Mehrere Hundert infizierte Dateien - Stolen Data

Kramer · 09.10.2011, 16:43

Soeben habe ich einen routine Scan mit Malwarebytes durchgeführt und über 400 infizierte Dateien gefunden.

Hier das Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7907

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09.10.2011 16:40:54
mbam-log-2011-10-09 (16-40-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 321314
Laufzeit: 1 Stunde(n), 15 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 458

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\system32\xmldm\3660_ff_0000000463.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000718.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000719.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000720.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000721.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000722.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000723.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000724.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000725.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000726.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000727.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000728.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000729.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000730.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000731.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000732.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1528_ff_0000000733.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000770.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000771.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000772.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000773.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000774.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000775.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000386.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000387.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000388.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000389.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000390.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000391.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000392.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000393.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000394.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000395.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000396.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000397.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000398.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000399.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000706.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000707.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000708.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000709.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000710.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000711.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000712.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000713.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000714.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000715.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000716.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3128_ff_0000000717.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000416.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000417.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000418.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000419.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000420.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000421.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000422.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000423.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000424.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000425.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000426.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000427.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000428.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000429.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000430.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000493.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000509.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000525.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000541.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000742.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000812.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000776.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000385.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000791.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000755.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000400_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000415.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000431.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000447.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000432.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000433.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000434.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000435.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000436.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000437.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000438.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000439.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000440.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000441.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000442.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000443.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000444.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000445.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000446.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000448.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000449.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000450.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000451.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000452.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000453.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000454.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000455.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000456.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000457.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000458.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000459.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000460.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000461.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000462.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000464.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000465.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000466.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000467.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000468.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000469.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000470.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000471.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000472.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000473.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000474.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000475.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000476.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000477.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000494.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000495.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000496.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000497.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000498.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000499.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000500.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000501.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000502.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000503.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000504.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000505.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000506.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000507.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000508.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000734.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000735.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000736.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000737.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000738.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000739.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000740.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000741.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000510.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000511.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000512.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000513.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000514.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000515.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000516.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000517.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000518.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000519.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000520.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000521.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000522.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000523.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000524.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000526.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000527.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000528.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000529.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000530.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000531.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000532.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000533.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000534.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000535.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000536.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000537.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000538.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000539.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000540.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000542.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000543.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000544.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000545.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000546.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000547.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000548.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000549.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000550.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000551.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000552.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000553.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000554.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000555.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000556.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000557.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000558.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000559.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000560.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000561.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000562.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000563.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000564.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000670_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000671_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000672.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000673_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000674.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000675.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000676_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000677_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000678_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000679_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000680_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000681_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000578.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000579.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000580.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000581.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000582.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000583.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000584.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000585.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000586.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000587.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000588.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000589.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000590.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000591.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000592.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000594.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000595.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000596.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000597.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000598.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000599.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000600.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000601.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000602.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000603.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000604.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000605.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000606.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000607.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000608.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000610.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000611.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000612.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000613.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000614.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000615.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000616.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000617.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000618.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000619.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000620.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000621.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000622.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000623.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000624.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000626.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000627.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000628.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000629.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000630.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000631.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000632.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000633.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000634.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000635.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000636.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000637.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000638.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000639.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000640.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000642.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000643.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000644.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000645.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000646.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000647.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000648.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000649.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000650.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000651.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000652.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000653.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000654.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000655.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000656.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000658.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000659.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000660.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000661.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000662.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000663.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000664.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000665.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000666.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000667.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000668.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000669.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000565.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000566.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000567.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000568.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000569.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000570.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000571.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000572.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000573.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000574.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000575.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000576.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000683.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000684.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000685.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000686.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000687.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000688.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000689.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000690.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000691.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000692.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000693.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000694.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000695.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000696.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000697.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000698.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000699.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000700.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000701.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000702.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000703.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000704.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000705.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3812_ff_0000000682.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000577.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000593.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000609.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000625.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000641.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3864_ff_0000000657.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000401_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000402.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000403_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000404.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000405.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000406_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000407_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000408_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000409_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000410.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000411.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000412.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000413.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3660_ff_0000000414.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000478.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000479.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000480.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000481.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000482.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000483.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000484.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000485.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000486.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000487.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000488.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000489.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000490.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000491.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\1856_ff_0000000492.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000366_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000367_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000368.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000369_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000370.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000371.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000372_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000373_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000374_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000375_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000376_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000377_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2872_ff_0000000378_ifrm.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000782.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000783.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000784.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000785.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000786.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000787.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000788.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000789.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000790.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000756.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000757.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000758.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000759.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000760.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000761.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000762.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000763.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000764.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000765.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000766.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000767.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000768.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000769.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000777.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000778.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000779.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000780.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2936_ff_0000000781.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000379.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000380.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000381.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000382.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000383.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3096_ff_0000000384.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000792.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000793.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000794.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000795.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000796.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000797.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000798.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000799.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000800.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000801.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000802.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000803.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000804.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000805.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000806.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000807.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000808.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3376_ff_0000000809.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000746.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000747.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000748.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000749.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000750.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000751.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000752.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000753.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\3628_ff_0000000754.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000743.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000744.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2524_ff_0000000745.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000810.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000811.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000813.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000814.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000815.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000816.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000817.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000818.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000819.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000820.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000821.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000822.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2808_ff_0000000823.key (Stolen.Data) -> Quarantined and deleted successfully.

Brauche Hilfe.

Danke im Voraus.

Gruß
Kramer

kira · 10.10.2011, 06:35

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Kramer · 11.10.2011, 21:12

Hallo Kira,

vielen Dank für Deine Hilfe!

Hier nun die gewünschten Logs:

1.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7923

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11.10.2011 21:11:07
mbam-log-2011-10-11 (21-11-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 322397
Laufzeit: 1 Stunde(n), 17 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 14

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\system32\xmldm\2536_ff_0000000824.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000825.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000826.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000827.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000828.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000829.frm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000830.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000831.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000832.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000833.pst (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000834.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000835.key (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000836.htm (Stolen.Data) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xmldm\2536_ff_0000000837.key (Stolen.Data) -> Quarantined and deleted successfully.

2.

Code:

ATTFilter

OTL logfile created on: 11.10.2011 22:01:34 - Run 6
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Dokumente und Einstellungen\Benutzername\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 81,95% Memory free
5,09 Gb Paging File | 4,58 Gb Available in Paging File | 90,10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 172,77 Gb Total Space | 82,32 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
Drive D: | 490,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 97,66 Gb Total Space | 71,61 Gb Free Space | 73,32% Space Free | Partition Type: NTFS
Drive J: | 97,66 Gb Total Space | 12,45 Gb Free Space | 12,75% Space Free | Partition Type: NTFS
Drive K: | 97,66 Gb Total Space | 59,56 Gb Free Space | 60,98% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Benutzername | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Benutzername\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
PRC - C:\Programme\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\BrmfRsmg.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\5029\components\AcroFF7.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Programme\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_xrc_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxbase28u_xml_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_html_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_adv_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_core_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxbase28u_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\lfs.dll ()
MOD - C:\Programme\Rainlendar2\lua51.dll ()
MOD - C:\Programme\Rainlendar2\zlib1.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (Printer Control) -- C:\WINDOWS\system32\PrintCtrl.exe (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SSHDRV51) -- C:\WINDOWS\system32\drivers\SSHDRV51.sys ()
DRV - (SSHDRV76) -- C:\WINDOWS\system32\drivers\SSHDRV76.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (RTL8192su) -- C:\WINDOWS\system32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (PLCND532) -- C:\WINDOWS\system32\drivers\PLCND532.sys (Intellon, Inc.)
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (UDTT7049A) -- C:\WINDOWS\system32\drivers\UDTT7049A.sys ()
DRV - (UDTT7049HID) -- C:\WINDOWS\system32\drivers\UDTT7049HID.sys (DTV-DVB)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (a347bus) -- C:\WINDOWS\system32\drivers\a347bus.sys ( )
DRV - (a347scsi) -- C:\WINDOWS\System32\Drivers\a347scsi.sys ( )
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (BrUsbScn) Brother MFC-Scannertreiber (USB) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5029 [2011.10.01 22:31:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.01 21:39:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.17 14:59:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5029 [2011.10.01 22:31:56 | 000,000,000 | ---D | M]
 
[2009.01.10 12:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Benutzername\Anwendungsdaten\Mozilla\Extensions
[2011.09.28 19:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Benutzername\Anwendungsdaten\Mozilla\Firefox\Profiles\m51lj4ia.default\extensions
[2011.03.22 08:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.04.26 01:34:30 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2011.10.01 21:39:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.01 21:39:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.31 22:38:12 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011.10.01 21:39:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.01 21:39:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.31 22:40:25 | 000,002,049 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.01 21:39:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 21:39:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 21:39:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.06 08:28:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PrintDisp] C:\WINDOWS\system32\PrintDisp.exe (ActMask Co.,Ltd - hxxp://www.all2pdf.com)
O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Benutzername\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 11
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Benutzername\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Benutzername\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45D79C7B-2ED4-4005-94DF-5392D3BF3505}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (Reg Error: Key error.) - Reg Error: Key error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\ACD Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ACD Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.19 17:59:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.11 22:00:04 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Benutzername\Desktop\OTL.exe
[2011.10.11 21:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2011.10.06 14:40:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Benutzername\Recent
[2011.10.06 14:37:04 | 003,496,848 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Eigene Dateien\ccsetup311.exe
[2011.10.05 01:58:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eigene Dateien\Neuer Ordner
[2011.10.02 11:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2011.10.01 22:31:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\5029
[2011.10.01 22:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[2011.10.01 00:39:56 | 012,681,040 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Eigene Dateien\mm20deu.exe
[2011.09.30 21:40:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eigene Dateien\My Broadcasts
[2011.09.30 02:17:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Benutzername\Desktop\Neuer Ordner (3)
[2011.09.29 15:26:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.09.26 23:34:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eigene Dateien\Eigene eBooks
[2011.09.22 15:05:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Priotecs Software
[2011.09.22 15:05:41 | 000,000,000 | ---D | C] -- C:\Programme\OE-BackupTool
[2011.09.22 15:04:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Eigene Dateien\LHO-Setup(de)
[2011.09.22 05:59:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Benutzername\Anwendungsdaten\Genie-Soft
[2011.09.22 05:59:05 | 000,128,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WimFltr.sys
[2009.04.29 00:06:15 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2009.04.29 00:06:15 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.11 22:00:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Benutzername\Desktop\OTL.exe
[2011.10.11 21:58:12 | 000,002,161 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011.10.11 21:48:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.10.11 21:13:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.10.11 21:07:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.11 17:26:33 | 000,007,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Do1110kument.rtf
[2011.10.11 12:03:29 | 000,105,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Bescheinigung - Akay.jpg
[2011.10.11 12:02:54 | 002,670,414 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Bescheinigung - Akay.bmp
[2011.10.10 16:19:42 | 000,182,131 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Lieferschein.10.10.2011_1615.pdf
[2011.10.10 16:19:40 | 000,134,440 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Briefmarken.24Stk.10.10.2011_1615.pdf
[2011.10.10 16:11:11 | 000,016,040 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Do0710kument.rtf
[2011.10.10 03:29:03 | 000,000,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum watercube und karo hülle ent.rtf
[2011.10.07 16:49:39 | 000,142,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Benutzername\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.07 15:49:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.10.06 17:30:46 | 000,021,958 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\PD0610FPrintOut.pdf
[2011.10.06 14:38:07 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.10.06 14:37:04 | 003,496,848 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Eigene Dateien\ccsetup311.exe
[2011.10.06 01:07:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.05 18:49:33 | 000,038,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum0510ent.rtf
[2011.10.05 17:15:37 | 000,074,939 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Volksbank.JPG
[2011.10.05 00:56:38 | 000,103,084 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Herunterladen(7).pdf
[2011.10.04 02:13:56 | 000,030,345 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Do0310kument.rtf
[2011.10.03 20:46:24 | 000,002,495 | ---- | M] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\Microsoft Word.lnk
[2011.10.03 13:54:51 | 000,083,902 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Kreditkartenabrechnung_424200XXXXXX8889_30-09-11.pdf
[2011.10.03 01:31:31 | 000,737,343 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Jack Wijnen.jpg
[2011.10.02 19:42:01 | 000,106,051 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\SB_OnlineBanking_Aenderungswunsch.pdf
[2011.10.02 03:14:30 | 000,000,074 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[2011.10.01 16:32:58 | 003,205,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\musicbox80_32.mp3
[2011.10.01 02:16:31 | 001,552,320 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\vol_02_80_32.mp3
[2011.10.01 00:40:03 | 012,681,040 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Eigene Dateien\mm20deu.exe
[2011.09.30 22:29:45 | 004,248,164 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\EXAMPLE_dance-trance-007-02.57.mp3
[2011.09.30 21:24:06 | 000,002,531 | ---- | M] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\Microsoft PowerPoint.lnk
[2011.09.30 20:00:24 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\Microsoft FrontPage.lnk
[2011.09.30 17:15:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.09.30 15:07:54 | 000,019,931 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\PriPSP3009aketscheinServlet.pdf
[2011.09.30 15:03:44 | 000,021,956 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\PDFPrin3009tOut.pdf
[2011.09.30 00:37:39 | 000,031,091 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dok2909ument.rtf
[2011.09.29 15:43:29 | 000,459,142 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.09.29 15:43:29 | 000,441,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.09.29 15:43:29 | 000,084,984 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.09.29 15:43:29 | 000,071,668 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.09.28 16:42:19 | 000,034,120 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Doku2809ment.rtf
[2011.09.27 15:43:48 | 000,018,078 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum2709ent.rtf
[2011.09.27 12:41:48 | 000,866,826 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Vollmacht.jpg
[2011.09.25 01:04:16 | 254,360,469 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\WinFuture_WinXPsp3_UpdatePack_3.36_September-2011-Vollversion.exe
[2011.09.24 18:09:15 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.09.22 19:12:54 | 001,175,363 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Abmahnung.pdf
[2011.09.22 16:55:27 | 000,001,898 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Doku2209ment.rtf
[2011.09.22 15:05:41 | 000,000,655 | ---- | M] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\BackupTool für Outlook Express.lnk
[2011.09.21 15:54:11 | 000,076,989 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum2009ent.rtf
[2011.09.20 19:04:01 | 004,695,894 | ---- | M] () -- C:\WINDOWS\ACD Hintergrund.bmp
[2011.09.20 17:53:53 | 001,315,812 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\klasse1a.jpg
[2011.09.20 02:30:27 | 000,001,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokyxcument.rtf
[2011.09.18 15:07:10 | 000,520,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\burgerking-sparscheine(2).pdf
[2011.09.16 20:18:28 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.15 01:58:47 | 000,044,214 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Doku1309ment.rtf
[2011.09.14 16:26:58 | 000,519,114 | ---- | M] () -- C:\Dokumente und Einstellungen\Eigene Dateien\burgerking-sparscheine(3).pdf
[2011.09.12 02:06:37 | 000,002,441 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\uMark Professional.lnk
[2011.09.12 02:02:20 | 000,031,177 | ---- | M] () -- C:\Dokumente und Einstellungen\Benutzername\.recently-used.xbel
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.11 17:09:48 | 000,007,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Do1110kument.rtf
[2011.10.11 12:03:29 | 000,105,928 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Bescheinigung - Akay.jpg
[2011.10.11 12:00:22 | 002,670,414 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Bescheinigung - Akay.bmp
[2011.10.10 16:19:41 | 000,182,131 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Lieferschein.10.10.2011_1615.pdf
[2011.10.10 16:19:38 | 000,134,440 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Briefmarken.24Stk.10.10.2011_1615.pdf
[2011.10.10 03:29:03 | 000,000,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum watercube und karo hülle ent.rtf
[2011.10.07 16:57:42 | 000,016,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Do0710kument.rtf
[2011.10.07 16:55:28 | 001,637,723 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\SF4 Business - Videotools 4 - Track 6.mp3
[2011.10.07 16:54:42 | 003,060,169 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\SF4 Business - Videotools 4 - Track 5.mp3
[2011.10.06 17:30:46 | 000,021,958 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\PD0610FPrintOut.pdf
[2011.10.05 17:15:37 | 000,074,939 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Volksbank.JPG
[2011.10.05 15:31:31 | 000,038,984 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum0510ent.rtf
[2011.10.05 00:56:37 | 000,103,084 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Herunterladen(7).pdf
[2011.10.03 22:17:23 | 000,030,345 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Do0310kument.rtf
[2011.10.03 13:54:50 | 000,083,902 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Kreditkartenabrechnung_424200XXXXXX8889_30-09-11.pdf
[2011.10.02 19:42:01 | 000,106,051 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\SB_OnlineBanking_Aenderungswunsch.pdf
[2011.10.01 16:32:58 | 003,205,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\musicbox80_32.mp3
[2011.10.01 02:16:31 | 001,552,320 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\vol_02_80_32.mp3
[2011.10.01 01:58:07 | 000,015,868 | -H-- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\103.jpg
[2011.10.01 01:58:02 | 000,014,490 | -H-- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\101.jpg
[2011.09.30 22:29:41 | 004,248,164 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\EXAMPLE_dance-trance-007-02.57.mp3
[2011.09.30 19:54:24 | 000,737,343 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Jack Wijnen.jpg
[2011.09.30 15:07:54 | 000,019,931 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\PriPSP3009aketscheinServlet.pdf
[2011.09.30 15:03:44 | 000,021,956 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\PDFPrin3009tOut.pdf
[2011.09.29 23:55:16 | 000,031,091 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dok2909ument.rtf
[2011.09.28 16:07:46 | 000,034,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Doku2809ment.rtf
[2011.09.27 12:41:43 | 000,866,826 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Vollmacht.jpg
[2011.09.27 00:30:41 | 000,018,078 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum2709ent.rtf
[2011.09.25 01:00:07 | 254,360,469 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\WinFuture_WinXPsp3_UpdatePack_3.36_September-2011-Vollversion.exe
[2011.09.22 19:12:53 | 001,175,363 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Abmahnung.pdf
[2011.09.22 16:55:27 | 000,001,898 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Doku2209ment.rtf
[2011.09.22 15:05:41 | 000,000,655 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Desktop\BackupTool für Outlook Express.lnk
[2011.09.21 00:00:30 | 000,076,989 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokum2009ent.rtf
[2011.09.20 17:53:52 | 001,315,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\klasse1a.jpg
[2011.09.20 02:30:27 | 000,001,509 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Dokyxcument.rtf
[2011.09.18 15:07:07 | 000,520,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\burgerking-sparscheine(2).pdf
[2011.09.14 16:26:57 | 000,519,114 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\burgerking-sparscheine(3).pdf
[2011.09.13 23:59:03 | 000,044,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Eigene Dateien\Doku1309ment.rtf
[2011.09.12 02:02:20 | 000,031,177 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\.recently-used.xbel
[2011.08.31 23:18:48 | 000,080,896 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2011.08.31 23:07:22 | 001,391,616 | ---- | C] () -- C:\WINDOWS\System32\ActPDF.dll
[2011.08.31 23:07:14 | 000,691,200 | ---- | C] () -- C:\WINDOWS\System32\PrintLog.exe
[2011.08.31 23:07:14 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\PrtPass.exe
[2011.08.31 22:38:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.08.27 15:23:03 | 000,723,294 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011.08.27 15:23:03 | 000,028,458 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2011.08.12 16:25:24 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011.08.12 02:29:37 | 006,908,648 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011.06.08 11:09:46 | 000,000,074 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2011.06.01 17:53:18 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Anwendungsdaten\$_hpcst$.hpc
[2011.04.09 14:36:56 | 000,087,296 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.01.10 19:19:00 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.01.10 19:18:59 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.01.10 19:18:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.01.03 23:36:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.12.27 23:37:59 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2010.12.21 23:52:52 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2010.11.15 15:44:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.09.22 12:54:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\Alphablending.dll
[2010.08.16 13:23:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.16 13:23:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.16 13:23:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.16 13:23:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.16 13:23:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.11 16:41:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.08.11 16:41:41 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.08.11 16:41:41 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.08.11 16:41:41 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.08.04 19:57:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.15 15:00:17 | 000,000,132 | ---- | C] () -- C:\WINDOWS\picture-shark.INI
[2010.05.28 16:46:38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010.05.28 16:30:57 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010.05.28 16:25:55 | 000,000,585 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2010.05.28 16:25:55 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010.05.28 16:25:55 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8440def.dat
[2010.05.28 16:25:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010.05.28 16:23:40 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010.05.28 15:57:52 | 000,002,161 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2010.05.02 02:26:59 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.04.30 17:21:53 | 000,000,621 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.04.09 18:23:49 | 000,004,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2010.02.19 01:04:00 | 000,000,384 | ---- | C] () -- C:\WINDOWS\EasyCT.INI
[2010.02.11 17:13:37 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009.12.10 22:43:58 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.12.02 15:16:13 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.11.30 15:17:47 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV51.sys
[2009.11.24 16:06:53 | 000,000,994 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009.11.24 15:27:38 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV76.sys
[2009.11.08 01:10:33 | 000,060,672 | R--- | C] () -- C:\WINDOWS\System32\drivers\UDTT7049A.sys
[2009.11.06 01:52:18 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.09.16 18:27:58 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009.08.26 14:49:51 | 000,070,014 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2009.08.26 14:49:51 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2009.08.07 20:28:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009.05.18 14:59:29 | 000,072,462 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat
[2009.05.07 03:25:57 | 000,000,059 | ---- | C] () -- C:\WINDOWS\Sysprns.dll
[2009.04.22 23:14:45 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009.01.28 16:03:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009.01.28 01:52:28 | 000,018,944 | R--- | C] () -- C:\WINDOWS\eraser.exe
[2009.01.28 01:43:11 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009.01.27 23:55:08 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.01.27 23:55:08 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008.12.20 02:27:23 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2008.12.20 02:22:41 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008.12.20 02:14:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.12.20 01:42:25 | 000,142,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Benutzername\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.20 01:21:05 | 000,001,156 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.12.19 21:49:37 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.12.19 21:35:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.12.19 21:04:46 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.19 19:26:00 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.12.19 19:25:44 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008.12.19 19:25:28 | 000,020,543 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.12.19 19:25:28 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.12.19 19:25:18 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.12.19 18:01:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.12.19 17:57:23 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.12.19 17:52:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.19 17:51:41 | 000,144,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.10.07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006.11.02 18:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.08.04 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 14:00:00 | 000,459,142 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 14:00:00 | 000,441,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 14:00:00 | 000,084,984 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 14:00:00 | 000,071,668 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.05.12 07:31:54 | 000,002,550 | ---- | C] () -- C:\WINDOWS\PWRPLAY.INI
[2003.03.11 03:00:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07F.BIN
[2002.08.08 09:20:40 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.01.08 16:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999.01.27 00:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 11.10.2011 22:01:34 - Run 6
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Dokumente und Einstellungen\Benutzername\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 81,95% Memory free
5,09 Gb Paging File | 4,58 Gb Available in Paging File | 90,10% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 172,77 Gb Total Space | 82,32 Gb Free Space | 47,65% Space Free | Partition Type: NTFS
Drive D: | 490,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 97,66 Gb Total Space | 71,61 Gb Free Space | 73,32% Space Free | Partition Type: NTFS
Drive J: | 97,66 Gb Total Space | 12,45 Gb Free Space | 12,75% Space Free | Partition Type: NTFS
Drive K: | 97,66 Gb Total Space | 59,56 Gb Free Space | 60,98% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER | User Name: Benutzername | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\7.0\ACDSee7.exe" "%1" (ACD Systems Ltd.)
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"I:\eMule\emule.exe" = I:\eMule\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\LeechFTP\Leechftp.exe" = C:\Programme\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- (jan debis)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Programme\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Dokumente und Einstellungen\Benutzername\Eigene Dateien\Warcraft III\Warcraft III.exe" = C:\Dokumente und Einstellungen\Benutzername\Eigene Dateien\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- (Blizzard Entertainment)
"C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"I:\Software\emule0.48a-Xtreme6.1\emule.exe" = I:\Software\emule0.48a-Xtreme6.1\emule.exe:*:Disabled:eMule -- (hxxp://www.emule-project.net)
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP95 LE -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{431AACB6-5773-46DF-89D2-256CC6039E31}" = lqpl Invoice 2010
"{45BB7607-083D-4759-873E-41EC0461F8E5}" = MSI Utlility Software Version II 32 bit
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65C043EC-BEB5-4791-8EB3-EF9EDBEDA7DB}" = QuickSteuer Wissens-Center 2009
"{69496452-FAF3-43BC-9907-BA9CEC65FC10}" = Lexware Info Service
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7242785F-6E89-48C1-A29B-E589FCE30CD4}" = ACDSee 7.0 PowerPack
"{729E66B3-1B80-4A3F-8D19-342A89631E0A}_is1" = Wav to Mp3 Converter
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7A2F7270-5ECF-4A51-A309-1BCE25B47AF4}" = Helldorado
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{90120000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime (German) 2007
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{950A8D14-C48E-4508-B377-1EA45A18FA3D}" = Camtasia Studio 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5FF2837-59C6-425B-8652-8CD385899F3F}" = uMark Professional 1.3
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F7CB56B9-1059-4729-8F2C-5D49E515CBF5}" = Brother MFL-Pro Suite
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = FRITZ!Box
"BackupTool für Outlook Express (Testversion)_is1" = BackupTool für Outlook Express 3 (Testversion)
"CCleaner" = CCleaner
"CSS-Editor_is1" = CSS-Editor
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Google Updater" = Google Updater
"Hardcopy(C__Programme_Hardcopy)" = Hardcopy (C:\Programme\Hardcopy)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LeechFTP" = LeechFTP 
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0
"OpenAL" = OpenAL
"Patrizier II Gold_is1" = Patrizier II Gold
"Port Royale 2" = Port Royale 2
"Rainlendar2" = Rainlendar2 (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpeedFan" = SpeedFan (remove only)
"SpellForce" = SpellForce
"The KMPlayer" = The KMPlayer (remove only)
"TVUPlayer" = TVUPlayer 2.5.2.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"XnView_is1" = XnView 1.95.4
"xp-AntiSpy" = xp-AntiSpy 3.96-5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.09.2011 09:30:57 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb982865,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 29.09.2011 09:32:48 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb983582,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 29.09.2011 09:33:54 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 1.1 -- Internal Error 2705. Directory
 
Error - 29.09.2011 09:33:54 | Computer Name = COMPUTER | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}"
 konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
 der Protokolldatei C:\DOKUME~1\BENUTZ~1\LOKALE~1\Temp\NDP1.1sp1-KB2416447-X86\NDP1.1sp1-KB2416447-X86-msi.0.log
 enthalten.
 
Error - 29.09.2011 09:33:54 | Computer Name = COMPUTER | Source = NativeWrapper | ID = 5000
Description = 
 
Error - 29.09.2011 09:35:14 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2416468,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 29.09.2011 09:35:16 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb2418240,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 29.09.2011 09:37:41 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2478656,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 29.09.2011 09:39:13 | Computer Name = COMPUTER | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2530095,
 P2 1031, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10 
0.
 
Error - 03.10.2011 05:26:07 | Computer Name = COMPUTER | Source = ESENT | ID = 490
Description = svchost (1260) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
[ System Events ]
Error - 29.09.2011 09:22:06 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
 
Error - 29.09.2011 09:25:36 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
 
Error - 29.09.2011 09:25:38 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
 
Error - 29.09.2011 09:25:40 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
 
Error - 29.09.2011 09:25:42 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 02.10.2011 06:14:33 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 02.10.2011 06:21:26 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
Error - 02.10.2011 12:54:19 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst Spooler.
 
Error - 02.10.2011 12:54:53 | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst Spooler.
 
Error - 07.10.2011 10:49:42 | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
 
< End of report >

3.

Code:

ATTFilter

ACDSee 7.0 PowerPack	ACD Systems Ltd.	19.12.2008	44,2MB	7.0.47
Acronis*True*Image*Home	Acronis	20.12.2008	188,8MB	10.0.4942
Adobe Acrobat - Reader 6.0.2 Update	Adobe Systems	20.08.2010	5,64MB	6.0.2
Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch	Adobe Systems	20.08.2010	463MB	006.000.001
Adobe Acrobat and Reader 6.0.3 Update	Adobe Systems	20.08.2010	1,27MB	6.0.3
Adobe Acrobat and Reader 6.0.4 Update	Adobe Systems	20.08.2010	0,31MB	6.0.4
Adobe Acrobat and Reader 6.0.5 Update	Adobe Systems	20.08.2010	1,16MB	6.0.5
Adobe Acrobat and Reader 6.0.6 Update	Adobe Systems	20.08.2010	0,51MB	6.0.6
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	11.10.2011		10.3.183.10
Adobe Flash Player 9 ActiveX	Adobe Systems	11.10.2011		9
Adobe Reader 9.4.6 - Deutsch	Adobe Systems Incorporated	16.09.2011	169,2MB	9.4.6
Age of Empires III	Microsoft Game Studios	10.12.2009		1.00.0000
Ahead Nero Burning ROM		11.10.2011		
Alcohol 120%		29.04.2009	3,79MB	1.9.2.1705
AnyDVD	SlySoft	11.10.2011		
Apple Application Support	Apple Inc.	10.08.2010	41,4MB	1.2.1
Apple Software Update	Apple Inc.	17.05.2009	2,16MB	2.1.1.116
Audacity 1.3.13 (Unicode)	Audacity Team	12.08.2011		
Audiograbber 1.83 SE	Audiograbber Deutschland	11.10.2011		1.83 SE
Avira AntiVir Personal - Free Antivirus	Avira GmbH	11.10.2011		10.2.0.703
BackupTool für Outlook Express 3 (Testversion)	Priotecs Software	11.10.2011		
Brother MFL-Pro Suite		11.10.2011		1.00.000
Camtasia Studio 4	TechSmith Corporation	20.12.2008	52,7MB	4.0.0
CCleaner	Piriform	11.10.2011		3.11
Chinese Simplified Fonts Support For Adobe Reader 9	Adobe Systems Incorporated	23.07.2011	30,8MB	9.0.0
Command & Conquer Generals	Electronic Arts	24.11.2009		0.50.0000
Command and Conquer(TM) Generäle Die Stunde Null	Electronic Arts	07.12.2009		1.00.0000
Compatibility Pack für 2007 Office System	Microsoft Corporation	17.07.2010	41,7MB	12.0.6021.5000
Convert AVI to MP4 1.3	convertavitomp3.com	19.08.2011		
CSS-Editor	Thomas Rudolph	11.10.2011		1.1.0
DivX Converter	DivX, Inc.	11.10.2011		7.1.0
DivX Plus DirectShow Filters	DivX, Inc.	11.10.2011		
DivX-Setup	DivX, Inc. 	11.10.2011		2.1.2.2
DVD Shrink 3.2	DVD Shrink	11.10.2011		
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	09.04.2011		
Free YouTube Download version 2.10.33.324	DVDVideoSoft Limited.	10.04.2011		
Free YouTube to MP3 Converter version 3.9.35.324	DVDVideoSoft Limited.	09.04.2011		
FRITZ!Box		11.10.2011		
FUSSBALL MANAGER 09	Electronic Arts	11.10.2011		
Gemeinsam genutzte Internet-Komponenten von Westwood		11.10.2011		
GIMP 2.6.8		14.06.2010		
Google Earth	Google	17.06.2011	84,7MB	6.0.3.2197
Google Updater	Google Inc.	11.10.2011		2.4.2432.1652
Gothic III	JoWooD Productions Software AG	23.09.2010		1.0.0
Hardcopy (C:\Programme\Hardcopy)	www.hardcopy.de	11.10.2011		2010.10.01
Haufe iDesk-Browser	Haufe	26.04.2009	18,7MB	8.07.16.5590
Haufe iDesk-Service	Haufe	26.04.2009	44,9MB	8.08.20.5622
Helldorado	Spellbound	01.06.2011		1.00.0000
Hex-Editor MX	NEXT-Soft	11.10.2011		6.0
ImageShack Uploader 2.2.0	ImageShack Corp.	17.02.2011	26,4MB	2.2.0
Java(TM) 6 Update 16	Sun Microsystems, Inc.	26.04.2009	90,6MB	6.0.160
Java(TM) 6 Update 2	Sun Microsystems, Inc.	26.04.2009	134,9MB	1.6.0.20
K-Lite Codec Pack 6.2.0 (Full)		11.08.2010		6.2.0
Lexware Info Service	Lexware GmbH & Co. KG	26.04.2009	10,4MB	2.60.00.0032
lqpl Invoice 2010	lqpl Software	18.04.2010	10,8MB	2.2.6
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	16.09.2011		1.51.2.1300
Microsoft .NET Framework 1.1	Microsoft	23.11.2009	35,1MB	1.1.4322
Microsoft .NET Framework 1.1 German Language Pack	Microsoft	23.11.2009	3,02MB	1.1.4322
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	29.09.2011	185,2MB	2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	09.04.2011	6,30MB	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	09.04.2011	170,0MB	3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	09.04.2011	37,5MB	3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	11.10.2011		
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	29.09.2011		
Microsoft Office Access Runtime (English) 2007	Microsoft Corporation	22.01.2011	136,4MB	12.0.6425.1000
Microsoft Office Access Runtime (German) 2007	Microsoft Corporation	18.04.2010	135,8MB	12.0.6425.1000
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	19.12.2008	501MB	10.0.2701.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	22.09.2011	4,64MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	17.02.2011	6,04MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	16.02.2010	9,65MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	03.11.2009	9,64MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	27.10.2009	10,2MB	9.0.30729.4148
Microsoft Windows Media Video 9 VCM		11.10.2011		
Mozilla Firefox 7.0.1 (x86 de)	Mozilla	11.10.2011		7.0.1
MSI Utlility Software Version II 32 bit	MSI Utility Softwware Version II 32 Bit	07.01.2011	0,83MB	1.0.6
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	20.12.2008	2,70MB	4.20.9870.0
MSXML 6 Service Pack 2 (KB954459)	Microsoft Corporation	20.12.2008	1,36MB	6.20.1099.0
NVIDIA Drivers	NVIDIA Corporation	11.10.2011		1.10
NVIDIA Grafiktreiber 260.99	NVIDIA Corporation	10.01.2011		260.99
NVIDIA nView 135.36	NVIDIA Corporation	10.01.2011		135.36
NVIDIA PhysX	NVIDIA Corporation	13.11.2009	121,6MB	9.09.0203
Nvu 1.0	Thorsten Fritz	11.10.2011		1.0
OpenAL		11.10.2011		
PaperPort 8.0 SE	ScanSoft, Inc.	28.05.2010	54,2MB	1.0.0.0000
Patrizier II Gold		11.10.2011		
PC Inspector File Recovery		11.10.2011		4.0
PC Inspector smart recovery		11.10.2011		4.50
Phase 5 HTML-Editor	Systemberatung Schommer	18.01.2011	3,72MB	5.6.2.3
Port Royale 2		11.10.2011		
PowerQuest PartitionMagic 8.0	PowerQuest	19.12.2008		8.00.000
QuickSteuer Wissens-Center 2009	Haufe Mediengruppe	26.04.2009	127,6MB	15.0.1.0
Rainlendar2 (remove only)		11.10.2011		
Realtek AC'97 Audio	Realtek Semiconductor Corp.	19.12.2008		5.24
REALTEK Wireless LAN Driver and Utility	REALTEK Semiconductor Corp.	27.12.2010		1.00.0134
Risen	Deep Silver	14.01.2011		1.00.0000
Sid Meier's Pirates!	Ihr Firmenname	02.12.2009		1.00.0000
SpeedFan (remove only)		11.10.2011		
SpellForce	JoWooD Productions Software AG	11.10.2011		SpellForce v1.52
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	22.10.2010	29,7MB	9.0.0
Stronghold 2 Deluxe	Firefly Studios	01.11.2009		1.30
SUPERAntiSpyware	SUPERAntiSpyware.com	11.10.2011		4.44.1000
The KMPlayer (remove only)		11.10.2011		
Titan Quest	Iron Lore	07.08.2009		1.00.0000
TuneUp Utilities 2006	TuneUp Software	20.12.2008	18,8MB	5.0.2327
Turbo Lister 2	eBay Inc.	12.06.2010	123,1MB	2.00.0000
Turbo Lister 2	eBay	20.12.2008		2.0.0
TVUPlayer 2.5.2.2	TVU networks	11.10.2011		2.5.2.2
uMark Professional 1.3	Uconomix	01.08.2010	1,12MB	1.3.0
Uninstall 1.0.0.1		10.04.2011		
Wav to Mp3 Converter		27.08.2011		
Windows Internet Explorer 8	Microsoft Corporation	29.09.2011		20090308.140743
Windows Media Format 11 runtime		11.10.2011		
Windows Media Player 11		11.10.2011		
Windows Messenger 5.1	Microsoft Corporation	07.11.2009	4,68MB	5.1.0715
Windows XP Service Pack 3	Microsoft Corporation	16.10.2010		20080414.031514
WinRAR Archivierer		11.10.2011		
XnView 1.95.4	Gougelet Pierre-e	04.01.2009		1.95.4
xp-AntiSpy 3.96-5	Christian Taubenheim	11.10.2011		
Xvid 1.1.2 final uninstall	Xvid team (Koepi)	11.10.2011		1.1

kira · 12.10.2011, 06:50

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
[2011.08.31 22:38:12 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011.10.01 21:39:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.31 22:40:25 | 000,002,049 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.01 21:39:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011.10.11 21:48:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011.10.11 21:07:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\eMule\emule.exe" =-
"I:\Software\emule0.48a-Xtreme6.1\emule.exe" =-
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 27 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

5.

SUPERAntiSpyware FREE Edition
update das Programm online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Kramer · 12.10.2011, 17:17

1. Das OTL Script habe ich kopiert, eingefügt und auf den FIX Button geklickt.

2. Alte Java Versionen gelöscht und über den LINK aktuelle Version heruntergeladen und installiert.

3. Adobe Reader scheint aktuell zu sein. Wobei ich dazu sagen muss, dass ich einmal eine alte Vollversion vom Acrobat Reader 6.0 besitze und eine Freewareversion Reader 9.

4. System mit CCleaner gereinigt.

5.

Code:

ATTFilter

SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 10/12/2011 bei 02:06 PM

Version der Applikation : 4.44.1000

Version der Kern-Datenbank : 7784
Version der Spur-Datenbank : 5596

Scan Art       : kompletter Scann
Totale Scann-Zeit : 00:46:31

Gescannte Speicherelemente  : 521
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 7973
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 30961
Erfasste Datei-Elemente   : 0

6. ESET Online Scan durchgeführt.

7. Keine Auffälligkeiten, keine Probleme.

kira · 13.10.2011, 04:19

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner -> Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.

Zitat:

Nicht mehr benötigte Wiederherstellungspunkte wieder entfernen lassen:

1. Klicken Sie auf Start – Alle Programme – Zubehör – Systemprogramme – Datenträgerbereinigung.
2. Wählen Sie Ihr Systemlaufwerk (im Normalfall „C:“) aus und klicken Sie auf OK.
3. Klicken Sie auf das Register Weitere Optionen.
4. Im Abschnitt Systemwiederherstellung klicken Sie auf die Schaltfläche Bereinigen….
5. Bestätigen Sie das Löschen mit einem Klick auf Ja bzw. unter Vista auf Löschen.
6. Klicken Sie auf OK, um die Datenträgerbereinigung zu starten.

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Lesestoff Nr.1:

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler[/b[

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept
Entwicklung schädlicher Websites/viruslist.com
Brennpunkt: Bilder und Töne
Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Löschen der temporären Dateien in Windows
Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> verschmutzte PCs sauber machen
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

Mehrere Hundert infizierte Dateien - Stolen Data

Plagegeister aller Art und deren Bekämpfung: Mehrere Hundert infizierte Dateien - Stolen Data