Trojaner-Board - Viren und Trojaner verseucht

Hi Leute,

habe gerade den PC von Freunden hier, die waren komplett ungeschützt im Internet unterwegs und dementsprechend ist das Ding ziemlich verseucht (glaube ich).

Frage: es müsste doch langen, wenn ich den formatiere und Windows neu aufsetze (wäre sowieso wieder fällig) oder muss ich da irgendwo am MBR oder woanders ansetzen?

Danke schon mal im Voraus
Kruemel

Hier das log von mbam:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6478

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30.04.2011 19:34:17
mbam-log-2011-04-30 (19-34-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 309963
Laufzeit: 1 Stunde(n), 37 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 540

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken.
HKEY_CLASSES_ROOT\linkrdr.AIEbho.1 (Trojan.Banker) -> No action taken.
HKEY_CLASSES_ROOT\linkrdr.AIEbho (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F22C37FD-2BCB-40B6-A12E-77DDA1FBDD88} (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Getdo (Trojan.Agent) -> Value: Getdo -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken.

Infizierte Dateien:
c:\WINDOWS\system32\acroiehelpe018.dll (Trojan.Banker) -> No action taken.
c:\WINDOWS\system32\srvblck2.tmp (Malware.Trace) -> No action taken.
c:\WINDOWS\system32\acroiehelpe.txt (Malware.Trace) -> No action taken.
c:\dokumente und einstellungen\administrator\anwendungsdaten\Adobe\Update\flacor.dat (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000056.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1036_0000000299.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1088_0000000466.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1260_0000000472.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000081.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000082.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000083.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000084.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000085.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000086.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000087.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000088.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000089.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000090.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000091.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000092.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000093.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000094.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000095.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000096.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba6da60a3a_00003364_rasphone.pbk (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba70039f86_00003364_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2395dc537f70_00000204_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb23960d52b302_00000204_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0b4a3db0_00006072_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0b4f0264_00006072_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0be2d430_00006072_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0bec5d98_00006072_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0cd6040c_00006072_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0cfc29ac_00006072_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0f208688_00006072_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3548_0000000279.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3604_0000000288.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\360_0000000281.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\360_0000000282.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\360_0000000283.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\360_0000000284.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\360_0000000286.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3668_0000000287.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5076_0000000468.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5076_0000000469.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5076_0000000471.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000167.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000168_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000170.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000171_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000172.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000173.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000174_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000301.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\iexplore.exe_uas005.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\iexplore.exe_uas006.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\iexplore.exe_uas007.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\iexplore.exe_uas008.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\iexplore.exe_uas009.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\iexplore.exe_uas010.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000097.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000114.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1368_0000000044.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000361.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1960_0000000148.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\236_0000000079.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000393.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000411.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000132_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\232_0000000123.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\232_0000000124.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2336_0000000378.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2336_0000000379.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2336_0000000380.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2336_0000000381.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\236_0000000075.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\236_0000000076.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\236_0000000077.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\236_0000000078.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\firefox.exe_uas004.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000057.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000058.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000059.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000060.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000061.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000063.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000064.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000250.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000251.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000252.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000253.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\444_0000000029.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\444_0000000030.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\444_0000000031.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5044_0000000014.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5044_0000000016.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5044_0000000017.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5044_0000000018.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5044_0000000019.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5044_0000000020.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a102df042_00006072_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a1f699b6_00003164_jvm.cfg (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a209ac86_00003164_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a20c0ee0_00003164_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a2919290_00003164_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a29d7e52_00003164_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a2fcdc62_00003164_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a3df5bc8_00003164_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2cf5a488a2be_00003164_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb402f5f1fc7f0_00003032_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb402f5f590060_00003032_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1368_0000000046.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000479.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000480.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000482.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000483.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000484.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000485.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000486.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1384_0000000487.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000098.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000099.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000100.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000101.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000102.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000103.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000104.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000105.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000106.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000107.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000108.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000109.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000110.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000111.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000112.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000113.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1404_0000000006.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1404_0000000007.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1488_0000000357.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000359.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000360.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000115.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000116.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000117.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000118.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000119.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000120.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1356_0000000121.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1368_0000000039.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1368_0000000040.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1368_0000000041.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1368_0000000042.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1368_0000000043.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb402f60a204e4_00003032_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb4158741496e8_00002716_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb4158742a0c12_00002716_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415874c504ec_00002716_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415874cc2bfa_00002716_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415875a2bf9e_00002716_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415875c4208a_00002716_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb41587663de18_00002716_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415878ff7088_00002716_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb41587904353c_00002716_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415948b12aba_00003336_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000290.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000291.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000292.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000293.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000294.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000295.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000296.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2828_0000000298.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415b716c359c_00001088_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415b7178215e_00001088_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415b718ff8e2_00001088_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415b71925b3c_00001088_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb47aa8e6ecb9e_00002808_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb47aa8e7ab760_00002808_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb4cdf88c7d36a_00001640_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb4cdf88dae63a_00001640_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb4cdf8cb3916c_00001640_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb4cdf8cbab87a_00001640_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb6d1361a102f1_00003812_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000134.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000135_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000136.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000137.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000138_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000139.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000140.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000141_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000142.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000143.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000144_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000145.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000146.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000147_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2964_0000000005_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3132_0000000128.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3132_0000000129.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3140_0000000047.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000219.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000220.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000221.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000222.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000223.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000049.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000050.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000051.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000052.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000053.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000054.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\5388_0000000055.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000177_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000178.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000179_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000181.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000182_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000183.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000184.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000185_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000186.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000187.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000188_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000189.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000190.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000191_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000192.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000193.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000194_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000195.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000196.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000197_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000198.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000199.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000200_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000201.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000202.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000203_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\860_0000000204.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\860_0000000205.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\860_0000000206.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\860_0000000207.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\860_0000000208.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\860_0000000209.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\860_0000000210.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\firefox.exe_uas001.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\firefox.exe_uas002.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb7350976efcf4_00001272_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb735097762402_00001272_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb735097d58212_00001272_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb735098e54e26_00001272_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb735098ec7534_00001272_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb735099660d22_00001272_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb735099d87e02_00001272_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb73509a7a9dea_00001272_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb73509a7f629e_00001272_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb7e79414d009f_00003484_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb7e794170c3e5_00003484_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000225.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000226.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000227.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000228.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000229.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000230.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000231.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000232.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000233.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000234.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000235.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000236.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000237.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000238.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000239.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000240_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000456.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000457.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000458.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000459.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000460.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000461.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000462.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000463.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000464.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3192_0000000465.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000242.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000243.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000244.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000246.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000247_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000255.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000256.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000257.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000258.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000259.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000260.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000261.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000262.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000263.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000264.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000265.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000266.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000267.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000268.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000270.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000272.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000273.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000275.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000276.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000277.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000278.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\6064_0000000037.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\632_0000000034.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\632_0000000036.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\668_0000000376.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4024_0000000068.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4024_0000000069.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4024_0000000070.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4024_0000000071.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4024_0000000073.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4028_0000000023.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4028_0000000024.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4284_0000000474.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4284_0000000475.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4284_0000000476.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\444_0000000027.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\544_0000000254.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\744_0000000176.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\firefox.exe_uas003.dat (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba6c17e184_00003364_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb2b1a0f2a0ff0_00006072_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb402f609addd6_00003032_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb415948c9023e_00003336_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb6d1361af510d_00003812_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb89b05e3e7bd6_00002496_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb98f6c93ced82_00000920_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000165_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2964_0000000002.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2964_0000000003.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000347.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000348.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000349.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000350.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000351.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000352.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000353.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000354.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000355.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2596_0000000356.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2616_0000000316_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2616_0000000317_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000319.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000320.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000321.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000322.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000323_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000324_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000325_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000326_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000152.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000153_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000155.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000156_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000157.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000158.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000159_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000160.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000161.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000162_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000163.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000328_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000329.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000330_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000331_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000332_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000333_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000334_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000335_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000336.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000337_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000338_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000339_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000340_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000341_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000342_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000343_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2664_0000000032.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1960_0000000150.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1988_0000000215.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1988_0000000216.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1988_0000000218.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2108_0000000126.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2108_0000000127.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2288_0000000382.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2308_0000000021.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2308_0000000022.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2616_0000000311.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2616_0000000312.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2616_0000000313.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2616_0000000314_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000362.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000363_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000364_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000365_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000366_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000367_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000368.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000369_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000370_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000371_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000372_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000373_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\152_0000000375.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000439.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000440.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000441.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000442.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000443.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000444.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000445.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000446.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000447.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000448.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000449.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1576_0000000450.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba6a9806ea_00003364_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba6a9f2df8_00003364_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba6b32ffc4_00003364_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba6b3a26d2_00003364_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb1bba6b735f42_00003364_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb89b05e623f1c_00002496_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb89b05ef87342_00002496_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb89b05efd37f6_00002496_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9888ff117720_00003724_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9888ff5438f8_00003724_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9888ffe80ac4_00003724_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9888ffef31d2_00003724_classes.jsa (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9889020c67a0_00003724_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb988902fad2c8_00003724_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb98f6c0db291a_00000920_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb98f6c111ff30_00000920_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\236_0000000080.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2416_0000000454.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000383.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000384.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000385.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000386.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000387.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000388.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000389.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000390.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000391.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000392.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000394.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000395.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000396.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000397.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000398.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000399.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000400.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000401.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000403.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000404.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000405.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000406.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000407.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000408.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000409.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000410.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2520_0000000211.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2520_0000000213.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2576_0000000131.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000412.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000413.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000414.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000415.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000416.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000417.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000418.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000419.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000420.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000421.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000422.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000423.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000424.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000425_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2516_0000000426.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3788_0000000451.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3788_0000000452.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3788_0000000453.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000428.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000429.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000430.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000431.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000432.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000433.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000434.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000435.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000436.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000437.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3832_0000000438.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1620_0000000477.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1664_0000000344.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1664_0000000345.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1804_0000000248.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\1872_0000000074.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3852_0000000001.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3856_0000000025.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3856_0000000026.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3872_0000000309.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3984_0000000065.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2616_0000000315_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2648_0000000327_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2664_0000000033.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2864_0000000164.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\2964_0000000004_ifrm.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000224.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3144_0000000241.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\4024_0000000067.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\444_0000000028.key (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000302.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3356_0000000125.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3424_0000000488.pst (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3436_0000000009.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3436_0000000010.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\3436_0000000012.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb98f6c95bec14_00000920_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9a402bb95cc6_00003332_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9a402beb6e28_00003332_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9a40312757bc_00003332_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9a40312c1c70_00003332_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9e73877a361e_00001188_java.security (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9e73878621e0_00001188_java.policy (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9e738eeff1b8_00001188_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\fromjava01cb9e738ef25412_00001188_trusted.libraries (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000303.frm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000304.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000305.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000306.htm (Stolen.Data) -> No action taken.
c:\WINDOWS\system32\xmldm\528_0000000308.htm (Stolen.Data) -> No action taken.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

und hier das log von OTLOTL Logfile:

Code:

OTL logfile created on: 01.05.2011 10:30:09 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = c:\Dokumente und Einstellungen\Administrator\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 139,05 Gb Total Space | 117,02 Gb Free Space | 84,15% Space Free | Partition Type: NTFS

Drive D: | 9,99 Gb Total Space | 5,53 Gb Free Space | 55,36% Space Free | Partition Type: NTFS

 

Computer Name: FSC5545-K4DHV | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.04.30 19:45:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

PRC - [2010.12.18 07:06:55 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe

PRC - [2010.12.11 07:26:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2010.10.29 14:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2008.05.31 11:00:00 | 000,290,816 | ---- | M] (matrix42 AG) -- C:\WINDOWS\system32\EMPIRUM\SWDEPOT.EXE

PRC - [2008.05.29 22:30:18 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.bin

PRC - [2008.05.29 22:28:18 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.04.26 10:30:24 | 000,192,512 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe

PRC - [2007.03.15 11:44:20 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.04.30 19:45:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

MOD - [2010.12.18 07:07:35 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2009.07.12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

MOD - [2009.07.12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009.10.29 20:15:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008.11.04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008.02.05 13:00:00 | 000,143,360 | ---- | M] (matrix42 AG) [Disabled | Stopped] -- C:\WINDOWS\system32\EMPIRUM\SETUPSVC.EXE -- (SetupService)

SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2009.06.23 20:56:01 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2009.06.23 20:56:01 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)

DRV - [2008.06.27 15:54:31 | 000,015,104 | R--- | M] (Fujitsu Siemens Computers) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\snidmi.sys -- (SniDmi)

DRV - [2008.05.16 12:14:14 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2008.05.16 12:14:12 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2008.05.16 12:14:10 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)

DRV - [2007.10.10 16:10:08 | 002,164,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2007.10.10 16:03:48 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2007.10.10 14:55:46 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007.06.21 21:58:32 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)

DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)

DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)

DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)

DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)

DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)

DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)

DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.bing.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=VE3D01&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.3.3.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}:1.0

FF - prefs.js..extensions.enabledItems: {E78313ED-E64C-451B-9B5F-8A66A8D08A64}:2.5.10.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=VE3D01&q="

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010.06.26 07:22:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.18 07:07:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.18 07:07:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.30 10:35:45 | 000,000,000 | ---D | M]

 

[2010.05.08 17:20:00 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2010.05.08 17:20:00 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com

[2011.04.30 19:35:16 | 000,000,000 | ---D | M] (No name found) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions

[2010.05.08 07:21:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.04.30 19:35:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.04.30 19:35:01 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[2010.07.24 09:55:36 | 000,000,000 | ---D | M] (FireFox accelerator) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64}

[2011.04.30 19:35:04 | 000,000,000 | ---D | M] (Conduit Engine) -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\extensions\engine@conduit.com

[2009.09.05 07:13:14 | 000,002,164 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\yg1x4obu.default\searchplugins\bing.xml

[2011.04.30 17:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.06.10 16:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.07 14:44:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.16 11:20:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.04.29 17:01:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2010.12.18 07:07:36 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2008.12.10 18:06:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010.06.26 07:22:15 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\5005

[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA2.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (no name) - {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - C:\WINDOWS\system32\AcroIEHelpe018.dll (Adobe Systems, Incorporated)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Programme\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyA2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Programme\MyAshampoo\tbMyA2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [_UserEnv] C:\WINDOWS\system32\EMPIRUM\ENV.EXE (matrix42 AG)

O4 - HKLM..\Run: [Adobe ARM] c:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)

O4 - HKLM..\Run: [CtrlVol] File not found

O4 - HKLM..\Run: [Google Quick Search Box] C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [LaunchAp] File not found

O4 - HKLM..\Run: [RunSWDepot2] File not found

O4 - HKLM..\Run: [SunJavaUpdateSched] c:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Wbutton] File not found

O4 - HKCU..\Run: [Getdo] c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe\Update\flacor.dat ()

O4 - HKCU..\Run: [TomTomHOME.exe] File not found

O4 - Startup: c:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - c:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: DTAG-RF ([]file in Local intranet)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} hxxp://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab (YInstStarter Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1218118083140 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/download/O2CPlayer.CAB (O2C-Player (ELECO Software GmbH))

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {03B53966-3478-F102-9BF9-D0DBF7E366FB} - DirectAnimation

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)

ActiveX: {55E80A4B-D59D-E95E-82F6-973082A1B7D8} - NetShow

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {7B95D863-566D-9D8C-52DB-654BE8531A71} - DirectX

ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{021bd9fb-b818-49f9-9a3a-8e0f72aed493} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: RunSWDepot1 - hkey= - key= - File not found

MsConfig - StartUpReg: RunSWDepot3 - hkey= - key= - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (16902109354000384)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.05.01 10:29:15 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\Administrator\Desktop\Registry Backup

[2011.05.01 10:28:41 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2011.05.01 10:28:41 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT

[2011.04.30 19:45:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- c:\Dokumente und Einstellungen\Administrator\Desktop\Erunt-setup.exe

[2011.04.30 19:45:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.04.30 19:45:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe

[2011.04.30 17:34:40 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2011.04.30 17:34:35 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.04.30 17:34:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.04.30 17:34:34 | 000,000,000 | ---D | C] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.04.30 17:34:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.04.30 17:34:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2004.12.13 08:57:36 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.05.01 10:28:41 | 000,000,597 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk

[2011.05.01 10:28:41 | 000,000,578 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk

[2011.05.01 10:26:45 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{F82F7883-691D-4920-BF5E-1F80B4510872}.job

[2011.05.01 09:42:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.05.01 08:53:05 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2011.05.01 08:53:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.05.01 08:52:43 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.05.01 08:52:43 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1343024091-1580436667-682003330-500.job

[2011.05.01 08:52:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.04.30 20:19:24 | 000,445,770 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.04.30 20:19:24 | 000,429,308 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.04.30 20:19:24 | 000,079,026 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.04.30 20:19:24 | 000,066,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.04.30 19:45:24 | 000,301,568 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\g2m3e4r.exe

[2011.04.30 19:45:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- c:\Dokumente und Einstellungen\Administrator\Desktop\Erunt-setup.exe

[2011.04.30 19:45:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe

[2011.04.30 19:45:22 | 000,446,464 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe

[2011.04.30 19:45:10 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1343024091-1580436667-682003330-500.job

[2011.04.30 19:44:39 | 000,377,282 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.04.30 17:48:05 | 000,001,783 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2011.04.30 17:35:20 | 000,026,255 | ---- | M] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Fehler.odt

[2011.04.30 17:34:35 | 000,000,762 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.30 10:35:46 | 000,001,715 | ---- | M] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk

[2011.04.30 00:47:04 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.04.30 00:42:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.04.30 00:33:12 | 002,001,624 | ---- | M] () -- C:\WINDOWS\iis6.BAK

 
 ========== Files Created - No Company Name ==========

 

[2011.05.01 10:28:41 | 000,000,597 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk

[2011.05.01 10:28:41 | 000,000,578 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk

[2011.04.30 19:45:20 | 000,301,568 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\g2m3e4r.exe

[2011.04.30 19:44:39 | 000,377,282 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Load.exe

[2011.04.30 17:35:20 | 000,026,255 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Desktop\Fehler.odt

[2011.04.30 17:34:35 | 000,000,762 | ---- | C] () -- c:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.12.18 09:18:47 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010.06.26 07:47:20 | 000,001,085 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2010.04.17 22:57:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2009.08.31 19:32:00 | 000,008,704 | ---- | C] () -- c:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.30 13:38:01 | 000,708,432 | ---- | C] () -- C:\WINDOWS\unins000.exe

[2009.08.30 13:38:01 | 000,315,997 | ---- | C] () -- C:\WINDOWS\unins000.dat

[2008.10.28 11:48:02 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS79.DLL

[2008.09.06 12:22:34 | 000,000,821 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.08.23 20:29:55 | 000,003,997 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2008.06.27 16:46:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008.06.27 16:45:50 | 000,301,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008.06.27 15:58:17 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys

[2008.06.27 15:53:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2008.06.27 15:50:07 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[1980.01.01 01:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[1980.01.01 01:00:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat

[1980.01.01 01:00:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[1980.01.01 01:00:00 | 000,972,072 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[1980.01.01 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[1980.01.01 01:00:00 | 000,445,770 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[1980.01.01 01:00:00 | 000,429,308 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[1980.01.01 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[1980.01.01 01:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[1980.01.01 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[1980.01.01 01:00:00 | 000,144,357 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[1980.01.01 01:00:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll

[1980.01.01 01:00:00 | 000,079,026 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[1980.01.01 01:00:00 | 000,066,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[1980.01.01 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[1980.01.01 01:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[1980.01.01 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[1980.01.01 01:00:00 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[1980.01.01 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[1980.01.01 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[1980.01.01 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

 
 ========== LOP Check ==========

 

[2010.02.19 20:31:34 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ashampoo

[2008.08.08 21:52:21 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Astro Gemini Software

[2008.08.10 08:23:14 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

[2008.10.04 21:35:09 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Morpheus Software

[2010.12.12 16:58:15 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong

[2008.08.08 21:54:28 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TERMINAL Studio

[2010.05.08 17:19:56 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TomTom

[2010.03.26 15:46:38 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software

[2010.02.19 20:31:23 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo

[2009.10.25 11:24:06 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cau

[2011.02.04 21:04:31 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eFiIi01804

[2009.08.30 09:25:21 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\page

[2010.07.24 16:47:11 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rosetta Stone

[2009.10.29 20:28:39 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RosettaStoneLtdBackup

[2010.05.08 17:22:05 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom

[2008.08.09 07:55:58 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip

[2009.03.21 18:43:30 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

[2010.05.09 07:34:26 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009.09.13 21:48:24 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009.05.15 23:25:56 | 000,000,000 | ---D | M] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011.05.01 10:26:45 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{F82F7883-691D-4920-BF5E-1F80B4510872}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2008.06.27 16:26:22 | 000,000,000 | ---D | M] -- C:\$WIN_NT$.~BT

[2008.08.07 16:00:20 | 000,000,000 | ---D | M] -- C:\83dc9ad2d043db2fb6540f7e

[2009.08.24 07:42:04 | 000,000,000 | ---D | M] -- C:\b0fecca94459c2b777

[2008.06.27 15:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2008.06.27 16:01:41 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2010.02.19 20:42:55 | 000,000,000 | ---D | M] -- C:\My Music

[2008.08.09 07:25:20 | 000,000,000 | ---D | M] -- C:\Photoshop CS2

[2008.12.06 18:10:04 | 000,000,000 | ---D | M] -- C:\Program Files

[2011.05.01 10:28:41 | 000,000,000 | R--D | M] -- C:\Programme

[2008.06.27 17:36:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2008.06.27 15:55:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2008.06.27 15:54:42 | 000,000,000 | ---D | M] -- C:\temp

[2008.12.10 19:19:03 | 000,000,000 | ---D | M] -- C:\WIA56DE

[2011.04.30 19:47:10 | 000,000,000 | ---D | M] -- C:\WINDOWS

[2008.06.27 15:54:40 | 000,000,000 | ---D | M] -- C:\WindowsXP

 
 < %PROGRAMFILES%\*.exe >

 

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE >

[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

 
 < MD5 for: REGEDIT.EXE >

[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WindowsXP\i386\REGEDIT.EXE

[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe

[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

 
 < MD5 for: USERINIT.EXE >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE >

[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-30 10:33:04

 
 < >

 

< End of report >

--- --- ---

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX