Trojaner-Board - Google Redirect Virus - TDSSKiller bringt keine Treffer

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Google Redirect Virus - TDSSKiller bringt keine Treffer (https://www.trojaner-board.de/104667-google-redirect-virus-tdsskiller-bringt-keine-treffer.html)

Google Redirect Virus - TDSSKiller bringt keine Treffer

Lieber Board Mitglieder,

meine Freundin hat sich einen google redirect virus geholt.

Symptome:
Umleitung auf Werbseiten nach klick auf Suchtreffer google links, sowie
Browser Tabs (chrome) werden eigenstaendig geoeffnet mit selben Werbeseiten

Die Umleitung erfolgte gestern ueber adjectivesearchsystem.com,
heute ist es eximioussearchsystem.com

Suche mit TDSSKiller, Malwarebites, Sophos AntiRootkit, SUPERAntiSpyware ergab keine Treffer.

Andere PCs am gleichem Router haben das Umleitungsproblem nicht.

Anbei otl.txt und extras.txt.

Vielen Dank fuer Eure Hilfe.

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/howfytdl/{9ACCB245-A272-4C69-B93E-B93EBF0B7766}

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\Shell - "" = AutoRun

O33 - MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\Shell - "" = AutoRun

O33 - MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\Shell\AutoRun\command - "" = H:\MI.exe

O33 - MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\Shell - "" = AutoRun

O33 - MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\Shell - "" = AutoRun

O33 - MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\Shell - "" = AutoRun

O33 - MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\Shell\AutoRun\command - "" = F:\AutoRun.exe

[2011.10.31 11:14:46 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.10.31 11:14:44 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
 

:Commands

[purity]

[emptytemp]

[resethosts]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
absichtlich installiert?:

Zitat:

Babylon

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Zitat:

Zitat von kira (Beitrag 715471)

** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen: [...]

Bitte schön:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Database version: 8064
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

02.11.2011 00:37:14

mbam-log-2011-11-02 (00-37-04).txt
 

Scan type: Full scan (C:\|D:\|I:\|J:\|)

Objects scanned: 547925

Time elapsed: 1 hour(s), 27 minute(s), 15 second(s)
 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1
 

Memory Processes Infected:

(No malicious items detected)
 

Memory Modules Infected:

(No malicious items detected)
 

Registry Keys Infected:

(No malicious items detected)
 

Registry Values Infected:

(No malicious items detected)
 

Registry Data Items Infected:

(No malicious items detected)
 

Folders Infected:

(No malicious items detected)
 

Files Infected:

c:\Windows\assembly\tmp\U\800000c0.@ (Trojan.Agent) -> No action taken.

Zitat:

Zitat von kira (Beitrag 715471)

Fixen mit OTL

Hier das Ergebnis:

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ not found.

File F:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ not found.

File H:\MI.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b69a420-fa0f-11e0-8efb-00215d077500}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b69a420-fa0f-11e0-8efb-00215d077500}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ not found.

File F:\AutoRun.exe not found.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.

Unable to delete ADS C:\Users\Maryam\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b .

Unable to delete ADS C:\Users\Maryam\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b .

Unable to delete ADS C:\Users\Maryam\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b .

ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Maryam

->Temp folder emptied: 1406311 bytes

->Temporary Internet Files folder emptied: 7716998 bytes

->Java cache emptied: 719642 bytes

->Google Chrome cache emptied: 32275006 bytes

->Flash cache emptied: 57385 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4118576 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72509989 bytes

RecycleBin emptied: 172836 bytes

 

Total Files Cleaned = 114.00 mb

 

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 11022011_004016
 

Files\Folders moved on Reboot...

C:\Users\Maryam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Maryam\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.

C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
 

Registry entries deleted on Reboot...

Zitat:

Zitat von kira (Beitrag 715471)

Ich würde gerne noch all deine installierten Programme sehen:

Bitte Schön. Ist nichts spannenedes dabei. Babylon toolbar wohl mal versehentlich mitinstaliert, dann wieder deinstaliert

Code:

Adobe AIR        Adobe Systems Inc.        30.10.2011                2.5.1.17730

Adobe Community Help        Adobe Systems Incorporated.        30.10.2011                3.4.980

Adobe Download Assistant        Adobe Systems Incorporated        30.10.2011                1.0.4

Adobe Dreamweaver CS5.5        Adobe Systems Incorporated        30.10.2011        801 MB        11.5

Adobe Fireworks CS5        Adobe Systems Incorporated        30.10.2011        1'063 MB        11.0

Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        30.10.2011        6.00 MB        10.3.183.7

Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        26.10.2011        6.00 MB        11.0.1.152

Adobe Media Player        Adobe Systems Incorporated        30.10.2011                1.8

Adobe Reader X (10.1.1)        Adobe Systems Incorporated        12.10.2011        114.2 MB        10.1.1

Aspell 0.6 Dictionary (Language: en)                30.10.2011                

Aspell Data                30.10.2011                

CCleaner        Piriform        30.10.2011                3.12

Cisco AnyConnect VPN Client        Cisco Systems, Inc.        16.10.2011        4.68 MB        2.5.3055

Dropbox        Dropbox, Inc.        19.09.2011                1.1.45

Foxit Reader 5.0        Foxit Corporation        29.09.2011        28.1 MB        5.0.2.718

Gadwin PrintScreen        Gadwin Systems, Inc.        30.10.2011                4.5

Google Chrome        Google Inc.        30.10.2011                15.0.874.106

Google Talk (remove only)                26.07.2011                

Google Talk Plugin        Google        12.09.2011        13.3 MB        2.3.2.0

Image Resizer Powertoy Clone for Windows (64 bit)        Brice Lambson        03.03.2011        0.29 MB        2.1

Intense Language Office                30.10.2011                

Java(TM) 6 Update 24        Oracle        09.04.2011        94.8 MB        6.0.240

jetAudio Basic VX        COWON        03.04.2011                8.0.11

Longman Dictionary of Contemporary English 5th Edition                30.10.2011                

LyX 2.0.0-3        LyX Team        30.10.2011                2.0.0-3

Malwarebytes' Anti-Malware version 1.51.2.1300        Malwarebytes Corporation        31.10.2011        13.8 MB        1.51.2.1300

MATLAB R2009a        The MathWorks, Inc.        26.02.2011                7.8

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        26.02.2011        38.8 MB        4.0.30319

Microsoft Office Enterprise 2007        Microsoft Corporation        30.10.2011                12.0.6425.1000

Microsoft Office File Validation Add-In        Microsoft Corporation        08.10.2011        7.95 MB        14.0.5130.5003

Microsoft Office PowerPoint Viewer 2007 (English)        Microsoft Corporation        14.09.2011        169.4 MB        12.0.6425.1000

Microsoft Primary Interoperability Assemblies 2005        Microsoft Corporation        15.07.2011        7.71 MB        8.0.50727.42

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053        Microsoft Corporation        07.03.2011        0.25 MB        8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        16.06.2011        0.29 MB        8.0.59193

Microsoft Visual C++ 2005 Redistributable (x64)        Microsoft Corporation        26.02.2011        0.69 MB        8.0.61000

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        17.04.2011        0.57 MB        8.0.51011

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        15.07.2011        0.58 MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        15.07.2011        0.58 MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        17.07.2011        0.59 MB        9.0.30729.6161

MiKTeX 2.9        MiKTeX.org        30.10.2011                2.9

Mobile Partner        Huawei Technologies Co.,Ltd        30.10.2011                11.302.06.07.40

MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        14.04.2011        1.28 MB        4.20.9870.0

MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        14.04.2011        1.33 MB        4.20.9876.0

Rosetta Stone Version 3        Rosetta Stone Ltd.        16.03.2011        120.4 MB        3.4.5.0

Setting Utility Series        Sony Corporation        26.02.2011                4.1.00.08130

Skype™ 5.1        Skype Technologies S.A.        08.03.2011        22.7 MB        5.1.112

Sophos Anti-Rootkit 1.5.20        Sophos Plc        30.10.2011                1.5.20

Sophos Anti-Virus        Sophos Limited        30.10.2011        26.3 MB        9.7.6

Sophos AutoUpdate        Sophos Limited        10.10.2011        9.01 MB        2.5.10

SPSS 15.0 für Windows [Auswertung Version]        SPSS Inc.        14.03.2011        450 MB        15.0.1

Synaptics Pointing Device Driver        Synaptics        26.02.2011                10.2.7.0

VAIO Control Center        Sony Corporation        26.02.2011                3.1.00.07110

VAIO Energie Verwaltung        Sony Corporation        26.02.2011                3.1.00.08060

VLC media player 1.1.11        VideoLAN        30.10.2011                1.1.11

WIDCOMM Bluetooth Software        Broadcom Corporation        29.06.2011        144.3 MB        6.2.0.9600

Windows 7 USB/DVD Download Tool        Microsoft Corporation        10.05.2011        0.85 MB        1.0.24.0

WinRAR 4.00 beta 7 (64-bit)        win.rar GmbH        26.02.2011                4.00.7

µTorrent                30.10.2011                2.2.0

Was mir mit CCleaner auffällt: nach jeder reinigung sammeln sich an die 400 mb an "System - Error Log Files" an.

Erneuter OTL scan wird nachgeliefert. Danke Schön soweit.

otl.txt

Code:

OTL logfile created on: 02.11.2011 01:26:30 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Maryam\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.84 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 61.99% Memory free

7.68 Gb Paging File | 6.04 Gb Available in Paging File | 78.55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.58 Gb Total Space | 55.97 Gb Free Space | 50.16% Space Free | Partition Type: NTFS

Drive D: | 111.47 Gb Total Space | 26.28 Gb Free Space | 23.58% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: MARZA | User Name: Maryam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.10.31 22:10:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maryam\Desktop\OTL.exe

PRC - [2011.10.11 11:12:32 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe

PRC - [2011.10.11 11:12:26 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe

PRC - [2011.10.11 11:06:15 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe

PRC - [2011.09.24 14:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE

PRC - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Maryam\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.19 04:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

PRC - [2011.05.12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

PRC - [2011.05.12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

PRC - [2011.04.07 19:27:20 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2011.03.14 13:31:35 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe

PRC - [2010.10.14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe

PRC - [2009.07.01 17:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

PRC - [2008.07.28 17:45:42 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2008.07.28 17:45:42 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009.07.01 17:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2008.08.06 18:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV - [2011.10.11 11:12:32 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)

SRV - [2011.10.11 11:12:26 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)

SRV - [2011.10.11 11:06:15 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)

SRV - [2011.09.24 14:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)

SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.19 04:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)

SRV - [2011.05.12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)

SRV - [2011.05.12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)

SRV - [2011.03.17 10:23:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.03.14 13:31:35 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.07.28 17:45:42 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.10.11 11:12:29 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)

DRV:64bit: - [2011.10.11 11:06:08 | 000,026,104 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)

DRV:64bit: - [2011.10.11 11:06:01 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)

DRV:64bit: - [2011.09.22 19:29:18 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.03.17 10:18:03 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010.04.14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010.01.26 07:16:00 | 000,087,040 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)

DRV:64bit: - [2009.10.21 16:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)

DRV:64bit: - [2009.09.10 14:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2009.09.01 11:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009.09.01 11:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009.09.01 11:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009.09.01 11:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009.07.22 14:16:48 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008.09.27 14:21:02 | 000,321,072 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2008.05.06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007.08.03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV - [2011.05.19 04:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)

DRV - [2011.05.16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/08/05 21:18:32] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})

DRV - [2010.11.17 21:29:20 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/03/13 23:56:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

 

 

 
 ========== Chrome  ==========

 

CHR - default_search_provider: scroogle (Enabled)

CHR - default_search_provider: search_url = https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi?Gw={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2011.11.02 00:41:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)

O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)

O4 - Startup: C:\Users\Maryam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maryam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.18 62.109.123.196

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EC8595-7ACE-45F5-BDC9-6CB3837FBC09}: DhcpNameServer = 213.191.74.18 62.109.123.196

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3069806B-0D7B-4538-B83D-226D45FD08CC}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F6CE185-EA20-4D9A-9CF0-2A6A260C79F3}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D932C5DD-0964-4C22-9B2F-D6CEE834B8F2}: DhcpNameServer = 192.168.207.1 141.44.1.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)

O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.02 00:40:16 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.11.01 21:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.10.31 22:10:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Maryam\Desktop\OTL.exe

[2011.10.31 20:24:16 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\vlc

[2011.10.31 20:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.10.31 15:00:25 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\SUPERAntiSpyware.com

[2011.10.31 12:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2011.10.31 12:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2011.10.31 11:26:01 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Malwarebytes

[2011.10.31 11:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.10.31 11:25:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.10.31 11:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011.10.31 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011.10.30 23:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2011.10.30 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2011.10.30 22:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2011.10.30 19:40:24 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Avira

[2011.10.30 19:34:55 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2011.10.30 19:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.10.30 19:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2011.10.30 19:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.10.30 18:58:24 | 000,000,000 | ---D | C] -- C:\Intel

[2011.10.30 18:40:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011.10.30 18:40:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2011.10.30 18:40:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2011.10.30 18:40:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.10.30 18:40:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2011.10.30 18:40:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2011.10.30 18:40:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.10.30 18:40:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2011.10.30 18:40:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011.10.30 18:40:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2011.10.30 18:40:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.10.30 18:40:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.10.30 18:40:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.10.30 18:40:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2011.10.30 18:40:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2011.10.30 18:40:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2011.10.30 18:40:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2011.10.30 18:40:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2011.10.30 18:40:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2011.10.30 18:40:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2011.10.30 18:40:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2011.10.30 18:40:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2011.10.30 18:40:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2011.10.30 18:40:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2011.10.30 18:40:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.10.30 18:40:21 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2011.10.30 18:40:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2011.10.30 18:40:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2011.10.30 18:40:21 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2011.10.30 18:40:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2011.10.30 18:40:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.10.30 18:40:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2011.10.30 18:40:20 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2011.10.30 18:40:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2011.10.30 18:40:20 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2011.10.30 18:40:19 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011.10.30 18:40:19 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011.10.30 18:40:19 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2011.10.30 18:40:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.10.30 18:40:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2011.10.30 18:40:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2011.10.30 18:40:19 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2011.10.30 18:40:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2011.10.30 18:40:19 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.10.30 18:40:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2011.10.30 18:40:19 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2011.10.30 18:40:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2011.10.30 18:40:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2011.10.30 18:40:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2011.10.30 18:40:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2011.10.30 18:40:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2011.10.30 18:40:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2011.10.30 18:40:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2011.10.30 18:40:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.10.30 18:40:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2011.10.30 18:40:18 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011.10.30 18:40:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2011.10.30 18:40:18 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2011.10.30 18:40:18 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.10.30 18:40:18 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2011.10.30 18:40:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.10.30 18:40:18 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2011.10.30 18:40:18 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.10.30 18:40:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2011.10.30 18:40:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2011.10.30 18:40:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2011.10.30 18:40:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2011.10.30 18:40:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.10.30 18:40:17 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.10.30 18:40:17 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011.10.30 18:40:17 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2011.10.30 18:40:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2011.10.30 18:15:28 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Local\Sophos

[2011.10.28 10:36:13 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\dvdcss

[2011.10.27 21:27:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2011.10.23 23:30:13 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Desktop\recordings

[2011.10.22 09:01:15 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Desktop\New folder

[2011.10.19 13:55:05 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Documents\Downloads

[2011.10.17 12:39:27 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%

[2011.10.17 12:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

[2011.10.16 13:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner

[2011.10.16 13:49:00 | 000,243,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys

[2011.10.16 13:49:00 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys

[2011.10.16 13:49:00 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys

[2011.10.16 13:49:00 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys

[2011.10.16 13:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner

[2011.10.13 10:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9

[2011.10.13 10:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9

[2011.10.13 10:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyX20

[2011.10.13 09:21:56 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2011.10.13 09:21:56 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2011.10.13 09:21:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2011.10.13 09:21:56 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2011.10.13 09:21:48 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2011.10.13 09:21:48 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll

[2011.10.12 12:50:24 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Desktop\Iran

[2011.10.12 12:34:46 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\LyX2.0

[2011.10.11 11:12:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2011.10.11 11:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence

[2011.10.11 11:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos

[2011.10.11 11:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems

[2011.10.11 11:06:56 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe

[2011.10.11 11:06:09 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys

[2011.10.11 11:06:08 | 000,026,104 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys

[2011.10.11 11:06:05 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll

[2011.10.11 11:06:01 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys

[2011.10.11 11:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos

[2011.10.11 11:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2011.10.08 10:31:20 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Foxit Software

[2011.10.07 18:16:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview

[2011.10.07 18:15:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2011.10.06 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Sammsoft

[2011.10.06 19:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2011

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.02 01:23:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001UA.job

[2011.11.02 00:50:20 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.02 00:50:20 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.02 00:42:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.02 00:42:29 | 3094,573,056 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.02 00:41:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2011.11.01 21:48:24 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.01 14:37:14 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.11.01 14:37:14 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.11.01 14:37:13 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.11.01 14:35:27 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.10.31 22:10:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maryam\Desktop\OTL.exe

[2011.10.31 22:05:11 | 000,000,188 | ---- | M] () -- C:\Users\Maryam\defogger_reenable

[2011.10.31 20:27:53 | 000,050,477 | ---- | M] () -- C:\Users\Maryam\Desktop\Defogger.exe

[2011.10.31 20:24:04 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.10.31 17:23:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001Core.job

[2011.10.31 12:26:13 | 001,702,382 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2011.10.31 12:12:50 | 000,388,824 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_commerz.pdf

[2011.10.31 12:04:39 | 000,388,985 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_internet_nov.pdf

[2011.10.31 12:02:05 | 000,389,559 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_rent_nov.pdf

[2011.10.31 11:55:45 | 000,389,193 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_GA.pdf

[2011.10.31 11:15:45 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011.10.31 11:15:45 | 000,002,239 | ---- | M] () -- C:\Users\Maryam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011.10.30 22:49:41 | 000,001,365 | ---- | M] () -- C:\Users\Maryam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2011.10.30 18:40:23 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011.10.30 18:40:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2011.10.30 18:40:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2011.10.30 18:40:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2011.10.30 18:40:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2011.10.30 18:40:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2011.10.30 18:40:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2011.10.30 18:40:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2011.10.30 18:40:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2011.10.30 18:40:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2011.10.30 18:40:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2011.10.30 18:40:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2011.10.30 18:40:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.10.30 18:40:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2011.10.30 18:40:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2011.10.30 18:40:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2011.10.30 18:40:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2011.10.30 18:40:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2011.10.30 18:40:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2011.10.30 18:40:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2011.10.30 18:40:22 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2011.10.30 18:40:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2011.10.30 18:40:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2011.10.30 18:40:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2011.10.30 18:40:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2011.10.30 18:40:21 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2011.10.30 18:40:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2011.10.30 18:40:21 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2011.10.30 18:40:21 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2011.10.30 18:40:21 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2011.10.30 18:40:21 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.10.30 18:40:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2011.10.30 18:40:20 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2011.10.30 18:40:20 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2011.10.30 18:40:20 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2011.10.30 18:40:19 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011.10.30 18:40:19 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011.10.30 18:40:19 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2011.10.30 18:40:19 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.10.30 18:40:19 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2011.10.30 18:40:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2011.10.30 18:40:19 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2011.10.30 18:40:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2011.10.30 18:40:19 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2011.10.30 18:40:19 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2011.10.30 18:40:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2011.10.30 18:40:19 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2011.10.30 18:40:19 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2011.10.30 18:40:19 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2011.10.30 18:40:19 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2011.10.30 18:40:19 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2011.10.30 18:40:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2011.10.30 18:40:19 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2011.10.30 18:40:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2011.10.30 18:40:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2011.10.30 18:40:18 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2011.10.30 18:40:18 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2011.10.30 18:40:18 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2011.10.30 18:40:18 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2011.10.30 18:40:18 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2011.10.30 18:40:18 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2011.10.30 18:40:18 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2011.10.30 18:40:18 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.10.30 18:40:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2011.10.30 18:40:18 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2011.10.30 18:40:18 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2011.10.30 18:40:18 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2011.10.30 18:40:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2011.10.30 18:40:17 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2011.10.30 18:40:17 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011.10.30 18:40:17 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2011.10.30 18:40:17 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2011.10.27 21:41:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011.10.26 07:35:29 | 000,000,428 | ---- | M] () -- C:\Users\Maryam\Desktop\Document.rtf

[2011.10.25 15:29:27 | 000,964,181 | ---- | M] () -- C:\Users\Maryam\Desktop\3.jpeg

[2011.10.25 15:28:32 | 001,217,483 | ---- | M] () -- C:\Users\Maryam\Desktop\2.jpeg

[2011.10.25 15:27:33 | 001,623,929 | ---- | M] () -- C:\Users\Maryam\Desktop\1.jpeg

[2011.10.25 11:40:49 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm

[2011.10.25 11:34:38 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz

[2011.10.25 11:34:38 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll

[2011.10.21 15:42:49 | 000,126,390 | ---- | M] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN (1).pdf

[2011.10.21 15:39:45 | 000,126,390 | ---- | M] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.pdf

[2011.10.21 12:08:44 | 269,389,405 | ---- | M] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.prn

[2011.10.19 17:41:48 | 000,010,240 | ---- | M] () -- C:\Users\Maryam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys

[2011.10.19 08:31:07 | 000,002,645 | ---- | M] () -- C:\Users\Maryam\Desktop\Microsoft Office PowerPoint 2007.lnk

[2011.10.18 09:06:41 | 000,001,219 | ---- | M] () -- C:\Users\Maryam\Desktop\Cisco AnyConnect VPN Client.lnk

[2011.10.17 12:00:43 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2011.10.16 22:05:39 | 000,056,512 | ---- | M] () -- C:\Users\Maryam\Desktop\GA1 chronological.pdf

[2011.10.16 22:04:43 | 000,044,154 | ---- | M] () -- C:\Users\Maryam\Desktop\GA1 overview.pdf

[2011.10.16 13:49:05 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk

[2011.10.15 17:18:13 | 000,921,652 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg.pdf

[2011.10.14 12:28:05 | 004,976,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.10.13 10:43:00 | 000,001,981 | ---- | M] () -- C:\Users\Maryam\Desktop\LyX 2.0.lnk

[2011.10.13 09:44:40 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011.10.11 11:12:29 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys

[2011.10.11 11:06:08 | 000,026,104 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys

[2011.10.11 11:06:05 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll

[2011.10.11 11:06:05 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe

[2011.10.11 11:06:01 | 000,025,608 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys

[2011.10.11 10:23:05 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old

[2011.10.09 10:27:20 | 000,027,245 | ---- | M] () -- C:\Users\Maryam\Desktop\1. Semester_WS 11_12[1].pdf

[2011.10.07 18:27:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll

[2011.10.07 18:27:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll

 
 ========== Files Created - No Company Name ==========

 

[2011.11.01 21:48:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.10.31 22:05:10 | 000,000,188 | ---- | C] () -- C:\Users\Maryam\defogger_reenable

[2011.10.31 21:21:47 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.10.31 20:27:53 | 000,050,477 | ---- | C] () -- C:\Users\Maryam\Desktop\Defogger.exe

[2011.10.31 20:24:04 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2011.10.31 12:26:04 | 001,702,382 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2011.10.31 12:12:50 | 000,388,824 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_commerz.pdf

[2011.10.31 12:04:39 | 000,388,985 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_internet_nov.pdf

[2011.10.31 12:02:05 | 000,389,559 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_rent_nov.pdf

[2011.10.31 11:55:45 | 000,389,193 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_GA.pdf

[2011.10.31 11:15:45 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011.10.31 11:15:45 | 000,002,239 | ---- | C] () -- C:\Users\Maryam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011.10.26 07:35:28 | 000,000,428 | ---- | C] () -- C:\Users\Maryam\Desktop\Document.rtf

[2011.10.25 12:50:27 | 000,964,181 | ---- | C] () -- C:\Users\Maryam\Desktop\3.jpeg

[2011.10.25 12:49:46 | 001,217,483 | ---- | C] () -- C:\Users\Maryam\Desktop\2.jpeg

[2011.10.25 12:49:04 | 001,623,929 | ---- | C] () -- C:\Users\Maryam\Desktop\1.jpeg

[2011.10.21 15:42:52 | 000,126,390 | ---- | C] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN (1).pdf

[2011.10.21 15:39:44 | 000,126,390 | ---- | C] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.pdf

[2011.10.21 12:08:25 | 269,389,405 | ---- | C] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.prn

[2011.10.19 08:31:07 | 000,002,645 | ---- | C] () -- C:\Users\Maryam\Desktop\Microsoft Office PowerPoint 2007.lnk

[2011.10.18 15:59:17 | 000,083,401 | ---- | C] () -- C:\Users\Maryam\Desktop\Planning_3rd_Semester_WS_2011_12 (1).pdf

[2011.10.18 15:59:17 | 000,027,245 | ---- | C] () -- C:\Users\Maryam\Desktop\1. Semester_WS 11_12[1].pdf

[2011.10.18 09:06:41 | 000,001,219 | ---- | C] () -- C:\Users\Maryam\Desktop\Cisco AnyConnect VPN Client.lnk

[2011.10.16 22:05:39 | 000,056,512 | ---- | C] () -- C:\Users\Maryam\Desktop\GA1 chronological.pdf

[2011.10.16 22:04:43 | 000,044,154 | ---- | C] () -- C:\Users\Maryam\Desktop\GA1 overview.pdf

[2011.10.16 13:49:05 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk

[2011.10.15 17:18:13 | 000,921,652 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg.pdf

[2011.10.13 10:43:00 | 000,001,981 | ---- | C] () -- C:\Users\Maryam\Desktop\LyX 2.0.lnk

[2011.10.13 10:25:32 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.0.lnk

[2011.10.13 09:44:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.10.13 09:44:40 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2011.10.01 21:21:26 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.09.30 15:13:22 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe

[2011.09.30 15:07:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2011.03.16 20:03:39 | 000,010,240 | ---- | C] () -- C:\Users\Maryam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.15 16:39:54 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll

[2011.03.15 16:39:54 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll

[2011.03.15 16:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll

[2011.03.15 16:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll

[2011.03.15 16:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll

[2011.03.15 16:38:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll

[2011.03.15 16:38:07 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll

[2011.02.27 19:14:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.02.27 03:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

[2011.02.27 02:35:43 | 000,007,605 | ---- | C] () -- C:\Users\Maryam\AppData\Local\Resmon.ResmonCfg

[2010.08.25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010.08.25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010.08.25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009.09.16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.12.09 14:11:00 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\intedreg.exe

 
 ========== LOP Check ==========

 

[2011.09.17 12:44:50 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\12Voip

[2011.08.10 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Auslogics

[2011.09.30 15:07:58 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\CAD-KAS

[2011.09.10 12:13:47 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.09.11 23:03:24 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011.04.04 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\COWON

[2011.10.30 19:39:45 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\DAEMON Tools Lite

[2011.09.30 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Downloaded Installations

[2011.11.02 01:14:50 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Dropbox

[2011.10.08 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Foxit Software

[2011.10.22 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\JustVoip

[2011.10.13 10:33:28 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\LyX2.0

[2011.09.30 15:03:00 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Nitro PDF

[2011.04.14 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Nokia

[2011.10.31 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Nvu

[2011.09.18 14:40:35 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\ooVoo Details

[2011.04.14 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\PC Suite

[2011.10.06 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Sammsoft

[2011.08.17 19:25:13 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Telefónica

[2011.11.02 01:26:26 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\uTorrent

[2011.09.18 20:27:35 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b
 

< End of report >

extras.txt

Code:

OTL Extras logfile created on: 02.11.2011 01:26:30 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Maryam\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.84 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 61.99% Memory free

7.68 Gb Paging File | 6.04 Gb Available in Paging File | 78.55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111.58 Gb Total Space | 55.97 Gb Free Space | 50.16% Space Free | Partition Type: NTFS

Drive D: | 111.47 Gb Total Space | 26.28 Gb Free Space | 23.58% Space Free | Partition Type: NTFS

Unable to calculate disk information.

 

Computer Name: MARZA | User Name: Maryam | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

"" = 

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"MatlabR2009a" = MATLAB R2009a

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.00 beta 7 (64-bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate

"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24

"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help

"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version]

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client

"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Aspell" = Aspell Data

"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Foxit Reader_is1" = Foxit Reader 5.0

"Gadwin PrintScreen" = Gadwin PrintScreen

"Google Chrome" = Google Chrome

"Intense Language Office" = Intense Language Office

"LyX20" = LyX 2.0.0-3

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"MiKTeX 2.9" = MiKTeX 2.9

"Mobile Partner" = Mobile Partner

"NSIS_ldoce5" = Longman Dictionary of Contemporary English 5th Edition

"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 01.11.2011 19:43:27 | Computer Name = marza | Source = ESENT | ID = 455

Description = Windows (3796) Windows: Error -1811 occurred while opening logfile

 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00011.log.

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 9000

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 7040

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 7042

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 9002

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3029

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3029

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3028

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3058

Description = 

 

Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 7010

Description = 

 

[ Cisco AnyConnect VPN Client Events ]

Error - 31.10.2011 06:36:13 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 31.10.2011 07:41:06 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 31.10.2011 09:11:13 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 31.10.2011 13:47:58 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 31.10.2011 14:04:22 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 31.10.2011 17:06:43 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 31.10.2011 18:24:27 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 01.11.2011 09:32:33 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 01.11.2011 16:41:27 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

Error - 01.11.2011 19:42:56 | Computer Name = marza | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.
 

File:

 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

 No such file or directory

 

[ OSession Events ]

Error - 12.04.2011 06:08:39 | Computer Name = marza | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6835

 seconds with 2880 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 05.08.2011 15:07:52 | Computer Name = marza | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the VAIO

 Power Management service to connect.

 

Error - 05.08.2011 15:07:52 | Computer Name = marza | Source = Service Control Manager | ID = 7000

Description = The VAIO Power Management service failed to start due to the following

 error:   %%1053

 

Error - 05.08.2011 15:18:11 | Computer Name = marza | Source = Service Control Manager | ID = 7030

Description = The CyberLink PowerDVD 11.0 Service service is marked as an interactive

 service.  However, the system is configured to not allow interactive services. 

 This service may not function properly.

 

Error - 05.08.2011 15:18:13 | Computer Name = marza | Source = Service Control Manager | ID = 7030

Description = The CyberLink PowerDVD 11.0 Monitor Service service is marked as an

 interactive service.  However, the system is configured to not allow interactive

 services.  This service may not function properly.

 

Error - 05.08.2011 15:19:01 | Computer Name = marza | Source = bowser | ID = 8003

Description = 

 

Error - 05.08.2011 21:17:16 | Computer Name = marza | Source = ipnathlp | ID = 31004

Description = 

 

Error - 06.08.2011 04:21:01 | Computer Name = marza | Source = ipnathlp | ID = 31004

Description = 

 

Error - 06.08.2011 05:03:56 | Computer Name = marza | Source = ipnathlp | ID = 31004

Description = 

 

Error - 06.08.2011 06:08:56 | Computer Name = marza | Source = ipnathlp | ID = 31004

Description = 

 

Error - 06.08.2011 10:03:57 | Computer Name = marza | Source = ipnathlp | ID = 31004

Description = 

 

 

< End of report >

1.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

Hier das Ergebnis des SUPERAntiScans....

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 11/02/2011 at 10:42 PM
 

Application Version : 5.0.1134
 

Core Rules Database Version : 7885

Trace Rules Database Version: 5697
 

Scan type       : Complete Scan

Total Scan Time : 02:28:24
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator
 

Memory items scanned      : 637

Memory threats detected   : 0

Registry items scanned    : 72656

Registry threats detected : 0

File items scanned        : 167275

File threats detected     : 0

Syptome sind die gleichen wie urspruenglich:
Umleitung von gooogle auf Werbeseiten, sowie Browserfenster die sich selbstaendig oeffnen. Die Umleitungsadresse scheint taeglich zu wechseln, heute mit dem schoenen Namen: wonderfulseachsystem.com

Sonst keine Auffaelligkeiten oder Probleme.

Schritt 4. - fehlt noch!

außerdem:
1.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

2.
-> SICHEREN BROWSER VERWENDEN z.B. -> Firefox - Erweiterungen für Firefox

3.
Dazu installiere noch:
Adblock Plus

Hallo,

wir kommen der Sache näher...

Der Scan mit Eset Online scan ergab folgendes:

Code:

C:\Users\Maryam\Downloads\FreeYouTubeDownloaderSetup.exe        a variant of Win32/Toolbar.Zugo application        deleted - quarantined

C:\Windows\system64\consrv.dll        Win64/Sirefef.D trojan        cleaned by deleting - quarantined

Operating memory        a variant of Win32/Sirefef.CH trojan

Nach dem Scan war das System nicht mehr bootfähig und musste mit System Restore wiederhergestellt werden. Ich vemute, dass durch die Löschung von consrv.dll windows nicht geladen werden konnte?

Die Umleitung ist übrigens Browserunabhängig, gesestet mit chrome & IE10 .

Hier das Ergebnis des MRB scans:

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-11-03 19:35:42

-----------------------------

19:35:42.412    OS Version: Windows x64 6.1.7601 Service Pack 1

19:35:42.413    Number of processors: 2 586 0xF0D

19:35:42.414    ComputerName: MARZA  UserName: 

19:35:44.663    Initialize success

19:36:34.902    AVAST engine defs: 11110300

19:38:58.585    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:38:58.590    Disk 0 Vendor: TOSHIBA_MK2552GSX LV010A Size: 238475MB BusType: 11

19:38:58.596    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000071

19:38:58.600    Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0

19:38:58.610    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000072

19:38:58.615    Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0

19:39:00.662    Disk 0 MBR read successfully

19:39:00.669    Disk 0 MBR scan

19:39:00.681    Disk 0 Windows 7 default MBR code

19:39:00.689    Service scanning

19:39:02.202    Modules scanning

19:39:02.211    Disk 0 trace - called modules:

19:39:02.263    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

19:39:02.275    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfb490]

19:39:02.286    3 CLASSPNP.SYS[fffff8800195843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004713060]

19:39:03.094    AVAST engine scan C:\Windows

19:39:04.857    AVAST engine scan C:\Windows\system32

19:39:15.890    File: C:\Windows\system32\consrv.dll  **INFECTED** Win32:Malware-gen

19:40:45.721    AVAST engine scan C:\Windows\system32\drivers

19:40:54.833    AVAST engine scan C:\Users\Maryam

19:43:18.521    Disk 0 MBR has been saved successfully to "C:\Users\Maryam\Desktop\MBR.dat"

19:43:18.528    The log file has been saved successfully to "C:\Users\Maryam\Desktop\aswMBR.txt"

Schöne Grüße

sieht nicht gut aus, hoffentlich ComboFix kann dein Problem lösen...

1.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!

2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows 2000 (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Hallo,

der Scan mit ComboFix hat die Sache bereinigt. Vielen Dank!

Leider sind die Logfiles mittlerweile abhanden gekommen, deshalb kann ich hier nichts vorzeigen.

:dankeschoen:

Zitat:

Zitat von 8hours (Beitrag 720331)

der Scan mit ComboFix hat die Sache bereinigt. Vielen Dank!

Leider sind die Logfiles mittlerweile abhanden gekommen, deshalb kann ich hier nichts vorzeigen.

schaue mal bitte nach:

Code:

C:\Qoobox 

oder C:\ComboFix.txt

Hier nochmal die ComboFix log Datei

[CODE]
Combofix Logfile:

Code:

ComboFix 11-11-05.02 - Maryam 05.11.2011   9:22.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.3935.2273 [GMT 1:00]

ausgeführt von:: c:\users\Maryam\Desktop\ComboFix.exe

AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}

SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\fix_gr_xhs.mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\new_fix_X_xPhs_xPls_uPhs_uPls_defe.mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\pearson-correlation-timecourse-dmpfc-precuneus (1).mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\pearson-correlation-timecourse-dmpfc-precuneus (2).mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\phs_gr_pls.mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\pls_gr_phs.mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\xhs_gr_fix.mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\xhs_gr_xls.mat

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\xls_gr_xhs.mat

c:\windows\assembly\tmp\U

c:\windows\assembly\tmp\U\000000c0.@

c:\windows\assembly\tmp\U\000000cb.@

c:\windows\assembly\tmp\U\000000cf.@

c:\windows\assembly\tmp\U\80000000.@

c:\windows\assembly\tmp\U\800000c0.@

c:\windows\assembly\tmp\U\800000cb.@

c:\windows\assembly\tmp\U\800000cf.@

c:\windows\system32\consrv.dll

c:\windows\System64

c:\windows\SysWow64\lsprst7.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-05 bis 2011-11-05  ))))))))))))))))))))))))))))))

.

.

2011-11-05 08:34 . 2011-11-05 08:34        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-11-04 17:21 . 2011-11-04 17:21        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFFF0060-49B4-434D-BD75-8386BC95B753}\offreg.dll

2011-11-04 17:21 . 2011-10-07 04:16        8570192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFFF0060-49B4-434D-BD75-8386BC95B753}\mpengine.dll

2011-11-03 00:36 . 2011-11-03 00:36        --------        d-----w-        c:\program files (x86)\ESET

2011-11-02 09:32 . 2011-11-03 16:26        --------        d-----w-        c:\program files\SUPERAntiSpyware

2011-11-02 09:32 . 2011-11-02 09:32        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-11-01 23:40 . 2011-11-01 23:40        --------        d-----w-        C:\_OTL

2011-11-01 20:48 . 2011-11-03 16:26        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-10-31 19:24 . 2011-11-03 16:26        --------        d-----w-        c:\users\Maryam\AppData\Roaming\vlc

2011-10-31 14:00 . 2011-10-31 14:00        --------        d-----w-        c:\users\Maryam\AppData\Roaming\SUPERAntiSpyware.com

2011-10-31 11:25 . 2011-10-31 13:10        --------        d-----w-        c:\program files (x86)\Common Files\PC Tools

2011-10-31 11:23 . 2011-10-31 11:46        --------        d-----w-        c:\programdata\PC Tools

2011-10-31 10:26 . 2011-10-31 10:26        --------        d-----w-        c:\users\Maryam\AppData\Roaming\Malwarebytes

2011-10-31 10:25 . 2011-11-03 16:24        --------        d-----w-        c:\programdata\Malwarebytes

2011-10-31 10:25 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-10-30 21:53 . 2011-10-31 10:15        --------        d-----w-        c:\program files (x86)\Google

2011-10-30 21:52 . 2011-10-31 18:59        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2011-10-30 18:40 . 2011-10-30 18:40        --------        d-----w-        c:\users\Maryam\AppData\Roaming\Avira

2011-10-30 18:34 . 2011-10-19 15:56        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-30 18:34 . 2011-10-30 18:34        --------        d-----w-        c:\programdata\Avira

2011-10-30 18:34 . 2011-10-30 18:34        --------        d-----w-        c:\program files (x86)\Avira

2011-10-30 18:30 . 2011-11-03 16:26        --------        d-----w-        c:\program files\CCleaner

2011-10-30 17:58 . 2011-10-30 17:58        --------        d-----w-        C:\Intel

2011-10-30 17:15 . 2011-10-30 17:15        --------        d-----w-        c:\users\Maryam\AppData\Local\Sophos

2011-10-28 09:36 . 2011-10-28 09:36        --------        d-----w-        c:\users\Maryam\AppData\Roaming\dvdcss

2011-10-27 20:27 . 2011-10-27 20:27        --------        d-----w-        c:\windows\system32\Macromed

2011-10-17 11:39 . 2011-10-17 11:39        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2011-10-16 12:49 . 2009-10-21 15:16        243200        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys

2011-10-16 12:49 . 2009-10-12 13:23        114304        ----a-w-        c:\windows\system32\drivers\ewusbdev.sys

2011-10-16 12:49 . 2009-09-10 13:31        117248        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys

2011-10-16 12:49 . 2007-08-09 02:10        29696        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys

2011-10-16 12:48 . 2011-10-31 19:00        --------        d-----w-        c:\program files (x86)\Mobile Partner

2011-10-13 09:19 . 2011-10-13 09:20        --------        d-----w-        c:\program files (x86)\MiKTeX 2.9

2011-10-13 09:16 . 2011-10-31 19:00        --------        d-----w-        c:\program files (x86)\LyX20

2011-10-13 08:21 . 2011-09-06 03:03        3138048        ----a-w-        c:\windows\system32\win32k.sys

2011-10-13 08:21 . 2011-08-17 05:26        613888        ----a-w-        c:\windows\system32\psisdecd.dll

2011-10-13 08:21 . 2011-08-17 05:25        108032        ----a-w-        c:\windows\system32\psisrndr.ax

2011-10-13 08:21 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\SysWow64\psisdecd.dll

2011-10-13 08:21 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\SysWow64\psisrndr.ax

2011-10-13 08:21 . 2011-08-27 05:37        861696        ----a-w-        c:\windows\system32\oleaut32.dll

2011-10-13 08:21 . 2011-08-27 05:37        331776        ----a-w-        c:\windows\system32\oleacc.dll

2011-10-13 08:21 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\SysWow64\oleaut32.dll

2011-10-13 08:21 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\SysWow64\oleacc.dll

2011-10-12 11:34 . 2011-10-13 09:33        --------        d-----w-        c:\users\Maryam\AppData\Roaming\LyX2.0

2011-10-11 10:12 . 2011-10-11 10:12        --------        d-sh--w-        c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-10-11 10:07 . 2011-11-03 16:26        --------        d-----w-        c:\programdata\Sophos Web Intelligence

2011-10-11 10:07 . 2011-10-11 10:07        --------        d-----w-        c:\program files (x86)\Common Files\Cisco Systems

2011-10-11 10:06 . 2011-10-11 10:06        37400        ----a-w-        c:\windows\system32\SophosBootTasks.exe

2011-10-11 10:06 . 2011-10-11 10:12        144672        ----a-w-        c:\windows\system32\drivers\savonaccess.sys

2011-10-11 10:06 . 2011-10-11 10:06        26104        ----a-w-        c:\windows\system32\drivers\sdcfilter.sys

2011-10-11 10:06 . 2011-10-11 10:06        183024        ----a-w-        c:\windows\system32\sdccoinstaller.dll

2011-10-11 10:06 . 2011-10-11 10:06        25608        ----a-w-        c:\windows\system32\drivers\SophosBootDriver.sys

2011-10-11 10:05 . 2011-10-31 19:02        --------        d-----w-        c:\program files (x86)\Sophos

2011-10-11 10:05 . 2011-10-11 10:06        --------        d-----w-        c:\programdata\Sophos

2011-10-08 09:31 . 2011-10-08 09:31        --------        d-----w-        c:\users\Maryam\AppData\Roaming\Foxit Software

2011-10-07 17:16 . 2011-10-31 19:02        --------        d-----w-        c:\windows\system32\SPReview

2011-10-07 17:15 . 2011-10-31 19:02        --------        d-----w-        c:\windows\system32\EventProviders

2011-10-06 18:47 . 2011-10-06 18:47        --------        d-----w-        c:\users\Maryam\AppData\Roaming\Sammsoft

2011-10-06 18:47 . 2011-10-07 20:22        --------        d-----w-        c:\program files (x86)\ARO 2011

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-27 20:41 . 2011-05-22 08:14        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 17:27 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll

2011-10-07 17:27 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll

2011-09-30 14:07 . 2011-09-30 14:07        80896        ----a-w-        c:\windows\cadkasdeinst01.exe

2011-09-24 13:03 . 2011-09-24 13:03        68928        ----a-w-        c:\windows\SysWow64\NLSSRV32.EXE

2011-09-24 13:02 . 2011-09-30 13:21        17216        ----a-w-        c:\windows\system32\nitrolocalui.dll

2011-09-24 13:02 . 2011-09-30 13:21        28992        ----a-w-        c:\windows\system32\nitrolocalmon.dll

2011-09-22 18:44 . 2011-09-22 18:44        10680        ----a-w-        c:\windows\SysWow64\vpncategories.dll

2011-09-22 18:44 . 2011-09-22 18:44        30648        ----a-w-        c:\windows\SysWow64\vpnevents.dll

2011-09-22 18:29 . 2011-09-22 18:29        22264        ----a-w-        c:\windows\system32\drivers\vpnva64.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]

"ILO_Office_Manager"="IntEdReg.exe" [2006-12-09 53760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Maryam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2008-07-28 16:45        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]

@="service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/13 23:56];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 20:29 146928]

R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/05 21:18];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-16 18:54 148976]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]

R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]

R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]

R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-11 167960]

R2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-11 1543704]

R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 407392]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7ABB.tmp [x]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-10-11 99864]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001Core.job

- c:\users\Maryam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 08:53]

.

2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001UA.job

- c:\users\Maryam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 08:53]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]

"combofix"="c:\combofix\CF31226.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"combofix"="c:\combofix\CF31226.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 213.191.92.87 62.109.123.6

TCP: Interfaces\{00EC8595-7ACE-45F5-BDC9-6CB3837FBC09}\1405F5659535: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{00EC8595-7ACE-45F5-BDC9-6CB3837FBC09}\64259445A51224F6870264F6E60275C414E40273237303: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{3069806B-0D7B-4538-B83D-226D45FD08CC}: NameServer = 193.189.244.225 193.189.244.206

TCP: Interfaces\{7F6CE185-EA20-4D9A-9CF0-2A6A260C79F3}: NameServer = 193.189.244.225 193.189.244.206

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-{5F5867F0-2D23-4338-A206-01A76C823924} - c:\program files (x86)\InstallShield Installation Information\{5F5867F0-2D23-4338-A206-01A76C823924}\setup.exe

AddRemove-{72042FA6-5609-489F-A8EA-3C2DD650F667} - c:\program files (x86)\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe

AddRemove-{A7DA438C-2E43-4C20-BFDA-C1F4A6208558} - c:\program files (x86)\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe

AddRemove-{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} - c:\program files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe

AddRemove-{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A} - c:\program files (x86)\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe

AddRemove-{F232C87C-6E92-4775-8210-DFE90B7777D9} - c:\program files (x86)\InstallShield Installation Information\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\7ABB.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}"=hex:51,66,7a,6c,4c,1d,38,12,fb,75,f9,

   3d,c0,fd,2a,09,db,aa,6a,3a,df,d1,96,21

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:49,33,0d,d7,4d,97,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,ce,b7,86,65,85,9f,4a,83,e8,21,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,ce,b7,86,65,85,9f,4a,83,e8,21,\

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-11-05  09:47:43 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-11-05 08:47

.

Vor Suchlauf: 63'816'843'264 bytes free

Nach Suchlauf: 63'548'604'416 bytes free

.

- - End Of File - - 73A6F78AA50049C47F27AFB638310548

--- --- ---

Schoene Gruesse!

zur Nachkontrolle:

erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.