Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 11.06.2011, 22:37   #1
venus
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



hallo ihr lieben,
ich hoffe ihr könnt mir helfen.
ich kenne mich mit solchen dingen echt nicht aus also bitte habt nachsicht .
habe mir heute ein virus eingefangen ich weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das es sich um ein system scenner handelt von mozila firefox und oben in der leiste steht das hxxp://www1.armysuitetop.co.cc/kf1s?dwgr=iNnO457o1uDh2I%2Fpztiso5aqjeLK1qqsmdbL1texwsO3ndPlnqOdsJnk3LHc6qaWxuDLr8PRs7%2BZ5cvVoubS5cvpzNuH1dC2t7qP3dWxpqiSrJeglaqbq6euj%2BfZ1ePl17SYmN jb0barrJua2ejbrcaooKeWo56spKuimtnnrKGXp56qkaakqqqbzePS1djeoe7e6ZSg4N7h6dLiyuDS3MnY1Z%2FU5t%2Fo4dyX2s7i09jJ6cyg0OTUn9Td2bHI2dbg3OyN5MbYquHn6dmZmLWUoqqc mbjY6eSn2trS59ih2OPYpM7Xyt6b2ueam7rR59edye%2FI39He0qbi25bWzubj2MjY4J%2FK4OPi59bd3dTinNPF6cugyeba5Zc%3D
bitte um schnelle hilfe
ich hoffe ich hab jetzt nicht gegen die regeln verstoßen

danke

Alt 12.06.2011, 10:51   #2
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



hi
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 12.06.2011, 22:26   #3
venus
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



hallo markusg,
vielen lieben dank für die schnelle antwort scan läuft gerade .......
werde danach beides posten .

lg venus
__________________

Alt 12.06.2011, 22:28   #4
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



hi, bitte lass solche posts weg, poste einfach die logs oder wenn du probleme hast, sonst guckt man hier um sonst rein und der thread wird nur unnötig lang :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2011, 22:43   #5
venus
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.06.2011 22:47:07 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = D:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,18 Mb Total Physical Memory | 266,78 Mb Available Physical Memory | 26,31% Memory free
1,99 Gb Paging File | 0,71 Gb Available in Paging File | 35,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 12,11 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 12,91 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive E: | 33,66 Gb Total Space | 32,28 Gb Free Space | 95,90% Space Free | Partition Type: NTFS
 
Computer Name: NAHID-PC | User Name: Nahid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.12 22:41:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.04.28 14:20:02 | 001,206,408 | ---- | M] (SPAMfighter ApS) -- C:\Programme\Fighters\FighterSuiteService.exe
PRC - [2011.04.28 14:19:54 | 001,131,144 | ---- | M] (SPAMfighter) -- C:\Programme\Fighters\SPYWAREfighter\swproTray.exe
PRC - [2011.04.28 13:56:25 | 000,826,688 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
PRC - [2011.04.28 13:56:25 | 000,142,768 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007.03.12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.03.12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.07.13 19:27:16 | 000,528,384 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.12 22:41:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.28 14:20:02 | 001,206,408 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Programme\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2011.04.28 13:56:25 | 000,826,688 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service)
SRV - [2011.04.28 13:56:25 | 000,142,768 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006.07.13 19:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.05.10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.04.28 13:56:28 | 000,010,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfsfilter.sys -- (AVFSFilter)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.02.09 11:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2007.08.03 06:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.07.17 19:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.04.23 14:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 B6 38 85 7E 98 CB 01  [binary data]
IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.10 17:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.10 17:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.12 10:26:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.12 10:26:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.02.26 21:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nahid\AppData\Roaming\mozilla\Extensions
[2011.06.12 10:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nahid\AppData\Roaming\mozilla\Firefox\Profiles\bpc8xr6z.default\extensions
[2011.01.30 11:03:05 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nahid\AppData\Roaming\mozilla\Firefox\Profiles\bpc8xr6z.default\extensions\ffxtlbr@babylon.com
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchplugins\SearchquWebSearch.xml
[2011.06.12 10:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
O4 - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000..\Run: [NVIDIA driver monitor]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: CamserviceOG - hkey= - key= - C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Lexmark 5400 Series Fax Server - hkey= - key= - C:\Program Files\Lexmark 5400 Series\fm3032.exe ()
MsConfig - StartUpReg: LXCTCATS - hkey= - key= -  File not found
MsConfig - StartUpReg: lxctmon.exe - hkey= - key= - C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: ooVoo.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.12 11:00:39 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{D859B2F1-AFF1-4929-8294-F9C14D1A7D5B}
[2011.06.12 10:26:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.06.12 00:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2011.06.12 00:04:51 | 000,000,000 | ---D | C] -- C:\Programme\Fighters
[2011.06.12 00:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2011.06.12 00:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2011.06.12 00:04:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Common Toolkit Suite
[2011.06.12 00:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2011.06.12 00:03:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F31DF89A-89A8-4883-9398-F0F33A3BCA88}
[2011.06.12 00:02:44 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Roaming\Fighters
[2011.06.12 00:02:42 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\PackageAware
[2011.06.11 21:34:45 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{AD73294D-2959-4853-8C86-4B9B87AB7733}
[2011.06.11 09:34:20 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{D32265AC-5B8D-49AE-99BC-DD691F6C0A63}
[2011.06.10 19:06:10 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{51770B4F-97FC-46A1-AAB6-E21A597EE5A8}
[2011.06.10 07:23:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011.06.09 23:42:36 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{B57AB1EC-498E-4717-890A-CEE4C1101FCA}
[2011.06.08 21:09:40 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{E0886DFD-607B-4776-AE44-6ED08AA0336B}
[2011.06.08 09:09:14 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{215C5824-83D4-4E39-904C-B3005A7EA2D3}
[2011.06.07 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{576B199B-3D79-453E-A1C1-2D939EF272AE}
[2011.06.07 09:08:22 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{86E2577A-B84A-416B-8D68-FC02C7705073}
[2011.06.06 21:07:55 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{04B6C8C0-8380-460D-9C7C-E019BF1DC6E0}
[2011.06.06 09:07:29 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{818D4A3D-3172-4B38-AA78-3C666DE668D2}
[2011.06.05 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{BA87942D-EB95-454F-82A8-46AE0E5D6E16}
[2011.06.05 09:52:40 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011.06.04 23:56:31 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{FF444EAE-87AB-427B-9F62-4591456B8819}
[2011.06.04 09:13:17 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{84357F46-CBF0-489B-A3B3-1A03700A51C1}
[2011.06.03 16:40:08 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{9689EB1C-C518-462D-B374-98885033FE2B}
[2011.06.02 12:04:48 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{838204CE-93F5-48A2-9CCF-BE15F09D2CBB}
[2011.06.02 00:04:20 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{0E731FF8-95A8-4762-AB88-225E50EADB0A}
[2011.06.01 09:18:50 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{EEA23283-3BE0-4C38-80AE-CB04014BC420}
[2011.05.31 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{1E85EEF9-70FE-4281-9394-C1A274952A4C}
[2011.05.31 09:17:56 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{69BD4FB8-BC8D-4A44-9BB3-1DE8DAC9ACF3}
[2011.05.30 19:43:23 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{47F7D9E6-6E95-4B61-B312-75CBD489E143}
[2011.05.30 07:42:57 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{7D523E34-5BEA-4317-BF4A-4E0D8572A5E8}
[2011.05.29 19:42:24 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{21D6D0CC-D7AF-4BFB-8C02-B4B38CAE5A8B}
[2011.05.27 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{5FD271C8-44F3-4134-AD8B-678DA32136F8}
[2011.05.26 22:02:02 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{F5F1E39F-BC88-4913-A4E6-156BDA73D613}
[2011.05.26 07:10:06 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{7D3D6ECF-FE9F-4E36-9F61-2173EF4D3DE9}
[2011.05.24 09:29:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\Documents\Rechtsanwalt Kroh  Vdafone
[2011.05.24 08:35:08 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{961C87A4-0BFD-4F81-9ECD-1090F395479A}
[2011.05.23 13:36:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{EC72473E-9337-40ED-8554-DD22873F905D}
[2011.05.23 00:42:51 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{7CB65960-BE86-4E9C-BB3B-20DD7FD15801}
[2011.05.22 22:53:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.05.22 01:05:30 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{3671AD87-2DBC-4286-8A99-E336902B068D}
[2011.05.21 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\Documents\Tordynex Übersetzung
[2011.05.21 07:39:35 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{1D5F4051-826D-4BFE-9856-E7D8F6034BBC}
[2011.05.20 07:52:40 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{C4BA6739-237F-4768-8082-8CAD7126F2E9}
[2011.05.19 19:31:56 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{66C0C584-214D-4276-B417-05EA8EA93219}
[2011.05.18 22:15:20 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{5DB67BB0-FA98-414D-BBE4-37AC5C9C069A}
[2011.05.18 09:01:02 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{8B03D2B8-3452-49EC-9CC0-BA2676174948}
[2011.05.17 17:22:43 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{AF01215C-53C7-43CF-81D2-2C1A6B79B462}
[2011.05.16 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{8C1DE9C5-DE77-4523-B506-B6D300F7366B}
[2011.05.16 07:53:36 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{14292F6E-2C9D-4A8C-A851-D4DA73A12DB7}
[2011.05.15 19:53:09 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{73E3C288-77F0-49E9-A7F9-94330C8B0051}
[2011.05.15 01:00:39 | 000,000,000 | ---D | C] -- C:\Users\Nahid\jahrgangs foto
[2011.05.15 00:55:35 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{F7AC2E47-1B94-4252-9A94-2D28C31626D4}
[2011.05.14 11:39:08 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{EC780FEC-28AA-4ABD-A95D-6BC30A7891BC}
[2011.05.14 00:53:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.05.13 23:38:42 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{D2879966-91C7-49EC-B3DA-EE8E4DE65665}
[2011.05.13 23:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nahid\Documents\Tordynex
[2011.02.18 20:46:37 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2011.02.18 20:46:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2010.12.16 18:54:48 | 000,983,040 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2010.12.16 18:54:48 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2010.12.16 18:54:48 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2010.12.16 18:54:47 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2010.12.16 18:54:47 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2010.12.16 18:54:47 | 000,528,384 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2010.12.16 18:54:47 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2010.12.16 18:54:47 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2010.12.16 18:54:45 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2010.12.16 18:54:44 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2010.12.16 18:54:43 | 000,667,648 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2010.12.16 18:54:43 | 000,528,384 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2010.12.16 18:54:43 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2010.12.16 18:54:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[1 C:\Users\Nahid\AppData\Local\*.tmp files -> C:\Users\Nahid\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.12 21:24:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.12 10:26:52 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.12 09:37:54 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 09:37:54 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.12 09:36:05 | 004,864,748 | ---- | M] () -- C:\Users\Nahid\Desktop\FightersLogs.zip
[2011.06.12 09:32:06 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.12 00:04:59 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.06.11 21:24:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.06.11 21:24:00 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.06.10 09:16:31 | 000,102,945 | ---- | M] () -- C:\Users\Nahid\Desktop\Lebenslauf Nahid Rashedi Alvandi.pdf
[2011.06.10 08:49:22 | 000,212,247 | ---- | M] () -- C:\Users\Nahid\Desktop\Anschreiben Nahid Rashedi Alvandi.pdf
[2011.06.10 08:23:58 | 000,212,376 | ---- | M] () -- C:\Users\Nahid\Documents\Nahid Rashedi Alvandi Anschreiben .pdf
[2011.06.10 08:08:48 | 000,087,205 | ---- | M] () -- C:\Users\Nahid\Desktop\Bewerbung Nahid Rashedi Alvandi.pdf
[2011.06.10 00:34:16 | 000,212,430 | ---- | M] () -- C:\Users\Nahid\Documents\Anschreiben Nahid Rashedi Alvandi.pdf
[2011.06.06 19:00:59 | 002,916,099 | ---- | M] () -- C:\Users\Nahid\Documents\06-06-2011 18;59;48.rtf
[2011.06.05 19:14:35 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.05 19:14:35 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.05 19:14:35 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.05 19:14:35 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.03 17:14:01 | 000,077,175 | ---- | M] () -- C:\Users\Nahid\Desktop\33304172_OBBkhJYt_c.jpg
[2011.05.31 11:01:41 | 000,484,675 | ---- | M] () -- C:\Users\Nahid\Desktop\Prof. Dr. med. Joachim Dissemond.pdf
[2011.05.28 11:02:53 | 000,113,326 | ---- | M] () -- C:\Users\Nahid\Desktop\248073_227380897289164_161610780532843_1002634_4885383_n.jpg
[2011.05.24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.05.23 08:32:15 | 000,125,968 | ---- | M] () -- C:\Users\Nahid\Desktop\38801_143023169055867_139282436096607_302532_1705063_n.jpg
[2011.05.22 23:19:59 | 000,085,593 | ---- | M] () -- C:\Users\Nahid\Desktop\222208_219505941411111_219505004744538_848944_1613727_n.jpg
[2011.05.21 08:58:59 | 000,002,090 | ---- | M] () -- C:\Users\Nahid\Desktop\Tordynex Übersetzung - Verknüpfung.lnk
[2011.05.20 18:09:57 | 000,001,441 | ---- | M] () -- C:\Users\Nahid\Desktop\Hercules Deluxe Optical Glass - Verknüpfung (2).lnk
[2011.05.20 08:12:43 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.05.16 20:31:47 | 000,007,091 | ---- | M] () -- C:\Users\Nahid\Documents\Bewerbung - unopiu - Verknüpfung.lnk
[2011.05.15 01:03:10 | 000,001,138 | ---- | M] () -- C:\Users\Nahid\Desktop\Tordynex - mappe -essen.lnk
[2011.05.15 01:01:12 | 000,001,031 | ---- | M] () -- C:\Users\Nahid\Desktop\jahrgangs foto - Verknüpfung.lnk
[1 C:\Users\Nahid\AppData\Local\*.tmp files -> C:\Users\Nahid\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.12 10:26:52 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.06.12 10:26:51 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.06.12 09:35:38 | 004,864,748 | ---- | C] () -- C:\Users\Nahid\Desktop\FightersLogs.zip
[2011.06.12 00:04:59 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2011.06.10 09:16:31 | 000,102,945 | ---- | C] () -- C:\Users\Nahid\Desktop\Lebenslauf Nahid Rashedi Alvandi.pdf
[2011.06.10 08:49:21 | 000,212,247 | ---- | C] () -- C:\Users\Nahid\Desktop\Anschreiben Nahid Rashedi Alvandi.pdf
[2011.06.10 08:23:57 | 000,212,376 | ---- | C] () -- C:\Users\Nahid\Documents\Nahid Rashedi Alvandi Anschreiben .pdf
[2011.06.10 08:08:47 | 000,087,205 | ---- | C] () -- C:\Users\Nahid\Desktop\Bewerbung Nahid Rashedi Alvandi.pdf
[2011.06.10 00:34:13 | 000,212,430 | ---- | C] () -- C:\Users\Nahid\Documents\Anschreiben Nahid Rashedi Alvandi.pdf
[2011.06.06 19:00:55 | 002,916,099 | ---- | C] () -- C:\Users\Nahid\Documents\06-06-2011 18;59;48.rtf
[2011.06.03 17:13:46 | 000,077,175 | ---- | C] () -- C:\Users\Nahid\Desktop\33304172_OBBkhJYt_c.jpg
[2011.05.31 11:01:33 | 000,484,675 | ---- | C] () -- C:\Users\Nahid\Desktop\Prof. Dr. med. Joachim Dissemond.pdf
[2011.05.28 11:02:39 | 000,113,326 | ---- | C] () -- C:\Users\Nahid\Desktop\248073_227380897289164_161610780532843_1002634_4885383_n.jpg
[2011.05.23 08:31:59 | 000,125,968 | ---- | C] () -- C:\Users\Nahid\Desktop\38801_143023169055867_139282436096607_302532_1705063_n.jpg
[2011.05.22 23:19:39 | 000,085,593 | ---- | C] () -- C:\Users\Nahid\Desktop\222208_219505941411111_219505004744538_848944_1613727_n.jpg
[2011.05.21 08:58:59 | 000,002,090 | ---- | C] () -- C:\Users\Nahid\Desktop\Tordynex Übersetzung - Verknüpfung.lnk
[2011.05.20 18:09:57 | 000,001,441 | ---- | C] () -- C:\Users\Nahid\Desktop\Hercules Deluxe Optical Glass - Verknüpfung (2).lnk
[2011.05.15 01:03:10 | 000,001,138 | ---- | C] () -- C:\Users\Nahid\Desktop\Tordynex - mappe -essen.lnk
[2011.05.15 01:01:12 | 000,001,031 | ---- | C] () -- C:\Users\Nahid\Desktop\jahrgangs foto - Verknüpfung.lnk
[2011.04.28 13:56:28 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys
[2011.02.18 20:46:35 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011.01.04 02:50:03 | 000,005,120 | ---- | C] () -- C:\Users\Nahid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.16 19:02:01 | 000,335,872 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2010.12.16 18:59:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL
[2010.12.16 18:59:41 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll
[2010.12.16 18:59:21 | 000,012,288 | ---- | C] () -- C:\Windows\System32\lxctpmrc.dll
[2010.12.16 18:54:48 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2010.12.16 18:54:44 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2010.12.10 16:57:45 | 000,000,088 | ---- | C] () -- C:\Windows\wincmd.ini
[2010.12.10 16:11:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.12.10 16:11:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.10 16:11:12 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.12.10 16:11:12 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.12.10 16:11:12 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.12.10 15:41:22 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010.12.10 15:41:21 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll
[2010.12.10 15:41:20 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll
[2010.12.10 15:41:19 | 001,199,179 | ---- | C] () -- C:\Windows\unins002.exe
[2010.12.10 15:41:19 | 000,010,129 | ---- | C] () -- C:\Windows\unins002.dat
[2010.12.10 15:40:27 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2010.12.10 15:40:27 | 000,007,958 | ---- | C] () -- C:\Windows\unins001.dat
[2010.12.10 15:40:00 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2010.12.10 15:40:00 | 000,012,131 | ---- | C] () -- C:\Windows\unins000.dat
[2009.07.14 10:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,429,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.06.20 15:40:14 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006.05.18 13:01:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006.05.03 16:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2005.06.24 04:37:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
 
========== LOP Check ==========
 
[2011.05.01 13:05:07 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\5400 Series
[2011.03.08 10:55:02 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\5400 Series
[2011.01.30 11:03:05 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Babylon
[2011.06.12 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Fighters
[2010.12.10 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Local
[2010.12.10 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\MuldeR
[2011.01.21 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\ooVoo Details
[2010.12.15 09:39:06 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\TVgenial
[2010.12.16 08:05:13 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Windows Live Writer
[2010.12.10 16:50:52 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\WordToPDF
[2010.12.10 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\XnView
[2011.05.30 06:38:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.08 10:55:02 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\5400 Series
[2010.12.10 15:42:50 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Adobe
[2010.12.10 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Ahead
[2011.01.19 18:51:39 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Apple Computer
[2011.01.30 11:03:05 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Babylon
[2010.12.10 16:16:21 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\DivX
[2011.06.12 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Fighters
[2010.12.10 15:15:16 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Identities
[2010.12.29 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\InstallShield
[2010.12.10 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Local
[2010.12.10 16:18:49 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Macromedia
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Media Center Programs
[2011.03.04 23:10:41 | 000,000,000 | --SD | M] -- C:\Users\Nahid\AppData\Roaming\Microsoft
[2011.02.26 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Mozilla
[2010.12.10 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\MuldeR
[2010.12.10 15:49:27 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\NCH Software
[2011.01.21 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\ooVoo Details
[2011.01.19 09:00:07 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Skype
[2010.12.15 09:39:06 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\TVgenial
[2010.12.10 16:58:22 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\vlc
[2010.12.10 17:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Winamp
[2010.12.16 08:05:13 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Windows Live Writer
[2010.12.10 17:42:26 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\WinRAR
[2010.12.10 16:50:52 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\WordToPDF
[2010.12.10 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\XnView
[2011.06.11 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2007.08.29 16:36:06 | 000,167,936 | ---- | M] () -- C:\Users\Nahid\AppData\Roaming\NCH Software\Components\wmawav\wmawav.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2011.02.18 01:00:10 | 000,013,131 | ---- | M] ()(C:\Users\Nahid\Documents\?? ???? ?? ?? ?? ??????? ?? ?? ??????? ????? ??? ????? ?? ??????? ???? ???? ???? ??? ?? ????????.docx) -- C:\Users\Nahid\Documents\ما لحظه ها را می گذرانیم تا به خوشبختی برسیم ولی افسوس که خوشبختی همان لحظه هایی بود که گذراندیم.docx
[2011.02.16 14:43:41 | 000,013,131 | ---- | C] ()(C:\Users\Nahid\Documents\?? ???? ?? ?? ?? ??????? ?? ?? ??????? ????? ??? ????? ?? ??????? ???? ???? ???? ??? ?? ????????.docx) -- C:\Users\Nahid\Documents\ما لحظه ها را می گذرانیم تا به خوشبختی برسیم ولی افسوس که خوشبختی همان لحظه هایی بود که گذراندیم.docx
[2010.12.19 10:56:33 | 000,081,533 | ---- | M] ()(C:\Users\Nahid\Documents\????.docx) -- C:\Users\Nahid\Documents\یلدا.docx
[2010.12.19 10:56:31 | 000,081,533 | ---- | C] ()(C:\Users\Nahid\Documents\????.docx) -- C:\Users\Nahid\Documents\یلدا.docx

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.06.2011 22:47:08 - Run 1
OTL by OldTimer - Version 3.2.24.0     Folder = D:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,18 Mb Total Physical Memory | 266,78 Mb Available Physical Memory | 26,31% Memory free
1,99 Gb Paging File | 0,71 Gb Available in Paging File | 35,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 12,11 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 12,91 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive E: | 33,66 Gb Total Space | 32,28 Gb Free Space | 95,90% Space Free | Partition Type: NTFS
 
Computer Name: NAHID-PC | User Name: Nahid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe /scan "%1" (SPAMfighter)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Premium
"{54dcbccb-c905-46dc-b6e6-48563d0e9e55}" = LameXP
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89AF1D9-A501-4AA5-9E44-9753D0F92347}" = Kidizoom® Pro & Plus
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Setup.divx.com" = DivX-Setup
"Dolphins 3D_is1" = Dolphins 3D
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.60
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.4.0
"Lexmark 5400 Series" = Lexmark 5400 Series
"M928366" = 
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"SPYWAREfighter" = SPYWAREfighter
"TVgenial" = TVgenial 4.10
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"Wincmd" = Windows Commander (Remove or Repair)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.4
"XnView_is1" = XnView 1.97.8
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Alt 12.06.2011, 22:52   #6
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
--> habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.

Alt 12.06.2011, 23:50   #7
venus
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-06-11.01 - Nahid 13.06.2011   0:22.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.1014.71 [GMT 2:00]
ausgeführt von:: c:\users\Nahid\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: SPYWAREfighter *Enabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nahid\AppData\Roaming\Local
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchplugins\SearchquWebSearch.xml
c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchqutb
c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchqutb\preferences.dat
c:\users\Nahid\Desktop\install_flash_player.exe
c:\windows\TEMP\dsamb0ib.vbt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-12 bis 2011-06-12  ))))))))))))))))))))))))))))))
.
.
2011-06-12 22:33 . 2011-06-12 22:36	--------	d-----w-	c:\users\Nahid\AppData\Local\temp
2011-06-12 22:33 . 2011-06-12 22:33	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-06-12 22:33 . 2011-06-12 22:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-12 21:39 . 2011-06-12 21:39	--------	d-----w-	c:\users\Nahid\AppData\Local\{C8B80FD4-A16F-495A-8426-26000C5D9373}
2011-06-12 09:00 . 2011-06-12 09:00	--------	d-----w-	c:\users\Nahid\AppData\Local\{D859B2F1-AFF1-4929-8294-F9C14D1A7D5B}
2011-06-11 22:05 . 2011-06-11 22:35	--------	d-----w-	c:\programdata\clp
2011-06-11 22:04 . 2011-06-11 22:04	--------	d-----w-	c:\program files\Fighters
2011-06-11 22:04 . 2011-06-11 22:04	--------	d-----w-	c:\programdata\Common Toolkit Suite
2011-06-11 22:04 . 2011-06-11 22:04	--------	d-----w-	c:\program files\Common Files\Common Toolkit Suite
2011-06-11 22:04 . 2011-06-11 22:04	--------	d-----w-	c:\programdata\Fighters
2011-06-11 22:03 . 2011-06-11 22:05	--------	dc-h--w-	c:\programdata\{F31DF89A-89A8-4883-9398-F0F33A3BCA88}
2011-06-11 22:02 . 2011-06-11 22:02	--------	d-----w-	c:\users\Nahid\AppData\Roaming\Fighters
2011-06-11 22:02 . 2011-06-11 22:02	--------	d-----w-	c:\users\Nahid\AppData\Local\PackageAware
2011-06-11 19:34 . 2011-06-11 19:34	--------	d-----w-	c:\users\Nahid\AppData\Local\{AD73294D-2959-4853-8C86-4B9B87AB7733}
2011-06-11 19:26 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9483A00F-BC88-4A41-A529-8047F3735652}\mpengine.dll
2011-06-11 07:34 . 2011-06-11 07:34	--------	d-----w-	c:\users\Nahid\AppData\Local\{D32265AC-5B8D-49AE-99BC-DD691F6C0A63}
2011-06-10 17:06 . 2011-06-10 17:06	--------	d-----w-	c:\users\Nahid\AppData\Local\{51770B4F-97FC-46A1-AAB6-E21A597EE5A8}
2011-06-10 05:23 . 2011-04-09 05:56	123904	----a-w-	c:\windows\system32\poqexec.exe
2011-06-09 21:42 . 2011-06-09 21:42	--------	d-----w-	c:\users\Nahid\AppData\Local\{B57AB1EC-498E-4717-890A-CEE4C1101FCA}
2011-06-08 19:09 . 2011-06-08 19:09	--------	d-----w-	c:\users\Nahid\AppData\Local\{E0886DFD-607B-4776-AE44-6ED08AA0336B}
2011-06-08 07:09 . 2011-06-08 07:09	--------	d-----w-	c:\users\Nahid\AppData\Local\{215C5824-83D4-4E39-904C-B3005A7EA2D3}
2011-06-07 19:08 . 2011-06-07 19:08	--------	d-----w-	c:\users\Nahid\AppData\Local\{576B199B-3D79-453E-A1C1-2D939EF272AE}
2011-06-07 07:08 . 2011-06-07 07:08	--------	d-----w-	c:\users\Nahid\AppData\Local\{86E2577A-B84A-416B-8D68-FC02C7705073}
2011-06-06 19:07 . 2011-06-06 19:08	--------	d-----w-	c:\users\Nahid\AppData\Local\{04B6C8C0-8380-460D-9C7C-E019BF1DC6E0}
2011-06-06 07:07 . 2011-06-06 07:07	--------	d-----w-	c:\users\Nahid\AppData\Local\{818D4A3D-3172-4B38-AA78-3C666DE668D2}
2011-06-05 10:12 . 2011-06-05 10:13	--------	d-----w-	c:\users\Nahid\AppData\Local\{BA87942D-EB95-454F-82A8-46AE0E5D6E16}
2011-06-05 07:52 . 2011-04-22 19:36	26496	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-06-04 21:56 . 2011-06-04 21:56	--------	d-----w-	c:\users\Nahid\AppData\Local\{FF444EAE-87AB-427B-9F62-4591456B8819}
2011-06-04 07:13 . 2011-06-04 07:13	--------	d-----w-	c:\users\Nahid\AppData\Local\{84357F46-CBF0-489B-A3B3-1A03700A51C1}
2011-06-03 14:40 . 2011-06-03 14:40	--------	d-----w-	c:\users\Nahid\AppData\Local\{9689EB1C-C518-462D-B374-98885033FE2B}
2011-06-02 10:04 . 2011-06-02 10:04	--------	d-----w-	c:\users\Nahid\AppData\Local\{838204CE-93F5-48A2-9CCF-BE15F09D2CBB}
2011-06-01 22:04 . 2011-06-01 22:04	--------	d-----w-	c:\users\Nahid\AppData\Local\{0E731FF8-95A8-4762-AB88-225E50EADB0A}
2011-06-01 07:18 . 2011-06-01 07:19	--------	d-----w-	c:\users\Nahid\AppData\Local\{EEA23283-3BE0-4C38-80AE-CB04014BC420}
2011-05-31 19:18 . 2011-05-31 19:18	--------	d-----w-	c:\users\Nahid\AppData\Local\{1E85EEF9-70FE-4281-9394-C1A274952A4C}
2011-05-31 07:17 . 2011-05-31 07:18	--------	d-----w-	c:\users\Nahid\AppData\Local\{69BD4FB8-BC8D-4A44-9BB3-1DE8DAC9ACF3}
2011-05-30 17:43 . 2011-05-30 17:43	--------	d-----w-	c:\users\Nahid\AppData\Local\{47F7D9E6-6E95-4B61-B312-75CBD489E143}
2011-05-30 05:42 . 2011-05-30 05:43	--------	d-----w-	c:\users\Nahid\AppData\Local\{7D523E34-5BEA-4317-BF4A-4E0D8572A5E8}
2011-05-29 17:42 . 2011-05-29 17:42	--------	d-----w-	c:\users\Nahid\AppData\Local\{21D6D0CC-D7AF-4BFB-8C02-B4B38CAE5A8B}
2011-05-27 08:15 . 2011-05-27 08:16	--------	d-----w-	c:\users\Nahid\AppData\Local\{5FD271C8-44F3-4134-AD8B-678DA32136F8}
2011-05-26 20:02 . 2011-05-26 20:02	--------	d-----w-	c:\users\Nahid\AppData\Local\{F5F1E39F-BC88-4913-A4E6-156BDA73D613}
2011-05-26 05:10 . 2011-05-26 05:10	--------	d-----w-	c:\users\Nahid\AppData\Local\{7D3D6ECF-FE9F-4E36-9F61-2173EF4D3DE9}
2011-05-24 06:35 . 2011-05-24 06:35	--------	d-----w-	c:\users\Nahid\AppData\Local\{961C87A4-0BFD-4F81-9ECD-1090F395479A}
2011-05-23 11:36 . 2011-05-23 11:36	--------	d-----w-	c:\users\Nahid\AppData\Local\{EC72473E-9337-40ED-8554-DD22873F905D}
2011-05-22 22:42 . 2011-05-22 22:43	--------	d-----w-	c:\users\Nahid\AppData\Local\{7CB65960-BE86-4E9C-BB3B-20DD7FD15801}
2011-05-22 20:53 . 2011-05-22 20:53	--------	d-----w-	c:\windows\Sun
2011-05-21 23:05 . 2011-05-21 23:05	--------	d-----w-	c:\users\Nahid\AppData\Local\{3671AD87-2DBC-4286-8A99-E336902B068D}
2011-05-21 05:39 . 2011-05-21 05:39	--------	d-----w-	c:\users\Nahid\AppData\Local\{1D5F4051-826D-4BFE-9856-E7D8F6034BBC}
2011-05-20 05:52 . 2011-05-20 05:52	--------	d-----w-	c:\users\Nahid\AppData\Local\{C4BA6739-237F-4768-8082-8CAD7126F2E9}
2011-05-19 17:31 . 2011-05-19 17:32	--------	d-----w-	c:\users\Nahid\AppData\Local\{66C0C584-214D-4276-B417-05EA8EA93219}
2011-05-18 20:15 . 2011-05-18 20:15	--------	d-----w-	c:\users\Nahid\AppData\Local\{5DB67BB0-FA98-414D-BBE4-37AC5C9C069A}
2011-05-18 07:01 . 2011-05-18 07:01	--------	d-----w-	c:\users\Nahid\AppData\Local\{8B03D2B8-3452-49EC-9CC0-BA2676174948}
2011-05-17 15:22 . 2011-05-17 15:22	--------	d-----w-	c:\users\Nahid\AppData\Local\{AF01215C-53C7-43CF-81D2-2C1A6B79B462}
2011-05-16 18:42 . 2011-05-16 18:42	--------	d-----w-	c:\users\Nahid\AppData\Local\{8C1DE9C5-DE77-4523-B506-B6D300F7366B}
2011-05-16 05:53 . 2011-05-16 05:53	--------	d-----w-	c:\users\Nahid\AppData\Local\{14292F6E-2C9D-4A8C-A851-D4DA73A12DB7}
2011-05-15 17:53 . 2011-05-15 17:53	--------	d-----w-	c:\users\Nahid\AppData\Local\{73E3C288-77F0-49E9-A7F9-94330C8B0051}
2011-05-14 23:00 . 2011-05-14 23:03	--------	d-----w-	c:\users\Nahid\jahrgangs foto
2011-05-14 22:55 . 2011-05-14 22:55	--------	d-----w-	c:\users\Nahid\AppData\Local\{F7AC2E47-1B94-4252-9A94-2D28C31626D4}
2011-05-14 09:39 . 2011-05-14 09:39	--------	d-----w-	c:\users\Nahid\AppData\Local\{EC780FEC-28AA-4ABD-A95D-6BC30A7891BC}
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-14 02:21	222080	----a-w-	c:\windows\system32\MpSigStub.exe
2011-05-20 08:54 . 2010-12-10 13:57	1166144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-12 07:17 . 2010-12-24 08:06	1152832	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-10 12:10 . 2010-12-10 13:44	40112	----a-w-	c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-12-10 13:44	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-04-26 20:39	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-12-10 13:44	307928	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-12-10 13:44	49240	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-12-10 13:44	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-12-10 13:44	53592	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-12-10 13:44	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-04-28 11:56 . 2011-04-28 11:56	10264	----a-w-	c:\windows\system32\drivers\avfsfilter.sys
2011-04-13 22:40 . 2011-04-13 22:40	4284416	----a-w-	c:\windows\system32\GPhotos.scr
2011-04-09 06:13 . 2011-05-10 21:59	3957632	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-10 21:59	3901824	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-25 03:06 . 2011-05-10 21:59	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-10 21:59	284160	----a-w-	c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-10 21:59	75776	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-10 21:59	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-10 21:59	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-10 21:59	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-10 21:59	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2011-04-14 16:40 . 2011-06-12 08:26	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2011-01-30 1219488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
"SWPROguard"="c:\program files\Fighters\SPYWAREfighter\SWPROTray.exe" [2011-04-28 1131144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 10:49	932288	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 10:48	58656	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceOG]
2009-10-19 16:30	2913576	----a-w-	c:\program files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15	63360	----a-w-	c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-08 19:17	1226608	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-06-07 03:05	98304	----a-w-	c:\program files\Lexmark 5400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 09:32	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-07-10 23:30	294912	----a-w-	c:\program files\Lexmark 5400 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
2006-06-07 12:09	106496	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\lxcttime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-06-20 13:37	286720	----a-w-	c:\program files\Lexmark 5400 Series\lxctmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17	5252408	----a-w-	c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53	153136	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30	150552	----a-w-	c:\windows\System32\igfxpers.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [2011-04-28 10264]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 99968]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-04-28 1206408]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Watch Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Watch Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,83,4e,e7,f8,bb,2b,47,89,fc,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,83,4e,e7,f8,bb,2b,47,89,fc,c4,\
.
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2922082828-1365418600-2234279854-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2922082828-1365418600-2234279854-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5068)
c:\windows\System32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-13  00:44:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-06-12 22:44
.
Vor Suchlauf: 7 Verzeichnis(se), 12.885.131.264 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 12.806.045.696 Bytes frei
.
- - End Of File - - C00D162DCEC19230C95B14C63B5A36DA
         
--- --- ---

Alt 13.06.2011, 09:43   #8
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



öffne mal computer, c: qoobox, rechtsklick quarantain, mit winrar oder zip packen und hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2011, 10:50   #9
venus
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



hi markus,

bis punkt 2 bin ich gekommen aber ich weiss nicht was ich danach machen muss sorry ....

bin dem linke Uploadchannel Trojaner-Board gefolgt ...
aber weiter ?????

Alt 13.06.2011, 10:55   #10
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



also die datei ist gepackt? dann gehst du in den upload channel, dann lädst du über " durchsuchen" die datei hoch bzw wählst die erst mal aus.
dann gibst du, in den jeweiligen feldern, deinen nutzernamen, bzw den link zum topick an und lädst die datei hoch, wenn da steht upload erfolgreich, passt das.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2011, 11:37   #11
venus
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



ach man ich komme nicht weiter bin zu blöd :-(
wenn ich auf computer gehe , c: qoobox, rechtsklick geht ein fenster auf .....da steht aber nichts von winrar oder zip

Alt 13.06.2011, 12:56   #12
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



ok
lade 7zip
http://filepony.de/download-7-zip/
instalieren, dann wieder zu quarantain navigieren, rechtsklick, 7zip menü aufklappen, und dann packen. und das archiv hochladen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2011, 13:40   #13
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



sieht soweit unauffällig aus.
download malwarebytes:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2011, 15:39   #14
venus
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6847

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.06.2011 16:27:59
mbam-log-2011-06-13 (16-27-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|L:\|M:\|)
Durchsuchte Objekte: 324571
Laufzeit: 1 Stunde(n), 16 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
e:\Tools\Antispy\windows 7 loader\windows loader\windows loader.exe (RiskWare.Tool.HCK) -> No action taken.
e:\Tools\Demo\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken.
e:\Tools\Demo\demo-x-x-gepackt\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken.
e:\Tools\Demo\demo-x-x-gepackt\fr08_final\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken.
e:\Tools\Demo\fr08_final\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken.

Alt 13.06.2011, 15:43   #15
markusg
/// Malware-holic
 
habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - Standard

habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.



hi, keygens etc unterstützen wir nicht, da illegal, hier gibts nur support beim neu aufsetzen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.
dinge, eingefangen, einzige, firefox, gefangen, gen, heute, hoffe, leiste, liebe, lieben, regeln, schnelle, schnelle hilfe, system, virus, virus eingefangen



Ähnliche Themen: habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.


  1. kann keine einzige App öffnen (auch nicht den Store)
    Alles rund um Windows - 13.12.2014 (1)
  2. http://www1.search-results.com/ als Startseite von Firefox
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (21)
  3. Ich habe einen Virus und weiss nicht wie ich Ihn weg bekomme
    Log-Analyse und Auswertung - 09.11.2012 (30)
  4. (2x) OTL by OldTimer durchgeführt kann jemand mir dazu was sagen?
    Mülltonne - 20.03.2012 (0)
  5. Ich habe ein Virus und weiss nicht was ich machen soll =(
    Plagegeister aller Art und deren Bekämpfung - 21.12.2011 (13)
  6. http://www1.mpnrs.com/tracker/...........
    Plagegeister aller Art und deren Bekämpfung - 19.01.2011 (38)
  7. Habe mir das sowas eingefangen TR/PSW.Papras.AB Kann mir jemand sagen wie ich das weg bekomme
    Antiviren-, Firewall- und andere Schutzprogramme - 09.08.2010 (2)
  8. IMO unverdächtiges Log, was sagen die Profis dazu? :-)
    Log-Analyse und Auswertung - 07.10.2009 (2)
  9. Kann Mir Jemand Dazu Was Sagen?
    Mülltonne - 20.09.2007 (1)
  10. Was hab ich für ein virus oder so kann mir das einer sagen !!!
    Mülltonne - 06.08.2007 (1)
  11. Ich habe wahrscheinlich einen Trojaner und weiss nicht weiter.
    Log-Analyse und Auswertung - 13.01.2007 (2)
  12. ...Habe vielleicht Trojaner auf PC...was tun???!!!...weiss nicht mehr weiter...!!!
    Plagegeister aller Art und deren Bekämpfung - 03.01.2007 (14)
  13. Kann mir dazu jemand was sagen?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2005 (6)
  14. Kann sich mal jemand dieses logfile angucken und mir was dazu sagen?
    Log-Analyse und Auswertung - 28.05.2005 (8)
  15. kann mir da jem was dazu sagen?
    Log-Analyse und Auswertung - 20.02.2005 (10)
  16. Ich weiss nicht ob ich einen Virus auf meinem PC habe
    Plagegeister aller Art und deren Bekämpfung - 02.03.2003 (15)

Zum Thema habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. - hallo ihr lieben, ich hoffe ihr könnt mir helfen. ich kenne mich mit solchen dingen echt nicht aus also bitte habt nachsicht . habe mir heute ein virus eingefangen ich - habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1....
Archiv
Du betrachtest: habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.