOS Kiss REBEL 300D WIA-Treiber
Canon Utilities File Viewer Utility 1.3
Canon Camera Window for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon Utilities RemoteCapture 2.7
Canon Utilities PhotoStitch 3.1
IrfanView (remove only)
Windows XP-Hotfix - KB834707
Windows XP-Hotfix - KB867282
Windows XP-Hotfix - KB873333
Windows XP-Hotfix - KB873339
Sicherheitsupdate für Windows XP (KB883939)
Windows XP-Hotfix - KB885250
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB886185
Windows XP-Hotfix - KB887742
Windows XP-Hotfix - KB888113
Windows XP-Hotfix - KB888302
Sicherheitsupdate für Windows XP (KB890046)
Windows XP-Hotfix - KB890047
Windows XP-Hotfix - KB890175
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB890923
Windows XP-Hotfix - KB891781
Windows XP-Hotfix - KB893066
Windows XP-Hotfix - KB893086
Sicherheitsupdate für Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Update für Windows XP (KB894391)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896422)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB896688)
Update für Windows XP (KB896727)
Update für Windows XP (KB898461)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899588)
Sicherheitsupdate für Windows XP (KB899589)
Sicherheitsupdate für Windows XP (KB899591)
Update für Windows XP (KB900485)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB903235)
Sicherheitsupdate für Windows XP (KB904706)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB905915)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB908531)
Update für Windows XP (KB910437)
Sicherheitsupdate für Windows XP (KB911280)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows XP (KB911567)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912812)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913446)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB914388)
Sicherheitsupdate für Windows XP (KB914389)
Sicherheitsupdate für Windows XP (KB916281)
Update für Windows XP (KB916595)
Sicherheitsupdate für Windows XP (KB917159)
Sicherheitsupdate für Windows XP (KB917344)
Sicherheitsupdate für Windows XP (KB917422)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows XP (KB917953)
Sicherheitsupdate für Windows XP (KB918118)
Sicherheitsupdate für Windows XP (KB918439)
Sicherheitsupdate für Windows XP (KB918899)
Sicherheitsupdate für Windows XP (KB919007)
Sicherheitsupdate für Windows XP (KB920213)
Sicherheitsupdate für Windows XP (KB920214)
Sicherheitsupdate für Windows XP (KB920670)
Sicherheitsupdate für Windows XP (KB920683)
Sicherheitsupdate für Windows XP (KB920685)
Update für Windows XP (KB920872)
Sicherheitsupdate für Windows XP (KB921398)
Sicherheitsupdate für Windows XP (KB921503)
Sicherheitsupdate für Windows XP (KB921883)
Update für Windows XP (KB922582)
Sicherheitsupdate für Windows XP (KB922616)
Sicherheitsupdate für Windows XP (KB922760)
Sicherheitsupdate für Windows XP (KB922819)
Sicherheitsupdate für Windows XP (KB923191)
Sicherheitsupdate für Windows XP (KB923414)
Sicherheitsupdate für Windows XP (KB923694)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB923980)
Sicherheitsupdate für Windows XP (KB924191)
Sicherheitsupdate für Windows XP (KB924270)
Sicherheitsupdate für Windows XP (KB924496)
Sicherheitsupdate für Windows XP (KB924667)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows XP (KB925454)
Sicherheitsupdate für Windows XP (KB925486)
Sicherheitsupdate für Windows XP (KB925902)
Hotfix for Windows XP (KB926239)
Sicherheitsupdate für Windows XP (KB926255)
Sicherheitsupdate für Windows XP (KB926436)
Sicherheitsupdate für Windows XP (KB927779)
Sicherheitsupdate für Windows XP (KB927802)
Update für Windows XP (KB927891)
Sicherheitsupdate für Windows XP (KB928090)
Sicherheitsupdate für Windows XP (KB928255)
Sicherheitsupdate für Windows XP (KB928843)
Sicherheitsupdate für Windows XP (KB929123)
Update für Windows XP (KB929338)
Hotfix for Windows Media Format 11 SDK (KB929399)
Sicherheitsupdate für Windows XP (KB929969)
Sicherheitsupdate für Windows XP (KB930178)
Update für Windows XP (KB930916)
Sicherheitsupdate für Windows XP (KB931261)
Sicherheitsupdate für Windows XP (KB931768)
Sicherheitsupdate für Windows XP (KB931784)
Update für Windows XP (KB931836)
Sicherheitsupdate für Windows XP (KB932168)
Update für Windows XP (KB933360)
Sicherheitsupdate für Windows XP (KB933566)
Sicherheitsupdate für Windows XP (KB933729)
Sicherheitsupdate für Windows XP (KB935839)
Sicherheitsupdate für Windows XP (KB935840)
Sicherheitsupdate für Windows XP (KB936021)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows XP (KB937894)
Sicherheitsupdate für Windows XP (KB938127)
Update für Windows XP (KB938828)
Sicherheitsupdate für Windows XP (KB938829)
Sicherheitsupdate für Windows XP (KB941202)
Sicherheitsupdate für Windows XP (KB941568)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB941644)
Sicherheitsupdate für Windows XP (KB941693)
Sicherheitsupdate für Windows XP (KB942615)
Update für Windows XP (KB942763)
Update für Windows XP (KB942840)
Sicherheitsupdate für Windows XP (KB943055)
Sicherheitsupdate für Windows XP (KB943460)
Sicherheitsupdate für Windows XP (KB943485)
Sicherheitsupdate für Windows XP (KB944338)
Sicherheitsupdate für Windows XP (KB944533)
Sicherheitsupdate für Windows XP (KB944653)
Sicherheitsupdate für Windows XP (KB945553)
Sicherheitsupdate für Windows XP (KB946026)
Sicherheitsupdate für Windows XP (KB948590)
Sicherheitsupdate für Windows XP (KB948881)
klickIdent 13
L&H TTS3000 Deutsch
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
map&guide 10 Karte Europa City
Microsoft .NET Framework 1.1
Mozilla Firefox (2.0.0.14)
Microsoft Compression Client Pack 1.0 for Windows XP
Nero 6 Ultra Edition
Nero Suite
NVIDIA Drivers
NVIDIA nForce Treiber für Windows 2000/XP
PCFriendly
Canon PhotoRecord
QSuite 1.0
QuickTime
RealPlayer
NVIDIA nForce Utilities
MovieConverter
USB Scanner
Viewpoint Media Player
VideoLAN VLC media player 0.8.6-test1
Windows Genuine Advantage Notifications (KB905474)
Windows Media Player 11
WinRAR Archivierer
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
XviD Video Codec 24.2.2003-11:00 (uManiac's build)
Opera 9.24
Fritz8
Adobe Premiere Pro
BenQ QVideo
Google Earth
Canon Camera WIA Driver
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Diskeeper Professional Edition
GOCR Frontend
Foto-Online-Service 24
PowerDVD
Windows Media Player Firefox Plugin
Powertoys For Windows XP
Microsoft Visual C++ 2005 Redistributable
File Viewer Utility 1.3.1
Adobe Audition 1.5
Adobe Photoshop Album 2.0
Stronghold Crusader
Microsoft Office Professional Edition 2003
SPSS 16.0 fÃ¼r Windows
Camera Window
Adobe Reader 8.1.2 - Deutsch
MSXML 4.0 SP2 (KB936181)
Canon Utilities ZoomBrowser EX
Microsoft .NET Framework 1.1
SUPERAntiSpyware Free Edition
klickTel Herbst 2004
CIG
map&guide 10
RemoteCapture 2.7.4
Adobe Photoshop CS
Tenable Nessus
PhotoStitch
Sygate Personal Firewall
Ahead Nero Burning Rom 6 Plug-In Pack 1.3.1 by MadHacker2k4 for www.goldesel.6x.to
Disc2Phone

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Adobe Reader Speed Launcher"="\"C:\\Programme\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"TkBellExe"="\"C:\\Programme\\Gemeinsame Dateien\\Real\\Update_OB\\realsched.exe\" -osboot"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"avgnt"="\"C:\\Programme\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"QuickTime Task"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"is-0VSNJ"="\"C:\\Programme\\Kaspersky\\Kaspersky Lab Tool\\is-0VSNJ\\is-0VSNJ.exe\""
"is-T8JOQ"="\"C:\\Programme\\Kaspersky\\Kaspersky Lab Tool\\is-T8JOQ\\is-T8JOQ.exe\""
"is-9RI60"="\"C:\\Programme\\Kaspersky\\Kaspersky Lab Tool\\is-9RI60\\is-9RI60.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DayDisplay"="C:\\Programme\\DayDisplay\\DayDisplay.exe"
"SUPERAntiSpyware"="C:\\Programme\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Sicherheitscenter
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows-Firewall/Gemeinsame Nutzung der Internetverbindung
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatische Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : Systemwiederherstellungsdienst
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="2000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programme\Gemeinsame Dateien\GIS\Tools
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"

Non-Default IFEO Debugger:

Non-Default Installed Components:

Non-Default Safeboot Minimal:

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Programme\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

13.06.2008, 00:02

Sabina

Ehrenmitglied

Beiträge: 29434

#20 es ist eigentlich alles i.o ...ich finde den fehler nicht.
mache also folgendes:

gehe auf diese seite: (im unteren teil findest du:
http://www.rz.uni-kiel.de/pc/sus/index.html

Zitat

* Einstellungen rund um Automtische Updates prüfen mittels vbs-Datei

Die Prüfung der Einstellungen rund um den "Automatische Updates" Dienst sind mittels einer Visual Basic Script (.vbs) Datei möglich. Laden Sie die entsprechende Datei "AUBehave.vbs" herunter und rufen Sie diese auf. Folgen Sie den Anweisungen.

dann berichte
__________
MfG Sabina

rund um die PC-Sicherheit

13.06.2008, 21:21

hugodepayns

Member

Themenstarter

Beiträge: 11

#21 Servus!

Habe die Prüfung durchlaufen lassen, von dem Report einen Screenshot gemacht und in einer Word-Datei im Anhang beigefügt.
Übrigens bis hierher noch einmal vielen, vielen Dank!
Greetz!

Tobi[/img]

Anhang: AUBehave.doc

14.06.2008, 13:21

Sabina

Ehrenmitglied

Beiträge: 29434

#22 hallo,
bin im moment an meinem Testrechner, der hat kein World

falls es mit den Windowsupdates immer noch nicht klappt, schau noch mal bei dial-Fix
http://virus-protect.org/artikel/tools/dial_a_fix.html

Wenn man unten auf den Hammer klickt kommt folgendes Bild

dort kannst du es noch mal versuchen + berichte (nicht mit doc-Dateien, bitte)
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2