Hallo
Könnte mir jemand das Combofix Logfile auswerten? Vielen Dank und Grüße Code:
ComboFix 09-01-02.01 - Tamara 2009-01-04 22:33:33.1 - NTFSx86
ausgeführt von:: c:\dokumente und einstellungen\Tamara\Desktop\ComboFix.exe
Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programme\Mozilla Firefox\components\nsaddestination.dll
c:\windows\cdmxtras
c:\windows\system32\cache329
c:\windows\system32\cont_addestination-remove.exe
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VFILT
((((((((((((((((((((((( Dateien erstellt von 2008-12-04 bis 2009-01-04 ))))))))))))))))))))))))))))))
.
2009-01-01 21:20 . 2009-01-01 21:20 <DIR> d-------- c:\programme\Gemeinsame Dateien\Wise Installation Wizard
2009-01-01 18:21 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 18:21 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-01 18:06 . 2009-01-04 07:59 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Google Updater
2009-01-01 16:59 . 2009-01-01 17:00 1,891 --a------ c:\windows\imsins.BAK
2009-01-01 10:44 . 2009-01-02 17:25 <DIR> d-------- c:\programme\Alwil Software
2008-12-31 19:46 . 2008-12-31 19:46 <DIR> d-------- C:\Restoration
2008-12-31 15:58 . 2008-12-31 15:58 <DIR> d-------- c:\programme\Digital Image Recovery
2008-12-31 15:37 . 2008-12-31 15:38 <DIR> d-------- C:\TEMP
2008-12-31 14:55 . 2008-12-31 14:55 <DIR> d-------- c:\programme\Software Shelf
2008-12-31 13:08 . 2008-12-31 13:08 <DIR> d-------- c:\programme\Convar
2008-12-31 13:08 . 2002-04-12 13:19 28,672 --a------ c:\windows\system32\DartWeb.oca
2008-12-30 09:54 . 2008-12-30 09:54 890,681 --a------ c:\programme\registrycleaner.zip
2008-12-29 22:08 . 2008-12-29 22:08 <DIR> d-------- c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Foxit
2008-12-29 20:08 . 2008-12-29 20:08 <DIR> d-------- c:\programme\Java
2008-12-29 10:51 . 2008-12-29 10:51 <DIR> d-------- c:\programme\CCleaner
2008-12-29 10:37 . 2009-01-03 22:09 <DIR> d-------- c:\programme\Download
2008-12-27 22:11 . 2008-12-27 22:11 <DIR> d-------- C:\!KillBox
2008-12-27 20:04 . 2008-12-27 20:04 <DIR> d-------- c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Malwarebytes
2008-12-27 20:04 . 2008-12-27 20:04 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2008-12-12 19:25 . 2008-12-12 19:25 <DIR> d-------- c:\programme\Trend Micro
2008-12-11 22:23 . 2008-12-12 06:59 <DIR> d-------- c:\programme\Spybot - Search & Destroy
2008-12-11 21:10 . 2008-12-11 21:10 <DIR> d-------- C:\My Downloads
2008-12-10 21:34 . 2008-12-25 22:24 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-10 21:22 . 2009-01-04 21:00 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-10 21:22 . 2008-12-10 21:22 <DIR> d-------- c:\programme\AVG
2008-12-10 21:22 . 2008-12-11 22:28 <DIR> d-------- c:\dokumente und einstellungen\Tamara\Anwendungsdaten\AVGTOOLBAR
2008-12-10 21:22 . 2008-12-30 21:28 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg8
2008-12-10 21:22 . 2008-12-10 21:22 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-10 21:22 . 2008-12-10 21:22 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-08 12:17 . 2008-12-08 12:17 68,395 --a------ c:\windows\system32\mbczfaejnlggw.dll-uninst.exe
2008-12-08 11:52 . 2008-12-08 11:52 47,594 --a------ c:\windows\system32\rxzgemovaaiqsjy.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 19:57 --------- d-----w c:\programme\Biet-O-Matic
2009-01-02 06:30 --------- d-----w c:\programme\Google
2009-01-01 20:16 --------- d-----w c:\programme\teXXas
2009-01-01 20:16 --------- d-----w c:\programme\Desktop Sidebar
2009-01-01 20:10 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-01-01 17:10 --------- d-----w c:\programme\Lavasoft
2009-01-01 17:10 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Lavasoft
2008-12-31 19:13 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\ZoomBrowser EX
2008-12-31 18:58 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\CameraWindowDC
2008-12-31 12:08 --------- d--h--w c:\programme\InstallShield Installation Information
2008-12-29 18:25 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\BayWatcher Pro
2008-12-29 18:25 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\BayHunter
2008-12-23 20:33 --------- d-----w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Desktop Sidebar
2008-12-21 20:48 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2008-12-10 19:40 --------- d-----w c:\programme\QuickTime
2008-12-05 06:34 --------- d-----w c:\programme\Lauge 2
2008-04-10 13:22 46,505 ----a-w c:\dokumente und einstellungen\Tamara\Anwendungsdaten\mdbu.bin
2006-10-30 13:02 102,682,793 ----a-w c:\programme\upi12_tbyb__g_.exe
2006-10-17 05:56 2,331,222 ----a-w c:\programme\jpsetup487.exe
2006-10-13 19:04 1,039,872 ----a-w c:\programme\iview398g.exe
2006-10-06 20:28 2,139,192 ----a-w c:\programme\GoogleDesktopSetup.exe
2006-10-03 22:27 20,240,872 ----a-w c:\programme\Babylon6_setup_pons_all.exe
2006-09-28 16:13 14 ----a-w c:\dokumente und einstellungen\Tamara\getfile.dat
2006-05-25 21:56 0 ---ha-w c:\dokumente und einstellungen\Nadja\Anwendungsdaten\hpothb07.dat
2006-05-25 21:55 0 ---ha-w c:\dokumente und einstellungen\Nadja\hpothb07.dat
2008-06-19 09:16 118,784 ----a-w c:\programme\mozilla firefox\plugins\MyCamera.dll
2008-01-08 02:15 56 --sh--r c:\windows\system32\41687FFEFD.sys
2007-07-09 05:19 88 --sh--r c:\windows\system32\ECE5CC03CA.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1&1 EasyLogin"="c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe" [2008-02-27 1540096]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Keyboard driver "="c:\programme\Keyboard Driver\Keyboard Driver\ikeymain.exe" [2002-11-29 65536]
"IAAnotif"="c:\programme\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\programme\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"SetDefPrt"="c:\programme\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-10 1261336]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-09-29 185632]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"ControlCenter2.0"="c:\programme\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 c:\windows\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\dokumente und einstellungen\Tamara\Startmen\Programme\Autostart\
FRITZ!DSL Startcenter.lnk - c:\programme\FRITZ!DSL\StCenter.exe [2007-09-22 679936]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Status Monitor.lnk - c:\programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-11-14 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv31"= c:\windows\system32\ir32_32.dll
"vidc.iv32"= c:\windows\system32\ir32_32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Programme
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\programme\1&1
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\programme\1&1\1&1 EasyLogin
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe]
1&1 EasyLogin HIDE [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MpfService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BayReminder"=c:\programme\BayWatcher Pro\bayreminder.exe /a
"1&1 EasyLogin"="c:\programme\1&1\1&1 EasyLogin\EasyLogin.exe" HIDE
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\programme\Java\jre1.5.0_06\bin\jusched.exe
"Google Desktop Search"="c:\programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Babylon Client"=c:\programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4199:UDP"= 4199:UDP:Windows Media Format SDK (firefox.exe)
"4198:UDP"= 4198:UDP:Windows Media Format SDK (firefox.exe)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-10 97928]
R1 NETDSL;AVM PPP over Ethernet;c:\windows\system32\drivers\netdsl.sys [2007-09-22 11264]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2006-06-13 78848]
R3 NETFWDSL;AVM FRITZ!web DSL PPP;c:\windows\system32\drivers\NETFWDSL.SYS [2007-09-22 367104]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-10 231704]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\StartViewer.exe
.
Inhalt des "geplante Tasks" Ordners
2008-12-01 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2006\SystemOptimizer.exe []
2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2006-01-24 c:\windows\Tasks\ISP-Anmeldungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 15:00]
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
BHO-{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
Code:
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.euro.dell.com
IE:
IE: &eBay Search - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: &Preispiratensuche nach markiertem Text - c:\\Programme\\Preispiraten3\\Preispiraten3\\preispiraten.html
IE: eBay - Mein eBay - c:\programme\teXXas\SearchEbaymein.htm
IE: eBay - Powersuche - c:\programme\teXXas\SearchEbaypower.htm
IE: eBay - Startseite - c:\programme\teXXas\SearchEbay.htm
IE: eBay Suche starten - c:\programme\teXXas\SearchEbay.htm
IE: Google Suche - c:\programme\teXXas\SearchGoogle.htm
IE: Google Suche starten - c:\programme\teXXas\SearchGoogle.htm
IE: {{711E941A-59B6-45E0-8F3B-3DA9738242D2} - c:\programme\etope\global\vbs\sendtowatch.vbs
TCP: {A8665283-4BFF-4116-971C-E4506ABC2CAF} = 192.168.122.252,192.168.122.253
FF - ProfilePath - c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Mozilla\Firefox\Profiles\p9rphwzc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ebay.de/
FF - prefs.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
FF - component: c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Mozilla\Firefox\Profiles\p9rphwzc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\dokumente und einstellungen\Tamara\Anwendungsdaten\Mozilla\Firefox\Profiles\p9rphwzc.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\programme\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programme\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\programme\Mozilla Firefox\components\nsaddestination.dll
FF - plugin: c:\programme\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPCIG.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\NPMGWRAP.DLL
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www8.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 22:42:01
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2636129014-4085276816-2265647812-1005\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2636129014-4085276816-2265647812-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
@DACL=(02 0000)
@SACL=
"Toolbars"=hex:11,00,00,00,00,00,00,00
"TaskbarWinXP"=hex:0c,00,00,00,08,00,00,00,05,00,00,00,00,00,00,00,b0,e2,2b,d8,\
64,57,d0,11,a9,6e,00,c0,4f,d7,05,a2,22,00,1c,00,0a,10,00,00,1a,00,00,00,01,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4c,00,00,00,01,14,02,00,00,00,\
00,00,c0,00,00,00,00,00,00,46,81,00,00,00,11,00,00,00,1c,08,3b,35,1a,20,c6,\
01,7a,71,8b,32,9b,88,c7,01,d4,d4,4c,3f,ad,86,c7,01,00,00,00,00,00,00,00,00,\
01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,0d,02,14,00,1f,50,e0,4f,d0,\
20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,43,3a,5c,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,66,00,31,00,00,00,00,00,92,36,e8,71,\
10,00,44,4f,4b,55,4d,45,7e,31,00,00,4e,00,03,00,04,00,ef,be,0d,31,db,65,9b,\
36,cf,32,14,00,00,00,44,00,6f,00,6b,00,75,00,6d,00,65,00,6e,00,74,00,65,00,\
20,00,75,00,6e,00,64,00,20,00,45,00,69,00,6e,00,73,00,74,00,65,00,6c,00,6c,\
00,75,00,6e,00,67,00,65,00,6e,00,00,00,18,00,3a,00,31,00,00,00,00,00,9a,36,\
0f,b5,10,00,54,61,6d,61,72,61,00,00,24,00,03,00,04,00,ef,be,37,34,12,65,9b,\
36,cf,32,14,00,00,00,54,00,61,00,6d,00,61,00,72,00,61,00,00,00,16,00,62,00,\
31,00,00,00,00,00,98,36,c0,a1,13,00,41,4e,57,45,4e,44,7e,31,00,00,4a,00,03,\
00,04,00,ef,be,37,34,13,65,9b,36,cf,32,14,00,34,00,41,00,6e,00,77,00,65,00,\
6e,00,64,00,75,00,6e,00,67,00,73,00,64,00,61,00,74,00,65,00,6e,00,00,00,40,\
73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,32,31,37,36,35,00,18,00,42,00,31,00,\
00,00,00,00,18,35,65,58,14,00,4d,49,43,52,4f,53,7e,31,00,00,2a,00,03,00,04,\
00,ef,be,37,34,13,65,96,36,52,40,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,\
73,00,6f,00,66,00,74,00,00,00,18,00,52,00,31,00,00,00,00,00,0d,31,cb,66,10,\
00,49,4e,54,45,52,4e,7e,31,00,00,3a,00,03,00,04,00,ef,be,37,34,13,65,94,36,\
62,34,14,00,00,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,45,\
00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,00,00,18,00,48,00,31,00,00,00,\
00,00,92,36,cc,38,11,00,51,55,49,43,4b,4c,7e,31,00,00,30,00,03,00,04,00,ef,\
be,37,34,13,65,94,36,62,34,14,00,00,00,51,00,75,00,69,00,63,00,6b,00,20,00,\
4c,00,61,00,75,00,6e,00,63,00,68,00,00,00,18,00,00,00,60,00,00,00,03,00,00,\
a0,58,00,00,00,00,00,00,00,64,32,36,78,6c,31,32,6a,00,00,00,00,00,00,00,00,\
3c,a1,50,d7,e3,5e,18,4b,bb,b4,80,8a,ab,26,51,83,58,4a,94,7d,af,f0,db,11,8d,\
7f,00,13,72,0c,03,94,3c,a1,50,d7,e3,5e,18,4b,bb,b4,80,8a,ab,26,51,83,58,4a,\
94,7d,af,f0,db,11,8d,7f,00,13,72,0c,03,94,10,00,00,00,05,00,00,a0,1a,00,00,\
00,2f,01,00,00,00,00,00,00,00,00,00,00,60,07,00,00,00,00,00,00,1e,00,00,00,\
00,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,01,00,00,00,01,00,00,00,aa,\
4f,28,68,48,6a,d0,11,8c,78,00,c0,4f,d9,18,b4,68,02,00,00,60,0d,00,00,00,00,\
00,00,1e,00,00,00,00,00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,01,00,00,\
00,02,00,00,00,8b,8a,0d,54,3f,1c,32,4e,81,32,53,0f,6a,50,20,90,1d,00,00,00,\
60,05,00,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,00,1c,00,00,00,00,\
00,00,00,01,00,00,00,03,00,00,00,2f,0e,09,97,62,30,59,44,85,5b,01,4f,0d,3c,\
db,b1,00,00,00,00,60,05,00,00,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,00,\
00,1e,00,00,00,00,00,00,00,01,00,00,00,04,00,00,00,b2,93,4c,c4,7d,bc,1a,4a,\
93,0b,bb,09,3d,99,57,e9,00,00,00,00,60,05,00,00,00,00,00,00,16,00,00,00,00,\
00,00,00,00,00,00,00,1e,00,00,00,00,00,00,00,01,00,00,00
"Upgrade"=dword:00000001
[HKEY_USERS\S-1-5-21-2636129014-4085276816-2265647812-1005\Software\Microsoft\Windows\Shell\Bags\1]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\Applications\PAINTS~1.EXE\shell]
@DACL=(02 0000)
@="Open"
[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\PROSet\SupportTabKey]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\SyncLayer\8023Adapters]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Intel\PROSetWired\NCS\WMI]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Magnet\Handlers]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
@DACL=(02 0000)
@="Microsoft VM"
"ComponentID"="JAVAVM"
"IsInstalled"=hex:01,00,00,00
"KeyFileName"="c:\\WINDOWS\\system32\\msjava.dll"
"Version"="5,0,3810,0"
"Locale"="DE"
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}]
@DACL=(02 0000)
@="BearShare"
"Version"="5,2,5,6"
"ComponentID"="BearShare"
"IsInstalled"=dword:00000001
"Locale"="DE"
[HKEY_LOCAL_MACHINE\software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Application Namespaces]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java]
@DACL=(02 0000)
@="Microsoft XML Parser for Java"
"SystemComponent"=dword:00000001
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}]
@DACL=(02 0000)
"Installer"="JOLTID P2P Installer"
"SystemComponent"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{4C39376E-FA9D-4349-BACC-D305C1750EF3}]
@DACL=(02 0000)
"SystemComponent"=dword:00000000
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}]
@DACL=(02 0000)
"SystemComponent"=dword:00000000
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Runtime Environment 1.5.0"
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Runtime Environment 1.5.0"
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Runtime Environment 1.5.0"
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
@DACL=(02 0000)
"SystemComponent"=dword:00000000
"Installer"="MSICD"
[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Global Namespace]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Direct3D\MostRecentApplication]
@DACL=(02 0000)
"Name"="InfoTool.exe"
[HKEY_LOCAL_MACHINE\software\Microsoft\DirectDraw\MostRecentApplication]
@DACL=(02 0000)
"ID"=dword:41107ece
"Name"="Explorer.EXE"
[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\Certificates]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CRLs]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\EnterpriseCertificates\TrustedPublisher\CTLs]
@DACL=(02 0000)
|
