[Lorca]

Here are the OT and HiJack logs.
I can't download the Kaspersky tool, because I still cannot
access the Kaspersky site.



Process Explorer.EXE killed successfully!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\akno.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\amqc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\bkfm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\bqim.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\bupv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\cgee.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\darl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\dbtivj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ehqbq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\fwrn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\fwypw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gfnmst.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gpfuf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hasni.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hgcuu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hxaxcm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\iaje.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\icjfdy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ieor.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\iptcix.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ispsgg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jcveib.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jmtmah.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jroic.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jtex.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\kuny.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\kwlm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\lgdr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mcsqe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\meqxsj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mkfs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ncdjaq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ngec.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ogqxe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oobdc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\osaj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ovlini.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\owxh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\pljyq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\pqiae.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\pxyxc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qjjnwp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qtdm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qwfam.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qyspl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\rnysfs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\rsvle.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\skkpyr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\sust.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tiwx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\uajt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\uauovs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\uaxbek.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ullbox.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\upfhh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\upkib.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vdtepj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vqthfw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vtvaas.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaohwbl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winapxdff.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbisl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbrlj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbtcc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincisxyy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincujcyc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincvhjmd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincxow.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windcisc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windirji.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windrpxfo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wineegwiq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winegpelp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winendhlc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wineqvg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfgww.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfmgg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winfxtw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingbmxtg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingdnvd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingjhfx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingjqlc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingsdque.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingubnq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhuqnu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wininxs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiuvb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winivran.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiwqcbv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winixcjir.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiychh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjbqtk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjdtlp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjixl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjqcue.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjqyqu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjrbj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjtpv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjybh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjymy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkcqm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkfpdn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkhtplb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkjvs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkkpvqw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkywobq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlajb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmdtnqv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmdvw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmjsao.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winngyrqj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnhunod.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnopg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winoagxc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winouqmfc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winphdsd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winpiwo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winpper.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winpugk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winpunkv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winpxbf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winpyihb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winpypk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqjrgyt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqogf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrdsob.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrmlgvg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrppjm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrqgrc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrrxbgo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winshqvhn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsixcdw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winslrq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsrjuu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintbiy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintbufis.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintsonv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuagiwl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuqmv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winveooy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvhkks.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvkifl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvobgj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvyydvg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwkjg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwvnl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwxbkmp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxaclsc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxfbu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxpniu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyenegu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wntne.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wxaw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\xflhk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\xhak.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\xlhn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\yacy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\yxpp.exe deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\alnl.exe scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winiwmvy.exe scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winjvex.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.4.0 fix logfile created on 12262008_185126

Files moved on Reboot...
C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\alnl.exe moved successfully.
C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winiwmvy.exe moved successfully.
C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winjvex.exe moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_f0.dat not found!

Registry entries deleted on Reboot...





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:46, on 26.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hkti.exe
C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winungo.exe
C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ulwl.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.t-online....w5_internet.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programme\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase6662.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4781 bytes

[Advertisements]

Hi lorca,

Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.

Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the entire contents inside the QUOTE box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.

Next

Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Lastly in this post, lets see if you can do this one:

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Click on Start scanning at the foot of the page
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

[emeraldnzl]

Hi lorca,

Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.

Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the entire contents inside the QUOTE box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.

Next

Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Lastly in this post, lets see if you can do this one:

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Click on Start scanning at the foot of the page
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
• Click the Show Report button and Copy&Paste the entire report in your next reply.

[Lorca]

"Obtain DNS servers automatically" is already my default.

I ran the cmd and the HostsXpert.

I tried to access the online scanner, but again, no success. The page just won't load!

[emeraldnzl]

Hello lorca,

I tried to access the online scanner, but again, no success. The page just won't load!

Those actions were always an outside chance.

As you must be aware this infection is very difficult and many times the only solution is to re-format.

However we don't want to give up yet. Minds greater than mine are helping on this.

Now I want to try a different tool to see if it can get at what we think might be the source. If it works we will still need to clean up a whole lot of stuff.

1. Please download The Avenger by Swandog46 to your Desktop.

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
abp470n5

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

After that

Please run OTScanIt2 again and upload the file here.

Edited by emeraldnzl, 27 December 2008 - 01:31 PM.
spelling

[Lorca]

Hi emeraldnzl,

I really appreciate all of your time and help with this infection! Thank you!

I ran The Avenger, and it rebooted twice.
(Immediately after showing the "First step completed, Avenger has been successfully
set up to run on next reboot" window, I got another "Editing
of registry has been disabled by administrator" window, though)

Here is the Avenger log:


Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "abp470n5" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



(By the way, I might have access to another computer today, and
I thought about downloading some of the programs I can't access from here,
zip them and then send them to myself as an attachment. Which
files would you recommend I download?)


 OTScanIt.Txt   224.42KB   117 downloads

[emeraldnzl]

(By the way, I might have access to another computer today, and
I thought about downloading some of the programs I can't access from here,
zip them and then send them to myself as an attachment. Which
files would you recommend I download?)

If you can download the Kaspersky AVP tool and run it that would be good, it comes with it's definitions update included.

An easy way to do it is to download to a flash drive or some similar storage device and then plug in and run on the infected machine.

The AVP tool takes a very long time to run... I mean a very long time, the last one I used it on took 13 hours.

Sometimes it might look if it is doing nothing. Just leave it and let it do it's job. It will be worth it if it can find and remove the infection.

I will wait the outcome of that before trying anything else.

Here are the instructions for it again just in case you are not sure:

It is a pretty big download at 28mb's but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode.
  

  You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
  Use your up arrow key to highlight SafeMode then hit enter.

• Double click the setup file to run it.
• Click Next to continue.
• It will by default install it to your desktop folder.Click Next.
• Hit ok at the prompt for scanning in Safe Mode.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• System Memory
• Startup Objects
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be Neutralized then chooose The delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file, name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  

  Note: This tool will self uninstall when you close it so please save the log before closing it.

So when you come back please post the results of the Kaspersky AVP tool.

Also, just curious; why do you think it is the Sality infection? Did you run a scan? If so have you still got the log from it?

[Lorca]

Kaspersky sounds good, even if I have to spend that many hours in front it!
(Here's why: One of those random letter .exe files always starts to take up 99% of the CPU.
My laptop is old, and can't cool down the processor well enough, so after a while, when it gets too hot, it just shuts down
if I don't end the process. I guess I'm lucky that at least this TaskManagerFix program is working!)

By the way, you mentioned the safe mode again. Can I run Kaspersky without the safe mode?

About Sality: A short while after the infection, I was able to download and run
AVG 8, and it found files infected with Tanatos/Heur (their name for Sality),
but could not repair them, so I deinstalled it. I don't have any logs.
(Also, on my girlfriend's computer, I managed to run Avira, and it gave me the
identification Sality.AA)

Thanks for the instructions! I'll keep you posted!

P.S.:
And about the flashdrive: Right know, I got an infected one (with which I spread the infection
to my girlfriend's laptop, but that's another story), which I obviously should not plug into
another computer. I have another one, which is clean, but how can I keep that one
from getting infected when I plug it into my laptop?

Edited by Lorca, 27 December 2008 - 04:10 PM.

[emeraldnzl]

Can I run Kaspersky without the safe mode?

Yep, should have said that. I want you to try it whatever way you can.

I have another one, which is clean, but how can I keep that one
from getting infected when I plug it into my laptop?

We can run a flash drive disinfector later. Only thing I can think of. We need to get the AVP across to the infected computer somehow.

Before you do that though please do this

• Right click on the Avenger.zip folder and select "Extract All..."
• Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to delete:
abp470n5
Registry values to delete:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System|"DisableTaskMgr"=dword:00000001
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System|"DisableRegistryTools"=dword:00000001

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

• Right click on the window under Input script here:, and select Paste.
• You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
• Click on Execute
• Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply .

Next

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Driver Services - Safe List]
YY -> (abp470n5) abp470n5 [Kernel | On_Demand | Running] -> 
YY -> (abp470n5) abp470n5 [Kernel | On_Demand | Running] -> 
[Registry - Safe List]
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\ ->"DisableRegistryTools" [1]
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005] > -> HKEY_USERS\S-1-5-21-1078081533-73586283-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
YN -> \\"DisableTaskMgr" -> [1]
YN -> \\"DisableRegistryTools" -> [1]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aeejw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aeejw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aeejw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alnl.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alnl.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alnl.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alqw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alqw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alqw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aodoe.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aodoe.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aodoe.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\biorqg.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\biorqg.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\biorqg.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\devtot.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\devtot.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\devtot.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ekjf.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ekjf.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ekjf.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\flfu.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\flfu.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\flfu.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\fwvmc.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\fwvmc.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\fwvmc.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\glye.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\glye.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\glye.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gmebn.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gmebn.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gmebn.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gqwad.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gqwad.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gqwad.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gwxoe.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gwxoe.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gwxoe.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hddu.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hddu.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hddu.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hgcmy.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hgcmy.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hgcmy.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hhtl.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hhtl.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hhtl.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hkti.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hkti.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hkti.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hsyms.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hsyms.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hsyms.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hyjlhv.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hyjlhv.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hyjlhv.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\iiqfw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\iiqfw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\iiqfw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jobo.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jobo.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jobo.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ktsa.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ktsa.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ktsa.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\lbkyxt.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\lbkyxt.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\lbkyxt.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\meqix.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\meqix.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\meqix.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mpvv.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mpvv.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mpvv.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mrrfp.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mrrfp.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mrrfp.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mxrs.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mxrs.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mxrs.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nffdu.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nffdu.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nffdu.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\npwbpm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\npwbpm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\npwbpm.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nulotj.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nulotj.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nulotj.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oadvru.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oadvru.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oadvru.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oafc.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oafc.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oafc.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\okwlnj.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\okwlnj.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\okwlnj.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\omqhge.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\omqhge.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\omqhge.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qrqudm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qrqudm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qrqudm.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\rudb.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\rudb.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\rudb.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\skdfwk.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\skdfwk.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\skdfwk.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\thvleb.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\thvleb.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\thvleb.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tkrw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tkrw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tkrw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ulwl.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ulwl.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ulwl.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vrsvmr.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vrsvmr.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vrsvmr.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vuhvb.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vuhvb.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vuhvb.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaewd.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaewd.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaewd.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaomxf.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaomxf.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaomxf.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winasbw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winasbw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winasbw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbewjro.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbewjro.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbewjro.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbjqqt.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbjqqt.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbjqqt.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbmkj.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbmkj.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbmkj.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbnkmy.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbnkmy.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbnkmy.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbtly.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbtly.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbtly.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbwduky.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbwduky.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbwduky.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincjpm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincjpm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincjpm.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winckyn.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winckyn.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winckyn.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windcere.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windcere.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windcere.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windllvdr.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windllvdr.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windllvdr.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winebxdh.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winebxdh.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winebxdh.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wineige.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wineige.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wineige.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglmq.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglmq.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglmq.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglqf.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglqf.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglqf.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingseo.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingseo.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingseo.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhcro.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhcro.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhcro.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhsgntd.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhsgntd.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhsgntd.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhspd.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhspd.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhspd.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhuirm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhuirm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhuirm.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiixm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiixm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiixm.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiucvtk.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiucvtk.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiucvtk.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiwmvy.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiwmvy.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiwmvy.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjcvlc.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjcvlc.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjcvlc.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjmfhdj.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjmfhdj.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjmfhdj.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjvex.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjvex.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjvex.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkrahs.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkrahs.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkrahs.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkwkbu.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkwkbu.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkwkbu.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlefplx.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlefplx.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlefplx.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmamt.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmamt.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmamt.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmnjjpd.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmnjjpd.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmnjjpd.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmsdl.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmsdl.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmsdl.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnjleg.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnjleg.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnjleg.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnnbidw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnnbidw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnnbidw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnvqcm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnvqcm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnvqcm.exe:*:Enabled:ipsec]
YY -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winoejc.exe" -> C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winoejc.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winoejc.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winokkuly.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winokkuly.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winokkuly.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winouskey.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winouskey.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winouskey.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winprnxlv.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winprnxlv.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winprnxlv.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winptnni.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winptnni.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winptnni.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqatsp.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqatsp.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqatsp.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqbql.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqbql.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqbql.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqmnet.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqmnet.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqmnet.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqnhydl.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqnhydl.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqnhydl.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrxao.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrxao.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrxao.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsaat.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsaat.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsaat.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsuwc.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsuwc.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsuwc.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintgxiga.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintgxiga.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintgxiga.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuffiw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuffiw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuffiw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuhdvrn.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuhdvrn.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuhdvrn.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winungo.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winungo.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winungo.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvmmf.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvmmf.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvmmf.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvnmpcm.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvnmpcm.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvnmpcm.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvsxuw.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvsxuw.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvsxuw.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwgfmu.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwgfmu.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwgfmu.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwhdbok.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwhdbok.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwhdbok.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwjido.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwjido.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwjido.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwrga.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwrga.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwrga.exe:*:Enabled:ipsec]
YY -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxbrwaj.exe" -> C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winxbrwaj.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxbrwaj.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxiitc.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxiitc.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxiitc.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvrp.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvrp.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvrp.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvtb.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvtb.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvtb.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyybh.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyybh.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyybh.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wqujk.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wqujk.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wqujk.exe:*:Enabled:ipsec]
YN -> "C:\DOKUME~1\Ludwig\LOKALE~1\Temp\xyet.exe" -> C:\DOKUME~1\Ludwig\LOKALE~1\Temp\xyet.exe [C:\DOKUME~1\Ludwig\LOKALE~1\Temp\xyet.exe:*:Enabled:ipsec]
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

[b]So when you return please post

• Avenger log
• OTMoveIt2 report
• Kaspersky AVP scan results

[Lorca]

I just tried the Avenger script, and got the following error message:

"Error: Invalid registry syntax in command:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System|"DisableTaskMgr"=dword:00000001
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line."

After this message, I aborted.

[emeraldnzl]

Just proceed with the rest. Leave the Avenger script.

[Lorca]

Hi emeraldnzl,

I was able to download Kaspersky AVP and other programs I wasn't able
to access on my laptop onto my thumbdrive.

Unfortunately, I can't access this drive now. Autostart doesn't work, and when I
try to open it manually, "Minesweeper" (!) starts up.

Any ideas how I can access this drive?

(This infection is driving me insane! Thanks for all your help so far!)

[Lorca]

Update: I was able to access Kaspersky via the search function. I will run the scan now and post the results
as soon as possible.

I also ran the OT fix:

Process Explorer.EXE killed successfully!
[Driver Services - Safe List]
Unable to stop service abp470n5!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp470n5 deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_abp470n5\ scheduled to be deleted on reboot.
Unable to delete service abp470n5!
File not found.
Unable to stop service abp470n5!
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_abp470n5\ scheduled to be deleted on reboot.
Unable to delete service abp470n5!
File not found.
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aeejw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alnl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\alqw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\aodoe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\biorqg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\devtot.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ekjf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\flfu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\fwvmc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\glye.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gmebn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gqwad.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\gwxoe.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hddu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hgcmy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hhtl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hkti.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hsyms.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\hyjlhv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\iiqfw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\jobo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ktsa.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\lbkyxt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\meqix.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mpvv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mrrfp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\mxrs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nffdu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\npwbpm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nulotj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oadvru.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\oafc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\okwlnj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\omqhge.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\qrqudm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\rudb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\skdfwk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\thvleb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\tkrw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ulwl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vrsvmr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\vuhvb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaewd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winaomxf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winasbw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbewjro.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbjqqt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbmkj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbnkmy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbtly.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winbwduky.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wincjpm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winckyn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windcere.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\windllvdr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winebxdh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wineige.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglmq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winglqf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wingseo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhcro.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhsgntd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhspd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winhuirm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiixm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiucvtk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winiwmvy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjcvlc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjmfhdj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winjvex.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkrahs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winkwkbu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winlefplx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmamt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmnjjpd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winmsdl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnjleg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnnbidw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winnvqcm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winoejc.exe deleted successfully.
File C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winoejc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winokkuly.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winouskey.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winprnxlv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winptnni.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqatsp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqbql.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqmnet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winqnhydl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winrxao.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsaat.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winsuwc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wintgxiga.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuffiw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winuhdvrn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winungo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvmmf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvnmpcm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winvsxuw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwgfmu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwhdbok.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwjido.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winwrga.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxbrwaj.exe deleted successfully.
File C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winxbrwaj.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winxiitc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvrp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyvtb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\winyybh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\wqujk.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOKUME~1\Ludwig\LOKALE~1\Temp\xyet.exe deleted successfully.
[Empty Temp Folders]
File delete failed. C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\walq.exe scheduled to be deleted on reboot.
File delete failed. C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winexpget.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_248.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.4.0 fix logfile created on 12282008_143139

Files moved on Reboot...
C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\walq.exe moved successfully.
C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winexpget.exe moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_248.dat not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_abp470n5\ scheduled to be deleted on reboot.

[emeraldnzl]

Well done that man

[Lorca]

Hi emeraldnzl,

Here's the top portion of the Kaspersky results:




Scan
----
Scanned: 662873
Detected: 516
Untreated: 0
Start time: 28.12.2008 14:43:45
Duration: 11:35:34
Finish time: 29.12.2008 02:19:19


Detected
--------
Status Object
------ ------
will be disinfected when the computer is restarted: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\jusched.exe
will be disinfected when the computer is restarted: virus Virus.Win32.Sality.aa File: C:\WINDOWS\SOUNDMAN.EXE
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\family tree maker 2005\ftw.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\java\jre6\bin\javaw.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\java\jre6\bin\javaws.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft office\office10\mstore.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\msworks.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\gemeinsame dateien\microsoft shared\shoebox\piolch.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\itunes\ituneshelper.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\gemeinsame dateien\installshield\driver\11\intel 32\idrivert.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\ipod\bin\ipodservice.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\adobe\acrobat 7.0\reader\acrord32.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\dokumente und einstellungen\ludwig\desktop\combofix.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\lexmark fax solutions\faxctr.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\trend micro\hijackthis\hijackthis.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\icq6\icq.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\itunes\itunes.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\malwarebytes' anti-malware\mbam.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\messenger\msmsgs.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\msn\msncorefiles\msn6.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\ahead\coverdesigner\coverdes.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\ahead\nero\nero.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\ahead\nero startsmart\nerostartsmart.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\lexmark 1200 series\pheditor.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\quicktime\pictureviewer.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\quicktime\quicktimeplayer.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\gemeinsame dateien\real\update_ob\rnxproc.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\sony\sony picture utility\browser\spubrowser.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\sony\sony picture utility\inittool\spuinit.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\sony\sony picture utility\volumewatcher\spuvolumewatcher.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\wkplmstp.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\gemeinsame dateien\microsoft shared\works shared\wkscal.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\wksdb.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\wkssb.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\wksss.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\wkswp.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\wkwcestp.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft works\wkwdstub.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\windows media components\encoder\wmenc.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\ahead\wmpburn\wmpburn.exe
disinfected: virus Virus.Win32.Sality.aa File: c:\programme\microsoft office\office10\osa.exe
will be deleted when the computer is restarted: Trojan program Trojan.Win32.Agent.ateq File: C:\DOKUME~1\Ludwig\LOKALE~1\Temp\pgrurq.exe//PE_Patch.UPX//UPX
will be deleted when the computer is restarted: Trojan program Trojan-Downloader.Win32.Small.agoy File: c:\dokumente und einstellungen\ludwig\lokale einstellungen\temp\kerppd.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\ATF_Cleaner.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\gspot221.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\palimpalim.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\rpc412_setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SmitfraudFix.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SUPERAntiSpyware.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\tunebite.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\UNWISE.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\vp6_decoder.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\XBOX PC.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\Fix_download.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\HJTInstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\LopSD.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\SmitfraudFix.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\TaskManagerFix.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\Dial-a-fix-v0.60.0.24\secedit.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\SmitfraudFix\Process.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\SmitfraudFix\Reboot.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\SmitfraudFix\SmiUpdate.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\SmitfraudFix\UIFix.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\SmitfraudFix\unzip.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Desktop\SmitfraudFix\WS2Fix.exe
deleted: Trojan program Trojan-Downloader.Win32.Small.agoy File: C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\isgeo.exe
deleted: Trojan program Trojan-Downloader.Win32.Small.agoy File: C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winhrgfs.exe
deleted: Trojan program Trojan.Win32.Agent.ateq File: C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winoqnkv.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan.Win32.Agent.ateq File: C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winsgpi.exe//PE_Patch.UPX//UPX
disinfected: virus Virus.Win32.Sality.aa File: C:\Dokumente und Einstellungen\Ludwig\Anwendungsdaten\Microsoft\Installer\{53480560-1C6A-43A7-A672-6462A374326D}\_166D7D0233B3_4E20_B35B_D96CC286AD1D.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\DOTNETFX\REBOOTST.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\DOTNETFX\RUNPROG.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\DOTNETFX\SETUP.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\AGP\AGPUtil\AGPutil.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\AGP\htpatch\HTinst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\AGP\htpatch\HTpatch.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\AGP\htpatch\HTuninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\SISfiles\ata133ap.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\SISfiles\instdrv.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\SISfiles\regmod.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\chipset\sis_agp_chipset_v7_2_0_1170_wxp\Source\sis_agp_chipset_v7_2_0_1170_wxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\display\ati_video_radeon9600_9700_v6_14_10_6430_wxp\AtiCimUn.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\display\ati_video_radeon9600_9700_v6_14_10_6430_wxp\issetup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\display\ati_video_radeon9600_9700_v6_14_10_6430_wxp\CPanel\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\display\ati_video_radeon9600_9700_v6_14_10_6430_wxp\Driver\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\display\ati_video_radeon9600_9700_v6_14_10_6430_wxp\Source\ati_video_radeon9600_9700_v6_14_10_6430_wxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\hotfix\KB319965_WXP_SP2\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\modem\smartlink_modem_v3_60_3_1141_wxp\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\modem\smartlink_modem_v3_60_3_1141_wxp\Source\smartlink_modem_v3_60_3_1141_wxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\network\ralink_msi6822_wlan_v2_02_01_0000_wxp\Source\ralink_msi6822_wlan_v2_02_01_0000_wxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\network\sis_lan_900pci_v1_16_0_0_wxp\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\network\sis_lan_900pci_v1_16_0_0_wxp\Source\sis_lan_900pci_v1_16_0_0_wxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\pcmcia\o2micro_oz711mc1_v1_0_6_4_wxp\instmsia.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\pcmcia\o2micro_oz711mc1_v1_0_6_4_wxp\instmsiw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\pcmcia\o2micro_oz711mc1_v1_0_6_4_wxp\O2Micro\mbxfinst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\pcmcia\o2micro_oz711mc1_v1_0_6_4_wxp\O2Micro\O2_Uninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\pcmcia\o2micro_oz711mc1_v1_0_6_4_wxp\O2Micro\SetupCB.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\pcmcia\o2micro_oz711mc1_v1_0_6_4_wxp\O2Micro\SetupMMB.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\pcmcia\o2micro_oz711mc1_v1_0_6_4_wxp\Source\o2micro_oz711mc1_v1_0_6_4_wxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\ALCRMV.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\ALCRMV9X.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\ALCUPD.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\GETDXVER.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\SetCDfmt.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\Ap\AvRack2.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\Source\realtek_sound_ac97_v5_10_00_5440_wxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\fsc.tmp\driver\sound\realtek_sound_ac97_v5_10_00_5440_wxp\WDM\SoundMan.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\gmax\gmaxFind.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\gmax\maxzip.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\gmax\gamepacks\BAT\SC4BatLauncher.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\HJT\alternativ.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\EXPAND.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\NETSETUP.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\NTSD.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\REGEDIT.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\SYSPARSE.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\TELNET.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\WINNT32.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\DRW\DWWIN.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\WIN9XMIG\FAX\AWDVSTUB.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\i386\WIN9XMIG\MAPI\DLL\MKNTFRMCACHE.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\JavaRa\JavaRa.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Lop SD\lsTasks.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Lop SD\OsV.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Lop SD\pv.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Lop SD\sed.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Lop SD\setpath.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Lop SD\Uninstal.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\CClaw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Delnvc5.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\eLogger.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Ndfedit.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Ninfo.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Niu.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Njeeves.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Nren.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Nvccf.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Nvcoa.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\BIN\Zlh.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Norman\NVC\NSE\Nse.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\pnp\lan\inf2cat.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\pnp\lan\refresh.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\pnp\lan\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\pnp\lan\SRV2003\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\pnp\lan\Win2000\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\pnp\lan\WinXP\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Program Files\ATI Technologies\ATI Control Panel\atiiprxx.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\AC3Filter\uninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\GER\instmsiw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig\GER\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig708\DEU\instmsiw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig708\DEU\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Photoshop Album 2.0\Apps\PsaProxy.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Photoshop Album 2.0\Shared_Assets\AutoRun\AdbeRdr60.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Adobe\Photoshop Album 2.0\Shared_Assets\AutoRun\viewer\ImageViewer.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero\NeroCmd.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero\Uninstall\UNNero.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero SoundTrax\SoundTrax.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero Toolkit\CDSpeed.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero Toolkit\DriveSpeed.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero Toolkit\InfoTool.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero Wave Editor\DXEnum.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Ahead\Nero Wave Editor\WaveEdit.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Alarm Clock\alarmclock.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ATI Technologies\ATI Control Panel\atiiprxx.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ATI Technologies\ATI Control Panel\atiphexx.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ATI Technologies\ATI Control Panel\atiprbxx.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx .exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\AVIcodec\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\AviSynth 2.5\Uninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Azureus\Uninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\bin\rechner.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\jre\bin\java.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\jre\bin\javaw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\jre\bin\keytool.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\jre\bin\policytool.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\jre\bin\rmid.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\jre\bin\rmiregistry.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\jre\bin\tnameserv.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\rechner\RECHNER.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\rechner\ves1030.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BAföG-Rechner PLUS\UninstallerData\resource\remove.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BearShare Applications\BearShare\FFPage.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BearShare Applications\BearShare\Launcher.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BearShare Applications\BearShare\UninstallSurvey.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BearShare Applications\BearShare\UNWISE.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\BearShare Applications\BearShare\UpdateInst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Buffy's Crossbow Training\buffy uninstal.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Canto Pod\Canto Pod.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Canto Pod\CantoLinker.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Canto Pod\Uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\CD to MP3 Ripper\mp3ripper.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\CD to MP3 Ripper\UNWISE.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\CD to MP3 Ripper\wmfdist.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ChessBase\Fritz6\ChessProgram.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\DivX\ConverterUninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\DivX\DivXBundleUninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\DivX\DivXCodecUninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\DivX\DivXPlayerUninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\DivX\DivX Codec\config.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\DivX\DivX Converter\Converter.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\eMule\emule.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\eMule\LinkCreator.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\eMule\Uninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\eMule.de Neu\emule.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Family Tree Maker 2005\artpschd.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Family Tree Maker 2005\Ftosub.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Family Tree Maker 2005\ftwr.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Family Tree Maker 2005\Install.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Family Tree Maker 2005\ASPI\ASPIKIT.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Family Tree Maker 2005\ASPI\SCSIACC.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\FLV Player\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\FreeRIP2\freerip2.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Adobe\Workflow\AdobeWorkgroupHelper.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriver.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriver2.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\InstallShield\Driver\7\Intel 32\IDriver.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver2.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\InstallShield\engine\6\Intel 32\IKernel.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_02.b06\patchjre.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_02.b06\zipper.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\patchjre.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\zipper.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06\patchjre.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_07.b06\zipper.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\OFFPRV10.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSPaper\MSPOCRDC.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSPaper\MSPSCAN.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSPaper\MSPVIEW.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSSearch\Bin\SrchAdmStp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Office10\DW.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Picture It!\ImprtWiz.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\vs7jit.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\dw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUpdat2.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\OO Software\EMC\ooabout.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\OO Software\EMC\oocinst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\OO Software\EMC\oorci.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Real\Update_OB\RealOneMessageCenter.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched .exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Real\Update_OB\upgrdhlp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Teleca Shared\IrCommunication.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Teleca Shared\ObexCommunication.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Gemeinsame Dateien\Teleca Shared\P800Communication.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\GSpot\Uninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ICQ6\IcqUpdater.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ICQLite\ICQLite .exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ICQLite\ICQLiteDBConverter.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ICQLite\ICQLiteUninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ICQLite\ICQLRun.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ICQLite\Unwise32.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\ICQLite\LiteDataFiles\icqfilexfer.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{27CE2A65-227C-4F08-9441-3A27D93A5EF4}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\IKernel.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{74C8BF56-6618-49AA-98BA-862223900CBF}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{9B94BE6F-7CA3-4C40-A266-62667FF746CC}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\1.09\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{E51F8EB2-0F55-4F80-9A1E-CE84BE063045}\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{E672B767-4483-419E-9C8A-0CE59390E79E}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\InterVideo\WinDVD\WinDVD.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\iTunes\iTunesHelper .exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\java-rmi.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\java.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\javacpl.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\jbroker.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\jp2launcher.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\jqsnotify.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\jucheck.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\jureg.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\keytool.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\kinit.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\klist.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\ktab.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\orbd.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\pack200.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\policytool.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\rmid.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\rmiregistry.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\servertool.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\ssvagent.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\tnameserv.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Java\jre6\bin\unpack200.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Joxer Invaders\joxer uninstal.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\LAB1.de\Dir-It!\Dir-It!.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark 1200 Series\LXCZaiox.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark 1200 Series\lxczbmgr .exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark 1200 Series\LXCZbmon.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark 1200 Series\Install\x86\Uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark Fax Solutions\FAXINST.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark Fax Solutions\instmsia.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark Fax Solutions\instmsiw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark Fax Solutions\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Lexmark Fax Solutions\Install\x86\Uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Malwarebytes' Anti-Malware\mbam-dor.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\63Building.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\AdlerPlanetarium.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\arctriomphe.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\brandenburggate.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\capitolrecords.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\castleramparts.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\eauninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\globe.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\grand_central.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Kunjungjon.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\LotEditorInstaller.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\MayflowerPort.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\parthenon.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Rockefeller.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\SanFranCityHall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\SC4BATInstaller.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\SC4_uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\SchlossSchoenbrun.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\seoulsoccerstadium.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\seoul_cityhall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Stonehenge.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\sungrye-mun.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\TaipeiArtMuseum.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\templeexpiatiori.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Apps\SC4PluginMan.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Apps\SimCity 4.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Support\go_ez.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Support\SimCity 4 Deluxe_code.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Support\SimCity 4 Deluxe_eReg.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Support\SimCity 4 Deluxe_EZ.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Maxis\SimCity 4 Deluxe\Support\SimCity 4 Deluxe_uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\MedienTeam66\WM Ticket Finder\WM_Ticket_Finder.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Messenger\msmsgsin.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\GRAPH.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\MAKECERT.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\MCDLC.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\MSE7.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\MSOFFICE.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\MSOHTMED.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\MSQRY32.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\MSTORDB.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\PROFLWIZ.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\SELFCERT.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\SETLANG.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\UNBIND.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Office\Office10\1031\MSOHELP.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Picture It! 9\dw15.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Picture It! 9\pi.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Picture It! 9\pip.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Works\WkDStore.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Works\wkgdcach.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Works\wklnckml.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Works Suite 2004\Setup\launcher.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Microsoft Works Suite 2004\Setup\setups.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Mozilla Firefox\uninstall\helper.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\mozilla.org\Mozilla\plugins\GetFlash.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\MSN\MSNCoreFiles\copymar.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\MSN\MSNCoreFiles\dw.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\MSN\MSNCoreFiles\update.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\MSN\MSNCoreFiles\Setup\msnunin.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\PokerStars\PokerStars.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\PokerStars\PokerStarsCommunicate.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\PokerStars\PokerStarsUpdate.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\PokerStars\Stub.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\PokerStars\Tracer.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\PokerStars\backup\PokerStars.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\QuickTime\QTInfo.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\QuickTime\QTSystem\ExportController.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\QuickTime\QTSystem\QuickTimeUpdateHelper.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Real\RealPlayer\Setup\setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SAGEM\SAGEM F@st 800-840\enddisk32.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SAGEM\SAGEM F@st 800-840\sagemmtu.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SAGEM\SAGEM F@st 800-840\Drivers\unaddrv.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SiSLan\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony\Sony Picture Utility\Browser\SPUMPThumb.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Capability Manager\CapabilityManager.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\File Manager\fmgrsrv.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\File Manager\fmobxsrv.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Networking Wizard\SEMCMNWizard.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\caleditatl.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\catcheventatl.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\dbgout.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\epm_util.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\setdbgout.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Mobile Phone Monitor\setregsecurity.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Sound Editor\soundeditor.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Sync Station\DXP Pim.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Sync Station\DXP SyncML.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Sync Station\Launcher.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Sync Station\SyncEngineApp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Sony Ericsson\Mobile\Sync Station\SyncStarter.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SUPERAntiSpyware\BootSafe.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SUPERAntiSpyware\SASINST.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SUPERAntiSpyware\SSUpdate.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-DSL SpeedManager\TDSLTest.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-DSL SpeedManager\TSMInst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-DSL SpeedManager\TSMSvc.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\MICFMan.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\Install\MdmImp\SetupM.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\Install\WLAcFnd\SetupW.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\Install\WLAcFnd\WLAcFnWB.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis1\Install\WLAcFnd\WLAcFIns\Setup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\T-Online\T-Online_Software_5\Basis-Software\Basis2\toregall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\TBridge\TBridge.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\VideoLAN\VLC\uninstall.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\VideoraiPodConverter\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\VideoraiPodConverter\apps\ffmpeg.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Winamp\UninstWA.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Winamp\winampa.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Live Safety Center\wlscUploader.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Components\Encoder\dw15.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Components\Encoder\settmp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Components\Encoder\wmasfdist.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Components\Encoder\wmeditor.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Components\Encoder\WMEncAgt.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Components\Encoder\wmfdist.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Components\Encoder\wmstypelib.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Joiner\Windows Media Joiner.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Windows Media Player\dlimport.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WinZip\WINZIP32.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WinZip\WZQKPICK.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WinZip\WZSEPE32.EXE
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\Registration.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\Restore.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\RMR.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\VHelp.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\WMR.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\WMR10.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\WMRestore.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\WMRPro.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\WM Recorder 10.2\WMVCR.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\XBCD\uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\Xena Breakout 1.2\xena breakout uninstal.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\XviD\MiniCalc.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\XviD\OGMCalc.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\XviD\StatsReader.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\XviD\vidccleaner.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Programme\YamiPod\Uninst.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\Qoobox\Quarantine\C\Programme\AVG\AVG8\avgiproxy.exe.vir
disinfected: virus Virus.Win32.Sality.aa File: C:\Qoobox\Quarantine\C\Programme\AVG\AVG8\avgrsx.exe.vir
disinfected: virus Virus.Win32.Sality.aa File: C:\Qoobox\Quarantine\C\Programme\AVG\AVG8\avgsrmax.exe.vir
disinfected: virus Virus.Win32.Sality.aa File: C:\Qoobox\Quarantine\C\Programme\AVG\AVG8\avgupd.exe.vir
disinfected: virus Virus.Win32.Sality.aa File: C:\Qoobox\Quarantine\C\Programme\AVG\AVG8\avgwdsvc.exe.vir
disinfected: virus Virus.Win32.Sality.aa File: C:\Qoobox\Quarantine\C\Programme\AVG\AVG8\fixcfg.exe.vir
disinfected: virus Virus.Win32.Sality.aa File: C:\Ralink\2004_0617_IS_STA_2500_D-2.2.6.0_UI-2.1.2.0\RaLink2_RT2500.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\download.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\grep.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\LS.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\Process.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\psservice.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\RestartIt!.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\sc.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\sed.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\SF.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\shutdown.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\unzip.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\vfind.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\zip.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SDFix\apps\Replace\regedit.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SmitfraudFix\Process.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SmitfraudFix\Reboot.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SmitfraudFix\SmiUpdate.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SmitfraudFix\UIFix.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SmitfraudFix\unzip.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\SmitfraudFix\WS2Fix.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\VirtualDub-1.8.6\auxsetup.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\WINDOWS\system32\DivXCodecVersionChecker.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.Exe
disinfected: virus Virus.Win32.Sality.aa File: C:\_OTScanIt\MovedFiles\12222008_173414\C_\setupeng.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\_OTScanIt\MovedFiles\12222008_173414\C_Dokumente und Einstellungen\Ludwig\Desktop\setupeng.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\_OTScanIt\MovedFiles\12222008_173414\C_WINDOWS\sed.exe
deleted: virus Virus.Win32.Iframer.c File: C:\_OTScanIt\MovedFiles\12262008_185126\C_Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\alnl.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\_OTScanIt\MovedFiles\12262008_185126\C_Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winiwmvy.exe
deleted: Trojan program Trojan.Win32.Agent.ateq File: C:\_OTScanIt\MovedFiles\12262008_185126\C_Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winjvex.exe
disinfected: virus Virus.Win32.Sality.aa File: C:\_OTScanIt\MovedFiles\12282008_143139\C_Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\walq.exe
deleted: Trojan program Trojan.Win32.Agent.ateq File: C:\_OTScanIt\MovedFiles\12282008_143139\C_Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\temp\winexpget.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\plpvlh.cmd
disinfected: virus Virus.Win32.Sality.aa File: E:\SDFix.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\SmitfraudFix.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\LopSD.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\ComboFix.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\setupeng.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\FixPolicies.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\SUPERAntiSpyware.exe
deleted: virus Virus.Win32.Iframer.c File: c:\_otscanit\movedfiles\12262008_185126

Edited by Lorca, 02 January 2009 - 09:53 PM.

[Lorca]

Got cut, here's the rest:


disinfected: virus Virus.Win32.Sality.aa File: E:\FixPolicies.exe
disinfected: virus Virus.Win32.Sality.aa File: E:\SUPERAntiSpyware.exe
deleted: virus Virus.Win32.Iframer.c File: c:\_otscanit\movedfiles\12262008_185126\c_dokumente und einstellungen\ludwig\lokale einstellungen\temp\alnl.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan.Win32.Agent.ateq File: c:\_otscanit\movedfiles\12262008_185126\c_dokumente und einstellungen\ludwig\lokale einstellungen\temp\winjvex.exe//PE_Patch.UPX//PE_Patch//UPX
deleted: Trojan program Trojan.Win32.Agent.ateq File: c:\_otscanit\movedfiles\12282008_143139\c_dokumente und einstellungen\ludwig\lokale einstellungen\temp\winexpget.exe//PE_Patch.UPX//UPX