[code] OTScanIt2 logfile created on: 21.12.2008 21:41:24 - Run 1 OTScanIt2 by OldTimer - Version 1.0.4.0 Folder = C:\Dokumente und Einstellungen\Ludwig\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,36 Mb Total Physical Memory | 293,05 Mb Available Physical Memory | 57,31% Memory free 1,22 Gb Paging File | 0,97 Gb Available in Paging File | 79,78% Paging File free Paging file location(s): C:\pagefile.sys 2 766; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,88 Gb Total Space | 0,51 Gb Free Space | 0,92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUDWIG-0D7PHP4X Current User Name: Ludwig Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 90 Days [Processes - Safe List] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2004.03.03 03:29:54 | 00,397,312 | ---- | M] () beip.exe -> %UserProfile%\Lokale Einstellungen\temp\beip.exe -> [2008.12.21 20:56:05 | 00,008,704 | ---- | M] () dslmon.exe -> %ProgramFiles%\SAGEM\SAGEM F@st 800-840\dslmon.exe -> [2003.07.08 01:22:00 | 00,962,663 | ---- | M] () fwservice.exe -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> [2008.12.11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2006.10.30 09:36:32 | 00,566,336 | ---- | M] (Apple Computer, Inc.) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2006.10.30 08:36:36 | 00,326,208 | ---- | M] (Apple Computer, Inc.) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008.12.20 23:57:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008.12.20 23:57:34 | 00,218,520 | ---- | M] (Sun Microsystems, Inc.) kgklt.exe -> %UserProfile%\Lokale Einstellungen\temp\kgklt.exe -> [2008.12.21 20:56:11 | 00,017,920 | ---- | M] () otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008.12.21 18:43:24 | 00,477,184 | ---- | M] (OldTimer Tools) slserv.exe -> %SystemRoot%\system32\slserv.exe -> [2003.10.29 04:44:22 | 00,045,056 | ---- | M] ( ) soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> [2004.01.08 18:54:06 | 00,135,168 | ---- | M] (Realtek Semiconductor Corp.) wincmtpm.exe -> %UserProfile%\Lokale Einstellungen\temp\wincmtpm.exe -> [2008.12.21 20:56:09 | 00,007,680 | ---- | M] () winqvvnwu.exe -> %UserProfile%\Lokale Einstellungen\temp\winqvvnwu.exe -> [2008.12.21 21:31:27 | 00,017,920 | ---- | M] () wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008.10.16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (6to4) IPv6-Hilfsdienst [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\6to4svc.dll -> [2006.08.16 05:58:06 | 00,100,352 | ---- | M] (Microsoft Corporation) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007.10.24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2004.03.03 03:29:54 | 00,397,312 | ---- | M] () (avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Stopped] -> -> File not found (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007.10.24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (helpsvc) Hilfe und Support [Win32_Shared | Auto | Running] -> %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2004.08.03 16:57:34 | 00,038,912 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005.04.03 16:41:10 | 00,143,360 | ---- | M] (Macrovision Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2006.10.30 09:36:32 | 00,566,336 | ---- | M] (Apple Computer, Inc.) (Irmon) Infrarotüberwachung [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\irmon.dll -> [2004.08.03 16:57:22 | 00,027,136 | ---- | M] (Microsoft Corporation) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008.12.20 23:57:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (lxcz_device) lxcz_device [Win32_Own | Auto | Stopped] -> -> File not found (NwSapAgent) SAP-Agent [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ipxsap.dll -> [2003.04.02 06:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) (PCToolsFirewallPlus) PC Tools Firewall Plus [Win32_Own | Auto | Running] -> %ProgramFiles%\PC Tools Firewall Plus\FWService.exe -> [2008.12.11 16:58:44 | 00,146,800 | ---- | M] (PC Tools) (SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe -> [2003.10.29 04:44:22 | 00,045,056 | ---- | M] ( ) (WMPNetworkSvc) Windows Media Player-Netzwerkfreigabedienst [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006.11.03 09:56:28 | 00,920,576 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006.09.28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (abp470n5) abp470n5 [Kernel | On_Demand | Running] -> -> File not found (abp470n5) abp470n5 [Kernel | On_Demand | Running] -> -> File not found (ADILOADER) General Purpose USB Driver (adildr.sys) [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\adildr.sys -> [2003.03.25 09:02:12 | 00,046,455 | ---- | M] (Analog Deivces) (ADILOADER) General Purpose USB Driver (adildr.sys) [Kernel | Auto | Stopped] -> %SystemRoot%\system32\drivers\adildr.sys -> [2003.03.25 09:02:12 | 00,046,455 | ---- | M] (Analog Deivces) (adiusbaw) USB ADSL WAN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\adiusbaw.sys -> [2003.03.27 05:38:44 | 00,127,145 | ---- | M] (Analog Devices Inc.) (adiusbaw) USB ADSL WAN Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\adiusbaw.sys -> [2003.03.27 05:38:44 | 00,127,145 | ---- | M] (Analog Devices Inc.) (ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> [2003.12.11 15:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) (ALCXSENS) Service for WDM 3D Audio Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXSENS.SYS -> [2003.12.11 15:54:14 | 00,391,424 | ---- | M] (Sensaura Ltd) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2004.01.09 15:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) (ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ALCXWDM.SYS -> [2004.01.09 15:17:02 | 00,601,100 | ---- | M] (Realtek Semiconductor Corp.) (AmdK8) AMD Athlon64-Prozessortreiber [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2003.11.07 04:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) (AmdK8) AMD Athlon64-Prozessortreiber [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2003.11.07 04:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2004.03.03 03:31:22 | 00,679,936 | ---- | M] (ATI Technologies Inc.) (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2004.03.03 03:31:22 | 00,679,936 | ---- | M] (ATI Technologies Inc.) (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008.12.21 00:19:56 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> [2008.12.21 00:19:56 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Stopped] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008.12.21 00:19:55 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Stopped] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> [2008.12.21 00:19:55 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgTdiX) AVG Free8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008.12.21 00:20:04 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) (AvgTdiX) AVG Free8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> [2008.12.21 00:20:04 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) (CA561) ICatch (VI) PC Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\spca561.sys -> [2002.10.01 13:43:32 | 00,119,798 | ---- | M] (SP) (CA561) ICatch (VI) PC Camera [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\spca561.sys -> [2002.10.01 13:43:32 | 00,119,798 | ---- | M] (SP) (CONAN) CONAN [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\o2mmb.sys -> [2003.10.27 13:17:20 | 00,190,465 | ---- | M] (O2 Micro ) (CONAN) CONAN [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\o2mmb.sys -> [2003.10.27 13:17:20 | 00,190,465 | ---- | M] (O2 Micro ) (DLKRCB) D-Link DFE-690TXD CardBus PC Card [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\DLKRCB.SYS -> [2006.02.09 19:42:00 | 00,025,434 | R--- | M] (D-Link Corp. ) (DLKRCB) D-Link DFE-690TXD CardBus PC Card [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\DLKRCB.SYS -> [2006.02.09 19:42:00 | 00,025,434 | R--- | M] (D-Link Corp. ) (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006.09.19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2006.09.19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) (MbxStby) MbxStby [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MbxStby.sys -> [2003.08.26 02:46:00 | 00,005,817 | ---- | M] (O2 Micro) (MbxStby) MbxStby [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MbxStby.sys -> [2003.08.26 02:46:00 | 00,005,817 | ---- | M] (O2 Micro) (MODEMCSA) Unimodem-Datenstromfiltergerät [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001.08.17 05:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) (MODEMCSA) Unimodem-Datenstromfiltergerät [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> [2001.08.17 05:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) (Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mtlmnt5.sys -> [2003.10.29 03:42:46 | 00,226,288 | ---- | M] ( ) (Mtlmnt5) Mtlmnt5 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mtlmnt5.sys -> [2003.10.29 03:42:46 | 00,226,288 | ---- | M] ( ) (Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlstrm.sys -> [2003.11.04 09:11:18 | 01,299,976 | ---- | M] ( ) (Mtlstrm) Mtlstrm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mtlstrm.sys -> [2003.11.04 09:11:18 | 01,299,976 | ---- | M] ( ) (nm) Netzwerkmonitortreiber [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmnt.sys -> [2004.08.03 14:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) (nm) Netzwerkmonitortreiber [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nmnt.sys -> [2004.08.03 14:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) (NSCIRDA) NSC-Infrarotgerätetreiber [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nscirda.sys -> [2004.08.03 15:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) (NSCIRDA) NSC-Infrarotgerätetreiber [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nscirda.sys -> [2004.08.03 15:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) (NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ntmtlfax.sys -> [2003.10.29 03:24:54 | 00,180,368 | ---- | M] ( ) (NtMtlFax) NtMtlFax [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ntmtlfax.sys -> [2003.10.29 03:24:54 | 00,180,368 | ---- | M] ( ) (NwlnkIpx) NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkipx.sys -> [2004.08.03 15:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) (NwlnkIpx) NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkipx.sys -> [2004.08.03 15:03:36 | 00,088,448 | ---- | M] (Microsoft Corporation) (NwlnkNb) NWLink-NetBIOS [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnknb.sys -> [2003.04.02 06:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) (NwlnkNb) NWLink-NetBIOS [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnknb.sys -> [2003.04.02 06:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) (NwlnkSpx) NWLink SPX/SPXII-Protokoll [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkspx.sys -> [2003.04.02 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) (NwlnkSpx) NWLink SPX/SPXII-Protokoll [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\nwlnkspx.sys -> [2003.04.02 06:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) (PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PCTAppEvent.sys -> [2008.12.11 12:32:18 | 00,073,840 | ---- | M] (PC Tools) (PCTAppEvent) PCTAppEvent Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PCTAppEvent.sys -> [2008.12.11 12:32:18 | 00,073,840 | ---- | M] (PC Tools) (pctgntdi) pctgntdi [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctgntdi.sys -> [2008.12.11 08:38:22 | 00,159,600 | ---- | M] (PC Tools) (pctgntdi) pctgntdi [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctgntdi.sys -> [2008.12.11 08:38:22 | 00,159,600 | ---- | M] (PC Tools) (pctplfw) pctplfw [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pctplfw.sys -> [2008.12.11 17:01:04 | 00,095,640 | ---- | M] (PC Tools) (pctplfw) pctplfw [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pctplfw.sys -> [2008.12.11 17:01:04 | 00,095,640 | ---- | M] (PC Tools) (Ptilink) Treiber für direkte Parallelverbindung [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003.04.02 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (Ptilink) Treiber für direkte Parallelverbindung [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2003.04.02 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007.11.14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2007.11.14 02:00:00 | 00,043,840 | ---- | M] (Sonic Solutions) (RecAgent) RecAgent [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\RecAgent.sys -> [2003.10.29 03:51:16 | 00,014,160 | ---- | M] ( ) (RecAgent) RecAgent [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\RecAgent.sys -> [2003.10.29 03:51:16 | 00,014,160 | ---- | M] ( ) (RT2500) RT2500 Wireless Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RT2500.sys -> [2004.03.31 10:03:00 | 00,104,448 | ---- | M] (Ralink Technology Inc.) (RT2500) RT2500 Wireless Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RT2500.sys -> [2004.03.31 10:03:00 | 00,104,448 | ---- | M] (Ralink Technology Inc.) (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [2008.12.04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [2008.12.04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2008.12.04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> [2008.12.04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008.12.04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [2008.12.04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007.11.13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007.11.13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SFilter) PCTools Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pctfw.sys -> [2008.09.22 12:29:18 | 00,097,408 | ---- | M] (PC Tools) (SFilter) PCTools Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pctfw.sys -> [2008.09.22 12:29:18 | 00,097,408 | ---- | M] (PC Tools) (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGPX.SYS -> [2003.07.18 01:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGPX.SYS -> [2003.07.18 01:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) (SISNIC) SiS-PCI-Fast Ethernet- Adaptertreiber [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisnic.sys -> [2004.08.03 21:31:36 | 00,032,768 | ---- | M] (SiS Corporation) (SISNIC) SiS-PCI-Fast Ethernet- Adaptertreiber [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisnic.sys -> [2004.08.03 21:31:36 | 00,032,768 | ---- | M] (SiS Corporation) (SISNICXP) SiS PCI Fast Ethernet Adapter Driver for NDIS51 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisnicxp.sys -> [2006.02.14 16:02:56 | 00,032,768 | R--- | M] (SiS Corporation) (SISNICXP) SiS PCI Fast Ethernet Adapter Driver for NDIS51 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sisnicxp.sys -> [2006.02.14 16:02:56 | 00,032,768 | R--- | M] (SiS Corporation) (Slntamr) SmartLink AMR_PCI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slntamr.sys -> [2003.11.09 00:52:48 | 00,566,256 | ---- | M] ( ) (Slntamr) SmartLink AMR_PCI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slntamr.sys -> [2003.11.09 00:52:48 | 00,566,256 | ---- | M] ( ) (SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slnthal.sys -> [2003.10.29 03:43:50 | 00,087,656 | ---- | M] ( ) (SlNtHal) SlNtHal [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slnthal.sys -> [2003.10.29 03:43:50 | 00,087,656 | ---- | M] ( ) (SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slwdmsup.sys -> [2003.10.29 03:15:10 | 00,015,712 | ---- | M] ( ) (SlWdmSup) SlWdmSup [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\slwdmsup.sys -> [2003.10.29 03:15:10 | 00,015,712 | ---- | M] ( ) (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001.08.17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) (SONYPVU1) Sony USB-Filtertreiber (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> [2001.08.17 12:56:16 | 00,007,552 | ---- | M] (Sony Corporation) (Tcpip6) Microsoft IPv6-Protokolltreiber [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip6.sys -> [2008.06.20 03:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) (Tcpip6) Microsoft IPv6-Protokolltreiber [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip6.sys -> [2008.06.20 03:52:06 | 00,225,920 | ---- | M] (Microsoft Corporation) (tunmp) Microsoft Tun-Miniportadaptertreiber [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tunmp.sys -> [2004.08.03 15:03:18 | 00,012,416 | ---- | M] (Microsoft Corporation) (tunmp) Microsoft Tun-Miniportadaptertreiber [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tunmp.sys -> [2004.08.03 15:03:18 | 00,012,416 | ---- | M] (Microsoft Corporation) (WS2IFSL) Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2003.04.02 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) (WS2IFSL) Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2003.04.02 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"" -> -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\] > -> -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\: Main\\"Page_Transitions" -> -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\: Main\\"Start Page" -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\: "ProxyEnable" -> 0 -> < FireFox Settings [Default Profile] > -> C:\Dokumente und Einstellungen\Ludwig\Anwendungsdaten\Mozilla\FireFox\Profiles\rh1408mj.default\prefs.js -> browser.search.defaultenginename -> "Google" -> browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" -> browser.search.selectedEngine -> "Google" -> browser.startup.homepage -> "http://www.google.com/webhp?hl=en" -> browser.startup.homepage_override.mstone -> "rv:1.8.1.14" -> < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006.01.12 11:38:22 | 00,063,128 | ---- | M] (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008.12.20 23:57:36 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008.12.20 23:57:34 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008.12.20 23:57:38 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar mit Pop-Up-Blocker] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar mit Pop-Up-Blocker] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "00PCTFW" -> %ProgramFiles%\PC Tools Firewall Plus\FirewallGUI.exe ["C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe" -s] -> [2008.12.11 17:01:24 | 02,832,280 | ---- | M] (PC Tools) "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Programme\iTunes\iTunesHelper.exe"] -> [2006.10.30 08:36:36 | 00,326,208 | ---- | M] (Apple Computer, Inc.) "SoundMan" -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> [2004.01.08 18:54:06 | 00,135,168 | ---- | M] (Realtek Semiconductor Corp.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Programme\Java\jre6\bin\jusched.exe"] -> [2008.12.20 23:57:34 | 00,218,520 | ---- | M] (Sun Microsystems, Inc.) < Administrator Startup Folder > -> C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart -> < Administrator.LUDWIG-0D7PHP4X Startup Folder > -> C:\Dokumente und Einstellungen\Administrator.LUDWIG-0D7PHP4X\Startmenü\Programme\Autostart -> < All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> < All Users.WINDOWS Startup Folder > -> C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart -> %AllUsersProfile%\Startmenü\Programme\Autostart\DSLMON.lnk -> %ProgramFiles%\SAGEM\SAGEM F@st 800-840\dslmon.exe -> [2003.07.08 01:22:00 | 00,962,663 | ---- | M] () %AllUsersProfile%\Startmenü\Programme\Autostart\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001.02.12 18:01:04 | 00,151,552 | ---- | M] (Microsoft Corporation) < Default User Startup Folder > -> C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart -> < Default User.WINDOWS Startup Folder > -> C:\Dokumente und Einstellungen\Default User.WINDOWS\Startmenü\Programme\Autostart -> < GT Startup Folder > -> C:\Dokumente und Einstellungen\GT\Startmenü\Programme\Autostart -> < Ludwig Startup Folder > -> C:\Dokumente und Einstellungen\Ludwig\Startmenü\Programme\Autostart -> < Ludwig Michael Weber Startup Folder > -> C:\Dokumente und Einstellungen\Ludwig Michael Weber\Startmenü\Programme\Autostart -> < service Startup Folder > -> C:\Dokumente und Einstellungen\service\Startmenü\Programme\Autostart -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < Software Policy Settings [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"DisableRegistryTools" -> [0] -> File not found \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found \\"EnableLUA" -> [0] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoLowDiskSpaceChecks" -> [1] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"DisableRegistryTools" -> [1] -> File not found \\"DisableTaskMgr" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [1] -> File not found \\"DisableRegistryTools" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableTaskMgr" -> [1] -> File not found \\"DisableRegistryTools" -> [1] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [323] -> File not found \\"NoLowDiskSpaceChecks" -> [1] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found \\"NoDrives" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"DisableRegistryTools" -> [1] -> File not found \\"DisableTaskMgr" -> [1] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}:Exec [HKLM] -> [Button: PartyPoker.com] -> File not found {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: [HKLM] -> [Menu: PartyPoker.com] -> File not found {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> File not found {E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> %ProgramFiles%\ICQ6\ICQ.exe [Button: ICQ6] -> [2008.08.24 09:14:42 | 00,247,032 | ---- | M] (ICQ, Inc.) {E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec [HKLM] -> %ProgramFiles%\ICQ6\ICQ.exe [Menu: ICQ6] -> [2008.08.24 09:14:42 | 00,247,032 | ---- | M] (ICQ, Inc.) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2004.10.13 10:24:37 | 01,763,840 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2004.10.13 10:24:37 | 01,763,840 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [PartyPoker.com] -> File not found CmdMapping\\"{B863453A-26C3-4e1f-A54D-A2CD196348E9}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 10:24:37 | 01,763,840 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [PartyPoker.com] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 10:24:37 | 01,763,840 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [PartyPoker.com] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 10:24:37 | 01,763,840 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}" [HKLM] -> [PartyPoker.com] -> File not found CmdMapping\\"{B863453A-26C3-4e1f-A54D-A2CD196348E9}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004.10.13 10:24:37 | 01,763,840 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// "@" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0000000A-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB[Reg Error: Key does not exist or could not be opened.] -> {33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab[Windows Live Safety Center Base Module] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab[Java Plug-in 1.6.0_11] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {19E48E2C-E37F-4177-849E-F281886F7D2D} -> (D-Link DFE-690TXD CardBus PC Card) -> {32585959-CA78-42DD-9A70-F9EB40D31B87} -> (Ralink RT2500 Wireless LAN Card) -> {425C040A-7F1A-423F-A714-D3368442C975} -> (SiS 900-Based PCI Fast Ethernet Adapter) -> {D09A12A3-E981-496E-8E34-BD71D5F4BEFC} -> () -> {E1231051-10C7-4E6A-92C0-1898759C4FE2} -> (1394-Netzwerkadapter) -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> [2008.12.03 14:56:38 | 00,352,256 | ---- | M] (SUPERAntiSpyware.com) AtiExtEvent -> -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> [2008.05.13 09:13:36 | 00,077,824 | ---- | M] (SuperAdBlocker.com) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> File not found "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004.08.03 16:58:12 | 00,142,848 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> File not found "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004.08.03 16:58:12 | 00,142,848 | ---- | M] (Microsoft Corporation) "C:\ComboFix\nircmd.com" -> C:\ComboFix\nircmd.com [C:\ComboFix\nircmd.com:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ackq.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ackq.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ackq.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\apas.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\apas.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\apas.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\beip.exe" -> C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\beip.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\beip.exe:*:Enabled:ipsec] -> [2008.12.21 20:56:05 | 00,008,704 | ---- | M] () "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\bvrq.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\bvrq.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\bvrq.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\daob.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\daob.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\daob.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\egiba.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\egiba.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\egiba.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\errajn.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\errajn.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\errajn.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ewtexa.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ewtexa.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ewtexa.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hdomm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hdomm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hdomm.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\kgklt.exe" -> C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\kgklt.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\kgklt.exe:*:Enabled:ipsec] -> [2008.12.21 20:56:11 | 00,017,920 | ---- | M] () "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mhjdwr.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mhjdwr.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mhjdwr.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mjin.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mjin.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mjin.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mpoaqo.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mpoaqo.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mpoaqo.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nqgm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nqgm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nqgm.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\orec.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\orec.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\orec.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qwlkqt.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qwlkqt.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qwlkqt.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tlmvch.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tlmvch.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tlmvch.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\uodd.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\uodd.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\uodd.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vvsfs.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vvsfs.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vvsfs.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbcbj.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbcbj.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbcbj.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbjaj.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbjaj.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbjaj.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbvolh.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbvolh.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbvolh.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winclvjlp.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winclvjlp.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winclvjlp.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincmtpm.exe" -> C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\wincmtpm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincmtpm.exe:*:Enabled:ipsec] -> [2008.12.21 20:56:09 | 00,007,680 | ---- | M] () "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windxgsca.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windxgsca.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windxgsca.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfcjhy.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfcjhy.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfcjhy.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfyewam.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfyewam.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfyewam.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingfiqav.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingfiqav.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingfiqav.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjlkxu.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjlkxu.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjlkxu.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjrmtx.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjrmtx.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjrmtx.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlftn.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlftn.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlftn.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmcdlo.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmcdlo.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmcdlo.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnxuq.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnxuq.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnxuq.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winofthr.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winofthr.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winofthr.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqeqm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqeqm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqeqm.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqfrsop.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqfrsop.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqfrsop.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqqyvr.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqqyvr.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqqyvr.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winquiw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winquiw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winquiw.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintcvoc.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintcvoc.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintcvoc.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintmeck.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintmeck.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintmeck.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintyplw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintyplw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintyplw.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwbku.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwbku.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwbku.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwixb.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwixb.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwixb.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwlwxhg.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwlwxhg.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwlwxhg.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwyaieo.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwyaieo.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwyaieo.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxlofx.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxlofx.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxlofx.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxpxcw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxpxcw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxpxcw.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxrkav.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxrkav.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxrkav.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxrngi.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxrngi.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxrngi.exe:*:Enabled:ipsec] -> File not found "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winykye.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winykye.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winykye.exe:*:Enabled:ipsec] -> File not found "C:\Programme\eMule\emule.exe" -> C:\Programme\eMule\emule.exe [C:\Programme\eMule\emule.exe:*:Enabled:eMule] -> [2008.05.11 05:19:30 | 05,492,736 | ---- | M] (http://www.emule-project.net) "C:\Programme\ICQ6\ICQ.exe" -> C:\Programme\ICQ6\ICQ.exe [C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> [2008.08.24 09:14:42 | 00,247,032 | ---- | M] (ICQ, Inc.) "C:\Programme\iPod\bin\iPodService.exe" -> C:\Programme\iPod\bin\iPodService.exe [C:\Programme\iPod\bin\iPodService.exe:*:Enabled:ipsec] -> [2006.10.30 09:36:32 | 00,566,336 | ---- | M] (Apple Computer, Inc.) "C:\Programme\iTunes\iTunes.exe" -> C:\Programme\iTunes\iTunes.exe [C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2006.10.30 09:36:32 | 15,410,688 | ---- | M] (Apple Computer, Inc.) "C:\Programme\iTunes\iTunesHelper.exe" -> C:\Programme\iTunes\iTunesHelper.exe [C:\Programme\iTunes\iTunesHelper.exe:*:Enabled:ipsec] -> [2006.10.30 08:36:36 | 00,326,208 | ---- | M] (Apple Computer, Inc.) "C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe" -> C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe [C:\Programme\Java\jre1.6.0_07\bin\jucheck.exe:*:Enabled:ipsec] -> File not found "C:\Programme\Java\jre6\bin\jusched.exe" -> C:\Programme\Java\jre6\bin\jusched.exe [C:\Programme\Java\jre6\bin\jusched.exe:*:Enabled:ipsec] -> [2008.12.20 23:57:34 | 00,218,520 | ---- | M] (Sun Microsystems, Inc.) "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec] -> [2008.12.03 19:52:32 | 01,343,120 | ---- | M] (Malwarebytes Corporation) "C:\Programme\Microsoft Office\Office10\OSA.EXE" -> C:\Programme\Microsoft Office\Office10\OSA.EXE [C:\Programme\Microsoft Office\Office10\OSA.EXE:*:Enabled:ipsec] -> [2001.02.12 18:01:04 | 00,151,552 | ---- | M] (Microsoft Corporation) "C:\Programme\Mozilla Firefox\firefox.exe" -> C:\Programme\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:ipsec] -> [2008.12.18 01:14:53 | 00,307,704 | ---- | M] (Mozilla Corporation) "C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe" -> C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe [C:\Programme\PC Tools Firewall Plus\FirewallGUI.exe:*:Enabled:ipsec] -> [2008.12.11 17:01:24 | 02,832,280 | ---- | M] (PC Tools) "C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe" -> C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe [C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe:*:Enabled:ipsec] -> [2003.07.08 01:22:00 | 00,962,663 | ---- | M] () "C:\Programme\Skype\Phone\Skype .exe" -> C:\Programme\Skype\Phone\Skype .exe [C:\Programme\Skype\Phone\Skype .exe:*:Enabled:Skype ] -> [2008.03.08 12:16:24 | 23,237,416 | ---- | M] (Skype Technologies S.A.) "C:\Programme\Skype\Phone\Skype.exe" -> C:\Programme\Skype\Phone\Skype.exe [C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2008.04.23 16:45:34 | 22,058,792 | R--- | M] (Skype Technologies S.A.) "C:\WINDOWS\Explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\Explorer.exe:*:Enabled:ipsec] -> [2007.06.13 07:21:45 | 01,036,288 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\SOUNDMAN.EXE" -> C:\WINDOWS\SOUNDMAN.EXE [C:\WINDOWS\SOUNDMAN.EXE:*:Enabled:ipsec] -> [2004.01.08 18:54:06 | 00,135,168 | ---- | M] (Realtek Semiconductor Corp.) "C:\WINDOWS\system32\~.exe" -> C:\WINDOWS\system32\~.exe [C:\WINDOWS\system32\~.exe:*:Enabled:ipsec] -> File not found "C:\WINDOWS\system32\Ati2evxx.exe" -> C:\WINDOWS\system32\ati2evxx.exe [C:\WINDOWS\system32\Ati2evxx.exe:*:Enabled:ipsec] -> [2004.03.03 03:29:54 | 00,397,312 | ---- | M] () "C:\WINDOWS\system32\CF18767.exe" -> C:\WINDOWS\system32\CF18767.exe [C:\WINDOWS\system32\CF18767.exe:*:Enabled:ipsec] -> File not found "C:\WINDOWS\system32\taskmgr.exe" -> C:\WINDOWS\system32\taskmgr.exe [C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec] -> [2004.08.03 16:58:16 | 00,140,800 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\wuauclt.exe" -> C:\WINDOWS\system32\wuauclt.exe [C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec] -> [2008.10.16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM-Laufwerktreiber -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> [2004.08.03 14:59:54 | 00,049,536 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006.06.11 04:55:32 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Acrobat 7.0\Reader\AcroRd32.exe] -> [2006.05.16 14:15:10 | 00,143,360 | ---- | M] (Adobe Systems Incorporated) BackItUp.EXE -> %ProgramFiles%\Ahead\Nero BackItUp\BackItUp.exe [C:\Programme\Ahead\Nero BackItUp\BackItUp.exe] -> [2003.12.01 09:57:46 | 05,443,584 | R--- | M] (Ahead Software AG) bckgzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2002.08.29 06:00:00 | 00,042,577 | ---- | M] (Microsoft Corporation) chkrzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2002.08.29 06:00:00 | 00,042,575 | ---- | M] (Microsoft Corporation) combofix.exe -> %UserProfile%\Desktop\ComboFix.exe [C:\Dokumente und Einstellungen\Ludwig\Desktop\ComboFix.exe] -> [2008.12.20 22:46:09 | 02,959,100 | R--- | M] () CONF.EXE -> %ProgramFiles%\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2004.08.03 16:57:50 | 01,040,384 | ---- | M] (Microsoft Corporation) dialer.exe -> %ProgramFiles%\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2004.08.03 16:57:50 | 00,545,280 | ---- | M] (Microsoft Corporation) DSLMON.exe -> %ProgramFiles%\SAGEM\SAGEM F@st 800-840\dslmon.exe [C:\Programme\SAGEM\SAGEM F@st 800-840\DSLMON.exe] -> [2003.07.08 01:22:00 | 00,962,663 | ---- | M] () DXDIAG.EXE -> %SystemRoot%\system32\dxdiag.exe [C:\WINDOWS\System32\dxdiag.exe] -> [2004.08.03 16:57:52 | 01,298,432 | ---- | M] (Microsoft Corporation) faxctr.exe -> %ProgramFiles%\Lexmark Fax Solutions\FaxCtr.exe [C:\Programme\Lexmark Fax Solutions\faxctr.exe] -> [2007.02.08 16:56:01 | 00,742,320 | ---- | M] () firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe] -> [2008.12.18 01:14:53 | 00,307,704 | ---- | M] (Mozilla Corporation) FLVPlayer.exe -> %ProgramFiles%\FLV Player\FLVPlayer.exe [C:\Programme\FLV Player\FLVPlayer.exe] -> File not found FTW.EXE -> %ProgramFiles%\Family Tree Maker 2005\Ftw.exe [C:\Programme\Family Tree Maker 2005\FTW.exe] -> [2004.07.30 12:00:00 | 04,947,968 | ---- | M] (MyFamily.com, Inc.) HELPCTR.EXE -> %SystemRoot%\PCHealth\HelpCtr\Binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2004.08.03 16:57:56 | 00,768,512 | ---- | M] (Microsoft Corporation) HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\Programme\Trend Micro\HijackThis\hijackthis.exe] -> [2008.12.18 01:35:55 | 00,478,208 | ---- | M] (Trend Micro Inc.) hrtzzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2002.08.29 06:00:00 | 00,042,573 | ---- | M] (Microsoft Corporation) hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2002.08.29 06:00:00 | 00,028,160 | ---- | M] (Hilgraeve, Inc.) ICQ.exe -> %ProgramFiles%\ICQ6\ICQ.exe [C:\Programme\ICQ6\ICQ.exe] -> [2008.08.24 09:14:42 | 00,247,032 | ---- | M] (ICQ, Inc.) ICWCONN1.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2004.08.03 16:57:58 | 00,218,624 | ---- | M] (Microsoft Corporation) ICWCONN2.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2004.08.03 16:57:58 | 00,086,016 | ---- | M] (Microsoft Corporation) IEXPLORE.EXE -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Programme\Internet Explorer\IEXPLORE.EXE] -> [2008.10.15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) INETWIZ.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2004.08.03 16:57:58 | 00,020,480 | ---- | M] (Microsoft Corporation) install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found ISIGNUP.EXE -> %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2003.04.02 06:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Programme\iTunes\iTunes.exe] -> [2006.10.30 09:36:32 | 15,410,688 | ---- | M] (Apple Computer, Inc.) javaws.exe -> %ProgramFiles%\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2008.12.20 23:57:34 | 00,218,520 | ---- | M] (Sun Microsystems, Inc.) mbam.exe -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2008.12.03 19:52:32 | 01,343,120 | ---- | M] (Malwarebytes Corporation) migwiz.exe -> %SystemRoot%\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2004.08.03 16:58:02 | 00,247,296 | ---- | M] (Microsoft Corporation) moviemk.exe -> %ProgramFiles%\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2004.08.03 16:58:04 | 03,555,328 | ---- | M] (Microsoft Corporation) mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2004.08.03 16:58:04 | 00,004,639 | ---- | M] () MSCONFIG.EXE -> %SystemRoot%\\pchealth\helpctr\Binaries\MSCONFIG.EXE [\pchealth\helpctr\Binaries\MSCONFIG.EXE] -> [2004.08.03 16:58:06 | 00,160,768 | ---- | M] () msimn.exe -> %ProgramFiles%\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2004.08.03 16:58:06 | 00,060,416 | ---- | M] (Microsoft Corporation) msinfo32.exe -> %CommonProgramFiles%\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2002.08.29 06:00:00 | 00,040,448 | ---- | M] (Microsoft Corporation) MSMSGS.EXE -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Programme\Messenger\msmsgs.exe] -> [2004.10.13 10:24:37 | 01,763,840 | ---- | M] (Microsoft Corporation) MSN6.EXE -> %ProgramFiles%\MSN\MSNCoreFiles\msn6.exe [C:\Programme\MSN\MSNCoreFiles\MSN6.exe] -> [2002.08.29 06:00:00 | 00,159,744 | ---- | M] (Microsoft Corporation) MsoHtmEd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found msworks.exe -> %ProgramFiles%\Microsoft Works\MsWorks.exe [C:\Programme\Microsoft Works\msworks.exe] -> [2003.07.29 03:59:56 | 00,602,112 | ---- | M] (Microsoft® Corporation) NCoverEd.exe -> %ProgramFiles%\Ahead\CoverDesigner\CoverDes.exe [C:\Programme\Ahead\CoverDesigner\CoverDes.exe] -> [2003.09.03 10:33:13 | 02,285,568 | R--- | M] (Ahead Software AG) nero.exe -> %ProgramFiles%\Ahead\Nero\nero.exe [C:\Programme\Ahead\nero\nero.exe] -> [2003.12.01 09:34:52 | 10,354,688 | ---- | M] (Ahead Software AG) NeroStartSmart.exe -> %ProgramFiles%\Ahead\Nero StartSmart\NeroStartSmart.exe [C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe] -> [2003.11.10 12:43:33 | 01,716,224 | R--- | M] (Ahead Software AG) pbrush.exe -> %SystemRoot%\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2004.08.03 16:58:06 | 00,346,624 | ---- | M] (Microsoft Corporation) PhEditor.exe -> %ProgramFiles%\Lexmark 1200 Series\pheditor.exe [C:\Programme\Lexmark 1200 Series\PhEditor.exe] -> [2007.02.08 16:53:45 | 00,488,368 | ---- | M] (Lexmark International, Inc.) PhotoEditor.exe -> %ProgramFiles%\Lexmark 1200 Series\pheditor.exe [C:\Programme\Lexmark 1200 Series\PhEditor.exe] -> [2007.02.08 16:53:45 | 00,488,368 | ---- | M] (Lexmark International, Inc.) PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\Programme\QuickTime\PictureViewer.exe] -> [2006.10.25 19:17:34 | 00,557,056 | ---- | M] (Apple Computer, Inc.) pinball.exe -> %ProgramFiles%\Windows NT\Pinball\pinball.exe [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2004.08.03 16:58:08 | 00,282,624 | ---- | M] (Cinematronics) ProgramTracker.exe -> %ProgramFiles%\Program Tracker\ProgramTracker 1.22\ProgramTracker.exe [C:\Programme\Program Tracker\ProgramTracker 1.22\ProgramTracker.exe] -> [2003.02.06 13:33:32 | 01,794,048 | ---- | M] () QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Programme\QuickTime\QuickTimePlayer.exe] -> [2006.10.26 10:01:56 | 05,648,384 | ---- | M] (Apple Computer, Inc.) RealPlay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Programme\Real\RealPlayer\realplay.exe] -> File not found rnxproc.exe -> %CommonProgramFiles%\Real\Update_OB\rnxproc.exe [C:\Programme\Gemeinsame Dateien\Real\Update_OB\rnxproc.exe] -> [2006.06.15 07:01:47 | 00,135,211 | ---- | M] (RealNetworks, Inc.) rvsezm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2002.08.29 06:00:00 | 00,042,574 | ---- | M] (Microsoft Corporation) shvlzm.exe -> %ProgramFiles%\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2002.08.29 06:00:00 | 00,042,573 | ---- | M] (Microsoft Corporation) SPUBrowser.exe -> %ProgramFiles%\Sony\Sony Picture Utility\Browser\SPUBrowser.exe [C:\Programme\Sony\Sony Picture Utility\Browser\SPUBrowser.exe] -> [2006.02.08 09:19:30 | 02,244,608 | ---- | M] (Sony Corporation) SPUDCFImporter.exe -> %ProgramFiles%\Sony\Sony Picture Utility\Importer\DCF\SPUDCFImporter.exe [C:\Programme\Sony\Sony Picture Utility\Importer\DCF\SPUDCFImporter.exe] -> File not found SPUInit.exe -> %ProgramFiles%\Sony\Sony Picture Utility\InitTool\SPUInit.exe [C:\Programme\Sony\Sony Picture Utility\InitTool\SPUInit.exe] -> [2005.10.28 06:11:42 | 00,196,608 | ---- | M] (Sony Corporation) SPUVolumeWatcher.exe -> %ProgramFiles%\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe] -> [2005.10.28 06:12:04 | 00,229,376 | ---- | M] (Sony Corporation) table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found VideoraiPodConverter.exe -> %ProgramFiles%\VideoraiPodConverter\VideoraiPodConverter.exe [C:\Programme\VideoraiPodConverter\VideoraiPodConverter.exe] -> [2005.11.11 12:32:35 | 00,483,328 | ---- | M] ( ) wab.exe -> %ProgramFiles%\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2004.08.03 16:58:18 | 00,046,080 | ---- | M] (Microsoft Corporation) wabmig.exe -> %ProgramFiles%\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2004.08.03 16:58:18 | 00,030,208 | ---- | M] (Microsoft Corporation) winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WinRAR.exe -> %ProgramFiles%\WinRAR\WinRAR.exe [C:\Programme\WinRAR\WinRAR.exe] -> [2006.04.20 15:23:50 | 00,915,968 | ---- | M] () Winword.exe -> %ProgramFiles%\Microsoft Office\Office10\WINWORD.EXE [C:\PROGRA~1\MICROS~4\Office10\WINWORD.EXE] -> [2002.05.03 21:07:39 | 10,586,440 | R--- | M] (Microsoft Corporation) WKPLMSTP.EXE -> %ProgramFiles%\Microsoft Works\wkplmstp.exe [C:\Programme\Microsoft Works\wkplmstp.exe] -> [2003.07.29 04:00:36 | 00,118,784 | ---- | M] (Microsoft Corporation) WKSAB.EXE -> %ProgramFiles%\Microsoft Works\wksab.exe [C:\Programme\Microsoft Works\WKSAB.exe] -> [2003.07.23 00:44:56 | 00,020,555 | R--- | M] (Microsoft® Corporation) wkscal.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkscal.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkscal.exe] -> [2003.07.29 04:00:38 | 00,176,128 | ---- | M] (Microsoft® Corporation) wksdb.exe -> %ProgramFiles%\Microsoft Works\wksdb.exe [C:\Programme\Microsoft Works\wksdb.exe] -> [2003.07.23 00:45:40 | 02,310,202 | R--- | M] (Microsoft® Corporation) WKSSB.EXE -> %ProgramFiles%\Microsoft Works\wkssb.exe [C:\Programme\Microsoft Works\WKSSB.exe] -> [2003.07.23 00:46:20 | 00,794,678 | R--- | M] (Microsoft® Corporation) wksss.exe -> %ProgramFiles%\Microsoft Works\wksss.exe [C:\Programme\Microsoft Works\wksss.exe] -> [2003.07.23 00:47:08 | 01,933,372 | R--- | M] (Microsoft® Corporation) wkswp.exe -> %ProgramFiles%\Microsoft Works\WksWP.exe [C:\Programme\Microsoft Works\wkswp.exe] -> [2003.07.23 00:47:10 | 00,180,284 | R--- | M] (Microsoft® Corporation) WKWCESTP.EXE -> %ProgramFiles%\Microsoft Works\wkwcestp.exe [C:\Programme\Microsoft Works\wkwcestp.exe] -> [2003.07.29 04:00:40 | 00,118,784 | ---- | M] () WKWDSTUB.EXE -> %ProgramFiles%\Microsoft Works\WkWdStub.exe [C:\Programme\Microsoft Works\WKWDSTUB.exe] -> [2003.07.23 00:47:54 | 00,110,663 | R--- | M] (Microsoft® Corporation) wmenc.exe -> %ProgramFiles%\Windows Media Components\Encoder\wmenc.exe [C:\Programme\Windows Media Components\Encoder\WMEnc.exe] -> [2002.12.11 18:38:52 | 00,695,808 | ---- | M] (Microsoft Corporation) WMPBurn.exe -> %ProgramFiles%\Ahead\WMPBurn\WMPBurn.exe [C:\Programme\Ahead\WMPBurn\WMPBurn.exe] -> [2003.07.16 10:30:29 | 01,560,576 | R--- | M] (Ahead Software AG) wmplayer.exe -> %ProgramFiles%\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.11.03 09:56:14 | 00,064,000 | ---- | M] (Microsoft Corporation) WORDPAD.EXE -> %ProgramFiles%\Windows NT\Zubehör\wordpad.exe ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2004.08.03 16:58:22 | 00,216,576 | ---- | M] (Microsoft Corporation) WRITE.EXE -> %ProgramFiles%\Windows NT\Zubehör\wordpad.exe ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2004.08.03 16:58:22 | 00,216,576 | ---- | M] (Microsoft Corporation) < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = Die derzeitige Homepage -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> [Files/Folders - Created Within 90 Days] 1 C:\*.tmp files -> C:\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008.12.21 21:26:00 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008.12.21 21:20:07 | 00,648,118 | ---- | C] () SDFix -> %SystemDrive%\SDFix -> [2008.12.21 18:30:31 | 00,000,000 | ---D | C] SDFix.exe -> %SystemDrive%\SDFix.exe -> [2008.12.21 18:30:15 | 01,607,065 | ---- | C] () Recent -> %UserProfile%\Recent -> [2008.12.21 18:28:38 | 00,000,000 | RH-D | C] RECYCLER -> %SystemDrive%\RECYCLER -> [2008.12.21 18:28:26 | 00,000,000 | -HSD | C] .SunDownloadManager -> %UserProfile%\.SunDownloadManager -> [2008.12.21 17:01:51 | 00,000,000 | ---D | C] 1229900493819-integrated.jnlp -> %SystemDrive%\1229900493819-integrated.jnlp -> [2008.12.21 17:01:38 | 00,001,261 | ---- | C] () JavaRa -> %SystemDrive%\JavaRa -> [2008.12.21 16:47:15 | 00,000,000 | ---D | C] JavaRa.zip -> %SystemDrive%\JavaRa.zip -> [2008.12.21 16:46:40 | 00,069,512 | ---- | C] () Boot.bak -> %SystemDrive%\Boot.bak -> [2008.12.21 16:12:02 | 00,000,211 | ---- | C] () cmldr -> %SystemDrive%\cmldr -> [2008.12.21 16:11:57 | 00,262,448 | ---- | C] () cmdcons -> %SystemDrive%\cmdcons -> [2008.12.21 16:11:49 | 00,000,000 | RHSD | C] temp -> %SystemRoot%\temp -> [2008.12.21 14:23:00 | 00,000,000 | ---D | C] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2008.12.21 00:20:04 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2008.12.21 00:19:56 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2008.12.21 00:19:55 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008.12.21 00:19:37 | 30,312,507 | ---- | C] () miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008.12.21 00:19:36 | 00,334,743 | ---- | C] () microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008.12.21 00:19:36 | 00,050,685 | ---- | C] () avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2008.12.21 00:19:30 | 06,061,540 | ---- | C] () Avg -> %SystemRoot%\System32\drivers\Avg -> [2008.12.21 00:19:30 | 00,000,000 | ---D | C] antivir_workstation_winu_en_h.exe -> %SystemDrive%\antivir_workstation_winu_en_h.exe -> [2008.12.21 00:09:15 | 22,058,104 | ---- | C] () PCToolsFirewallPlus -> %AppData%\PCToolsFirewallPlus -> [2008.12.20 23:50:34 | 00,000,000 | ---D | C] PCTCore.sys -> %SystemRoot%\System32\drivers\PCTCore.sys -> [2008.12.20 23:48:03 | 00,132,976 | ---- | C] (PC Tools) PCTAppEvent.sys -> %SystemRoot%\System32\drivers\PCTAppEvent.sys -> [2008.12.20 23:48:03 | 00,073,840 | ---- | C] (PC Tools) pctgntdi.sys -> %SystemRoot%\System32\drivers\pctgntdi.sys -> [2008.12.20 23:48:01 | 00,159,600 | ---- | C] (PC Tools) pctfw.sys -> %SystemRoot%\System32\drivers\pctfw.sys -> [2008.12.20 23:47:12 | 00,097,408 | ---- | C] (PC Tools) PC Tools -> %CommonProgramFiles%\PC Tools -> [2008.12.20 23:47:12 | 00,000,000 | ---D | C] pctplfw.sys -> %SystemRoot%\System32\drivers\pctplfw.sys -> [2008.12.20 23:47:10 | 00,095,640 | ---- | C] (PC Tools) PC Tools Firewall Plus -> %ProgramFiles%\PC Tools Firewall Plus -> [2008.12.20 23:47:07 | 00,000,000 | ---D | C] fwinstall.exe -> %UserProfile%\Desktop\fwinstall.exe -> [2008.12.20 23:45:22 | 09,183,096 | ---- | C] ( ) setupeng.exe -> %UserProfile%\Desktop\setupeng.exe -> [2008.12.20 23:44:43 | 29,496,072 | ---- | C] () SWXCACLS.exe -> %SystemRoot%\SWXCACLS.exe -> [2008.12.20 22:47:19 | 00,212,480 | ---- | C] (SteelWerX) SWREG.exe -> %SystemRoot%\SWREG.exe -> [2008.12.20 22:47:19 | 00,161,792 | ---- | C] (SteelWerX) SWSC.exe -> %SystemRoot%\SWSC.exe -> [2008.12.20 22:47:19 | 00,136,704 | ---- | C] (SteelWerX) sed.exe -> %SystemRoot%\sed.exe -> [2008.12.20 22:47:19 | 00,098,816 | ---- | C] () fdsv.exe -> %SystemRoot%\fdsv.exe -> [2008.12.20 22:47:19 | 00,089,504 | ---- | C] (Smallfrogs Studio) grep.exe -> %SystemRoot%\grep.exe -> [2008.12.20 22:47:19 | 00,080,412 | ---- | C] () zip.exe -> %SystemRoot%\zip.exe -> [2008.12.20 22:47:19 | 00,068,096 | ---- | C] () VFIND.exe -> %SystemRoot%\VFIND.exe -> [2008.12.20 22:47:19 | 00,049,152 | ---- | C] () NIRCMD.exe -> %SystemRoot%\NIRCMD.exe -> [2008.12.20 22:47:19 | 00,028,672 | ---- | C] (NirSoft) Qoobox -> %SystemDrive%\Qoobox -> [2008.12.20 22:47:07 | 00,000,000 | ---D | C] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2008.12.20 22:46:08 | 02,959,100 | R--- | C] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008.12.18 01:35:55 | 00,001,706 | ---- | C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2008.12.18 01:35:55 | 00,000,000 | ---D | C] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008.12.18 00:34:40 | 00,890,168 | ---- | C] (Trend Micro Inc.) ERDNT -> %SystemRoot%\ERDNT -> [2008.12.18 00:27:58 | 00,000,000 | ---D | C] NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008.12.18 00:27:15 | 00,000,599 | ---- | C] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008.12.18 00:27:15 | 00,000,580 | ---- | C] () ERUNT -> %ProgramFiles%\ERUNT -> [2008.12.18 00:27:14 | 00,000,000 | ---D | C] erunt_setup.exe -> %SystemDrive%\erunt_setup.exe -> [2008.12.18 00:26:44 | 00,791,393 | ---- | C] (Lars Hederer ) SysRestorePoint_v13 -> %UserProfile%\Desktop\SysRestorePoint_v13 -> [2008.12.18 00:25:18 | 00,000,000 | ---D | C] SysRestorePoint_v13.zip -> %UserProfile%\Desktop\SysRestorePoint_v13.zip -> [2008.12.18 00:24:35 | 00,009,334 | ---- | C] () hijackthis.zip -> %SystemDrive%\hijackthis.zip -> [2008.12.18 00:07:38 | 00,212,849 | ---- | C] () Fix_download.exe -> %UserProfile%\Desktop\Fix_download.exe -> [2008.12.17 23:44:34 | 00,361,995 | ---- | C] () HJT -> %SystemDrive%\HJT -> [2008.12.17 23:22:29 | 00,000,000 | ---D | C] RatsCheddar.zip -> %UserProfile%\Desktop\RatsCheddar.zip -> [2008.12.17 00:27:57 | 00,266,085 | ---- | C] () sality fix -> %UserProfile%\Desktop\sality fix -> [2008.12.16 22:10:52 | 00,000,000 | ---D | C] SUPERAntiSpyware.com -> %AllUsersProfile%\Anwendungsdaten\SUPERAntiSpyware.com -> [2008.12.16 19:53:47 | 00,000,000 | ---D | C] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2008.12.16 19:53:42 | 00,000,760 | ---- | C] () SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [2008.12.16 19:53:36 | 00,000,000 | ---D | C] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [2008.12.16 19:53:36 | 00,000,000 | ---D | C] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [2008.12.16 19:53:08 | 00,000,000 | ---D | C] SUPERAntiSpyware.exe -> %SystemDrive%\SUPERAntiSpyware.exe -> [2008.12.16 19:35:59 | 05,853,728 | ---- | C] () $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [2008.12.16 15:54:19 | 00,000,000 | -H-D | C] avg8 -> %AllUsersProfile%\Anwendungsdaten\avg8 -> [2008.12.16 15:31:04 | 00,000,000 | ---D | C] avg_free_stf_en_8_176a1399.exe -> %SystemDrive%\avg_free_stf_en_8_176a1399.exe -> [2008.12.16 00:43:43 | 53,682,216 | ---- | C] (AVG Technologies) Malwarebytes -> %AppData%\Malwarebytes -> [2008.12.16 00:32:18 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008.12.16 00:32:16 | 00,015,504 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008.12.16 00:32:16 | 00,000,684 | ---- | C] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008.12.16 00:32:14 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008.12.16 00:32:12 | 00,000,000 | ---D | C] Malwarebytes -> %AllUsersProfile%\Anwendungsdaten\Malwarebytes -> [2008.12.16 00:32:12 | 00,000,000 | ---D | C] mbam-setup.exe -> %SystemDrive%\mbam-setup.exe -> [2008.12.16 00:31:53 | 02,641,800 | ---- | C] (Malwarebytes Corporation ) ScanSpyware_3.9.1.2.exe -> %SystemDrive%\ScanSpyware_3.9.1.2.exe -> [2008.12.15 18:41:51 | 04,035,917 | ---- | C] (ScanSpyware.net ) setupeng.exe -> %SystemDrive%\setupeng.exe -> [2008.12.15 18:30:41 | 00,152,576 | ---- | C] () Google Updater -> %AllUsersProfile%\Anwendungsdaten\Google Updater -> [2008.12.15 18:22:28 | 00,000,000 | ---D | C] bassam.zip -> %SystemDrive%\bassam.zip -> [2008.12.15 17:39:23 | 00,016,969 | ---- | C] () pad_file.xml -> %SystemDrive%\pad_file.xml -> [2008.12.15 17:01:15 | 00,014,876 | ---- | C] () info.htm -> %SystemDrive%\info.htm -> [2008.12.15 17:01:15 | 00,006,742 | ---- | C] () RRT.zip -> %SystemDrive%\RRT.zip -> [2008.12.15 17:00:35 | 00,139,167 | ---- | C] () TaskManagerFix.exe -> %SystemDrive%\TaskManagerFix.exe -> [2008.12.14 18:35:55 | 00,151,552 | ---- | C] (Task Manager Fix) webct_upload_applet.properties -> %UserProfile%\webct_upload_applet.properties -> [2008.10.18 20:52:23 | 00,000,087 | ---- | C] () VirtualDub-1.8.6 -> %SystemDrive%\VirtualDub-1.8.6 -> [2008.10.12 17:40:23 | 00,000,000 | ---D | C] VirtualDub-1.8.6.zip -> %SystemDrive%\VirtualDub-1.8.6.zip -> [2008.10.12 17:39:51 | 01,378,435 | ---- | C] () vlc -> %AppData%\vlc -> [2008.09.27 19:19:18 | 00,000,000 | ---D | C] VideoLAN -> %ProgramFiles%\VideoLAN -> [2008.09.27 19:13:05 | 00,000,000 | ---D | C] [Files/Folders - Modified Within 90 Days] 1 C:\*.tmp files -> C:\*.tmp -> 13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> winqvvnwu.exe -> %UserProfile%\Lokale Einstellungen\temp\winqvvnwu.exe -> [2008.12.21 21:31:27 | 00,017,920 | ---- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008.12.21 21:20:07 | 00,648,118 | ---- | M] () ntuser.dat -> %UserProfile%\ntuser.dat -> [2008.12.21 21:15:47 | 04,980,736 | ---- | M] () kgklt.exe -> %UserProfile%\Lokale Einstellungen\temp\kgklt.exe -> [2008.12.21 20:56:11 | 00,017,920 | ---- | M] () wincmtpm.exe -> %UserProfile%\Lokale Einstellungen\temp\wincmtpm.exe -> [2008.12.21 20:56:09 | 00,007,680 | ---- | M] () beip.exe -> %UserProfile%\Lokale Einstellungen\temp\beip.exe -> [2008.12.21 20:56:05 | 00,008,704 | ---- | M] () qmgr1.dat -> %AllUsersProfile%\Anwendungsdaten\Microsoft\Network\Downloader\qmgr1.dat -> [2008.12.21 20:54:05 | 00,009,422 | ---- | M] () qmgr0.dat -> %AllUsersProfile%\Anwendungsdaten\Microsoft\Network\Downloader\qmgr0.dat -> [2008.12.21 20:54:05 | 00,009,422 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008.12.21 20:53:23 | 00,002,206 | ---- | M] () Perflib_Perfdata_634.dat -> %SystemRoot%\Temp\Perflib_Perfdata_634.dat -> [2008.12.21 20:53:16 | 00,016,384 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008.12.21 20:53:00 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008.12.21 20:52:58 | 00,002,048 | --S- | M] () Perflib_Perfdata_5f4.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5f4.dat -> [2008.12.21 20:17:28 | 00,016,384 | ---- | M] () Perflib_Perfdata_6f0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_6f0.dat -> [2008.12.21 20:14:25 | 00,016,384 | ---- | M] () ntuser.ini -> %UserProfile%\ntuser.ini -> [2008.12.21 20:14:24 | 00,000,190 | -HS- | M] () Perflib_Perfdata_cc0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_cc0.dat -> [2008.12.21 19:49:39 | 00,016,384 | ---- | M] () Thumbs.db -> %SystemRoot%\Thumbs.db -> [2008.12.21 19:06:55 | 00,007,680 | -HS- | M] () system.ini -> %SystemRoot%\system.ini -> [2008.12.21 18:36:10 | 00,000,318 | ---- | M] () Perflib_Perfdata_494.dat -> %SystemRoot%\Temp\Perflib_Perfdata_494.dat -> [2008.12.21 18:31:30 | 00,016,384 | ---- | M] () SDFix.exe -> %SystemDrive%\SDFix.exe -> [2008.12.21 18:30:15 | 01,607,065 | ---- | M] () 1229900493819-integrated.jnlp -> %SystemDrive%\1229900493819-integrated.jnlp -> [2008.12.21 17:01:39 | 00,001,261 | ---- | M] () JavaRa.zip -> %SystemDrive%\JavaRa.zip -> [2008.12.21 16:46:41 | 00,069,512 | ---- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008.12.21 16:18:48 | 00,000,027 | ---- | M] () boot.ini -> %SystemDrive%\boot.ini -> [2008.12.21 16:12:02 | 00,000,281 | RHS- | M] () avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> [2008.12.21 00:20:04 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> [2008.12.21 00:19:56 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [2008.12.21 00:19:55 | 30,312,507 | ---- | M] () avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> [2008.12.21 00:19:55 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [2008.12.21 00:19:37 | 00,050,685 | ---- | M] () avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [2008.12.21 00:19:36 | 06,061,540 | ---- | M] () miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [2008.12.21 00:19:36 | 00,334,743 | ---- | M] () antivir_workstation_winu_en_h.exe -> %SystemDrive%\antivir_workstation_winu_en_h.exe -> [2008.12.21 00:10:07 | 22,058,104 | ---- | M] () setupeng.exe -> %UserProfile%\Desktop\setupeng.exe -> [2008.12.20 23:45:57 | 29,496,072 | ---- | M] () fwinstall.exe -> %UserProfile%\Desktop\fwinstall.exe -> [2008.12.20 23:45:30 | 09,183,096 | ---- | M] ( ) ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2008.12.20 22:46:09 | 02,959,100 | R--- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008.12.18 18:04:54 | 00,117,248 | ---- | M] () wklnhst.dat -> %AppData%\wklnhst.dat -> [2008.12.18 12:14:56 | 00,035,444 | ---- | M] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008.12.18 01:35:55 | 00,001,706 | ---- | M] () FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008.12.18 01:08:46 | 00,164,320 | ---- | M] () HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> [2008.12.18 00:34:41 | 00,890,168 | ---- | M] (Trend Micro Inc.) NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2008.12.18 00:27:15 | 00,000,599 | ---- | M] () ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2008.12.18 00:27:15 | 00,000,580 | ---- | M] () erunt_setup.exe -> %SystemDrive%\erunt_setup.exe -> [2008.12.18 00:26:44 | 00,791,393 | ---- | M] (Lars Hederer ) GDIPFONTCACHEV1.DAT -> %UserProfile%\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT -> [2008.12.18 00:25:51 | 00,033,056 | ---- | M] () SysRestorePoint_v13.zip -> %UserProfile%\Desktop\SysRestorePoint_v13.zip -> [2008.12.18 00:24:36 | 00,009,334 | ---- | M] () hijackthis.zip -> %SystemDrive%\hijackthis.zip -> [2008.12.18 00:07:42 | 00,212,849 | ---- | M] () Fix_download.exe -> %UserProfile%\Desktop\Fix_download.exe -> [2008.12.17 23:44:38 | 00,361,995 | ---- | M] () RatsCheddar.zip -> %UserProfile%\Desktop\RatsCheddar.zip -> [2008.12.17 00:27:59 | 00,266,085 | ---- | M] () SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2008.12.16 19:53:42 | 00,000,760 | ---- | M] () SUPERAntiSpyware.exe -> %SystemDrive%\SUPERAntiSpyware.exe -> [2008.12.16 19:36:09 | 05,853,728 | ---- | M] () avg_free_stf_en_8_176a1399.exe -> %SystemDrive%\avg_free_stf_en_8_176a1399.exe -> [2008.12.16 00:44:53 | 53,682,216 | ---- | M] (AVG Technologies) Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2008.12.16 00:32:16 | 00,000,684 | ---- | M] () mbam-setup.exe -> %SystemDrive%\mbam-setup.exe -> [2008.12.16 00:31:54 | 02,641,800 | ---- | M] (Malwarebytes Corporation ) ScanSpyware_3.9.1.2.exe -> %SystemDrive%\ScanSpyware_3.9.1.2.exe -> [2008.12.15 18:42:14 | 04,035,917 | ---- | M] (ScanSpyware.net ) setupeng.exe -> %SystemDrive%\setupeng.exe -> [2008.12.15 18:31:32 | 00,152,576 | ---- | M] () bassam.zip -> %SystemDrive%\bassam.zip -> [2008.12.15 17:39:25 | 00,016,969 | ---- | M] () RRT.zip -> %SystemDrive%\RRT.zip -> [2008.12.15 17:00:35 | 00,139,167 | ---- | M] () TaskManagerFix.exe -> %SystemDrive%\TaskManagerFix.exe -> [2008.12.14 18:35:55 | 00,151,552 | ---- | M] (Task Manager Fix) pctplfw.sys -> %SystemRoot%\System32\drivers\pctplfw.sys -> [2008.12.11 17:01:04 | 00,095,640 | ---- | M] (PC Tools) PCTCore.sys -> %SystemRoot%\System32\drivers\PCTCore.sys -> [2008.12.11 12:32:20 | 00,132,976 | ---- | M] (PC Tools) PCTAppEvent.sys -> %SystemRoot%\System32\drivers\PCTAppEvent.sys -> [2008.12.11 12:32:18 | 00,073,840 | ---- | M] (PC Tools) pctgntdi.sys -> %SystemRoot%\System32\drivers\pctgntdi.sys -> [2008.12.11 08:38:22 | 00,159,600 | ---- | M] (PC Tools) MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008.12.09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008.12.03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008.12.03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008.11.28 13:33:10 | 00,002,121 | ---- | M] () GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [2008.11.20 20:11:09 | 00,033,056 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008.11.11 21:05:00 | 00,980,900 | ---- | M] () perfh007.dat -> %SystemRoot%\System32\perfh007.dat -> [2008.11.11 21:05:00 | 00,422,192 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008.11.11 21:05:00 | 00,406,662 | ---- | M] () perfc007.dat -> %SystemRoot%\System32\perfc007.dat -> [2008.11.11 21:05:00 | 00,077,302 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008.11.11 21:05:00 | 00,063,862 | ---- | M] () pad_file.xml -> %SystemDrive%\pad_file.xml -> [2008.11.02 15:13:46 | 00,014,876 | ---- | M] () info.htm -> %SystemDrive%\info.htm -> [2008.11.02 15:13:46 | 00,006,742 | ---- | M] () mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008.10.24 05:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008.10.24 05:10:42 | 00,453,632 | ---- | M] (Microsoft Corporation) gdi32.dll -> %SystemRoot%\System32\gdi32.dll -> [2008.10.23 06:59:11 | 00,283,648 | ---- | M] (Microsoft Corporation) gdi32.dll -> %SystemRoot%\System32\dllcache\gdi32.dll -> [2008.10.23 06:59:11 | 00,283,648 | ---- | M] (Microsoft Corporation) tzchange.exe -> %SystemRoot%\System32\tzchange.exe -> [2008.10.22 03:47:07 | 00,062,976 | ---- | M] (Microsoft Corporation) webct_upload_applet.properties -> %UserProfile%\webct_upload_applet.properties -> [2008.10.18 20:55:26 | 00,000,087 | ---- | M] () mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2008.10.17 01:34:18 | 03,593,216 | ---- | M] (Microsoft Corporation) mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2008.10.17 01:34:18 | 03,593,216 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008.10.16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2008.10.16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008.10.16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008.10.16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2008.10.16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\dllcache\wucltui.dll -> [2008.10.16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008.10.16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\dllcache\wuapi.dll -> [2008.10.16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2008.10.16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\dllcache\wuaucpl.cpl -> [2008.10.16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\dllcache\cdm.dll -> [2008.10.16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\cdm.dll -> [2008.10.16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008.10.16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2008.10.16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008.10.16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\wups.dll -> [2008.10.16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\dllcache\wups.dll -> [2008.10.16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2008.10.16 14:08:54 | 00,031,768 | ---- | M] (Microsoft Corporation) wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2008.10.16 14:08:02 | 00,027,672 | ---- | M] (Microsoft Corporation) wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008.10.16 14:08:02 | 00,027,672 | ---- | M] (Microsoft Corporation) wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2008.10.16 14:07:16 | 00,018,968 | ---- | M] (Microsoft Corporation) mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2008.10.16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation) muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2008.10.16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation) mucltui.dll.mui -> %SystemRoot%\System32\mucltui.dll.mui -> [2008.10.16 14:06:46 | 00,027,496 | ---- | M] (Microsoft Corporation) wininet.dll -> %SystemRoot%\System32\wininet.dll -> [2008.10.16 14:04:20 | 00,826,368 | ---- | M] (Microsoft Corporation) wininet.dll -> %SystemRoot%\System32\dllcache\wininet.dll -> [2008.10.16 14:04:20 | 00,826,368 | ---- | M] (Microsoft Corporation) urlmon.dll -> %SystemRoot%\System32\urlmon.dll -> [2008.10.16 14:04:19 | 01,160,192 | ---- | M] (Microsoft Corporation) urlmon.dll -> %SystemRoot%\System32\dllcache\urlmon.dll -> [2008.10.16 14:04:19 | 01,160,192 | ---- | M] (Microsoft Corporation) webcheck.dll -> %SystemRoot%\System32\webcheck.dll -> [2008.10.16 14:04:19 | 00,233,472 | ---- | M] (Microsoft Corporation) webcheck.dll -> %SystemRoot%\System32\dllcache\webcheck.dll -> [2008.10.16 14:04:19 | 00,233,472 | ---- | M] (Microsoft Corporation) mstime.dll -> %SystemRoot%\System32\mstime.dll -> [2008.10.16 14:04:18 | 00,671,232 | ---- | M] (Microsoft Corporation) mstime.dll -> %SystemRoot%\System32\dllcache\mstime.dll -> [2008.10.16 14:04:18 | 00,671,232 | ---- | M] (Microsoft Corporation) url.dll -> %SystemRoot%\System32\url.dll -> [2008.10.16 14:04:18 | 00,105,984 | ---- | M] (Microsoft Corporation) url.dll -> %SystemRoot%\System32\dllcache\url.dll -> [2008.10.16 14:04:18 | 00,105,984 | ---- | M] (Microsoft Corporation) occache.dll -> %SystemRoot%\System32\occache.dll -> [2008.10.16 14:04:18 | 00,102,912 | ---- | M] (Microsoft Corporation) occache.dll -> %SystemRoot%\System32\dllcache\occache.dll -> [2008.10.16 14:04:18 | 00,102,912 | ---- | M] (Microsoft Corporation) pngfilt.dll -> %SystemRoot%\System32\pngfilt.dll -> [2008.10.16 14:04:18 | 00,044,544 | ---- | M] (Microsoft Corporation) pngfilt.dll -> %SystemRoot%\System32\dllcache\pngfilt.dll -> [2008.10.16 14:04:18 | 00,044,544 | ---- | M] (Microsoft Corporation) mshtmled.dll -> %SystemRoot%\System32\mshtmled.dll -> [2008.10.16 14:04:17 | 00,477,696 | ---- | M] (Microsoft Corporation) mshtmled.dll -> %SystemRoot%\System32\dllcache\mshtmled.dll -> [2008.10.16 14:04:17 | 00,477,696 | ---- | M] (Microsoft Corporation) msrating.dll -> %SystemRoot%\System32\msrating.dll -> [2008.10.16 14:04:17 | 00,193,024 | ---- | M] (Microsoft Corporation) msrating.dll -> %SystemRoot%\System32\dllcache\msrating.dll -> [2008.10.16 14:04:17 | 00,193,024 | ---- | M] (Microsoft Corporation) msfeeds.dll -> %SystemRoot%\System32\msfeeds.dll -> [2008.10.16 14:04:14 | 00,459,264 | ---- | M] (Microsoft Corporation) msfeeds.dll -> %SystemRoot%\System32\dllcache\msfeeds.dll -> [2008.10.16 14:04:14 | 00,459,264 | ---- | M] (Microsoft Corporation) msfeedsbs.dll -> %SystemRoot%\System32\msfeedsbs.dll -> [2008.10.16 14:04:14 | 00,052,224 | ---- | M] (Microsoft Corporation) msfeedsbs.dll -> %SystemRoot%\System32\dllcache\msfeedsbs.dll -> [2008.10.16 14:04:14 | 00,052,224 | ---- | M] (Microsoft Corporation) inetcpl.cpl -> %SystemRoot%\System32\inetcpl.cpl -> [2008.10.16 14:04:13 | 01,831,424 | ---- | M] (Microsoft Corporation) inetcpl.cpl -> %SystemRoot%\System32\dllcache\inetcpl.cpl -> [2008.10.16 14:04:13 | 01,831,424 | ---- | M] (Microsoft Corporation) jsproxy.dll -> %SystemRoot%\System32\jsproxy.dll -> [2008.10.16 14:04:13 | 00,027,648 | ---- | M] (Microsoft Corporation) jsproxy.dll -> %SystemRoot%\System32\dllcache\jsproxy.dll -> [2008.10.16 14:04:13 | 00,027,648 | ---- | M] (Microsoft Corporation) ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008.10.16 14:04:12 | 06,066,176 | ---- | M] (Microsoft Corporation) ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008.10.16 14:04:12 | 06,066,176 | ---- | M] (Microsoft Corporation) iertutil.dll -> %SystemRoot%\System32\iertutil.dll -> [2008.10.16 14:04:12 | 00,267,776 | ---- | M] (Microsoft Corporation) iertutil.dll -> %SystemRoot%\System32\dllcache\iertutil.dll -> [2008.10.16 14:04:12 | 00,267,776 | ---- | M] (Microsoft Corporation) iernonce.dll -> %SystemRoot%\System32\iernonce.dll -> [2008.10.16 14:04:12 | 00,044,544 | ---- | M] (Microsoft Corporation) iernonce.dll -> %SystemRoot%\System32\dllcache\iernonce.dll -> [2008.10.16 14:04:12 | 00,044,544 | ---- | M] (Microsoft Corporation) iedkcs32.dll -> %SystemRoot%\System32\iedkcs32.dll -> [2008.10.16 14:04:09 | 00,384,512 | ---- | M] (Microsoft Corporation) iedkcs32.dll -> %SystemRoot%\System32\dllcache\iedkcs32.dll -> [2008.10.16 14:04:09 | 00,384,512 | ---- | M] (Microsoft Corporation) ieapfltr.dll -> %SystemRoot%\System32\ieapfltr.dll -> [2008.10.16 14:04:09 | 00,383,488 | ---- | M] (Microsoft Corporation) ieapfltr.dll -> %SystemRoot%\System32\dllcache\ieapfltr.dll -> [2008.10.16 14:04:09 | 00,383,488 | ---- | M] (Microsoft Corporation) ieaksie.dll -> %SystemRoot%\System32\ieaksie.dll -> [2008.10.16 14:04:08 | 00,230,400 | ---- | M] (Microsoft Corporation) ieaksie.dll -> %SystemRoot%\System32\dllcache\ieaksie.dll -> [2008.10.16 14:04:08 | 00,230,400 | ---- | M] (Microsoft Corporation) ieakeng.dll -> %SystemRoot%\System32\ieakeng.dll -> [2008.10.16 14:04:08 | 00,153,088 | ---- | M] (Microsoft Corporation) ieakeng.dll -> %SystemRoot%\System32\dllcache\ieakeng.dll -> [2008.10.16 14:04:08 | 00,153,088 | ---- | M] (Microsoft Corporation) extmgr.dll -> %SystemRoot%\System32\extmgr.dll -> [2008.10.16 14:04:08 | 00,133,120 | ---- | M] (Microsoft Corporation) extmgr.dll -> %SystemRoot%\System32\dllcache\extmgr.dll -> [2008.10.16 14:04:08 | 00,133,120 | ---- | M] (Microsoft Corporation) icardie.dll -> %SystemRoot%\System32\icardie.dll -> [2008.10.16 14:04:08 | 00,063,488 | ---- | M] (Microsoft Corporation) icardie.dll -> %SystemRoot%\System32\dllcache\icardie.dll -> [2008.10.16 14:04:08 | 00,063,488 | ---- | M] (Microsoft Corporation) dxtmsft.dll -> %SystemRoot%\System32\dxtmsft.dll -> [2008.10.16 14:04:07 | 00,347,136 | ---- | M] (Microsoft Corporation) dxtmsft.dll -> %SystemRoot%\System32\dllcache\dxtmsft.dll -> [2008.10.16 14:04:07 | 00,347,136 | ---- | M] (Microsoft Corporation) dxtrans.dll -> %SystemRoot%\System32\dxtrans.dll -> [2008.10.16 14:04:07 | 00,214,528 | ---- | M] (Microsoft Corporation) dxtrans.dll -> %SystemRoot%\System32\dllcache\dxtrans.dll -> [2008.10.16 14:04:07 | 00,214,528 | ---- | M] (Microsoft Corporation) advpack.dll -> %SystemRoot%\System32\dllcache\advpack.dll -> [2008.10.16 14:04:07 | 00,124,928 | ---- | M] (Microsoft Corporation) advpack.dll -> %SystemRoot%\System32\advpack.dll -> [2008.10.16 14:04:07 | 00,124,928 | ---- | M] (Microsoft Corporation) ieudinit.exe -> %SystemRoot%\System32\ieudinit.exe -> [2008.10.16 07:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation) ieudinit.exe -> %SystemRoot%\System32\dllcache\ieudinit.exe -> [2008.10.16 07:11:09 | 00,013,824 | ---- | M] (Microsoft Corporation) ie4uinit.exe -> %SystemRoot%\System32\ie4uinit.exe -> [2008.10.16 07:10:46 | 00,070,656 | ---- | M] (Microsoft Corporation) ie4uinit.exe -> %SystemRoot%\System32\dllcache\ie4uinit.exe -> [2008.10.16 07:10:46 | 00,070,656 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008.10.15 10:57:39 | 00,332,800 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008.10.15 10:57:39 | 00,332,800 | ---- | M] (Microsoft Corporation) iexplore.exe -> %SystemRoot%\System32\dllcache\iexplore.exe -> [2008.10.15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) ieakui.dll -> %SystemRoot%\System32\ieakui.dll -> [2008.10.15 01:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation) ieakui.dll -> %SystemRoot%\System32\dllcache\ieakui.dll -> [2008.10.15 01:04:53 | 00,161,792 | ---- | M] (Microsoft Corporation) VirtualDub-1.8.6.zip -> %SystemDrive%\VirtualDub-1.8.6.zip -> [2008.10.12 17:39:52 | 01,378,435 | ---- | M] () strmdll.dll -> %SystemRoot%\System32\strmdll.dll -> [2008.10.03 04:15:49 | 00,247,326 | ---- | M] (Microsoft Corporation) strmdll.dll -> %SystemRoot%\System32\dllcache\strmdll.dll -> [2008.10.03 04:15:49 | 00,247,326 | ---- | M] (Microsoft Corporation) win.ini -> %SystemRoot%\win.ini -> [2008.09.29 22:04:56 | 00,000,797 | ---- | M] () wkcalcat.dat -> %AllUsersProfile%\Anwendungsdaten\Microsoft\Works\wkcalcat.dat -> [2008.01.02 20:17:49 | 00,016,384 | ---- | M] () hhcolreg.dat -> %AllUsersProfile%\Anwendungsdaten\Microsoft\HTML Help\hhcolreg.dat -> [2007.12.26 23:37:33 | 00,001,305 | ---- | M] () wklntsk1.dat -> %AllUsersProfile%\Anwendungsdaten\Microsoft\Works\wklntsk1.dat -> [2006.06.11 08:43:50 | 00,178,297 | ---- | M] () data.dat -> %AllUsersProfile%\Anwendungsdaten\Microsoft\Office\Data\data.dat -> [2006.06.11 08:43:30 | 00,003,804 | ---- | M] () [Alternate Data Streams] @Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable @Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable @Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Anwendungsdaten\TEMP:C31F31E6 @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Anwendungsdaten\TEMP:DFC5A2B2 [File - Purity Scan] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP:C31F31E6 124 bytes C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP:DFC5A2B2 98 bytes scan completed successfully hidden files: 407 < End of report > [/code]