| |
| |||||||
Log-Analyse und Auswertung: Viren und Trojaner verseucht - langt formatieren?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.05.2011, 19:18
| #1 |
| |  Viren und Trojaner verseucht - langt formatieren? Hi Leute, habe gerade den PC von Freunden hier, die waren komplett ungeschützt im Internet unterwegs und dementsprechend ist das Ding ziemlich verseucht (glaube ich). Frage: es müsste doch langen, wenn ich den formatiere und Windows neu aufsetze (wäre sowieso wieder fällig) oder muss ich da irgendwo am MBR oder woanders ansetzen? Danke schon mal im Voraus Kruemel Hier das log von mbam: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6478 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30.04.2011 19:34:17 mbam-log-2011-04-30 (19-34-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 309963 Laufzeit: 1 Stunde(n), 37 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 8 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 540 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken. HKEY_CLASSES_ROOT\linkrdr.AIEbho.1 (Trojan.Banker) -> No action taken. HKEY_CLASSES_ROOT\linkrdr.AIEbho (Trojan.Banker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Getdo (Trojan.Agent) -> Value: Getdo -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken. Infizierte Dateien: c:\WINDOWS\system32\acroiehelpe018.dll (Trojan.Banker) -> No action taken. c:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> No action taken. c:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> No action taken. c:\dokumente und einstellungen\administrator\anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000056.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1036_0000000299.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1088_0000000466.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1260_0000000472.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000081.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000082.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000083.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000084.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000085.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000086.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000087.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000088.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000089.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000090.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000091.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000092.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000093.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000094.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000095.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000096.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba6da60a3a_00003364_rasphone.pbk (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba70039f86_00003364_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2395dc537f70_00000204_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb23960d52b302_00000204_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0b4a3db0_00006072_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0b4f0264_00006072_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0be2d430_00006072_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0bec5d98_00006072_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0cd6040c_00006072_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0cfc29ac_00006072_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0f208688_00006072_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3548_0000000279.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3604_0000000288.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\360_0000000281.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\360_0000000282.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\360_0000000283.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\360_0000000284.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\360_0000000286.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3668_0000000287.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5076_0000000468.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5076_0000000469.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5076_0000000471.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000167.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000168_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000170.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000171_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000172.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000173.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000174_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000301.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\iexplore.exe_uas005.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\iexplore.exe_uas006.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\iexplore.exe_uas007.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\iexplore.exe_uas008.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\iexplore.exe_uas009.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\iexplore.exe_uas010.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000097.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000114.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1368_0000000044.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000361.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1960_0000000148.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\236_0000000079.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000393.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000411.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000132_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\232_0000000123.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\232_0000000124.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2336_0000000378.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2336_0000000379.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2336_0000000380.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2336_0000000381.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\236_0000000075.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\236_0000000076.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\236_0000000077.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\236_0000000078.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\firefox.exe_uas004.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000057.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000058.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000059.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000060.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000061.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000063.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000064.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000250.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000251.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000252.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000253.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\444_0000000029.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\444_0000000030.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\444_0000000031.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5044_0000000014.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5044_0000000016.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5044_0000000017.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5044_0000000018.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5044_0000000019.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5044_0000000020.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a102df042_00006072_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a1f699b6_00003164_jvm.cfg (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a209ac86_00003164_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a20c0ee0_00003164_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a2919290_00003164_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a29d7e52_00003164_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a2fcdc62_00003164_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a3df5bc8_00003164_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a488a2be_00003164_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb402f5f1fc7f0_00003032_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb402f5f590060_00003032_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1368_0000000046.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000479.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000480.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000482.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000483.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000484.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000485.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000486.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1384_0000000487.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000098.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000099.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000100.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000101.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000102.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000103.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000104.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000105.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000106.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000107.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000108.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000109.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000110.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000111.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000112.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000113.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1404_0000000006.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1404_0000000007.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1488_0000000357.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000359.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000360.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000115.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000116.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000117.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000118.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000119.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000120.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1356_0000000121.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1368_0000000039.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1368_0000000040.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1368_0000000041.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1368_0000000042.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1368_0000000043.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb402f60a204e4_00003032_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb4158741496e8_00002716_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb4158742a0c12_00002716_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415874c504ec_00002716_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415874cc2bfa_00002716_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415875a2bf9e_00002716_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415875c4208a_00002716_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb41587663de18_00002716_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415878ff7088_00002716_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb41587904353c_00002716_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415948b12aba_00003336_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000290.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000291.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000292.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000293.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000294.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000295.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000296.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2828_0000000298.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415b716c359c_00001088_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415b7178215e_00001088_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415b718ff8e2_00001088_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415b71925b3c_00001088_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb47aa8e6ecb9e_00002808_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb47aa8e7ab760_00002808_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb4cdf88c7d36a_00001640_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb4cdf88dae63a_00001640_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb4cdf8cb3916c_00001640_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb4cdf8cbab87a_00001640_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb6d1361a102f1_00003812_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000134.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000135_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000136.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000137.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000138_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000139.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000140.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000141_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000142.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000143.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000144_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000145.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000146.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000147_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2964_0000000005_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3132_0000000128.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3132_0000000129.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3140_0000000047.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000219.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000220.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000221.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000222.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000223.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000049.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000050.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000051.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000052.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000053.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000054.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\5388_0000000055.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000177_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000178.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000179_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000181.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000182_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000183.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000184.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000185_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000186.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000187.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000188_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000189.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000190.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000191_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000192.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000193.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000194_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000195.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000196.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000197_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000198.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000199.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000200_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000201.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000202.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000203_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\860_0000000204.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\860_0000000205.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\860_0000000206.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\860_0000000207.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\860_0000000208.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\860_0000000209.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\860_0000000210.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\firefox.exe_uas001.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\firefox.exe_uas002.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb7350976efcf4_00001272_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb735097762402_00001272_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb735097d58212_00001272_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb735098e54e26_00001272_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb735098ec7534_00001272_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb735099660d22_00001272_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb735099d87e02_00001272_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb73509a7a9dea_00001272_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb73509a7f629e_00001272_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb7e79414d009f_00003484_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb7e794170c3e5_00003484_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000225.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000226.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000227.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000228.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000229.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000230.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000231.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000232.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000233.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000234.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000235.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000236.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000237.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000238.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000239.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000240_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000456.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000457.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000458.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000459.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000460.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000461.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000462.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000463.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000464.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3192_0000000465.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000242.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000243.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000244.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000246.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000247_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000255.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000256.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000257.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000258.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000259.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000260.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000261.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000262.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000263.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000264.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000265.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000266.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000267.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000268.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000270.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000272.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000273.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000275.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000276.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000277.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000278.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\6064_0000000037.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\632_0000000034.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\632_0000000036.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\668_0000000376.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4024_0000000068.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4024_0000000069.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4024_0000000070.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4024_0000000071.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4024_0000000073.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4028_0000000023.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4028_0000000024.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4284_0000000474.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4284_0000000475.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4284_0000000476.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\444_0000000027.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\544_0000000254.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\744_0000000176.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\firefox.exe_uas003.dat (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba6c17e184_00003364_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0f2a0ff0_00006072_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb402f609addd6_00003032_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb415948c9023e_00003336_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb6d1361af510d_00003812_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb89b05e3e7bd6_00002496_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb98f6c93ced82_00000920_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000165_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2964_0000000002.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2964_0000000003.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000347.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000348.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000349.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000350.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000351.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000352.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000353.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000354.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000355.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2596_0000000356.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2616_0000000316_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2616_0000000317_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000319.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000320.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000321.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000322.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000323_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000324_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000325_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000326_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000152.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000153_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000155.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000156_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000157.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000158.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000159_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000160.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000161.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000162_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000163.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000328_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000329.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000330_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000331_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000332_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000333_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000334_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000335_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000336.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000337_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000338_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000339_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000340_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000341_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000342_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000343_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2664_0000000032.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1960_0000000150.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1988_0000000215.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1988_0000000216.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1988_0000000218.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2108_0000000126.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2108_0000000127.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2288_0000000382.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2308_0000000021.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2308_0000000022.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2616_0000000311.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2616_0000000312.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2616_0000000313.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2616_0000000314_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000362.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000363_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000364_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000365_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000366_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000367_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000368.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000369_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000370_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000371_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000372_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000373_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\152_0000000375.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000439.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000440.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000441.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000442.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000443.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000444.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000445.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000446.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000447.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000448.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000449.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1576_0000000450.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba6a9806ea_00003364_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba6a9f2df8_00003364_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba6b32ffc4_00003364_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba6b3a26d2_00003364_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb1bba6b735f42_00003364_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb89b05e623f1c_00002496_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb89b05ef87342_00002496_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb89b05efd37f6_00002496_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9888ff117720_00003724_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9888ff5438f8_00003724_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9888ffe80ac4_00003724_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9888ffef31d2_00003724_classes.jsa (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9889020c67a0_00003724_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb988902fad2c8_00003724_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb98f6c0db291a_00000920_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb98f6c111ff30_00000920_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\236_0000000080.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2416_0000000454.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000383.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000384.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000385.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000386.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000387.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000388.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000389.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000390.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000391.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000392.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000394.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000395.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000396.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000397.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000398.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000399.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000400.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000401.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000403.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000404.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000405.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000406.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000407.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000408.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000409.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000410.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2520_0000000211.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2520_0000000213.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2576_0000000131.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000412.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000413.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000414.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000415.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000416.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000417.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000418.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000419.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000420.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000421.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000422.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000423.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000424.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000425_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2516_0000000426.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3788_0000000451.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3788_0000000452.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3788_0000000453.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000428.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000429.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000430.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000431.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000432.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000433.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000434.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000435.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000436.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000437.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3832_0000000438.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1620_0000000477.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1664_0000000344.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1664_0000000345.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1804_0000000248.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\1872_0000000074.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3852_0000000001.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3856_0000000025.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3856_0000000026.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3872_0000000309.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3984_0000000065.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2616_0000000315_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2648_0000000327_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2664_0000000033.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2864_0000000164.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\2964_0000000004_ifrm.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000224.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3144_0000000241.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\4024_0000000067.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\444_0000000028.key (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000302.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3356_0000000125.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3424_0000000488.pst (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3436_0000000009.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3436_0000000010.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\3436_0000000012.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb98f6c95bec14_00000920_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9a402bb95cc6_00003332_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9a402beb6e28_00003332_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9a40312757bc_00003332_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9a40312c1c70_00003332_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9e73877a361e_00001188_java.security (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9e73878621e0_00001188_java.policy (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9e738eeff1b8_00001188_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\fromjava01cb9e738ef25412_00001188_trusted.libraries (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000303.frm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000304.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000305.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000306.htm (Stolen.Data) -> No action taken. c:\WINDOWS\system32\xmldm\528_0000000308.htm (Stolen.Data) -> No action taken. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX und hier das log von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.05.2011 10:30:09 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = c:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 139,05 Gb Total Space | 117,02 Gb Free Space | 84,15% Space Free | Partition Type: NTFS Drive D: | 9,99 Gb Total Space | 5,53 Gb Free Space | 55,36% Space Free | Partition Type: NTFS Computer Name: FSC5545-K4DHV | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.30 19:45:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2010.12.18 07:06:55 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010.12.11 07:26:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.10.29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2008.05.31 11:00:00 | 000,290,816 | ---- | M] (matrix42 AG) -- C:\WINDOWS\system32\EMPIRUM\SWDEPOT.EXE PRC - [2008.05.29 22:30:18 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.bin PRC - [2008.05.29 22:28:18 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.26 10:30:24 | 000,192,512 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe PRC - [2007.03.15 11:44:20 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe ========== Modules (SafeList) ========== MOD - [2011.04.30 19:45:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe MOD - [2010.12.18 07:07:35 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009.07.12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll MOD - [2009.07.12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll ========== Win32 Services (SafeList) ========== SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.10.29 20:15:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.02.05 13:00:00 | 000,143,360 | ---- | M] (matrix42 AG) [Disabled | Stopped] -- C:\WINDOWS\system32\EMPIRUM\SETUPSVC.EXE -- (SetupService) SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2009.06.23 20:56:01 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.06.23 20:56:01 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2008.06.27 15:54:31 | 000,015,104 | R--- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\snidmi.sys -- (SniDmi) DRV - [2008.05.16 12:14:14 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2008.05.16 12:14:12 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2008.05.16 12:14:10 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.10.10 16:10:08 | 002,164,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2007.10.10 16:03:48 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService) DRV - [2007.10.10 14:55:46 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.06.21 21:58:32 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bing.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=VE3D01&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0 FF - prefs.js..extensions.enabledItems: {E78313ED-E64C-451B-9B5F-8A66A8D08A64}:2.5.10.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=VE3D01&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010.06.26 07:22:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.18 07:07:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.18 07:07:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.30 10:35:45 | 000,000,000 | ---D | M] [2010.05.08 17:20:00 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.05.08 17:20:00 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2011.04.30 19:35:16 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions [2010.05.08 07:21:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.30 19:35:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.30 19:35:01 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2010.07.24 09:55:36 | 000,000,000 | ---D | M] (FireFox accelerator) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64} [2011.04.30 19:35:04 | 000,000,000 | ---D | M] (Conduit Engine) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\engine@conduit.com [2009.09.05 07:13:14 | 000,002,164 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\searchplugins\bing.xml [2011.04.30 17:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.10 16:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.07 14:44:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.16 11:20:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.29 17:01:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.12.18 07:07:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2008.12.10 18:06:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.06.26 07:22:15 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5005 [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA2.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (no name) - {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe018.dll (Adobe Systems, Incorporated) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA2.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyA2.dll (Conduit Ltd.) O4 - HKLM..\Run: [_UserEnv] C:\WINDOWS\system32\EMPIRUM\ENV.EXE (matrix42 AG) O4 - HKLM..\Run: [Adobe ARM] c:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CtrlVol] File not found O4 - HKLM..\Run: [Google Quick Search Box] C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LaunchAp] File not found O4 - HKLM..\Run: [RunSWDepot2] File not found O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] File not found O4 - HKCU..\Run: [Getdo] c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe\Update\flacor.dat () O4 - HKCU..\Run: [TomTomHOME.exe] File not found O4 - Startup: c:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - c:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: DTAG-RF ([]file in Local intranet) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab (YInstStarter Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218118083140 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player (ELECO Software GmbH)) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {03B53966-3478-F102-9BF9-D0DBF7E366FB} - DirectAnimation ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {55E80A4B-D59D-E95E-82F6-973082A1B7D8} - NetShow ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {7B95D863-566D-9D8C-52DB-654BE8531A71} - DirectX ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{021bd9fb-b818-49f9-9a3a-8e0f72aed493} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: RunSWDepot1 - hkey= - key= - File not found MsConfig - StartUpReg: RunSWDepot3 - hkey= - key= - File not found MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011.05.01 10:29:15 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\Administrator\Desktop\Registry Backup [2011.05.01 10:28:41 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.05.01 10:28:41 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT [2011.04.30 19:45:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- c:\Dokumente und Einstellungen\Administrator\Desktop\Erunt-setup.exe [2011.04.30 19:45:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.04.30 19:45:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe [2011.04.30 17:34:40 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.04.30 17:34:35 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.04.30 17:34:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.04.30 17:34:34 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.04.30 17:34:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.04.30 17:34:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL ========== Files - Modified Within 30 Days ========== [2011.05.01 10:28:41 | 000,000,597 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk [2011.05.01 10:28:41 | 000,000,578 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk [2011.05.01 10:26:45 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F82F7883-691D-4920-BF5E-1F80B4510872}.job [2011.05.01 09:42:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.05.01 08:53:05 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.05.01 08:53:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.01 08:52:43 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.05.01 08:52:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580436667-682003330-500.job [2011.05.01 08:52:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.30 20:19:24 | 000,445,770 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.30 20:19:24 | 000,429,308 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.30 20:19:24 | 000,079,026 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.30 20:19:24 | 000,066,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.30 19:45:24 | 000,301,568 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\g2m3e4r.exe [2011.04.30 19:45:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- c:\Dokumente und Einstellungen\Administrator\Desktop\Erunt-setup.exe [2011.04.30 19:45:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2011.04.30 19:45:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe [2011.04.30 19:45:10 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580436667-682003330-500.job [2011.04.30 19:44:39 | 000,377,282 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe [2011.04.30 17:48:05 | 000,001,783 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2011.04.30 17:35:20 | 000,026,255 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Fehler.odt [2011.04.30 17:34:35 | 000,000,762 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.30 10:35:46 | 000,001,715 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2011.04.30 00:47:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.30 00:42:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.04.30 00:33:12 | 002,001,624 | ---- | M] () -- C:\WINDOWS\iis6.BAK ========== Files Created - No Company Name ========== [2011.05.01 10:28:41 | 000,000,597 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk [2011.05.01 10:28:41 | 000,000,578 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk [2011.04.30 19:45:20 | 000,301,568 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\g2m3e4r.exe [2011.04.30 19:44:39 | 000,377,282 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe [2011.04.30 17:35:20 | 000,026,255 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Fehler.odt [2011.04.30 17:34:35 | 000,000,762 | ---- | C] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.18 09:18:47 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.06.26 07:47:20 | 000,001,085 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat [2010.04.17 22:57:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.08.31 19:32:00 | 000,008,704 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.30 13:38:01 | 000,708,432 | ---- | C] () -- C:\WINDOWS\unins000.exe [2009.08.30 13:38:01 | 000,315,997 | ---- | C] () -- C:\WINDOWS\unins000.dat [2008.10.28 11:48:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL [2008.09.06 12:22:34 | 000,000,821 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.08.23 20:29:55 | 000,003,997 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008.06.27 16:46:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.06.27 16:45:50 | 000,301,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.06.27 15:58:17 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys [2008.06.27 15:53:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.06.27 15:50:07 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [1980.01.01 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [1980.01.01 01:00:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [1980.01.01 01:00:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [1980.01.01 01:00:00 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [1980.01.01 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [1980.01.01 01:00:00 | 000,445,770 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [1980.01.01 01:00:00 | 000,429,308 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [1980.01.01 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [1980.01.01 01:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [1980.01.01 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [1980.01.01 01:00:00 | 000,144,357 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [1980.01.01 01:00:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll [1980.01.01 01:00:00 | 000,079,026 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [1980.01.01 01:00:00 | 000,066,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [1980.01.01 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [1980.01.01 01:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [1980.01.01 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [1980.01.01 01:00:00 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980.01.01 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [1980.01.01 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [1980.01.01 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2010.02.19 20:31:34 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ashampoo [2008.08.08 21:52:21 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Astro Gemini Software [2008.08.10 08:23:14 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2008.10.04 21:35:09 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Morpheus Software [2010.12.12 16:58:15 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong [2008.08.08 21:54:28 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TERMINAL Studio [2010.05.08 17:19:56 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom [2010.03.26 15:46:38 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.02.19 20:31:23 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo [2009.10.25 11:24:06 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cau [2011.02.04 21:04:31 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eFiIi01804 [2009.08.30 09:25:21 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\page [2010.07.24 16:47:11 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rosetta Stone [2009.10.29 20:28:39 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RosettaStoneLtdBackup [2010.05.08 17:22:05 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2008.08.09 07:55:58 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2009.03.21 18:43:30 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010.05.09 07:34:26 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.09.13 21:48:24 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.05.15 23:25:56 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2011.05.01 10:26:45 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F82F7883-691D-4920-BF5E-1F80B4510872}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.06.27 16:26:22 | 000,000,000 | ---D | M] -- C:\$WIN_NT$.~BT [2008.08.07 16:00:20 | 000,000,000 | ---D | M] -- C:\83dc9ad2d043db2fb6540f7e [2009.08.24 07:42:04 | 000,000,000 | ---D | M] -- C:\b0fecca94459c2b777 [2008.06.27 15:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2008.06.27 16:01:41 | 000,000,000 | RH-D | M] -- C:\MSOCache [2010.02.19 20:42:55 | 000,000,000 | ---D | M] -- C:\My Music [2008.08.09 07:25:20 | 000,000,000 | ---D | M] -- C:\Photoshop CS2 [2008.12.06 18:10:04 | 000,000,000 | ---D | M] -- C:\Program Files [2011.05.01 10:28:41 | 000,000,000 | R--D | M] -- C:\Programme [2008.06.27 17:36:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2008.06.27 15:55:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2008.06.27 15:54:42 | 000,000,000 | ---D | M] -- C:\temp [2008.12.10 19:19:03 | 000,000,000 | ---D | M] -- C:\WIA56DE [2011.04.30 19:47:10 | 000,000,000 | ---D | M] -- C:\WINDOWS [2008.06.27 15:54:40 | 000,000,000 | ---D | M] -- C:\WindowsXP < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WindowsXP\i386\REGEDIT.EXE [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-30 10:33:04 < > < End of report > XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|
01.05.2011, 19:25
| #2 |
| /// Malware-holic   | Viren und Trojaner verseucht - langt formatieren? formatieren reicht. wenn du willst können wir den dann richtig absichern. tipps bekommst du
__________________
__________________ |
|
01.05.2011, 19:42
| #3 |
| | Viren und Trojaner verseucht - langt formatieren? also ich sichere meine eigenen PCs mit immer updaten, Zonealarm und Avira Antivir ab. Aber für weitere Tipps bin ich immer offen.
__________________ |
|
01.05.2011, 19:48
| #4 |
| /// Malware-holic | Viren und Trojaner verseucht - langt formatieren? ok schon datensicherung gemacht? wenn du den formatiern willst musst du erst mal alle wichtigen daten sichern. weist du wie das mit dem formatieren funktioniert oder muss ich das noch mit beschreiben? ich persönlich halte nichts von desktop firewalls.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.05.2011, 20:20
| #5 |
| | Viren und Trojaner verseucht - langt formatieren? PCs aufgesetz habe ich schon paar mal. Zu sichern gibt es eigentlich nur Bilder und Videos. Muss ich auf etwas achten, wenn ich eine externe Festplatte / USB Stick anschließe zwecks den Viren? Formattieren tue ich immer während der Windows installation, am Anfang wenn es nach der Festplatte fragt. Was für Möglichkeiten habe ich in einem kleinen Heimnetz außer Software firewall? |
|
01.05.2011, 20:21
| #6 |
| /// Malware-holic | Viren und Trojaner verseucht - langt formatieren? hi, das mit dem formatieren ist ok so. du musst nichts beachten. router nutzt ihr ja nehme ich an? dann reichen windows firewalls. und wenn der pc so weit ist gibts weitere tipps
__________________ --> Viren und Trojaner verseucht - langt formatieren? |
|
01.05.2011, 20:28
| #7 |
| | Viren und Trojaner verseucht - langt formatieren? Hi, erstmal danke dir für die schnellen Tips. Ja Router sind vorhanden, sowohl bei meinem Kumpel als auch bei mir. Auf seinem Rechner werde ich XP installieren. Was für eine Firewall / Antivirus würdest du empfehlen? |
|
01.05.2011, 20:30
| #8 |
| /// Malware-holic | Viren und Trojaner verseucht - langt formatieren? firewall die von windows, av kann man avira drauf lassen, konfiguriert. aber wie gesagt das machen wir dann alles, da noch mehr zu tun ist, wenn du so weit bist.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.05.2011, 20:35
| #9 |
| | Viren und Trojaner verseucht - langt formatieren? ok, kann aber ein paar Tage dauern, da ich nicht glaube, dass ich unter der Woche abends dazu komme. ich melde mich dann wieder, wenn ich soweit bin. |
|
| Themen zu Viren und Trojaner verseucht - langt formatieren? |
| .dll, 0x00000001, acroiehelpe, adobe, bonjour, browser, c:\windows\system32\rundll32.exe, downloader, einstellungen, error, explorer, helper, hotkey.sys, iexplore.exe, internet, intranet, launch, location, logfile, mozilla, oldtimer, photoshop, plug-in, realtek, registry, rundll, scan, searchplugins, software, system, trojaner, ungeschützt, usb, viren, windows, winlogon.exe, xmldm |
Linear-Darstellung
