Trojaner "cleansweep.exe" Rechner stürzt immer ab

Terminus · 02.07.2010, 06:10

Hallo liebes Forum,

ich bin neu hier und hoffe Ihr könnt mir helfen.
Ich hab mir nen Virus/Trojaner eingefangen und ich weiß mir keinen Rat.

Den fehler bemerkte ich als sich bei google merkwürdige Fenster öffneten und immer Java startete. Zb. klickte ich in google auf den link "meinvz.de" und es erschien eine mir völlig unseriöse Seite.

Ich hab AntiVir mehrmals durchlaufen lassen. Hat den Virus "crypt.xpack.gen" erkannt und beseitigt. Dieser tauscht aber immer wieder neu auf.

Danach habe ich Spybot installier und durchlaufen lassen. Dieses Program hat auch viele Fehler behoben. Meinen Rechner habe ich von Spybot nachträglich "Imunisieren" lassen.

Nun fährt mein Rechner sehr langsam hoch und nach 5min stürzt er ohne Grund ab. Er rechnert wie wild und findet kein Ende.

Im Moment kann ich den Rechner nur noch im Abgesicherten Modus betrieben.

Hijack This hab ich auch durchlaufen lassen. Dieser meldet folgenden Trojaner O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe.
Meine frage soll ich diese jetzt entfernen?

CCleaner habe ich noch nicht durchlaufen lassen. Ist das Programm ungefählich? Oder kann ich damit noch mehr falsch machen?

Hier mein Hijack This Log File
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:35:56, on 02.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\****\Desktop\Ablage\Programme\HijackThis2.0.4.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 196.10.11.101 brsys
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [KnexStarter] C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe
O4 - HKLM\..\Run: [RunTasktray] "C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe"   --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun  --valuename=InstallTTM
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "E:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Iralik] rundll32.exe "C:\WINDOWS\rasysc.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: NumPlus.lnk = C:\dicad\strauti\numplus.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: hxxp://*.hp.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=58813
O17 - HKLM\System\CCS\Services\Tcpip\..\{7757BCCA-6175-4D6E-A4A0-88FB3F6850E4}: NameServer = 196.10.11.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5497300-9469-4400-86BF-D9633BEC699F}: NameServer = 196.10.11.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA3E47F4-1D9C-414C-B65E-82DF77561B2F}: NameServer = 196.10.11.90
O18 - Protocol: HPDCS - {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - Protocol: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - Protocol: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe

--
End of file - 8570 bytes

--- --- ---
Vorab schon mal vielen Dank für eure Hilfe
Gruß Terminus

Larusso · 02.07.2010, 10:00

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

@echo off
cd \
md "%userprofile%\desktop\Upload"
copy "C:\WINDOWS\rasysc.dll" "%userprofile%\desktop\Upload\rasysc.dll.vir"
del /f "C:\WINDOWS\rasysc.dll"
rd /s /q C:\cleansweep.exe
reg delete /f "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v cleansweep.exe
reg delete /f "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Iralik
shutdown -i -r -t 2
del%0

Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklich auf die file.bat. Der Rechner wird danach neu starten
Vista- User: Mit Rechtsklick "als Administrator starten"

Note: Es sollte sich ein Ordner Upload am Desktop befinden. Diesen bitte nicht löschen

Schritt 3

Downloade OTS.exe und speichere es unbedingt auf Deinem Desktop. Doppelklick auf die OTS.exe
Wenn Dein Anti-Viren-Programm bei OTS Meldung macht, erlaube es.

Mache einen Haken bei "Scan All Users und Include MD5".

Kopiere folgenden Text in die

Box.

Code:

ATTFilter

NetSvcs
Drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Unter der Box klicke auf den Button.
Hake nun folgende Einträge an:
- Reg- Active Sub Paths
- App Paths
- Approved Shell Extensions
- Disabled MS Config Items
- File Lop Check
- File Purity Check
Mache währenddessen nichts anderes an dem Rechner.
Wenn der Scan durchgeführt ist (Scan complete!), öffnet sich der Editor mit dem Logfile.
Auch zu finden auf dem Desktop ( OTS.txt )
Schließe nun alle laufenden Programme sowie deinen Browser.
Klicke auf den links oben, um die Untersuchung zu starten

Hänge diese Log bitte hier an, die ist nicht gerade kurz.

Bitte poste in Deiner nächsten Antwort
OTS.txt

Terminus · 02.07.2010, 10:17

Hallo Daniel,

erstmal vielen Dank für deine Hilfe.
Schritt 1. habe ich ausgeführt.
Beim Neustart (Oberfläche, Benutzerkonten Auswahl) kam eine Meldung das eine Sytsemdatei wiederhergestellt werden musste. Welche stand dort nicht.

Zu Schritt 2.
Wenn ich die Datei (file.bat) anlege und Ausführe muss ich dann den Neustart im Normalen Modus hochfahren lassen? Oder geht das auch im Abgesicherten Modus?
Weil ich nur einwandfrei arbeiten kann wenn ich im Abgesicherten Modus bin?

Ander Frage, ist es ein Versuch wert einen Widerherstellungspunkt zu benutzen? Oder klappt dies eh nicht? Wenn ja, was geht dabei alles verloren?

Gruß Benni

Larusso · 02.07.2010, 10:35

zu 1. Keine Ahnung aber wenns keine FakeMeldung war werden wir noch dahinter kommen.

zu 2.
Nach der Batch solltes du im Normalmodus wieder arbeiten können. Es sei denn Du hast noch andere Probleme als Malware.

Systemwiederherstellung kann, muss aber nicht klappen. Vieles kopiert sich da als erstes rein.

Terminus · 02.07.2010, 10:43

Wenn ich nun die Datei Doppelt anklicke öffnet sich ein DOS Fenster wo drinne steht:

"Das System kann die angegebene Datei nicht finden.
C:\WINDOWS\rasysc.dll konnte nicht gefunden werden.
Das System kann die angegebene Datei nicht finden.

Fehler: Ungültiger Schlüsselname

Fehler: Ungültiger Schlüsselname"

Zusätzlich erscheint ein POPUP mit der Überschrift "Remote Computer herunterfahren"
Was ich entweder bestätigen oder Abbrechen kann.

Was soll ich tun?

Larusso · 02.07.2010, 11:07

Sorry mein Fehler

Code:

ATTFilter

@echo off
cd \
attrib -s -h -r C:\WINDOWS\rasysc.dll
del /f "C:\WINDOWS\rasysc.dll"
rd /s /q C:\cleansweep.exe
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v cleansweep.exe /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v Iralik /f
shutdown -i -r -t 2
del%0

Ja der neustart muss bestätigt werden

Terminus · 02.07.2010, 11:22

Oder auch mein Fehler.

Als ich die Datei zum ersten mal ausgeführt habe, kam dieses Popup und ich hab auf Abbrechen geklickt.
Der Upload Ordner wurde erfolgreich mit der Datei rasysc.dll.vir erstellt.
Wenn ich nun die Datei im zu löschenden Ordner suche C:\Windows\rsysc.dll dann ist diese nicht da.
Wurde sie also schon gelöscht?

Auch mit der geänderten File.bat Datei kann ich den Neustart nicht durchführen lassen. Kann ich auch einen Neustart mauel machen (über Start-> Neustart).
Oder muss das zwingend mir der File.bat Datei geschehen?

Larusso · 02.07.2010, 11:24

Kannst Du einfach mal das machen was ich hier schreibe ?
SOnst hängen wir 2020 noch daran

Starte den Rechner neu und fahre mit Schritt 3 fort

Terminus · 02.07.2010, 12:24

Hier der Log von OTS

Code:

ATTFilter

OTS logfile created on: 02.07.2010 13:07:06 - Run 1
OTS by OldTimer - Version 3.1.31.2     Folder = C:\Dokumente und Einstellungen\MeyWo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 562,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,53 Gb Total Space | 8,88 Gb Free Space | 30,09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 203,35 Gb Total Space | 140,54 Gb Free Space | 69,11% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 253,34 Gb Total Space | 130,34 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
Drive P: | 253,34 Gb Total Space | 130,34 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
Drive Q: | 253,34 Gb Total Space | 130,34 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
Drive S: | 253,34 Gb Total Space | 130,34 Gb Free Space | 51,45% Space Free | Partition Type: NTFS
 
Computer Name: BROWATZK-D07002
Current User Name: MeyWo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M | MD5 = 7435934B1FB04E0839ECB930A6A18CC6] (OldTimer Tools)
avguard.exe -> C:\Programme\Avira\AntiVir Desktop\avguard.exe -> [2010.04.21 07:52:58 | 000,267,432 | ---- | M | MD5 = BBC02905032D453C0E18D5110F841902] (Avira GmbH)
avgnt.exe -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe -> [2010.03.02 10:28:23 | 000,282,792 | ---- | M | MD5 = 473B422FDA858E1C1164874E0A5B1116] (Avira GmbH)
sched.exe -> C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2010.02.24 09:28:01 | 000,135,336 | ---- | M | MD5 = 9828FFE47FBEB08B509A7717E4F77CC7] (Avira GmbH)
avshadow.exe -> C:\Programme\Avira\AntiVir Desktop\avshadow.exe -> [2010.01.14 21:10:53 | 000,076,968 | ---- | M | MD5 = 976B5890E0F1A7CB35BCC55AA8D04A9B] (Avira GmbH)
jucheck.exe -> C:\Programme\Java\jre6\bin\jucheck.exe -> [2008.12.03 09:33:44 | 000,382,384 | ---- | M | MD5 = BE7727FB169FF304FB861F38EBB7F388] (Sun Microsystems, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation)
hpdevicehost.exe -> C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceHost.exe -> [2007.12.20 20:18:40 | 000,102,400 | ---- | M | MD5 = 499A057C76EC3E5C9AD2EDD512DB22A5] (Hewlett-Packard Company)
hpdeviceservice.exe -> C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe -> [2007.12.20 20:18:40 | 000,073,728 | ---- | M | MD5 = F940E7D2CBA030B79E650BDAC51BD162] (Hewlett-Packard Company)
hpprun.exe -> C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe -> [2007.12.20 19:56:42 | 000,069,120 | ---- | M | MD5 = 12DDF2D8F4B988A11E4450B87964B33F] (Hewlett-Packard Company)
javaw.exe -> C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe -> [2007.10.30 12:00:39 | 000,020,572 | ---- | M | MD5 = B7614F58B6D2AE8EFADE3A6E0916E49D] ()
daemon.exe -> E:\DAEMON Tools\daemon.exe -> [2007.04.04 00:29:15 | 000,165,784 | ---- | M | MD5 = 41EF114A880A09073DAAB645C38C5E4A] (DT Soft Ltd.)
codemeter.exe -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M | MD5 = DB5A6D761701A9E8E2DAEF96E4C77460] (WIBU-SYSTEMS AG)
tcpsvcs.exe -> C:\WINDOWS\system32\tcpsvcs.exe -> [2006.02.28 14:00:00 | 000,019,456 | ---- | M | MD5 = 7A1A532F14FDE28489DC349C6E404A67] (Microsoft Corporation)
status~1.exe -> C:\Programme\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe -> [2005.03.24 22:56:50 | 000,151,552 | ---- | M | MD5 = 921EDC8F0EE0F8E8EA5293F98F775173] (Hewlett-Packard)
mdm.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003.06.20 00:25:00 | 000,322,120 | ---- | M | MD5 = 11F714F85530A2BD134074DC30E99FCA] (Microsoft Corporation)
numplus.exe -> C:\dicad\strauti\numplus.exe -> [1999.12.23 19:09:48 | 000,020,480 | ---- | M | MD5 = 11AAA1EC297B7DD0B7FEDE3A5113F922] ()
 
[Modules - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M | MD5 = 7435934B1FB04E0839ECB930A6A18CC6] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008.04.14 04:21:06 | 000,110,592 | ---- | M | MD5 = 8354A33FC0CD75F34D310B7EE8CBD621] (Microsoft Corporation)
numlib32.dll -> C:\dicad\strauti\numlib32.dll -> [1999.12.23 19:09:48 | 000,015,872 | ---- | M | MD5 = 14C9124016998DEEDE62032E70B1CEB1] ()
 
[Win32 Services - Safe List]
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Programme\Avira\AntiVir Desktop\avguard.exe -> [2010.04.21 07:52:58 | 000,267,432 | ---- | M | MD5 = BBC02905032D453C0E18D5110F841902] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Planer [Auto | Running] -> C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2010.02.24 09:28:01 | 000,135,336 | ---- | M | MD5 = 9828FFE47FBEB08B509A7717E4F77CC7] (Avira GmbH)
(Hilti PROFIS AutoUpdate Service) Hilti PROFIS AutoUpdate Service [Disabled | Stopped] -> C:\Programme\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe -> [2009.04.24 22:34:46 | 000,176,640 | ---- | M | MD5 = D7A27CD9D8926536E1D75090BCA2C203] (Agito d.o.o.)
(Adobe LM Service) Adobe LM Service [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2007.05.08 11:16:37 | 000,069,632 | ---- | M | MD5 = 6D182C31ACF16213407F2768F1107FE3] (Adobe Systems)
(CodeMeter.exe) CodeMeter Runtime Server [Auto | Running] -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M | MD5 = DB5A6D761701A9E8E2DAEF96E4C77460] (WIBU-SYSTEMS AG)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -> [2006.06.05 14:59:18 | 000,174,080 | ---- | M | MD5 = 4C0A4FEFD62519552C0E5171F418C4BC] (Nokia.)
(LPDSVC) TCP/IP-Druckserver [Auto | Running] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2006.02.28 14:00:00 | 000,019,456 | ---- | M | MD5 = 7A1A532F14FDE28489DC349C6E404A67] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005.11.14 01:06:04 | 000,069,632 | ---- | M | MD5 = DAF66902F08796F9C694901660E5A64A] (Macrovision Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -> [2003.07.28 13:28:22 | 000,089,136 | ---- | M | MD5 = 7A56CF3E3F12E8AF599963B16F50FB6A] (Microsoft Corporation)
(MDM) Machine Debug Manager [Auto | Running] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003.06.20 00:25:00 | 000,322,120 | ---- | M | MD5 = 11F714F85530A2BD134074DC30E99FCA] (Microsoft Corporation)
 
[Driver Services - Safe List]
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2010.03.01 09:05:19 | 000,124,784 | ---- | M | MD5 = 524B9E78E396C00968C5629ED5BBFAB0] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010.02.16 13:24:01 | 000,060,936 | ---- | M | MD5 = A88D29D928AD2B830E87B53E3F9BC182] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Programme\Avira\AntiVir Desktop\avgio.sys -> [2009.05.11 11:49:19 | 000,011,608 | ---- | M | MD5 = 0B497C79824F8E1BF22FA6AACD3DE3A0] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009.05.11 09:12:49 | 000,028,520 | ---- | M | MD5 = A36EE93698802CD899F98BFD553D8185] (Avira GmbH)
(HDAudBus) Microsoft UAA-Bustreiber für High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008.04.13 18:36:05 | 000,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\WibuKey.sys -> [2007.11.02 16:18:11 | 000,072,704 | ---- | M | MD5 = AFCEA7939925378F867DDE6AF76F3924] (WIBU-SYSTEMS AG)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2007.10.29 13:06:17 | 000,682,232 | ---- | M | Unable to obtain MD5] ()
(nmwcdsa) Samsung USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsa.sys -> [2007.05.02 16:32:34 | 000,135,680 | ---- | M | MD5 = A579A2CC4768B4B3F7E4F86808EA8206] (Nokia)
(nmwcdsacm) Samsung USB Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsacm.sys -> [2007.05.02 16:31:54 | 000,012,288 | ---- | M | MD5 = 23CA32DEC0F1E68448C9C3C1F2E1DEEE] (Nokia)
(nmwcdsacj) Samsung USB Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsacj.sys -> [2007.05.02 16:31:54 | 000,012,288 | ---- | M | MD5 = 23CA32DEC0F1E68448C9C3C1F2E1DEEE] (Nokia)
(nmwcdsac) Samsung USB Generic [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsac.sys -> [2007.05.02 16:31:54 | 000,008,320 | ---- | M | MD5 = 0A6436274D5CDB33B6AC2FC304037D82] (Nokia)
(Hardlock) Hardlock [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\hardlock.sys -> [2006.11.22 11:01:48 | 000,693,760 | ---- | M | MD5 = D95554949082FD29A04D351B58396718] (Aladdin Knowledge Systems Ltd.)
(aksusb) Aladdin USB Key [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aksusb.sys -> [2006.11.22 11:01:48 | 000,100,096 | ---- | M | MD5 = D2B95315CC47F9230006FDBCBA394D8D] (Aladdin Knowledge Systems Ltd.)
(akshasp) Aladdin HASP Key [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\akshasp.sys -> [2006.11.22 11:01:46 | 000,327,168 | ---- | M | MD5 = 3F9F42085AB5B6A55498A539C54575AB] (Aladdin Knowledge Systems Ltd.)
(AtcL001) NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\atl01_2k.sys -> [2006.07.19 03:50:36 | 000,033,408 | R--- | M | MD5 = 94AF6B322A9933FF79C4D7EB371171D8] (Attansic Technology corporation.)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2005.10.05 11:21:10 | 000,141,312 | R--- | M | MD5 = D392183CC5379E302E50CEBA635248EB] (Analog Devices, Inc.)
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2005.08.11 07:49:28 | 000,393,088 | R--- | M | MD5 = ECA77BEEB2BE8D573CF1B265E44FBFBD] (Sensaura)
(HPPLSBULK) HPPLSBULK [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hpplsbulk.sys -> [2005.02.02 17:29:28 | 000,009,344 | ---- | M | MD5 = 32FE92018E28DF54BF94D41FC7FF92AC] (Hewlett Packard)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Hdaudio.sys -> [2004.10.27 16:21:30 | 000,145,920 | ---- | M | MD5 = F58D2900C66A1E773E3375098E0E9337] (Windows (R) Server 2003 DDK provider)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ASACPI.sys -> [2004.08.13 04:56:20 | 000,005,810 | R--- | M | MD5 = D48659BB24C48345D926ECB45C1EBDF5] ()
(rtl8139) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2001.08.23 23:03:54 | 000,025,434 | R--- | M | MD5 = 8BE348F9AEEB4DA0005B7F500F46F6AD] (Realtek Semiconductor Corporation                                                )
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> -> 
HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\: Main\\"Start Page" -> hxxp://www.google.de/ -> 
HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\: "ProxyOverride" -> <local> -> 
< FireFox Settings [Prefs.js] > -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\FireFox\Profiles\vasjinxv.default\prefs.js -> 
browser.startup.homepage -> "hxxp://www.google.de/" ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components -> C:\Programme\Mozilla Firefox\components [C:\PROGRAMME\MOZILLA FIREFOX\COMPONENTS] -> [2010.04.06 12:55:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins -> C:\Programme\Mozilla Firefox\plugins [C:\PROGRAMME\MOZILLA FIREFOX\PLUGINS] -> [2010.04.06 12:55:11 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Extensions -> [2008.09.05 13:57:04 | 000,000,000 | ---D | M]
  -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions -> [2010.07.02 08:40:33 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009.09.04 12:53:08 | 000,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008.09.05 13:57:24 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Programme\Mozilla Firefox\extensions -> [2010.07.02 08:40:33 | 000,000,000 | ---D | M]
< HOSTS File > ([2010.07.01 12:55:03 | 000,411,503 | R--- | M | MD5 = C7299211BFF6193C501DCB5D687023C4] - 14265 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
196.10.11.101 brsys
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006.12.18 04:16:41 | 000,059,032 | ---- | M | MD5 = 4EA3A6CD9D20584FFAFDB1E47DBF0E20] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Programme\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009.01.26 15:31:02 | 001,879,896 | ---- | M | MD5 = 022C2F6DCCDFA0AD73024D254E62AFAC] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Programme\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008.12.03 09:33:45 | 000,320,920 | ---- | M | MD5 = DC090E320775F1B1FE896F6E1D393D7F] (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avgnt" -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe ["C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010.03.02 10:28:23 | 000,282,792 | ---- | M | MD5 = 473B422FDA858E1C1164874E0A5B1116] (Avira GmbH)
"High Definition Audio Property Page Shortcut" -> C:\WINDOWS\System32\HdAShCut.exe [HDAShCut.exe] -> [2004.10.27 16:21:30 | 000,061,952 | ---- | M | MD5 = 21C8A24455FDAFC9D6D8BCD38D62B10B] (Windows (R) Server 2003 DDK provider)
"KnexStarter" -> C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe [C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe] -> [2007.12.20 20:18:40 | 000,073,728 | ---- | M | MD5 = F940E7D2CBA030B79E650BDAC51BD162] (Hewlett-Packard Company)
"RunTasktray" ->  ["C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe"   --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun  --valuename=InstallTTM] -> File not found
"TomcatStartup 2.5" -> C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe] -> [2004.11.12 18:57:58 | 000,245,760 | ---- | M | MD5 = A20132699F02B7916439B749BD429D96] (Hewlett-Packard)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"PcSync" -> C:\Programme\Samsung\Samsung PC Studio 7\PcSync2.exe [C:\Programme\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog] -> [2006.06.27 17:22:08 | 001,449,984 | ---- | M | MD5 = 153FDCDAE6F0A979ECBD8D340976C764] (Time Information Services Ltd.)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"PcSync" -> C:\Programme\Samsung\Samsung PC Studio 7\PcSync2.exe [C:\Programme\Samsung\Samsung PC Studio 7\PcSync2.exe /NoDialog] -> [2006.06.27 17:22:08 | 001,449,984 | ---- | M | MD5 = 153FDCDAE6F0A979ECBD8D340976C764] (Time Information Services Ltd.)
< Run [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"DAEMON Tools" -> E:\DAEMON Tools\daemon.exe ["E:\DAEMON Tools\daemon.exe" -lang 1033] -> [2007.04.04 00:29:15 | 000,165,784 | ---- | M | MD5 = 41EF114A880A09073DAAB645C38C5E4A] (DT Soft Ltd.)
< Administrator Startup Folder > -> C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart -> 
< All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> 
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe -> [2008.05.13 12:08:25 | 000,025,214 | R--- | M | MD5 = D6294D59171AC375CD142003566AA89E] ()
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk -> C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2006.10.23 02:48:20 | 000,040,048 | ---- | M | MD5 = 54C88BFBD055621E2306534F445C0C8D] (Adobe Systems Incorporated)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe -> [2004.11.04 20:50:52 | 000,053,248 | ---- | M | MD5 = 8C53463A3E28454D74F48BF87A9CF7BA] (Hewlett-Packard Co.)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NumPlus.lnk -> C:\dicad\strauti\numplus.exe -> [1999.12.23 19:09:48 | 000,020,480 | ---- | M | MD5 = 11AAA1EC297B7DD0B7FEDE3A5113F922] ()
< Default User Startup Folder > -> C:\Dokumente und Einstellungen\Default User\Startmenü\Programme\Autostart -> 
< MeyWo Startup Folder > -> C:\Dokumente und Einstellungen\MeyWo\Startmenü\Programme\Autostart -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Ausgewählte Verknüpfungen in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
Auswahl in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
Auswahl in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
In Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
In vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
Verknüpfungsziel in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
Verknüpfungsziel in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M | MD5 = 00AA6DF95E24DE4C616127EE739897F4] (Adobe Systems Incorporated)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Programme\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009.01.26 15:31:02 | 001,879,896 | ---- | M | MD5 = 022C2F6DCCDFA0AD73024D254E62AFAC] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> hxxp://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7317 domain(s) found. -> 
hp.com .[http] -> Trusted sites -> 
hp.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7314 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7314 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7314 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> hxxp://go.microsoft.com/fwlink/?linkid=58813 [Office Genuine Advantage Validation Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> hxxp://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7757BCCA-6175-4D6E-A4A0-88FB3F6850E4}\\NameServer -> 196.10.11.90   (Attansic L1 Gigabit Ethernet 10/100/1000Base-T Adapter) -> 
{B5497300-9469-4400-86BF-D9633BEC699F}\\NameServer -> 196.10.11.90   (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) -> 
{EA3E47F4-1D9C-414C-B65E-82DF77561B2F}\\NameServer -> 196.10.11.90   (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2006.03.23 06:12:42 | 000,139,264 | R--- | M | MD5 = A58241451A149929A679C82FA934EF81] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server] -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M | MD5 = DB5A6D761701A9E8E2DAEF96E4C77460] (WIBU-SYSTEMS AG)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" -> C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe [C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun] -> [2007.12.20 19:56:42 | 000,069,120 | ---- | M | MD5 = 12DDF2D8F4B988A11E4450B87964B33F] (Hewlett-Packard Company)
"D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" -> D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe [D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server] -> File not found
"D:\httpd\httpd-x86-windows\apache.exe" -> D:\httpd\httpd-x86-windows\apache.exe [D:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server] -> File not found
"D:\perl\win32\wperl.exe" -> D:\perl\win32\wperl.exe [D:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server] -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M | MD5 = DB5A6D761701A9E8E2DAEF96E4C77460] (WIBU-SYSTEMS AG)
"C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe" -> C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe [C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate] -> [2008.07.01 17:02:08 | 000,587,648 | ---- | M | MD5 = D134E928214D175FC71161A55641D9DD] (PixelPlanet GmbH)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" -> C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe [C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun] -> [2007.12.20 19:56:42 | 000,069,120 | ---- | M | MD5 = 12DDF2D8F4B988A11E4450B87964B33F] (Hewlett-Packard Company)
"C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" -> C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe [C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw] -> [2007.10.30 12:00:39 | 000,020,572 | ---- | M | MD5 = B7614F58B6D2AE8EFADE3A6E0916E49D] ()
"D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" -> D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe [D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server] -> File not found
"D:\httpd\httpd-x86-windows\apache.exe" -> D:\httpd\httpd-x86-windows\apache.exe [D:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server] -> File not found
"D:\perl\win32\wperl.exe" -> D:\perl\win32\wperl.exe [D:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM-Laufwerktreiber -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007.03.19 18:28:06 | 000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\H
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell
\H\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun
\H\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
\H\Shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
\{69f6a274-1881-11de-99ab-0018f3a45a5d}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69f6a274-1881-11de-99ab-0018f3a45a5d}\Shell\AutoRun\command
\{69f6a274-1881-11de-99ab-0018f3a45a5d}\Shell\AutoRun\command\\"" -> H:\Autorun.exe [H:\Autorun.exe] -> File not found
\{a2506d92-3bc0-11df-9ac4-00e043050c66}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell
\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\AutoRun
\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Programme\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2008.09.26 05:43:22 | 000,262,144 | ---- | M | MD5 = DD6A8D776CAE0D1819871F736C676AB0] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00  [binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] ->  [ComponentID: NetShow; IsInstalled: 1] -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] ->  [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> 
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2A3320D6-C805-4280-B423-B665BDE33D8F} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Security Update (KB979906); IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> 
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{411EDCF7-755D-414E-A74B-3DCD6583F589} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460); IsInstalled: 1] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Erweitertes Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00  [binary data]] -> 
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> File not found
{5056b317-8d4c-43ee-8543-b9d1e234b8f4} [HKLM] -> Reg Error: Key error. [(default): Sicherheitsupdate für Windows XP (KB923789); IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> 
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> 
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] ->  [(default): Webordner; IsInstalled: 1] -> 
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Adressbuch 6; IsInstalled: 1] -> 
{83785B38-C9CA-B96F-6847-90A93D030FC7} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 1] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> 
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{B508B3F1-A24A-32C0-B310-85786919EF28} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Taskplaner; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx [(default): Shockwave Flash; IsInstalled: 01 00 00 00  [binary data]] -> [2006.07.27 20:02:42 | 000,857,720 | R--- | M | MD5 = B729BA1592ACACB47F2B06DD3D5753FA] (Macromedia, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E78BFA60-5393-4C38-82AB-E8019E464EB4} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00  [binary data]] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für Internet Explorer; IsInstalled: 1] -> 
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> 
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [(default): Internet Explorer; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browseranpassungen; IsInstalled: 1] -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] -> 
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\] > -> HKEY_USERS\S-1-5-21-1482476501-1965331169-839522115-1005\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
7zFM.exe -> C:\Programme\7-Zip\7zFM.exe [C:\Programme\7-Zip\7zFM.exe] -> [2009.02.03 09:10:08 | 000,388,096 | ---- | M | MD5 = 00501883BC325205DF90E72263743361] (Igor Pavlov)
Acrobat.exe -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe] -> [2006.05.16 22:12:59 | 000,075,376 | ---- | M | MD5 = 718BAC6B592E930B2715D9C87225BB19] (Adobe Systems Incorporated)
AcrobatInfo.exe -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe [C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe] -> [2006.05.16 20:46:23 | 000,032,256 | ---- | M | MD5 = CCF20F0E6EDECB1BA5A297C110BA33C2] (Adobe Systems Incorporated)
AcroDist.exe -> C:\Programme\Adobe\Acrobat 7.0\Distillr\acrodist.exe [C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe] -> [2008.04.23 02:08:50 | 000,196,608 | ---- | M | MD5 = 9CCEA173C8B055F89473A4844C7834A6] (Adobe Systems Incorporated.)
AcroRd32.exe -> C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> [2006.10.23 02:48:38 | 000,345,712 | ---- | M | MD5 = 1A5B4B58DBB626776920260704FD0116] (Adobe Systems Incorporated)
BackItUp.exe -> C:\Programme\Nero\Nero 7\Nero BackItUp\BackItUp.exe [C:\Programme\Nero\Nero 7\Nero BackItUp\BackItUp.exe] -> [2006.07.25 22:39:16 | 014,090,240 | ---- | M | MD5 = 5556C73B871405A96719BF3B6E554129] (Nero AG)
bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2006.02.28 14:00:00 | 000,042,577 | ---- | M | MD5 = 201CA5901895B439557C945A73F213FD] (Microsoft Corporation)
bole.exe -> C:\Programme\Schoeck\BOLE\Bole.exe [C:\Programme\Schoeck\BOLE\Bole.exe] -> File not found
chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2006.02.28 14:00:00 | 000,042,575 | ---- | M | MD5 = 5CB19E77D8D7EDE3F803B52D3C8CDE16] (Microsoft Corporation)
cmmgr32.exe -> C:\WINDOWS\System32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found
CONF.EXE -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 04:22:39 | 001,040,384 | ---- | M | MD5 = D52FA0554CC9A767299710BBE7454A35] (Microsoft Corporation)
dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2008.04.14 04:22:42 | 000,545,280 | ---- | M | MD5 = 32540B63C37A6592E0FEB8AE598154A7] (Microsoft Corporation)
firefox.exe -> C:\Programme\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe] -> [2010.04.06 12:55:06 | 000,307,672 | ---- | M | MD5 = B80B49333FF247705691FE2C12DFD139] (Mozilla Corporation)
FLEXPLORER.EXE -> e:\Statikprogramme\Schoeck\FLExplorer.exe [e:\statikprogramme\schoeck\FLEXPLORER.EXE] -> [2009.04.27 10:51:54 | 000,020,480 | ---- | M | MD5 = DA298C0BE798CDC720CD2D301C21A11C] ()
FormDesigner.exe -> C:\Programme\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe [C:\Programme\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe] -> [2004.11.26 09:40:14 | 009,392,128 | R--- | M | MD5 = 8CBF0CE8425B60D94F20C8AF9C77A588] (Adobe Systems Incorporated)
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14 04:22:47 | 000,769,024 | ---- | M | MD5 = B63C804F5777FB0694D083F321ED6071] (Microsoft Corporation)
HijackThis.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Ablage\Programme\HijackThis.exe [C:\Dokumente und Einstellungen\MeyWo\Desktop\Ablage\Programme\hijackthis.exe] -> [2009.07.06 12:33:17 | 000,396,288 | ---- | M | MD5 = C4CA7416A6DF6D95075F81D9E3B41AD1] (Trend Micro Inc.)
hppgfax.exe -> C:\Programme\HP\Digital Imaging\bin\hppgfax.exe [C:\Programme\HP\Digital Imaging\bin\hppgfax.exe] -> [2005.04.07 17:41:16 | 000,188,416 | ---- | M | MD5 = AC39E98EADEE44D716E4DF0FF7D42B43] (Hewlett-Packard Co.)
hppscan2.exe -> C:\Programme\HP\Digital Imaging\bin\hppscan2.exe [C:\Programme\HP\Digital Imaging\bin\hppscan2.exe] -> [2004.11.01 16:13:24 | 000,192,512 | ---- | M | MD5 = C46DDCE67219699942D1247CE250ADE7] (Hewlett-Packard Co.)
HpqApkil.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe [C:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe] -> [2004.10.08 10:43:10 | 000,022,528 | ---- | M | MD5 = B8F696374587044E27D8A13ABCA0AD9D] ()
HpqPhUnl.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe] -> [2004.10.08 10:42:04 | 000,413,696 | ---- | M | MD5 = 6FB92B561A0541EFCE799EDD8D1F9B69] ()
HpqPSmon.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe] -> [2004.10.08 10:43:12 | 000,065,536 | ---- | M | MD5 = 50EB5BBF9B1DA769982151C86AF8C259] ()
hpqthb08.exe -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe] -> [2004.11.04 20:50:52 | 000,053,248 | ---- | M | MD5 = 8C53463A3E28454D74F48BF87A9CF7BA] (Hewlett-Packard Co.)
HpqUnSet.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe [C:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe] -> [2004.10.08 10:42:04 | 000,053,248 | ---- | M | MD5 = A259AAD75AFB1E4F565067048CD215EE] (TODO: <Company name>)
hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2006.02.28 14:00:00 | 000,042,573 | ---- | M | MD5 = 3889F32864A1BCB40B52BAB8DAE7CD79] (Microsoft Corporation)
hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2006.02.28 14:00:00 | 000,028,160 | ---- | M | MD5 = 8430D122A2889AEF9F2783B70A1312F0] (Hilgraeve, Inc.)
ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008.04.14 04:22:48 | 000,218,624 | ---- | M | MD5 = 2E7A34FE32391BE7E355CF2112CBFDA2] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008.04.14 04:22:48 | 000,086,016 | ---- | M | MD5 = BF8908D9736640CD2B568C360AABAAAD] (Microsoft Corporation)
ImageDrive.exe -> C:\Programme\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe [C:\Programme\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe] -> [2006.01.14 07:26:10 | 000,471,040 | ---- | M | MD5 = F6ED7CFE2E1DBED8AA01B714891B9309] (Nero AG)
INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008.04.14 04:22:49 | 000,020,480 | ---- | M | MD5 = B0C09CCBD188660FBEC6780638F7D430] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2006.02.28 14:00:00 | 000,016,384 | ---- | M | MD5 = F692F7AAA0A5C08D7C86E9EB799D4FE8] (Microsoft Corporation)
javaws.exe -> C:\Programme\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2008.12.03 09:33:42 | 000,148,888 | ---- | M | MD5 = 7DC42D02F61115DFB8A35DB6D79F2B88] (Sun Microsystems, Inc.)
LUALL.EXE -> C:\Programme\Symantec\LiveUpdate\LUALL.EXE [C:\Programme\Symantec\LiveUpdate\LUALL.EXE] -> [2004.03.25 18:00:26 | 001,561,712 | ---- | M | MD5 = E90E0680F844478D47BD3F7D1EC6A38E] (Symantec Corporation)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 04:22:51 | 000,252,416 | ---- | M | MD5 = A85632ECE7174A730217BEA3B18FAE76] (Microsoft Corporation)
moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2009.10.23 17:28:37 | 003,558,912 | ---- | M | MD5 = E002A7E05185BD7FC7646CD229311B22] (Microsoft Corporation)
mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14 04:22:53 | 000,004,639 | ---- | M | MD5 = 74454AD03540B9E8B9C39563A4F10FB7] (Microsoft Corporation)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe] -> [2008.04.14 04:22:53 | 000,172,544 | ---- | M | MD5 = 07224089294758E956FA1DBCBF51B801] (Microsoft Corporation)
msimn.exe -> C:\Programme\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 04:22:53 | 000,060,416 | ---- | M | MD5 = 426DC783E4E718B9F38A4C31436154FA] (Microsoft Corporation)
msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2006.02.28 14:00:00 | 000,040,448 | ---- | M | MD5 = 7A4FB4C5ABEB89628D69AEC1BFD68449] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
msoxmled.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE [C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE] -> [2003.07.14 23:45:12 | 000,055,360 | ---- | M | MD5 = 02A96B3890D0E10418FAA8D4AECC872A] (Microsoft Corporation)
mspview.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [C:\PROGRA~1\GEMEIN~1\MICROS~1\MODI\11.0\MSPVIEW.EXE] -> [2003.06.19 17:05:50 | 000,364,648 | ---- | M | MD5 = 7A38506BAD57D1C62CAF37883EBB82B2] (Microsoft Corporation)
NCoverEd.exe -> C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe [C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe] -> [2006.05.19 01:12:20 | 003,309,568 | ---- | M | MD5 = 4E17098F529B67B5B3E60603644FB1F9] (Nero AG)
Nero.exe -> C:\Programme\Nero\Nero 7\Core\nero.exe [C:\Programme\Nero\Nero 7\Core\Nero.exe] -> [2006.06.13 20:10:00 | 018,079,744 | ---- | M | MD5 = 8B048FB7C1276B91F3E755ECB3470906] (Nero AG)
NeroBurnRights.exe -> C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe [C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe] -> [2006.03.23 13:54:30 | 000,528,384 | ---- | M | MD5 = 6B39D09CF7EFD89CF926EE91815EBBC8] (Nero AG)
NeroHome.exe -> C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe [C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe] -> [2006.06.01 14:32:50 | 000,147,456 | ---- | M | MD5 = AF2B50009419C4A6254C841972AB19B2] (Nero AG)
NeroMediaHome.exe -> C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe [C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe] -> [2006.01.16 19:08:00 | 003,190,784 | ---- | M | MD5 = 32ADD2806ED9B3F198312B6EC6FBBB1D] (Nero AG)
NeroVision.exe -> C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe [C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe] -> [2006.06.14 16:20:26 | 000,496,128 | ---- | M | MD5 = CD29668FA58B7F99D7107B8150BE37AC] (Nero AG)
ois.exe -> C:\Programme\Microsoft Office\OFFICE11\OIS.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE] -> [2005.03.17 23:06:29 | 000,284,352 | ---- | M | MD5 = 0C0275D162CE70500FEA3D4896D59581] (Microsoft Corporation)
OUTLOOK.EXE -> C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE] -> [2006.11.23 21:56:04 | 000,196,368 | ---- | M | MD5 = 133584E0607A1C59C82BD23031597912] (Microsoft Corporation)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 | 000,346,624 | ---- | M | MD5 = 8B9D6800D0CAC42132CD1573A13CFE7B] (Microsoft Corporation)
PhotoSnapViewer.exe -> C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe [C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe] -> [2006.05.16 18:25:14 | 001,773,568 | ---- | M | MD5 = ABE27F54D27CC5587DA2AA6ABFCBFF2A] (Nero AG)
pinball.exe -> C:\Programme\Windows NT\Pinball\pinball.exe [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 04:22:57 | 000,282,624 | ---- | M | MD5 = 97738A3B0AC3CD5C52BB350CBEEC2F23] (Cinematronics)
plan.exe ->  [c:\dicad\strakon] -> File not found
Recode.exe -> C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe [C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe] -> [2006.06.09 18:13:22 | 011,018,240 | ---- | M | MD5 = 7BD2167EE0A65B4B6A06B019A47833EA] (Nero AG)
rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2006.02.28 14:00:00 | 000,042,574 | ---- | M | MD5 = 155494D43CEDCCF40760ACB148A303E3] (Microsoft Corporation)
schdpl32.exe -> C:\Programme\Microsoft Office\OFFICE11\1031\SCHDPL32.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\1031\SCHDPL32.EXE] -> [2003.04.11 18:33:54 | 000,191,336 | ---- | M | MD5 = 20A3C26085D063CB25ACD259558F1FF3] (Microsoft Corporation)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ShowTime.exe -> C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe] -> [2006.07.26 21:29:48 | 003,764,224 | ---- | M | MD5 = D0674B403D61DE27C3378581AB836D7E] (Nero AG)
shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2006.02.28 14:00:00 | 000,042,573 | ---- | M | MD5 = 0C06802AE1870C4143021803079FCC99] (Microsoft Corporation)
smax4.exe -> C:\Programme\Analog Devices\SoundMAX\SMax4.exe [C:\Programme\Analog Devices\SoundMAX\smax4.exe] -> [2005.09.07 16:35:36 | 000,716,800 | ---- | M | MD5 = F2C53B16FEFD00DC79A15871A5738573] (Analog Devices, Inc.)
smax4pnp.exe -> C:\Programme\Analog Devices\Core\smax4pnp.exe [C:\Programme\Analog Devices\Core\smax4pnp.exe] -> [2005.05.20 03:11:06 | 000,925,696 | R--- | M | MD5 = 115332A83AC2726FA974D30DB4BFD8DE] (Analog Devices, Inc.)
smax4wiz.exe -> C:\Programme\Analog Devices\SoundMAX\SMax4Wiz.exe [C:\Programme\Analog Devices\SoundMAX\smax4wiz.exe] -> [2005.07.26 10:29:08 | 000,815,104 | ---- | M | MD5 = 7486E232EE51F9F22108EBD7685DB6A4] (Analog Devices, Inc.)
SMaxCore -> C:\Programme\Analog Devices\Core [C:\Programme\Analog Devices\Core] -> [2007.03.19 18:55:20 | 000,000,000 | ---D | M]
smwdmif.dll -> C:\Programme\Analog Devices\Core\smwdmif.dll [C:\Programme\Analog Devices\Core\smwdmif.dll] -> [2005.10.05 11:28:14 | 000,290,816 | R--- | M | MD5 = 0AF32313F692E894F8E1B5B98956BA24] (Analog Devices, Inc.)
SoundMAX -> C:\Programme\Analog Devices\SoundMAX [C:\Programme\Analog Devices\SoundMAX] -> [2007.03.20 11:10:55 | 000,000,000 | ---D | M]
SoundTrax.exe -> C:\Programme\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe [C:\Programme\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe] -> [2006.05.19 01:39:44 | 001,953,792 | ---- | M | MD5 = B97E8B0DE4FECE31D5D71306FC3188D7] (Nero AG)
swe2.exe -> E:\Statikprogramme\IFBS-Sandwichelemente\swe2.exe [E:\Statikprogramme\IFBS-Sandwichelemente\swe2.exe] -> [2008.03.06 01:29:44 | 014,161,945 | ---- | M | MD5 = AE0D12D26622297BFBD123691784E749] ()
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008.04.14 04:23:04 | 000,046,080 | ---- | M | MD5 = 72AD946DD359A5E3C69B90205007230B] (Microsoft Corporation)
wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 04:23:04 | 000,030,208 | ---- | M | MD5 = 06526C5E456F78B90593CEC8D4C955E8] (Microsoft Corporation)
waveedit.exe -> C:\Programme\Nero\Nero 7\Nero WaveEditor\waveedit.exe [C:\Programme\Nero\Nero 7\Nero WaveEditor\waveedit.exe] -> [2006.05.19 01:22:34 | 000,135,168 | ---- | M | MD5 = 5548B09F2D98F93D7E6E4AA6579A526E] (Nero AG)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Winword.exe -> C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE] -> [2007.01.23 16:03:52 | 012,263,776 | ---- | M | MD5 = 792D71D5325745C93C67C5C1FDE520C2] (Microsoft Corporation)
winzip.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2001.12.29 09:10:00 | 002,109,508 | ---- | M | MD5 = 62B58F997DB06E3E0E6C44B4D3BC4976] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
winzip32.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2001.12.29 09:10:00 | 002,109,508 | ---- | M | MD5 = 62B58F997DB06E3E0E6C44B4D3BC4976] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
WMPBurn.exe -> C:\Programme\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe [C:\Programme\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe] -> [2006.05.05 14:08:02 | 001,331,200 | ---- | M | MD5 = C7E2FAC12B4766F707A0B31A3945A4E0] (Nero AG)
wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.10.24 20:04:50 | 000,064,000 | ---- | M | MD5 = 3F65D5D0A00427D19B2D1461580E2777] (Microsoft Corporation)
WORDPAD.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M | MD5 = A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation)
WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M | MD5 = A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation)
XPressUpdate.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
XPSViewer.exe -> C:\WINDOWS\System32\XPSViewer\XPSViewer.exe ["C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2008.07.29 21:26:06 | 000,301,568 | ---- | M | MD5 = D14A3D769A9B831D82021DBC1B7DB844] (Microsoft Corporation)
yourapp.Exe -> C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe [C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{00020000-0000-1011-8004-0000C06B5161}" [HKLM] -> C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll [WIBU-SYSTEMS Shell Extension] -> [2007.11.02 16:18:11 | 000,532,480 | ---- | M | MD5 = 3CFD2C31E947E884A2E4CD9E9B228B28] (WIBU-SYSTEMS AG)
"{00020D75-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> [2005.05.10 15:05:08 | 000,030,440 | ---- | M | MD5 = A4BCE7A844FCEB0D77D1A9417CCDF25A] (Microsoft Corporation)
"{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> [2003.07.14 23:46:12 | 000,234,048 | ---- | M | MD5 = CB250F5E7792B38FC4C025235428017C] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft Datenverknüpfung] -> [2008.04.14 04:22:23 | 000,487,424 | ---- | M | MD5 = 56330321BEF8767D8E952886EFD854E0] (Microsoft Corporation)
"{23170F69-40C1-278A-1000-000100020000}" [HKLM] -> C:\Programme\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [2009.02.03 09:09:46 | 000,069,632 | ---- | M | MD5 = 20B2C339361E82A6707533BAC481FCE4] (Igor Pavlov)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 04:22:32 | 000,032,768 | ---- | M | MD5 = 77CD31AAC4A19DC893E613893DB9AA91] (Microsoft Corporation)
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" [HKLM] -> C:\Programme\Samsung\Samsung PC Studio 7\PhoneBrowser.dll [PhoneBrowser] -> [2008.02.01 11:50:28 | 000,573,440 | ---- | M | MD5 = F474363B24C81BE5AC0876C9484E5DF6] ()
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> [2003.07.14 23:52:58 | 000,067,128 | ---- | M | MD5 = 165AE7A443F2139DD2C078AD87699F91] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] ->  [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> C:\Programme\Avira\AntiVir Desktop\shlext.dll [Shell Extension for Malware scanning] -> [2010.02.02 12:53:52 | 000,086,376 | ---- | M | MD5 = 902C61F27C86B4A0C0BFF31F154DDBEB] (Avira GmbH)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shellerweiterungen für die Dateikomprimierung] -> File not found
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> [2005.11.15 13:07:16 | 001,802,240 | ---- | M | MD5 = 2891B62B2A8181D827ADD753DCCDCE7F] (Nero AG)
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Kontextmenü für die Verschlüsselung] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> [2006.02.28 14:00:00 | 000,044,544 | ---- | M | MD5 = A0273EDC903D503BE8747A1DB6928879] (Hilgraeve, Inc.)
"{9480D0F0-DB1F-11cf-8C46-0020AFD20E96}" [HKLM] -> e:\Statikprogramme\RIB\win\rtshell\RtShell.dll [RIB RIBTEC Shell Extension] -> [2005.01.12 19:22:18 | 000,221,184 | ---- | M | MD5 = AE965E79CA85D169215A238C7611BA69] (RIB Software AG)
"{9480D0F1-DB1F-11cf-8C46-0020AFD20E96}" [HKLM] -> e:\Statikprogramme\RIB\win\rtshell\RtShell.dll [RIB RIBTEC Shell Extension] -> [2005.01.12 19:22:18 | 000,221,184 | ---- | M | MD5 = AE965E79CA85D169215A238C7611BA69] (RIB Software AG)
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Metadata Handler] -> [2006.10.26 20:13:04 | 000,932,688 | ---- | M | MD5 = CA27D8E333F8958C88909268C66D8701] (Microsoft Corporation)
"{B327765E-D724-4347-8B16-78AE18552FC3}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> [2005.11.15 13:07:16 | 001,802,240 | ---- | M | MD5 = 2891B62B2A8181D827ADD753DCCDCE7F] (Nero AG)
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2003.07.11 03:15:48 | 001,292,872 | ---- | M | MD5 = BDBF48D13C5343CCED93E675EFFDB72C] (Microsoft Corporation)
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Thumbnail Handler] -> [2006.10.26 20:13:04 | 000,932,688 | ---- | M | MD5 = CA27D8E333F8958C88909268C66D8701] (Microsoft Corporation)
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> [2006.01.12 20:49:01 | 000,581,632 | ---- | M | MD5 = F72F179A6A23C77988F31CEE8C5D2326] (Adobe Systems Inc.)
"{E0D79304-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M | MD5 = D9C66417CF34510008E07A0364103A5D] (WinZip Computing, Inc.)
"{E0D79305-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M | MD5 = D9C66417CF34510008E07A0364103A5D] (WinZip Computing, Inc.)
"{E0D79306-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M | MD5 = D9C66417CF34510008E07A0364103A5D] (WinZip Computing, Inc.)
"{E0D79307-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M | MD5 = D9C66417CF34510008E07A0364103A5D] (WinZip Computing, Inc.)
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" [HKLM] -> Reg Error: Key error. [IE User Assist] -> File not found
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"Adobe LM Service" -> -> 
"Hilti PROFIS AutoUpdate Service" -> -> 
"NBService" -> -> 
"WMPNetworkSvc" -> -> 
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Acrobat Assistant 7.0 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> [2008.04.23 02:08:13 | 000,483,328 | ---- | M | MD5 = B985665B63E92D8DF8859EAE21E7B52F] (Adobe Systems Inc.)
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe -> [2006.06.01 14:32:12 | 000,094,208 | ---- | M | MD5 = CD4A2A655E4DC0018E71640F210C9F1C] (Nero AG)
DataLayer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe -> [2007.02.22 17:04:44 | 000,851,968 | ---- | M | MD5 = A68D70FA0E4F3E1B250C879138D76027] (Nokia Mobile Phones Ltd.)
HPUsageTracking hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\HP\HP UT\bin\hppusg.exe -> [2005.02.07 12:10:12 | 000,036,864 | ---- | M | MD5 = 9B0AFBCC0E720DB39581A893F0FB9B91] ( )
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe -> [2006.01.12 17:40:44 | 000,155,648 | ---- | M | MD5 = C93AB037A8C792D5F8A1A9FC88A7C7C5] (Nero AG)
NWEReboot hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
PROFIS AutoUpdate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -> [2009.04.20 12:16:10 | 000,346,624 | ---- | M | MD5 = CCE4DF71413E91C33FCB2E4EDB77D4AC] (Agito d.o.o.)
S60TrayApplication hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Samsung\Samsung PC Studio 7\LaunchApplication.exe -> [2007.03.14 17:47:00 | 000,237,568 | ---- | M | MD5 = C6AFE402BB0A6BE9DCC6120628DFD10C] ()
SoundMAX hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Analog Devices\SoundMAX\Smax4.exe -> [2005.09.07 16:35:36 | 000,716,800 | ---- | M | MD5 = F2C53B16FEFD00DC79A15871A5738573] (Analog Devices, Inc.)
SoundMAXPnP hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Analog Devices\Core\smax4pnp.exe -> [2005.05.20 03:11:06 | 000,925,696 | R--- | M | MD5 = 115332A83AC2726FA974D30DB4BFD8DE] (Analog Devices, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:12 | 000,640,000 | ---- | C | MD5 = 7435934B1FB04E0839ECB930A6A18CC6] (OldTimer Tools)
 Upload -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Upload -> [2010.07.02 11:39:22 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Programme\Spybot - Search & Destroy -> [2010.07.01 12:04:41 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy -> [2010.07.01 12:04:41 | 000,000,000 | ---D | C]
 U3 -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\U3 -> [2010.06.18 06:56:17 | 000,000,000 | ---D | C]
 iedvtool.dll -> C:\WINDOWS\System32\dllcache\iedvtool.dll -> [2010.06.10 09:31:05 | 000,743,424 | ---- | C | MD5 = F41A9FD35F6A82EA44CFBE81EEC69506] (Microsoft Corporation)
 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M | MD5 = 7435934B1FB04E0839ECB930A6A18CC6] (OldTimer Tools)
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010.07.02 12:31:01 | 001,077,890 | ---- | M | MD5 = 9C657658C9D6C4F24DD661FC151CF6EA] ()
 perfh007.dat -> C:\WINDOWS\System32\perfh007.dat -> [2010.07.02 12:31:01 | 000,462,306 | ---- | M | MD5 = AE5B9B75F7A49C366F2C573CEFB2FFA9] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010.07.02 12:31:01 | 000,443,724 | ---- | M | MD5 = F3902C6A6A6B7AE2B54AA6E07CA0C3BD] ()
 perfc007.dat -> C:\WINDOWS\System32\perfc007.dat -> [2010.07.02 12:31:01 | 000,085,534 | ---- | M | MD5 = 575248E234C1BE46CCE33125F53DAD90] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010.07.02 12:31:01 | 000,071,982 | ---- | M | MD5 = 412103C4CB5D2F3B26C0A76E2E62003A] ()
 Adobe Acrobat - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> [2010.07.02 12:29:51 | 000,002,319 | ---- | M | MD5 = 27B15B134205BB780EE1C0A3BB309D25] ()
 NTUSER.DAT -> C:\Dokumente und Einstellungen\MeyWo\NTUSER.DAT -> [2010.07.02 12:29:45 | 015,990,784 | -H-- | M | Unable to obtain MD5] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010.07.02 12:29:41 | 000,013,646 | ---- | M | MD5 = B3F7645AB94C95EE6B432988FEF239BD] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010.07.02 12:29:27 | 000,000,006 | -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010.07.02 12:29:26 | 000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
 ntuser.ini -> C:\Dokumente und Einstellungen\MeyWo\ntuser.ini -> [2010.07.02 12:28:41 | 000,000,300 | -HS- | M | MD5 = B03511B6EF2D7BA6C325A868FA279840] ()
 file.bat -> C:\Dokumente und Einstellungen\MeyWo\Desktop\file.bat -> [2010.07.02 12:11:20 | 000,000,334 | ---- | M | MD5 = 766B7F1795338CB65EE9D82451BAD8D6] ()
 Fehler.JPG -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Fehler.JPG -> [2010.07.02 11:40:04 | 000,078,265 | ---- | M | MD5 = F6C4BA18CFF3270EDC06F09BCF6DFAC8] ()
 VPClient.ini -> C:\WINDOWS\VPClient.ini -> [2010.07.02 11:37:35 | 000,001,236 | ---- | M | MD5 = B32EE8E68ECB5E10FDADEDB0B5642180] ()
 IconCache.db -> C:\Dokumente und Einstellungen\MeyWo\Lokale Einstellungen\Anwendungsdaten\IconCache.db -> [2010.07.02 11:08:53 | 001,659,944 | -H-- | M | MD5 = FECBCB1135A49E05E764A482D66F06D0] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010.07.01 16:46:09 | 000,000,623 | ---- | M | MD5 = 9BEC2D8F9833CCD51E32DEF11921FA1F] ()
 system.ini -> C:\WINDOWS\system.ini -> [2010.07.01 16:46:09 | 000,000,227 | ---- | M | MD5 = C9DD76D0EF94637C77FF8CA5E0FB0684] ()
 boot.ini -> C:\boot.ini -> [2010.07.01 16:46:09 | 000,000,211 | -HS- | M | MD5 = FA579938B0733B87066546AFE951082C] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010.07.01 12:55:03 | 000,411,503 | R--- | M | MD5 = C7299211BFF6193C501DCB5D687023C4] ()
 hosts.20100701-125503.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100701-125503.backup -> [2010.07.01 12:54:43 | 000,411,503 | R--- | M | MD5 = C7299211BFF6193C501DCB5D687023C4] ()
 hosts.20100701-125443.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100701-125443.backup -> [2010.07.01 12:48:01 | 000,411,503 | R--- | M | MD5 = C7299211BFF6193C501DCB5D687023C4] ()
 hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2010.07.01 07:18:46 | 000,000,178 | ---- | M | MD5 = 344DAEAA938F4C21029D725BE3910D16] ()
 Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> C:\Dokumente und Einstellungen\MeyWo\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> [2010.06.23 07:59:26 | 000,138,775 | ---- | M | MD5 = 46FF7569347F5BB5DB37BCEB23EBF7BD] ()
 default.pls -> C:\Dokumente und Einstellungen\MeyWo\default.pls -> [2010.06.22 09:04:30 | 000,000,189 | ---- | M | MD5 = 6369202304DA3F3C1FF6F44518E95647] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010.06.22 09:04:27 | 000,000,116 | ---- | M | MD5 = 5866F5AC5FA90002CC1275789B715A60] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\MeyWo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.06.18 07:09:57 | 000,016,384 | ---- | M | MD5 = 1E9F1E2828C6E98CB3F39296ABF5681C] ()
 AKDeInstall.exe -> C:\WINDOWS\AKDeInstall.exe -> [2010.06.15 07:29:43 | 000,048,640 | ---- | M | MD5 = 08D348CD85655F795B950EF20746E945] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010.06.11 06:21:48 | 000,203,328 | ---- | M | MD5 = 824D19F4AADB067D9920D1588092D238] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010.06.10 18:46:56 | 000,001,374 | ---- | M | MD5 = 67B47D5855BE5C65768BA0A69F1EB03F] ()
 Pos3.dat -> C:\Pos3.dat -> [2010.06.09 14:27:40 | 000,057,063 | ---- | M | MD5 = EE2A7C9428B1C4990E9205D573BD9E36] ()
 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 121 C:\Dokumente und Einstellungen\MeyWo\Lokale Einstellungen\Temp\*.tmp files -> C:\Dokumente und Einstellungen\MeyWo\Lokale Einstellungen\Temp\*.tmp -> 
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
 file.bat -> C:\Dokumente und Einstellungen\MeyWo\Desktop\file.bat -> [2010.07.02 12:11:20 | 000,000,334 | ---- | C | MD5 = 766B7F1795338CB65EE9D82451BAD8D6] ()
 Fehler.JPG -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Fehler.JPG -> [2010.07.02 11:40:04 | 000,078,265 | ---- | C | MD5 = F6C4BA18CFF3270EDC06F09BCF6DFAC8] ()
 hldrv32.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\hldrv32.exe -> [2010.07.02 07:28:07 | 005,119,792 | ---- | C | MD5 = 22732E5A3E805F14A4C71C482D84D905] ()
 Adobe Acrobat - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> [2010.07.01 16:46:08 | 000,002,319 | ---- | C | MD5 = 27B15B134205BB780EE1C0A3BB309D25] ()
 Adobe Reader - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk -> [2010.07.01 16:46:08 | 000,001,726 | ---- | C | MD5 = A2D1B16D54905406C5F178627952E9DC] ()
 Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> C:\Dokumente und Einstellungen\MeyWo\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> [2010.06.23 07:59:26 | 000,138,775 | ---- | C | MD5 = 46FF7569347F5BB5DB37BCEB23EBF7BD] ()
 AKDeInstall.exe -> C:\WINDOWS\AKDeInstall.exe -> [2010.06.15 07:29:43 | 000,048,640 | ---- | C | MD5 = 08D348CD85655F795B950EF20746E945] ()
 Pos3.dat -> C:\Pos3.dat -> [2010.06.09 14:01:46 | 000,057,063 | ---- | C | MD5 = EE2A7C9428B1C4990E9205D573BD9E36] ()
 msacc20.ini -> C:\WINDOWS\msacc20.ini -> [2009.03.03 09:26:03 | 000,000,051 | ---- | C | MD5 = 9E52750E723DA725036FF99D544C0EBA] ()
 DVD_Start.INI -> C:\WINDOWS\DVD_Start.INI -> [2009.02.26 12:09:14 | 000,000,032 | ---- | C | MD5 = 5F62BDFAA60A94E076F5FFA85026F367] ()
 libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2008.07.22 09:11:23 | 000,690,040 | ---- | C | MD5 = 12218A4F3067827AE3747B0505D9F0FF] ()
 ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2008.07.22 09:11:23 | 000,161,656 | ---- | C | MD5 = 02AB8C647E0E9CE6CA9C8E6A86D3B2F2] ()
 Cobec4.INI -> C:\WINDOWS\Cobec4.INI -> [2008.07.16 09:02:37 | 000,000,382 | ---- | C | MD5 = 9160FD657894F574589756391C7B78C7] ()
 AddPort.ini -> C:\WINDOWS\System32\AddPort.ini -> [2008.02.13 13:24:22 | 000,000,128 | ---- | C | MD5 = 82E0EF152DCBBDD08847E0BDDAFCF906] ()
 hpntwksetup.ini -> C:\WINDOWS\hpntwksetup.ini -> [2008.02.13 13:23:03 | 000,000,841 | ---- | C | MD5 = 6035BF08AB7BA055D5A608FF3AEC7E32] ()
 hppatusg01.dll -> C:\WINDOWS\System32\hppatusg01.dll -> [2007.12.20 19:55:14 | 000,110,592 | ---- | C | MD5 = FC35ADE2512B3252F9312C6CC1F30370] ()
 jst.dll -> C:\WINDOWS\System32\jst.dll -> [2007.10.30 11:23:29 | 000,074,752 | ---- | C | MD5 = D4B955D7AEC636322E04F1C73735A0E0] ()
 compJNI.dll -> C:\WINDOWS\System32\compJNI.dll -> [2007.10.30 11:23:29 | 000,032,768 | ---- | C | MD5 = DBCC8CEA22B3D9EF5987D4BF707A0CA8] ()
 PMLJNI.dll -> C:\WINDOWS\System32\PMLJNI.dll -> [2007.10.30 11:23:28 | 000,102,400 | ---- | C | MD5 = 7DF95ECE5FD6426EAFDD8ABA7741AC88] ()
 MPDLL.DLL -> C:\WINDOWS\System32\MPDLL.DLL -> [2007.10.29 13:14:00 | 000,032,768 | ---- | C | MD5 = D225B465A59B315F326CCE5F900DEA4C] ()
 megapfad.ini -> C:\WINDOWS\megapfad.ini -> [2007.10.29 13:13:59 | 000,000,134 | ---- | C | MD5 = 48491D2B553A391B133B5F8FFDF258C7] ()
 sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2007.10.29 13:06:16 | 000,682,232 | ---- | C | Unable to obtain MD5] ()
 hpbvnstp.ini -> C:\WINDOWS\hpbvnstp.ini -> [2007.10.25 12:41:47 | 000,001,367 | ---- | C | MD5 = 205145E65570E488B4E18EF35873748B] ()
 HPP2800V.DLL -> C:\WINDOWS\System32\HPP2800V.DLL -> [2007.10.25 12:41:38 | 000,208,896 | ---- | C | MD5 = 787B5DBE69FBCF8211430694CFCA26EF] ()
 Arcel_DA.INI -> C:\WINDOWS\Arcel_DA.INI -> [2007.07.16 10:35:27 | 000,000,153 | ---- | C | MD5 = 76723BCBC0E2AA9306CFEB72D04F48E5] ()
 PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2007.05.07 09:20:58 | 000,000,151 | ---- | C | MD5 = EEBB0FA277FF042F70E581A2E4C494F9] ()
 _delis43.ini -> C:\WINDOWS\_delis43.ini -> [2007.04.18 11:48:56 | 000,000,252 | ---- | C | MD5 = BDEE6AB6A62A13B3604FBC8C2F727AEE] ()
 ETACoreGUI.INI -> C:\WINDOWS\ETACoreGUI.INI -> [2007.04.03 10:30:00 | 000,000,154 | ---- | C | MD5 = 5267594E70CB9F689C1169EB7F4D2649] ()
 BRESPA.INI -> C:\WINDOWS\BRESPA.INI -> [2007.03.29 12:20:52 | 000,004,647 | ---- | C | MD5 = C180701ABAEE34DB7405A6544FA25265] ()
 sysprs7.dll -> C:\WINDOWS\System32\sysprs7.dll -> [2007.03.28 17:05:50 | 000,001,025 | ---- | C | MD5 = 24D2B94CD3D28547284E10C381B4013A] ()
 lsprst7.dll -> C:\WINDOWS\System32\lsprst7.dll -> [2007.03.28 17:05:50 | 000,000,205 | ---- | C | MD5 = 52F80CB33048D5FF31F6A439B678558A] ()
 clauth2.dll -> C:\WINDOWS\System32\clauth2.dll -> [2007.03.28 17:05:33 | 000,001,024 | ---- | C | MD5 = 1CD1DEB1941E7E11BA09660688073DBF] ()
 clauth1.dll -> C:\WINDOWS\System32\clauth1.dll -> [2007.03.28 17:05:33 | 000,001,024 | ---- | C | MD5 = 1CD1DEB1941E7E11BA09660688073DBF] ()
 ssprs.dll -> C:\WINDOWS\System32\ssprs.dll -> [2007.03.28 17:05:33 | 000,000,073 | ---- | C | MD5 = 4AA1108231E158A00AFBDE5C719E54EE] ()
 serauth2.dll -> C:\WINDOWS\System32\serauth2.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 serauth1.dll -> C:\WINDOWS\System32\serauth1.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 nsprs.dll -> C:\WINDOWS\System32\nsprs.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 PeikDur.INI -> C:\WINDOWS\PeikDur.INI -> [2007.03.28 16:53:43 | 000,000,791 | ---- | C | MD5 = 4D47E174DC1EEB08ABF8C894B2DC474D] ()
 PeikCol.INI -> C:\WINDOWS\PeikCol.INI -> [2007.03.28 16:42:08 | 000,000,614 | ---- | C | MD5 = 93FEB6FE77B661CDDB0DFBFA381658A5] ()
 delta.ini -> C:\WINDOWS\delta.ini -> [2007.03.28 16:04:03 | 000,000,068 | ---- | C | MD5 = BA8F9CB5C0264FB77E3B4C27ADEA4075] ()
 afcc.INI -> C:\WINDOWS\afcc.INI -> [2007.03.28 15:58:47 | 000,000,058 | ---- | C | MD5 = 4A722191A149E92E783329201566DC3B] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007.03.28 15:50:59 | 000,000,116 | ---- | C | MD5 = 5866F5AC5FA90002CC1275789B715A60] ()
 hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2007.03.28 15:20:35 | 000,000,178 | ---- | C | MD5 = 344DAEAA938F4C21029D725BE3910D16] ()
 UNWISE.INI -> C:\WINDOWS\System32\UNWISE.INI -> [2007.03.28 13:59:24 | 000,006,836 | ---- | C | MD5 = 978BFCE70D03FD7F5F41BE5058E0510E] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007.03.19 19:29:32 | 000,000,400 | ---- | C | MD5 = 3501B357A20CDDA7BD0D01EAD7561ADC] ()
 Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2007.03.19 18:50:18 | 000,018,013 | ---- | C | MD5 = 529AE91910A08E1722C944E74FE94486] ()
 ASACPI.sys -> C:\WINDOWS\System32\drivers\ASACPI.sys -> [2007.03.19 18:50:15 | 000,005,810 | R--- | C | MD5 = D48659BB24C48345D926ECB45C1EBDF5] ()
 ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2007.03.19 18:50:08 | 000,005,824 | ---- | C | MD5 = DE91D0D73C3E61E6826D98FAC2FAC729] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007.03.05 14:34:28 | 000,676,224 | ---- | C | MD5 = B221B218126BC9409257F39837BAB90C] ()
 HPDevEnm.dll -> C:\WINDOWS\System32\HPDevEnm.dll -> [2007.02.26 13:12:26 | 000,126,976 | ---- | C | MD5 = 5EF49665B9F3D8812CDB4F68E6E8C981] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006.06.29 14:58:52 | 000,030,808 | ---- | C | MD5 = A6AFBC3436A20A7834D45CDE9D69926C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006.06.29 14:53:56 | 000,026,489 | ---- | C | MD5 = D6B2075824BA9FAA4B37D98B13447F32] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006.04.18 15:39:28 | 000,029,779 | ---- | C | MD5 = B77AB4697B17FBBB25E41A15CC31D94E] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006.04.18 15:39:28 | 000,026,040 | ---- | C | MD5 = B7F882C45E520600053327AA42FA3A4F] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003.02.20 18:53:42 | 000,005,702 | ---- | C | MD5 = A5FEE93459D8BEA549D3CCCCFCB1E732] ()
 hppcap.ini -> C:\WINDOWS\hppcap.ini -> [2001.10.24 13:49:32 | 000,000,032 | ---- | C | MD5 = 45755C28324BAE47B98369D2C737C71E] ()
 HPTCPMON.INI -> C:\WINDOWS\System32\HPTCPMON.INI -> [2001.07.07 05:00:00 | 000,003,254 | ---- | C | MD5 = 7A6147A12AF554BA8D44AF299006B3BB] ()
 PROTOCOL.INI -> C:\WINDOWS\PROTOCOL.INI -> [1999.03.30 10:09:20 | 000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
 VPWINE.INI -> C:\WINDOWS\VPWINE.INI -> [1999.03.30 10:09:14 | 000,009,180 | ---- | C | MD5 = 20106BAFBF1D4CD51C3AADB9DE65368B] ()
 VPClient.ini -> C:\WINDOWS\VPClient.ini -> [1999.03.30 10:09:14 | 000,001,236 | ---- | C | MD5 = B32EE8E68ECB5E10FDADEDB0B5642180] ()
 
[File - Lop Check]
 Agito -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Agito -> [2009.07.06 12:34:51 | 000,000,000 | ---D | M]
 Downloaded Installations -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations -> [2009.11.05 14:25:02 | 000,000,000 | ---D | M]
 Enfocus Prefs Folder -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Enfocus Prefs Folder -> [2009.04.17 08:27:50 | 000,000,000 | ---D | M]
 Megatech -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Megatech -> [2007.11.03 10:00:02 | 000,000,000 | ---D | M]
 MSScanAppDataDir -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir -> [2007.10.30 11:37:49 | 000,000,000 | ---D | M]
 PC Suite -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite -> [2009.11.05 14:25:49 | 000,000,000 | ---D | M]
 PixelPlanet -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet -> [2008.07.22 09:11:24 | 000,000,000 | ---D | M]
 RIB -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RIB -> [2007.11.08 19:19:09 | 000,000,000 | ---D | M]
 Agito -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Agito -> [2009.07.06 12:34:55 | 000,000,000 | ---D | M]
 Datalayer -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Datalayer -> [2009.11.05 14:26:33 | 000,000,000 | ---D | M]
 Enfocus Prefs Folder -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Enfocus Prefs Folder -> [2009.04.17 08:27:50 | 000,000,000 | ---D | M]
 IsolatedStorage -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\IsolatedStorage -> [2009.01.20 11:39:08 | 000,000,000 | ---D | M]
 PC Suite -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\PC Suite -> [2009.11.05 14:25:52 | 000,000,000 | ---D | M]
 Profis -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Profis -> [2009.11.23 14:22:31 | 000,000,000 | ---D | M]
 RIB -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\RIB -> [2008.01.07 11:04:22 | 000,000,000 | ---D | M]
 Samsung -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Samsung -> [2009.11.05 14:34:50 | 000,000,000 | ---D | M]
 Schoeck -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Schoeck -> [2009.09.10 12:26:42 | 000,000,000 | ---D | M]
 TeamViewer -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\TeamViewer -> [2010.03.05 21:53:16 | 000,000,000 | ---D | M]
 ZiWu-Soft -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\ZiWu-Soft -> [2008.07.22 09:16:19 | 000,000,000 | ---D | M]
 
[File - Purity Scan]
 
[Custom Scans]
< NetSvcs >
< Drivers32 >
< %SYSTEMDRIVE%\*.exe >
 jPodder-Setup.exe -> C:\jPodder-Setup.exe -> [2007.10.15 11:18:00 | 009,545,267 | ---- | M | MD5 = D7415A0A5DAC812A541D0066805E7BD1] ()
 wmp11-windowsxp-x86-DE-DE.exe -> C:\wmp11-windowsxp-x86-DE-DE.exe -> [2007.08.21 15:23:22 | 025,842,736 | ---- | M | MD5 = 0BD22D9090943CCF6D0EECA4E71C9331] (Microsoft Corporation)
< %systemroot%\*. /mp /s >
Restore point Set: OTS Restore Point (0)
< %systemroot%\system32\*.dll /lockedfiles >
 1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
< %systemroot%\system32\ws2help.dll /md5 >
 ws2help.dll : MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -> C:\WINDOWS\system32\ws2help.dll -> [2008.04.14 04:22:32 | 000,019,968 | ---- | M | MD5 = C7D8A0517CBF16B84F657DE87EBE9D4B] (Microsoft Corporation)
 1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ not found. -> -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-06-23 15:30:34 -> 
< End of report >

Klein Info am rande, mein Java hat sich automatisch in der Taskleiste gestartet und steht auf "Update verfügbar"!
Hab ich aber Ignoriert un nix mit gemacht.

Zitat:

Kannst Du einfach mal das machen was ich hier schreibe ?

Sorry will halt nix falsch machen. Oder etwas unüberlegtes.

Larusso · 02.07.2010, 12:34

Schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Schritt 2

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista User: Bitte mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.

Schritt 3

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Schritt 4

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Entferne rechts den Haken bei
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Hinweis: Sollte GMER Probleme machen versuch es bitte im abgesicherten Modus.

Bitte poste in Deiner nächsten Antwort
Defooger_disable.txt
MBAM Log
Gmer.txt
Berichte wie der Rechner läuft

Terminus · 02.07.2010, 13:56

Zu Schritt 1
TFC auusgeführt und einwandfrei neugestartet. Neustart dauerte sehr lange.

Zu Schritt 2
defogger Ausgeführt - Klick auf "Disabled" und neustart gemacht.
das beenden dauerte ebenfalls sehr lange.
Nun fährt der Rechner im Normalen Modus nicht mehr hoch! Das Windowslogo erscheint und wenn er in die Anmeldemaske wechselt passiert automatisch ein Neustart.
Ich komme nur in windows rein wenn ich über den Abgesicherten Modul starte.

Logfile

-----------------------------------------

defogger_disableby jpshortstuff (23.02.10.1)
log created at 14:27 on 02/07/2010 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

EAMON Tools ->Removed

Checking for service/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> rebootrequired)

-=E.O.F=-

------------------------------------

Zu Schritt 3
Noch nicht ausgeführt

Zu Schritt 4
Noch nicht ausgeführt

Hinwei:
Ich sitze an einem zweitrechner, der Hauptrechner ist immer noch OFFLINE.
Der Smily soll : D sein, wurde automatisch geändert.

Larusso · 02.07.2010, 14:05

Lass bitte mal Malwarebytes im abgesicherten Modus laufen

Terminus · 02.07.2010, 14:24

Hier der Log von Maleware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

02.07.2010 15:17:08
mbam-log-2010-07-02 (15-17-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 126732
Laufzeit: 6 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

# Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
# Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
# Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.

Konnte /musste ich nicht machen.

Neustart wurde noch nicht durchgeführt!
Warte auf weitere anweisungen.

Larusso · 02.07.2010, 14:27

Bleiben wir im abgesichter Modus. Lass bitte GMER wie in meiner ANleitung beschrieben laufen

Schritt 2b

Starte OTS.exe und klicke den QuickScan button. Poste mir auch diese Logfile

Terminus · 02.07.2010, 15:40

Logfilevon Gmer, dauerte ne halbe ewigkeit.

GMER Logfile:
GMER Logfile:
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-02 16:38:04
Windows 5.1.2600 Service Pack 3
Running: l91z2r0p.exe; Driver: C:\DOKUME~1\****\LOKALE~1\Temp\kwwdifoc.sys


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x9E 0x89 0xC0 0xF5 ...
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      E:\DAEMON Tools\
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x4B 0xAE 0x55 0x33 ...
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x75 0x6E 0x5D 0xE8 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x9E 0x89 0xC0 0xF5 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      E:\DAEMON Tools\
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x4B 0xAE 0x55 0x33 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x75 0x6E 0x5D 0xE8 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x9E 0x89 0xC0 0xF5 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                  E:\DAEMON Tools\
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0x4B 0xAE 0x55 0x33 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                         0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0x75 0x6E 0x5D 0xE8 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x9E 0x89 0xC0 0xF5 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      E:\DAEMON Tools\
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x4B 0xAE 0x55 0x33 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x75 0x6E 0x5D 0xE8 ...
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x9E 0x89 0xC0 0xF5 ...
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                      E:\DAEMON Tools\
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0x4B 0xAE 0x55 0x33 ...
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                             0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0x75 0x6E 0x5D 0xE8 ...
Reg  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zeus-logs.bom@*                     4
Reg  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zeus-logs.bom\www                   
Reg  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zeus-logs.bom\www@*                 4

---- EOF - GMER 1.0.15 ----

[/CODE]
--- --- ---

--- --- ---
--- --- ---

OTS Logfile nach erneutem Scan

Code:

ATTFilter

OTS logfile created on: 02.07.2010 17:00:10 - Run 2
OTS by OldTimer - Version 3.1.31.2     Folder = C:\Dokumente und Einstellungen\MeyWo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 691,00 Mb Available Physical Memory | 68,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,53 Gb Total Space | 9,64 Gb Free Space | 32,63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 203,35 Gb Total Space | 140,54 Gb Free Space | 69,11% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ****-D07002
Current User Name: MeyWo
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation)
winword.exe -> C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE -> [2007.01.23 16:03:52 | 012,263,776 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(AntiVirService) Avira AntiVir Guard [Auto | Stopped] -> C:\Programme\Avira\AntiVir Desktop\avguard.exe -> [2010.04.21 07:52:58 | 000,267,432 | ---- | M] (Avira GmbH)
(AntiVirSchedulerService) Avira AntiVir Planer [Auto | Stopped] -> C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH)
(Hilti PROFIS AutoUpdate Service) Hilti PROFIS AutoUpdate Service [Disabled | Stopped] -> C:\Programme\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe -> [2009.04.24 22:34:46 | 000,176,640 | ---- | M] (Agito d.o.o.)
(Adobe LM Service) Adobe LM Service [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2007.05.08 11:16:37 | 000,069,632 | ---- | M] (Adobe Systems)
(CodeMeter.exe) CodeMeter Runtime Server [Auto | Stopped] -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M] (WIBU-SYSTEMS AG)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe -> [2006.06.05 14:59:18 | 000,174,080 | ---- | M] (Nokia.)
(LPDSVC) TCP/IP-Druckserver [Auto | Stopped] -> C:\WINDOWS\system32\tcpsvcs.exe -> [2006.02.28 14:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -> [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation)
(MDM) Machine Debug Manager [Auto | Stopped] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(avipbb) avipbb [Kernel | System | Stopped] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH)
(avgntflt) avgntflt [File_System | Auto | Stopped] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Stopped] -> C:\Programme\Avira\AntiVir Desktop\avgio.sys -> [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH)
(ssmdrv) ssmdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH)
(AFD) AFD [Kernel | System | Stopped] -> C:\WINDOWS\System32\drivers\afd.sys -> [2008.08.14 12:04:36 | 000,138,496 | ---- | M] ()
(HDAudBus) Microsoft UAA-Bustreiber für High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\WibuKey.sys -> [2007.11.02 16:18:11 | 000,072,704 | ---- | M] (WIBU-SYSTEMS AG)
(sptd) sptd [Kernel | Disabled | Stopped] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2007.10.29 13:06:17 | 000,682,232 | ---- | M] (Duplex Secure Ltd.)
(nmwcdsa) Samsung USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsa.sys -> [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia)
(nmwcdsacm) Samsung USB Modem [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsacm.sys -> [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsacj) Samsung USB Port [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsacj.sys -> [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia)
(nmwcdsac) Samsung USB Generic [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmwcdsac.sys -> [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia)
(Hardlock) Hardlock [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\hardlock.sys -> [2006.11.22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(aksusb) Aladdin USB Key [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\aksusb.sys -> [2006.11.22 11:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(akshasp) Aladdin HASP Key [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\akshasp.sys -> [2006.11.22 11:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.)
(AtcL001) NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\atl01_2k.sys -> [2006.07.19 03:50:36 | 000,033,408 | R--- | M] (Attansic Technology corporation.)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2005.10.05 11:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.)
(SenFiltService) SenFilt Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\senfilt.sys -> [2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura)
(HPPLSBULK) HPPLSBULK [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hpplsbulk.sys -> [2005.02.02 17:29:28 | 000,009,344 | ---- | M] (Hewlett Packard)
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Hdaudio.sys -> [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider)
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ASACPI.sys -> [2004.08.13 04:56:20 | 000,005,810 | R--- | M] ()
(rtl8139) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2001.08.23 23:03:54 | 000,025,434 | R--- | M] (Realtek Semiconductor Corporation                                                )
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> hxxp://www.google.de/ -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> -> 
< FireFox Settings [Prefs.js] > -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\FireFox\Profiles\vasjinxv.default\prefs.js -> 
browser.startup.homepage -> "hxxp://www.google.de/" ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components -> C:\Programme\Mozilla Firefox\components [C:\PROGRAMME\MOZILLA FIREFOX\COMPONENTS] -> [2010.04.06 12:55:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins -> C:\Programme\Mozilla Firefox\plugins [C:\PROGRAMME\MOZILLA FIREFOX\PLUGINS] -> [2010.04.06 12:55:11 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Extensions -> [2008.09.05 13:57:04 | 000,000,000 | ---D | M]
  -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions -> [2010.07.02 08:40:33 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant   -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009.09.04 12:53:08 | 000,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Mozilla\Firefox\Profiles\vasjinxv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2008.09.05 13:57:24 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Programme\Mozilla Firefox\extensions -> [2010.07.02 08:40:33 | 000,000,000 | ---D | M]
< HOSTS File > ([2010.07.01 12:55:03 | 000,411,503 | R--- | M] - 14265 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
First 25 entries...
Reset Hosts
127.0.0.1       localhost
196.10.11.101 brsys
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006.12.18 04:16:41 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Programme\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009.01.26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Programme\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008.12.03 09:33:45 | 000,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avgnt" -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe ["C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH)
"High Definition Audio Property Page Shortcut" -> C:\WINDOWS\System32\HdAShCut.exe [HDAShCut.exe] -> [2004.10.27 16:21:30 | 000,061,952 | ---- | M] (Windows (R) Server 2003 DDK provider)
"KnexStarter" -> C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\AppInterfaces\HPDeviceService.exe [C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\Appinterfaces\HPDeviceService.exe] -> [2007.12.20 20:18:40 | 000,073,728 | ---- | M] (Hewlett-Packard Company)
"RunTasktray" ->  ["C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe"   --regkeypath=Software\Hewlett-Packard\HP Easy Printer Care\HPPRun  --valuename=InstallTTM] -> File not found
"TomcatStartup 2.5" -> C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe [C:\Programme\Hewlett-Packard\Toolbox\hpbpsttp.exe] -> [2004.11.12 18:57:58 | 000,245,760 | ---- | M] (Hewlett-Packard)
< RunOnce [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> 
"Malwarebytes' Anti-Malware" -> C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent] -> [2010.04.29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation)
< All Users Startup Folder > -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart -> 
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe -> [2008.05.13 12:08:25 | 000,025,214 | R--- | M] ()
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk -> C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe -> [2006.10.23 02:48:20 | 000,040,048 | ---- | M] (Adobe Systems Incorporated)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Image Zone Schnellstart.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe -> [2004.11.04 20:50:52 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NumPlus.lnk -> C:\dicad\strauti\numplus.exe -> [1999.12.23 19:09:48 | 000,020,480 | ---- | M] ()
< MeyWo Startup Folder > -> C:\Dokumente und Einstellungen\MeyWo\Startmenü\Programme\Autostart -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Ausgewählte Verknüpfungen in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Auswahl in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Auswahl in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
In Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
In vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Verknüpfungsziel in Adobe PDF konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
Verknüpfungsziel in vorhandene PDF-Datei konvertieren -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006.12.18 04:18:14 | 000,231,160 | ---- | M] (Adobe Systems Incorporated)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Programme\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009.01.26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> hxxp://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7317 domain(s) found. -> 
hp.com .[http] -> Trusted sites -> 
hp.com .[https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7314 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> hxxp://go.microsoft.com/fwlink/?linkid=58813 [Office Genuine Advantage Validation Tool] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [HKLM] -> hxxp://office.microsoft.com/officeupdate/content/opuc4.cab [Office Update Installation Engine] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab [Java Plug-in 1.6.0_10] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{7757BCCA-6175-4D6E-A4A0-88FB3F6850E4}\\NameServer -> 196.10.11.90   (Attansic L1 Gigabit Ethernet 10/100/1000Base-T Adapter) -> 
{B5497300-9469-4400-86BF-D9633BEC699F}\\NameServer -> 196.10.11.90   (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) -> 
{EA3E47F4-1D9C-414C-B65E-82DF77561B2F}\\NameServer -> 196.10.11.90   (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2006.03.23 06:12:42 | 000,139,264 | R--- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server] -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M] (WIBU-SYSTEMS AG)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" -> C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe [C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun] -> [2007.12.20 19:56:42 | 000,069,120 | ---- | M] (Hewlett-Packard Company)
"D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" -> D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe [D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server] -> File not found
"D:\httpd\httpd-x86-windows\apache.exe" -> D:\httpd\httpd-x86-windows\apache.exe [D:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server] -> File not found
"D:\perl\win32\wperl.exe" -> D:\perl\win32\wperl.exe [D:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" -> C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe [C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server] -> [2006.07.26 04:10:00 | 002,002,944 | ---- | M] (WIBU-SYSTEMS AG)
"C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe" -> C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe [C:\Programme\Gemeinsame Dateien\XPressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate] -> [2008.07.01 17:02:08 | 000,587,648 | ---- | M] (PixelPlanet GmbH)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" -> C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe [C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun] -> [2007.12.20 19:56:42 | 000,069,120 | ---- | M] (Hewlett-Packard Company)
"C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe" -> C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe [C:\Programme\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw] -> [2007.10.30 12:00:39 | 000,020,572 | ---- | M] ()
"D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe" -> D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe [D:\extensions\engines\mysql5-x86-windows\bin\mysqld.exe:127.0.0.1,LocalSubnet:Enabled:Mysql database server] -> File not found
"D:\httpd\httpd-x86-windows\apache.exe" -> D:\httpd\httpd-x86-windows\apache.exe [D:\httpd\httpd-x86-windows\apache.exe:127.0.0.1,LocalSubnet:Enabled:Apache web server] -> File not found
"D:\perl\win32\wperl.exe" -> D:\perl\win32\wperl.exe [D:\perl\win32\wperl.exe:127.0.0.1,LocalSubnet:Enabled:Perl interpreter - part of Stunnix Web Server] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM-Laufwerktreiber -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007.03.19 18:28:06 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\H
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell
\H\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun
\H\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command
\H\Shell\AutoRun\command\\"" -> H:\LaunchU3.exe [H:\LaunchU3.exe -a] -> File not found
\{69f6a274-1881-11de-99ab-0018f3a45a5d}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69f6a274-1881-11de-99ab-0018f3a45a5d}\Shell\AutoRun\command
\{69f6a274-1881-11de-99ab-0018f3a45a5d}\Shell\AutoRun\command\\"" -> H:\Autorun.exe [H:\Autorun.exe] -> File not found
\{a2506d92-3bc0-11df-9ac4-00e043050c66}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell
\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\AutoRun
\{a2506d92-3bc0-11df-9ac4-00e043050c66}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] -> C:\Programme\Java\jre6\bin\regutils.dll [(default): Java (Sun); IsInstalled: 1] -> [2008.09.26 05:43:22 | 000,262,144 | ---- | M] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00  [binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] ->  [ComponentID: NetShow; IsInstalled: 1] -> 
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] ->  [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> 
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation; IsInstalled: 1] -> File not found
{2A3320D6-C805-4280-B423-B665BDE33D8F} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Security Update (KB979906); IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> 
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Uniscribe; IsInstalled: 1] -> File not found
{411EDCF7-755D-414E-A74B-3DCD6583F589} [HKLM] -> Reg Error: Key error. [(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460); IsInstalled: 1] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Erweitertes Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> 
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00  [binary data]] -> 
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error. [(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error. [(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> File not found
{5056b317-8d4c-43ee-8543-b9d1e234b8f4} [HKLM] -> Reg Error: Key error. [(default): Sicherheitsupdate für Windows XP (KB923789); IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> 
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> 
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): MSN Site Access; IsInstalled: 1] -> File not found
{7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [StubPath] ->  [(default): Webordner; IsInstalled: 1] -> 
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Adressbuch 6; IsInstalled: 1] -> 
{83785B38-C9CA-B96F-6847-90A93D030FC7} [HKLM] -> Reg Error: Key error. [(default): Vektorgrafik-Rendering (VML); IsInstalled: 1] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] -> 
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> 
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> 
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error. [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{B508B3F1-A24A-32C0-B310-85786919EF28} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error. [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error. [(default): Taskplaner; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00  [binary data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx [(default): Shockwave Flash; IsInstalled: 01 00 00 00  [binary data]] -> [2006.07.27 20:02:42 | 000,857,720 | R--- | M] (Macromedia, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error. [(default): HTML Help; IsInstalled: 1] -> File not found
{E78BFA60-5393-4C38-82AB-E8019E464EB4} [HKLM] -> Reg Error: Key error. [(default): .NET Framework] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error. [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00  [binary data]] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für Internet Explorer; IsInstalled: 1] -> 
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Microsoft Windows Media Player; IsInstalled: 0] -> 
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [(default): Internet Explorer; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> 
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browseranpassungen; IsInstalled: 1] -> 
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] -> 
< ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> 
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> 
7zFM.exe -> C:\Programme\7-Zip\7zFM.exe [C:\Programme\7-Zip\7zFM.exe] -> [2009.02.03 09:10:08 | 000,388,096 | ---- | M] (Igor Pavlov)
Acrobat.exe -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe [C:\Programme\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe] -> [2006.05.16 22:12:59 | 000,075,376 | ---- | M] (Adobe Systems Incorporated)
AcrobatInfo.exe -> C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe [C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe] -> [2006.05.16 20:46:23 | 000,032,256 | ---- | M] (Adobe Systems Incorporated)
AcroDist.exe -> C:\Programme\Adobe\Acrobat 7.0\Distillr\acrodist.exe [C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroDist.exe] -> [2008.04.23 02:08:50 | 000,196,608 | ---- | M] (Adobe Systems Incorporated.)
AcroRd32.exe -> C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe [C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> [2006.10.23 02:48:38 | 000,345,712 | ---- | M] (Adobe Systems Incorporated)
BackItUp.exe -> C:\Programme\Nero\Nero 7\Nero BackItUp\BackItUp.exe [C:\Programme\Nero\Nero 7\Nero BackItUp\BackItUp.exe] -> [2006.07.25 22:39:16 | 014,090,240 | ---- | M] (Nero AG)
bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe [C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2006.02.28 14:00:00 | 000,042,577 | ---- | M] (Microsoft Corporation)
bole.exe -> C:\Programme\Schoeck\BOLE\Bole.exe [C:\Programme\Schoeck\BOLE\Bole.exe] -> File not found
chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe [C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2006.02.28 14:00:00 | 000,042,575 | ---- | M] (Microsoft Corporation)
cmmgr32.exe -> C:\WINDOWS\System32\cmmgr32.exe [C:\WINDOWS\system32\cmmgr32.exe] -> File not found
CONF.EXE -> C:\Programme\NetMeeting\conf.exe [C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 04:22:39 | 001,040,384 | ---- | M] (Microsoft Corporation)
dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows NT\dialer.exe] -> [2008.04.14 04:22:42 | 000,545,280 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Programme\Mozilla Firefox\firefox.exe [C:\Programme\Mozilla Firefox\firefox.exe] -> [2010.04.06 12:55:06 | 000,307,672 | ---- | M] (Mozilla Corporation)
FLEXPLORER.EXE -> e:\Statikprogramme\Schoeck\FLExplorer.exe [e:\statikprogramme\schoeck\FLEXPLORER.EXE] -> [2009.04.27 10:51:54 | 000,020,480 | ---- | M] ()
FormDesigner.exe -> C:\Programme\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe [C:\Programme\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe] -> [2004.11.26 09:40:14 | 009,392,128 | R--- | M] (Adobe Systems Incorporated)
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14 04:22:47 | 000,769,024 | ---- | M] (Microsoft Corporation)
HijackThis.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Ablage\Programme\HijackThis.exe [C:\Dokumente und Einstellungen\MeyWo\Desktop\Ablage\Programme\hijackthis.exe] -> [2009.07.06 12:33:17 | 000,396,288 | ---- | M] (Trend Micro Inc.)
hppgfax.exe -> C:\Programme\HP\Digital Imaging\bin\hppgfax.exe [C:\Programme\HP\Digital Imaging\bin\hppgfax.exe] -> [2005.04.07 17:41:16 | 000,188,416 | ---- | M] (Hewlett-Packard Co.)
hppscan2.exe -> C:\Programme\HP\Digital Imaging\bin\hppscan2.exe [C:\Programme\HP\Digital Imaging\bin\hppscan2.exe] -> [2004.11.01 16:13:24 | 000,192,512 | ---- | M] (Hewlett-Packard Co.)
HpqApkil.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe [C:\Programme\HP\Digital Imaging\Unload\HpqApkil.exe] -> [2004.10.08 10:43:10 | 000,022,528 | ---- | M] ()
HpqPhUnl.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe] -> [2004.10.08 10:42:04 | 000,413,696 | ---- | M] ()
HpqPSmon.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe [C:\Programme\HP\Digital Imaging\Unload\HpqPSmon.exe] -> [2004.10.08 10:43:12 | 000,065,536 | ---- | M] ()
hpqthb08.exe -> C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe [C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe] -> [2004.11.04 20:50:52 | 000,053,248 | ---- | M] (Hewlett-Packard Co.)
HpqUnSet.exe -> C:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe [C:\Programme\HP\Digital Imaging\Unload\HpqUnSet.exe] -> [2004.10.08 10:42:04 | 000,053,248 | ---- | M] (TODO: <Company name>)
hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe [C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2006.02.28 14:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe ["C:\Programme\Windows NT\hypertrm.exe"] -> [2006.02.28 14:00:00 | 000,028,160 | ---- | M] (Hilgraeve, Inc.)
ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN1.EXE"] -> [2008.04.14 04:22:48 | 000,218,624 | ---- | M] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ICWCONN2.EXE"] -> [2008.04.14 04:22:48 | 000,086,016 | ---- | M] (Microsoft Corporation)
ImageDrive.exe -> C:\Programme\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe [C:\Programme\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe] -> [2006.01.14 07:26:10 | 000,471,040 | ---- | M] (Nero AG)
INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection Wizard\INETWIZ.EXE"] -> [2008.04.14 04:22:49 | 000,020,480 | ---- | M] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection Wizard\ISIGNUP.EXE"] -> [2006.02.28 14:00:00 | 000,016,384 | ---- | M] (Microsoft Corporation)
javaws.exe -> C:\Programme\Java\jre6\bin\javaws.exe [C:\Programme\Java\jre6\bin\javaws.exe] -> [2008.12.03 09:33:42 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.)
LUALL.EXE -> C:\Programme\Symantec\LiveUpdate\LUALL.EXE [C:\Programme\Symantec\LiveUpdate\LUALL.EXE] -> [2004.03.25 18:00:26 | 001,561,712 | ---- | M] (Symantec Corporation)
mbam.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2010.04.29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe [%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 04:22:51 | 000,252,416 | ---- | M] (Microsoft Corporation)
moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie Maker\moviemk.exe] -> [2009.10.23 17:28:37 | 003,558,912 | ---- | M] (Microsoft Corporation)
mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe ["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14 04:22:53 | 000,004,639 | ---- | M] (Microsoft Corporation)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe] -> [2008.04.14 04:22:53 | 000,172,544 | ---- | M] (Microsoft Corporation)
msimn.exe -> C:\Programme\Outlook Express\msimn.exe [%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 04:22:53 | 000,060,416 | ---- | M] (Microsoft Corporation)
msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft Shared\MSInfo\MSInfo32.exe] -> [2006.02.28 14:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
msoxmled.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE [C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLED.EXE] -> [2003.07.14 23:45:12 | 000,055,360 | ---- | M] (Microsoft Corporation)
mspview.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\MODI\11.0\MSPVIEW.EXE [C:\PROGRA~1\GEMEIN~1\MICROS~1\MODI\11.0\MSPVIEW.EXE] -> [2003.06.19 17:05:50 | 000,364,648 | ---- | M] (Microsoft Corporation)
NCoverEd.exe -> C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe [C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe] -> [2006.05.19 01:12:20 | 003,309,568 | ---- | M] (Nero AG)
Nero.exe -> C:\Programme\Nero\Nero 7\Core\nero.exe [C:\Programme\Nero\Nero 7\Core\Nero.exe] -> [2006.06.13 20:10:00 | 018,079,744 | ---- | M] (Nero AG)
NeroBurnRights.exe -> C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe [C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe] -> [2006.03.23 13:54:30 | 000,528,384 | ---- | M] (Nero AG)
NeroHome.exe -> C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe [C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe] -> [2006.06.01 14:32:50 | 000,147,456 | ---- | M] (Nero AG)
NeroMediaHome.exe -> C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe [C:\Programme\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe] -> [2006.01.16 19:08:00 | 003,190,784 | ---- | M] (Nero AG)
NeroVision.exe -> C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe [C:\Programme\Nero\Nero 7\Nero Vision\NeroVision.exe] -> [2006.06.14 16:20:26 | 000,496,128 | ---- | M] (Nero AG)
ois.exe -> C:\Programme\Microsoft Office\OFFICE11\OIS.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OIS.EXE] -> [2005.03.17 23:06:29 | 000,284,352 | ---- | M] (Microsoft Corporation)
OUTLOOK.EXE -> C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE] -> [2006.11.23 21:56:04 | 000,196,368 | ---- | M] (Microsoft Corporation)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 | 000,346,624 | ---- | M] (Microsoft Corporation)
PhotoSnapViewer.exe -> C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe [C:\Programme\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe] -> [2006.05.16 18:25:14 | 001,773,568 | ---- | M] (Nero AG)
pinball.exe -> C:\Programme\Windows NT\Pinball\pinball.exe [C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 04:22:57 | 000,282,624 | ---- | M] (Cinematronics)
plan.exe ->  [c:\dicad\strakon] -> File not found
Recode.exe -> C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe [C:\Programme\Nero\Nero 7\Nero Recode\Recode.exe] -> [2006.06.09 18:13:22 | 011,018,240 | ---- | M] (Nero AG)
rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe [C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2006.02.28 14:00:00 | 000,042,574 | ---- | M] (Microsoft Corporation)
schdpl32.exe -> C:\Programme\Microsoft Office\OFFICE11\1031\SCHDPL32.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\1031\SCHDPL32.EXE] -> [2003.04.11 18:33:54 | 000,191,336 | ---- | M] (Microsoft Corporation)
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
ShowTime.exe -> C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Programme\Nero\Nero 7\Nero ShowTime\ShowTime.exe] -> [2006.07.26 21:29:48 | 003,764,224 | ---- | M] (Nero AG)
shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe [C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2006.02.28 14:00:00 | 000,042,573 | ---- | M] (Microsoft Corporation)
smax4.exe -> C:\Programme\Analog Devices\SoundMAX\SMax4.exe [C:\Programme\Analog Devices\SoundMAX\smax4.exe] -> [2005.09.07 16:35:36 | 000,716,800 | ---- | M] (Analog Devices, Inc.)
smax4pnp.exe -> C:\Programme\Analog Devices\Core\smax4pnp.exe [C:\Programme\Analog Devices\Core\smax4pnp.exe] -> [2005.05.20 03:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
smax4wiz.exe -> C:\Programme\Analog Devices\SoundMAX\SMax4Wiz.exe [C:\Programme\Analog Devices\SoundMAX\smax4wiz.exe] -> [2005.07.26 10:29:08 | 000,815,104 | ---- | M] (Analog Devices, Inc.)
SMaxCore -> C:\Programme\Analog Devices\Core [C:\Programme\Analog Devices\Core] -> [2007.03.19 18:55:20 | 000,000,000 | ---D | M]
smwdmif.dll -> C:\Programme\Analog Devices\Core\smwdmif.dll [C:\Programme\Analog Devices\Core\smwdmif.dll] -> [2005.10.05 11:28:14 | 000,290,816 | R--- | M] (Analog Devices, Inc.)
SoundMAX -> C:\Programme\Analog Devices\SoundMAX [C:\Programme\Analog Devices\SoundMAX] -> [2007.03.20 11:10:55 | 000,000,000 | ---D | M]
SoundTrax.exe -> C:\Programme\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe [C:\Programme\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe] -> [2006.05.19 01:39:44 | 001,953,792 | ---- | M] (Nero AG)
swe2.exe -> E:\Statikprogramme\IFBS-Sandwichelemente\swe2.exe [E:\Statikprogramme\IFBS-Sandwichelemente\swe2.exe] -> [2008.03.06 01:29:44 | 014,161,945 | ---- | M] ()
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook Express\wab.exe] -> [2008.04.14 04:23:04 | 000,046,080 | ---- | M] (Microsoft Corporation)
wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe [%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 04:23:04 | 000,030,208 | ---- | M] (Microsoft Corporation)
waveedit.exe -> C:\Programme\Nero\Nero 7\Nero WaveEditor\waveedit.exe [C:\Programme\Nero\Nero 7\Nero WaveEditor\waveedit.exe] -> [2006.05.19 01:22:34 | 000,135,168 | ---- | M] (Nero AG)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
Winword.exe -> C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE [C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE] -> [2007.01.23 16:03:52 | 012,263,776 | ---- | M] (Microsoft Corporation)
winzip.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2001.12.29 09:10:00 | 002,109,508 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
winzip32.exe -> C:\Programme\WinZip\WINZIP32.EXE [C:\PROGRA~1\WINZIP\winzip32.exe] -> [2001.12.29 09:10:00 | 002,109,508 | ---- | M] (WinZip Computing, Inc. and H.C. Top Systems B.V.)
WMPBurn.exe -> C:\Programme\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe [C:\Programme\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe] -> [2006.05.05 14:08:02 | 001,331,200 | ---- | M] (Nero AG)
wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe [C:\Programme\Windows Media Player\wmplayer.exe] -> [2006.10.24 20:04:50 | 000,064,000 | ---- | M] (Microsoft Corporation)
WORDPAD.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M] (Microsoft Corporation)
WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE ["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21 23:13:26 | 000,217,600 | ---- | M] (Microsoft Corporation)
XPressUpdate.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
XPSViewer.exe -> C:\WINDOWS\System32\XPSViewer\XPSViewer.exe ["C:\WINDOWS\system32\XPSViewer\XPSViewer.exe"] -> [2008.07.29 21:26:06 | 000,301,568 | ---- | M] (Microsoft Corporation)
yourapp.Exe -> C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe [C:\Program Files\HP\Non Driver CIO Components\yourapp.Exe] -> File not found
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> 
"{00020000-0000-1011-8004-0000C06B5161}" [HKLM] -> C:\Programme\WIBU-SYSTEMS\System\WibuShellExt.dll [WIBU-SYSTEMS Shell Extension] -> [2007.11.02 16:18:11 | 000,532,480 | ---- | M] (WIBU-SYSTEMS AG)
"{00020D75-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Office Outlook Desktop Icon Handler] -> [2005.05.10 15:05:08 | 000,030,440 | ---- | M] (Microsoft Corporation)
"{0006F045-0000-0000-C000-000000000046}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Office Outlook Custom Icon Handler] -> [2003.07.14 23:46:12 | 000,234,048 | ---- | M] (Microsoft Corporation)
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] -> C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft Datenverknüpfung] -> [2008.04.14 04:22:23 | 000,487,424 | ---- | M] (Microsoft Corporation)
"{23170F69-40C1-278A-1000-000100020000}" [HKLM] -> C:\Programme\7-Zip\7-zip.dll [7-Zip Shell Extension] -> [2009.02.03 09:09:46 | 000,069,632 | ---- | M] (Igor Pavlov)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 04:22:32 | 000,032,768 | ---- | M] (Microsoft Corporation)
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" [HKLM] -> C:\Programme\Samsung\Samsung PC Studio 7\PhoneBrowser.dll [PhoneBrowser] -> [2008.02.01 11:50:28 | 000,573,440 | ---- | M] ()
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] -> C:\Programme\Microsoft Office\OFFICE11\MSOHEV.DLL [Microsoft Office HTML Icon Handler] -> [2003.07.14 23:52:58 | 000,067,128 | ---- | M] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] ->  [CPL-Erweiterung für Anzeigeverschiebung] -> File not found
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] -> C:\Programme\Avira\AntiVir Desktop\shlext.dll [Shell Extension for Malware scanning] -> [2010.02.02 12:53:52 | 000,086,376 | ---- | M] (Avira GmbH)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error. [Shellerweiterungen für die Dateikomprimierung] -> File not found
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalPropSheetHandler] -> [2005.11.15 13:07:16 | 001,802,240 | ---- | M] (Nero AG)
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error. [Kontextmenü für die Verschlüsselung] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] -> C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] -> [2006.02.28 14:00:00 | 000,044,544 | ---- | M] (Hilgraeve, Inc.)
"{9480D0F0-DB1F-11cf-8C46-0020AFD20E96}" [HKLM] -> e:\Statikprogramme\RIB\win\rtshell\RtShell.dll [RIB RIBTEC Shell Extension] -> [2005.01.12 19:22:18 | 000,221,184 | ---- | M] (RIB Software AG)
"{9480D0F1-DB1F-11cf-8C46-0020AFD20E96}" [HKLM] -> e:\Statikprogramme\RIB\win\rtshell\RtShell.dll [RIB RIBTEC Shell Extension] -> [2005.01.12 19:22:18 | 000,221,184 | ---- | M] (RIB Software AG)
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Metadata Handler] -> [2006.10.26 20:13:04 | 000,932,688 | ---- | M] (Microsoft Corporation)
"{B327765E-D724-4347-8B16-78AE18552FC3}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll [NeroDigitalIconHandler] -> [2005.11.15 13:07:16 | 001,802,240 | ---- | M] (Nero AG)
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] -> [2003.07.11 03:15:48 | 001,292,872 | ---- | M] (Microsoft Corporation)
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll [Microsoft Office Thumbnail Handler] -> [2006.10.26 20:13:04 | 000,932,688 | ---- | M] (Microsoft Corporation)
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" [HKLM] -> C:\Programme\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll [Adobe.Acrobat.ContextMenu] -> [2006.01.12 20:49:01 | 000,581,632 | ---- | M] (Adobe Systems Inc.)
"{E0D79304-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{E0D79305-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{E0D79306-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{E0D79307-84BE-11CE-9641-444553540000}" [HKLM] -> C:\Programme\WinZip\WZSHLSTB.DLL [WinZip] -> [2001.12.29 09:10:00 | 000,020,553 | ---- | M] (WinZip Computing, Inc.)
"{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" [HKLM] -> Reg Error: Key error. [IE User Assist] -> File not found
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> 
"Adobe LM Service" -> -> 
"Hilti PROFIS AutoUpdate Service" -> -> 
"NBService" -> -> 
"WMPNetworkSvc" -> -> 
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> 
Acrobat Assistant 7.0 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe -> [2008.04.23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.)
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe -> [2006.06.01 14:32:12 | 000,094,208 | ---- | M] (Nero AG)
DataLayer hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\PCSuite\DataLayer\DataLayer.exe -> [2007.02.22 17:04:44 | 000,851,968 | ---- | M] (Nokia Mobile Phones Ltd.)
HPUsageTracking hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\HP\HP UT\bin\hppusg.exe -> [2005.02.07 12:10:12 | 000,036,864 | ---- | M] ( )
NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe -> [2006.01.12 17:40:44 | 000,155,648 | ---- | M] (Nero AG)
NWEReboot hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->  -> File not found
PROFIS AutoUpdate hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Hilti\Hilti PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -> [2009.04.20 12:16:10 | 000,346,624 | ---- | M] (Agito d.o.o.)
S60TrayApplication hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Samsung\Samsung PC Studio 7\LaunchApplication.exe -> [2007.03.14 17:47:00 | 000,237,568 | ---- | M] ()
SoundMAX hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Analog Devices\SoundMAX\Smax4.exe -> [2005.09.07 16:35:36 | 000,716,800 | ---- | M] (Analog Devices, Inc.)
SoundMAXPnP hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Programme\Analog Devices\Core\smax4pnp.exe -> [2005.05.20 03:11:06 | 000,925,696 | R--- | M] (Analog Devices, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 2 -> 
"startup" -> 2 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
 
[Files/Folders - Created Within 30 Days]
 Malwarebytes -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Malwarebytes -> [2010.07.02 15:05:29 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010.07.02 15:05:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes -> [2010.07.02 15:05:18 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010.07.02 15:05:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Programme\Malwarebytes' Anti-Malware -> [2010.07.02 15:05:17 | 000,000,000 | ---D | C]
 mbam-setup.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\mbam-setup.exe -> [2010.07.02 13:39:29 | 006,153,384 | ---- | C] (Malwarebytes Corporation                                    )
 TFC.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\TFC.exe -> [2010.07.02 13:38:52 | 000,444,416 | ---- | C] (OldTimer Tools)
 OTS.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:12 | 000,640,000 | ---- | C] (OldTimer Tools)
 Upload -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Upload -> [2010.07.02 11:39:22 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Programme\Spybot - Search & Destroy -> [2010.07.01 12:04:41 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy -> [2010.07.01 12:04:41 | 000,000,000 | ---D | C]
 U3 -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\U3 -> [2010.06.18 06:56:17 | 000,000,000 | ---D | C]
 iedvtool.dll -> C:\WINDOWS\System32\dllcache\iedvtool.dll -> [2010.06.10 09:31:05 | 000,743,424 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
 ~$crosoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\MeyWo\Desktop\~$crosoft Office Word-Dokument (neu).doc -> [2010.07.02 16:57:23 | 000,000,162 | -H-- | M] ()
 Microsoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Microsoft Office Word-Dokument (neu).doc -> [2010.07.02 16:52:42 | 000,045,056 | ---- | M] ()
 l91z2r0p.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\l91z2r0p.exe -> [2010.07.02 15:29:08 | 000,293,376 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.07.02 15:05:22 | 000,000,676 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010.07.02 14:41:48 | 000,013,646 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010.07.02 14:41:21 | 000,002,048 | --S- | M] ()
 NTUSER.DAT -> C:\Dokumente und Einstellungen\MeyWo\NTUSER.DAT -> [2010.07.02 14:39:50 | 015,990,784 | -H-- | M] ()
 ntuser.ini -> C:\Dokumente und Einstellungen\MeyWo\ntuser.ini -> [2010.07.02 14:39:50 | 000,000,300 | -HS- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010.07.02 14:32:30 | 000,000,006 | -H-- | M] ()
 defogger_reenable -> C:\Dokumente und Einstellungen\MeyWo\defogger_reenable -> [2010.07.02 14:29:02 | 000,000,132 | ---- | M] ()
 Adobe Acrobat - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> [2010.07.02 14:25:17 | 000,002,319 | ---- | M] ()
 mbam-setup.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\mbam-setup.exe -> [2010.07.02 13:39:48 | 006,153,384 | ---- | M] (Malwarebytes Corporation                                    )
 Defogger.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Defogger.exe -> [2010.07.02 13:39:04 | 000,050,477 | ---- | M] ()
 TFC.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\TFC.exe -> [2010.07.02 13:38:52 | 000,444,416 | ---- | M] (OldTimer Tools)
 OTS.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\OTS.exe -> [2010.07.02 12:32:13 | 000,640,000 | ---- | M] (OldTimer Tools)
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010.07.02 12:31:01 | 001,077,890 | ---- | M] ()
 perfh007.dat -> C:\WINDOWS\System32\perfh007.dat -> [2010.07.02 12:31:01 | 000,462,306 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010.07.02 12:31:01 | 000,443,724 | ---- | M] ()
 perfc007.dat -> C:\WINDOWS\System32\perfc007.dat -> [2010.07.02 12:31:01 | 000,085,534 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010.07.02 12:31:01 | 000,071,982 | ---- | M] ()
 file.bat -> C:\Dokumente und Einstellungen\MeyWo\Desktop\file.bat -> [2010.07.02 12:11:20 | 000,000,334 | ---- | M] ()
 Fehler.JPG -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Fehler.JPG -> [2010.07.02 11:40:04 | 000,078,265 | ---- | M] ()
 VPClient.ini -> C:\WINDOWS\VPClient.ini -> [2010.07.02 11:37:35 | 000,001,236 | ---- | M] ()
 IconCache.db -> C:\Dokumente und Einstellungen\MeyWo\Lokale Einstellungen\Anwendungsdaten\IconCache.db -> [2010.07.02 11:08:53 | 001,659,944 | -H-- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010.07.01 16:46:09 | 000,000,623 | ---- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2010.07.01 16:46:09 | 000,000,227 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010.07.01 16:46:09 | 000,000,211 | -HS- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010.07.01 12:55:03 | 000,411,503 | R--- | M] ()
 hosts.20100701-125503.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100701-125503.backup -> [2010.07.01 12:54:43 | 000,411,503 | R--- | M] ()
 hosts.20100701-125443.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20100701-125443.backup -> [2010.07.01 12:48:01 | 000,411,503 | R--- | M] ()
 hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2010.07.01 07:18:46 | 000,000,178 | ---- | M] ()
 Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> C:\Dokumente und Einstellungen\MeyWo\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> [2010.06.23 07:59:26 | 000,138,775 | ---- | M] ()
 default.pls -> C:\Dokumente und Einstellungen\MeyWo\default.pls -> [2010.06.22 09:04:30 | 000,000,189 | ---- | M] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2010.06.22 09:04:27 | 000,000,116 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und Einstellungen\MeyWo\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2010.06.18 07:09:57 | 000,016,384 | ---- | M] ()
 AKDeInstall.exe -> C:\WINDOWS\AKDeInstall.exe -> [2010.06.15 07:29:43 | 000,048,640 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010.06.11 06:21:48 | 000,203,328 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010.06.10 18:46:56 | 000,001,374 | ---- | M] ()
 Pos3.dat -> C:\Pos3.dat -> [2010.06.09 14:27:40 | 000,057,063 | ---- | M] ()
 
[Files - No Company Name]
 ~$crosoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\MeyWo\Desktop\~$crosoft Office Word-Dokument (neu).doc -> [2010.07.02 16:57:23 | 000,000,162 | -H-- | C] ()
 Microsoft Office Word-Dokument (neu).doc -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Microsoft Office Word-Dokument (neu).doc -> [2010.07.02 16:57:04 | 000,045,056 | ---- | C] ()
 l91z2r0p.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\l91z2r0p.exe -> [2010.07.02 15:32:51 | 000,293,376 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.07.02 15:05:22 | 000,000,676 | ---- | C] ()
 defogger_reenable -> C:\Dokumente und Einstellungen\MeyWo\defogger_reenable -> [2010.07.02 14:27:14 | 000,000,132 | ---- | C] ()
 Defogger.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Defogger.exe -> [2010.07.02 13:39:04 | 000,050,477 | ---- | C] ()
 file.bat -> C:\Dokumente und Einstellungen\MeyWo\Desktop\file.bat -> [2010.07.02 12:11:20 | 000,000,334 | ---- | C] ()
 Fehler.JPG -> C:\Dokumente und Einstellungen\MeyWo\Desktop\Fehler.JPG -> [2010.07.02 11:40:04 | 000,078,265 | ---- | C] ()
 hldrv32.exe -> C:\Dokumente und Einstellungen\MeyWo\Desktop\hldrv32.exe -> [2010.07.02 07:28:07 | 005,119,792 | ---- | C] ()
 Adobe Acrobat - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk -> [2010.07.01 16:46:08 | 000,002,319 | ---- | C] ()
 Adobe Reader - Schnellstart.lnk -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk -> [2010.07.01 16:46:08 | 000,001,726 | ---- | C] ()
 Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> C:\Dokumente und Einstellungen\MeyWo\Eigene Dateien\Auslegungstabelle-zu-DIN-1055-3-vom-15-09-2008.pdf -> [2010.06.23 07:59:26 | 000,138,775 | ---- | C] ()
 AKDeInstall.exe -> C:\WINDOWS\AKDeInstall.exe -> [2010.06.15 07:29:43 | 000,048,640 | ---- | C] ()
 Pos3.dat -> C:\Pos3.dat -> [2010.06.09 14:01:46 | 000,057,063 | ---- | C] ()
 msacc20.ini -> C:\WINDOWS\msacc20.ini -> [2009.03.03 09:26:03 | 000,000,051 | ---- | C] ()
 DVD_Start.INI -> C:\WINDOWS\DVD_Start.INI -> [2009.02.26 12:09:14 | 000,000,032 | ---- | C] ()
 libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2008.07.22 09:11:23 | 000,690,040 | ---- | C] ()
 ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2008.07.22 09:11:23 | 000,161,656 | ---- | C] ()
 Cobec4.INI -> C:\WINDOWS\Cobec4.INI -> [2008.07.16 09:02:37 | 000,000,382 | ---- | C] ()
 AddPort.ini -> C:\WINDOWS\System32\AddPort.ini -> [2008.02.13 13:24:22 | 000,000,128 | ---- | C] ()
 hpntwksetup.ini -> C:\WINDOWS\hpntwksetup.ini -> [2008.02.13 13:23:03 | 000,000,841 | ---- | C] ()
 hppatusg01.dll -> C:\WINDOWS\System32\hppatusg01.dll -> [2007.12.20 19:55:14 | 000,110,592 | ---- | C] ()
 jst.dll -> C:\WINDOWS\System32\jst.dll -> [2007.10.30 11:23:29 | 000,074,752 | ---- | C] ()
 compJNI.dll -> C:\WINDOWS\System32\compJNI.dll -> [2007.10.30 11:23:29 | 000,032,768 | ---- | C] ()
 PMLJNI.dll -> C:\WINDOWS\System32\PMLJNI.dll -> [2007.10.30 11:23:28 | 000,102,400 | ---- | C] ()
 MPDLL.DLL -> C:\WINDOWS\System32\MPDLL.DLL -> [2007.10.29 13:14:00 | 000,032,768 | ---- | C] ()
 megapfad.ini -> C:\WINDOWS\megapfad.ini -> [2007.10.29 13:13:59 | 000,000,134 | ---- | C] ()
 hpbvnstp.ini -> C:\WINDOWS\hpbvnstp.ini -> [2007.10.25 12:41:47 | 000,001,367 | ---- | C] ()
 HPP2800V.DLL -> C:\WINDOWS\System32\HPP2800V.DLL -> [2007.10.25 12:41:38 | 000,208,896 | ---- | C] ()
 Arcel_DA.INI -> C:\WINDOWS\Arcel_DA.INI -> [2007.07.16 10:35:27 | 000,000,153 | ---- | C] ()
 PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2007.05.07 09:20:58 | 000,000,151 | ---- | C] ()
 _delis43.ini -> C:\WINDOWS\_delis43.ini -> [2007.04.18 11:48:56 | 000,000,252 | ---- | C] ()
 ETACoreGUI.INI -> C:\WINDOWS\ETACoreGUI.INI -> [2007.04.03 10:30:00 | 000,000,154 | ---- | C] ()
 BRESPA.INI -> C:\WINDOWS\BRESPA.INI -> [2007.03.29 12:20:52 | 000,004,647 | ---- | C] ()
 sysprs7.dll -> C:\WINDOWS\System32\sysprs7.dll -> [2007.03.28 17:05:50 | 000,001,025 | ---- | C] ()
 lsprst7.dll -> C:\WINDOWS\System32\lsprst7.dll -> [2007.03.28 17:05:50 | 000,000,205 | ---- | C] ()
 clauth2.dll -> C:\WINDOWS\System32\clauth2.dll -> [2007.03.28 17:05:33 | 000,001,024 | ---- | C] ()
 clauth1.dll -> C:\WINDOWS\System32\clauth1.dll -> [2007.03.28 17:05:33 | 000,001,024 | ---- | C] ()
 ssprs.dll -> C:\WINDOWS\System32\ssprs.dll -> [2007.03.28 17:05:33 | 000,000,073 | ---- | C] ()
 serauth2.dll -> C:\WINDOWS\System32\serauth2.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C] ()
 serauth1.dll -> C:\WINDOWS\System32\serauth1.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C] ()
 nsprs.dll -> C:\WINDOWS\System32\nsprs.dll -> [2007.03.28 17:05:33 | 000,000,000 | ---- | C] ()
 PeikDur.INI -> C:\WINDOWS\PeikDur.INI -> [2007.03.28 16:53:43 | 000,000,791 | ---- | C] ()
 PeikCol.INI -> C:\WINDOWS\PeikCol.INI -> [2007.03.28 16:42:08 | 000,000,614 | ---- | C] ()
 delta.ini -> C:\WINDOWS\delta.ini -> [2007.03.28 16:04:03 | 000,000,068 | ---- | C] ()
 afcc.INI -> C:\WINDOWS\afcc.INI -> [2007.03.28 15:58:47 | 000,000,058 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007.03.28 15:50:59 | 000,000,116 | ---- | C] ()
 hpbafd.ini -> C:\WINDOWS\hpbafd.ini -> [2007.03.28 15:20:35 | 000,000,178 | ---- | C] ()
 UNWISE.INI -> C:\WINDOWS\System32\UNWISE.INI -> [2007.03.28 13:59:24 | 000,006,836 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007.03.19 19:29:32 | 000,000,400 | ---- | C] ()
 Ascd_tmp.ini -> C:\WINDOWS\Ascd_tmp.ini -> [2007.03.19 18:50:18 | 000,018,013 | ---- | C] ()
 ASACPI.sys -> C:\WINDOWS\System32\drivers\ASACPI.sys -> [2007.03.19 18:50:15 | 000,005,810 | R--- | C] ()
 ASUSHWIO.SYS -> C:\WINDOWS\System32\drivers\ASUSHWIO.SYS -> [2007.03.19 18:50:08 | 000,005,824 | ---- | C] ()
 OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007.03.05 14:34:28 | 000,676,224 | ---- | C] ()
 HPDevEnm.dll -> C:\WINDOWS\System32\HPDevEnm.dll -> [2007.02.26 13:12:26 | 000,126,976 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006.06.29 14:58:52 | 000,030,808 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006.06.29 14:53:56 | 000,026,489 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006.04.18 15:39:28 | 000,029,779 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006.04.18 15:39:28 | 000,026,040 | ---- | C] ()
 afd.sys -> C:\WINDOWS\System32\drivers\afd.sys -> [2006.02.28 14:00:00 | 000,138,496 | ---- | C] ()
 OUTLPERF.INI -> C:\WINDOWS\System32\OUTLPERF.INI -> [2003.02.20 18:53:42 | 000,005,702 | ---- | C] ()
 hppcap.ini -> C:\WINDOWS\hppcap.ini -> [2001.10.24 13:49:32 | 000,000,032 | ---- | C] ()
 HPTCPMON.INI -> C:\WINDOWS\System32\HPTCPMON.INI -> [2001.07.07 05:00:00 | 000,003,254 | ---- | C] ()
 PROTOCOL.INI -> C:\WINDOWS\PROTOCOL.INI -> [1999.03.30 10:09:20 | 000,000,000 | ---- | C] ()
 VPWINE.INI -> C:\WINDOWS\VPWINE.INI -> [1999.03.30 10:09:14 | 000,009,180 | ---- | C] ()
 VPClient.ini -> C:\WINDOWS\VPClient.ini -> [1999.03.30 10:09:14 | 000,001,236 | ---- | C] ()
 
[File - Lop Check]
 Agito -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Agito -> [2009.07.06 12:34:51 | 000,000,000 | ---D | M]
 Downloaded Installations -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations -> [2009.11.05 14:25:02 | 000,000,000 | ---D | M]
 Enfocus Prefs Folder -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Enfocus Prefs Folder -> [2009.04.17 08:27:50 | 000,000,000 | ---D | M]
 Megatech -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Megatech -> [2007.11.03 10:00:02 | 000,000,000 | ---D | M]
 MSScanAppDataDir -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir -> [2007.10.30 11:37:49 | 000,000,000 | ---D | M]
 PC Suite -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite -> [2009.11.05 14:25:49 | 000,000,000 | ---D | M]
 PixelPlanet -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet -> [2008.07.22 09:11:24 | 000,000,000 | ---D | M]
 RIB -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RIB -> [2007.11.08 19:19:09 | 000,000,000 | ---D | M]
 Agito -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Agito -> [2009.07.06 12:34:55 | 000,000,000 | ---D | M]
 Datalayer -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Datalayer -> [2009.11.05 14:26:33 | 000,000,000 | ---D | M]
 Enfocus Prefs Folder -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Enfocus Prefs Folder -> [2009.04.17 08:27:50 | 000,000,000 | ---D | M]
 IsolatedStorage -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\IsolatedStorage -> [2009.01.20 11:39:08 | 000,000,000 | ---D | M]
 PC Suite -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\PC Suite -> [2009.11.05 14:25:52 | 000,000,000 | ---D | M]
 Profis -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Profis -> [2009.11.23 14:22:31 | 000,000,000 | ---D | M]
 RIB -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\RIB -> [2008.01.07 11:04:22 | 000,000,000 | ---D | M]
 Samsung -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Samsung -> [2009.11.05 14:34:50 | 000,000,000 | ---D | M]
 Schoeck -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\Schoeck -> [2009.09.10 12:26:42 | 000,000,000 | ---D | M]
 TeamViewer -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\TeamViewer -> [2010.03.05 21:53:16 | 000,000,000 | ---D | M]
 ZiWu-Soft -> C:\Dokumente und Einstellungen\MeyWo\Anwendungsdaten\ZiWu-Soft -> [2008.07.22 09:16:19 | 000,000,000 | ---D | M]
 
[File - Purity Scan]
 
[Custom Scans]
< NetSvcs >
< Drivers32 >
< %SYSTEMDRIVE%\*.exe >
 jPodder-Setup.exe -> C:\jPodder-Setup.exe -> [2007.10.15 11:18:00 | 009,545,267 | ---- | M] ()
 wmp11-windowsxp-x86-DE-DE.exe -> C:\wmp11-windowsxp-x86-DE-DE.exe -> [2007.08.21 15:23:22 | 025,842,736 | ---- | M] (Microsoft Corporation)
< %systemroot%\*. /mp /s >
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
 mbam.sys -> C:\WINDOWS\system32\drivers\mbam.sys -> [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 mbamswissarmy.sys -> C:\WINDOWS\system32\drivers\mbamswissarmy.sys -> [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
< %systemroot%\system32\ws2help.dll /md5 >
 ws2help.dll : MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -> C:\WINDOWS\system32\ws2help.dll -> [2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ not found. -> -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-06-23 15:30:34 -> 
< End of report >

02.07.2010, 14:05	#12
Larusso /// Selecta Jahrusso	Trojaner "cleansweep.exe" Rechner stürzt immer ab Lass bitte mal Malwarebytes im abgesicherten Modus laufen __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Trojaner "cleansweep.exe" Rechner stürzt immer ab

Log-Analyse und Auswertung: Trojaner "cleansweep.exe" Rechner stürzt immer ab