| |
| |||||||
Log-Analyse und Auswertung: habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.06.2011, 22:37
| #1 |
| |  habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. hallo ihr lieben, ich hoffe ihr könnt mir helfen. ich kenne mich mit solchen dingen echt nicht aus also bitte habt nachsicht . habe mir heute ein virus eingefangen ich weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das es sich um ein system scenner handelt von mozila firefox und oben in der leiste steht das hxxp://www1.armysuitetop.co.cc/kf1s?dwgr=iNnO457o1uDh2I%2Fpztiso5aqjeLK1qqsmdbL1texwsO3ndPlnqOdsJnk3LHc6qaWxuDLr8PRs7%2BZ5cvVoubS5cvpzNuH1dC2t7qP3dWxpqiSrJeglaqbq6euj%2BfZ1ePl17SYmN jb0barrJua2ejbrcaooKeWo56spKuimtnnrKGXp56qkaakqqqbzePS1djeoe7e6ZSg4N7h6dLiyuDS3MnY1Z%2FU5t%2Fo4dyX2s7i09jJ6cyg0OTUn9Td2bHI2dbg3OyN5MbYquHn6dmZmLWUoqqc mbjY6eSn2trS59ih2OPYpM7Xyt6b2ueam7rR59edye%2FI39He0qbi25bWzubj2MjY4J%2FK4OPi59bd3dTinNPF6cugyeba5Zc%3D bitte um schnelle hilfe ich hoffe ich hab jetzt nicht gegen die regeln verstoßen danke |
|
12.06.2011, 10:51
| #2 |
| /// Malware-holic   | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. hi
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
12.06.2011, 22:26
| #3 |
| | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. hallo markusg,
__________________vielen lieben dank für die schnelle antwort scan läuft gerade ....... werde danach beides posten . lg venus |
|
12.06.2011, 22:28
| #4 |
| /// Malware-holic | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. hi, bitte lass solche posts weg, poste einfach die logs oder wenn du probleme hast, sonst guckt man hier um sonst rein und der thread wird nur unnötig lang :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2011, 22:43
| #5 |
| | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.06.2011 22:47:07 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,18 Mb Total Physical Memory | 266,78 Mb Available Physical Memory | 26,31% Memory free 1,99 Gb Paging File | 0,71 Gb Available in Paging File | 35,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 38,96 Gb Total Space | 12,11 Gb Free Space | 31,07% Space Free | Partition Type: NTFS Drive D: | 39,06 Gb Total Space | 12,91 Gb Free Space | 33,05% Space Free | Partition Type: NTFS Drive E: | 33,66 Gb Total Space | 32,28 Gb Free Space | 95,90% Space Free | Partition Type: NTFS Computer Name: NAHID-PC | User Name: Nahid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.12 22:41:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2011.04.28 14:20:02 | 001,206,408 | ---- | M] (SPAMfighter ApS) -- C:\Programme\Fighters\FighterSuiteService.exe PRC - [2011.04.28 14:19:54 | 001,131,144 | ---- | M] (SPAMfighter) -- C:\Programme\Fighters\SPYWAREfighter\swproTray.exe PRC - [2011.04.28 13:56:25 | 000,826,688 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe PRC - [2011.04.28 13:56:25 | 000,142,768 | ---- | M] (Preventon Technologies Limited) -- C:\Programme\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2007.03.12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.03.12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.07.13 19:27:16 | 000,528,384 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe ========== Modules (SafeList) ========== MOD - [2011.06.12 22:41:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\snxhk.dll MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.04.28 14:20:02 | 001,206,408 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Programme\Fighters\FighterSuiteService.exe -- (Suite Service) SRV - [2011.04.28 13:56:25 | 000,826,688 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service) SRV - [2011.04.28 13:56:25 | 000,142,768 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2006.07.13 19:27:16 | 000,528,384 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device) ========== Driver Services (SafeList) ========== DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.05.10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.04.28 13:56:28 | 000,010,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfsfilter.sys -- (AVFSFilter) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009.02.09 11:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt) DRV - [2007.08.03 06:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.07.17 19:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2007.04.23 14:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.) IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 B6 38 85 7E 98 CB 01 [binary data] IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010.12.10 17:53:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010.12.10 17:53:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.12 10:26:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.12 10:26:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.26 21:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nahid\AppData\Roaming\mozilla\Extensions [2011.06.12 10:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nahid\AppData\Roaming\mozilla\Firefox\Profiles\bpc8xr6z.default\extensions [2011.01.30 11:03:05 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nahid\AppData\Roaming\mozilla\Firefox\Profiles\bpc8xr6z.default\extensions\ffxtlbr@babylon.com [2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchplugins\SearchquWebSearch.xml [2011.06.12 10:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- [2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.) O4 - HKLM..\Run: [SWPROguard] C:\Programme\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter) O4 - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-2922082828-1365418600-2234279854-1000..\Run: [NVIDIA driver monitor] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: CamserviceOG - hkey= - key= - C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.) MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EzPrint - hkey= - key= - C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: Lexmark 5400 Series Fax Server - hkey= - key= - C:\Program Files\Lexmark 5400 Series\fm3032.exe () MsConfig - StartUpReg: LXCTCATS - hkey= - key= - File not found MsConfig - StartUpReg: lxctmon.exe - hkey= - key= - C:\Program Files\Lexmark 5400 Series\lxctmon.exe () MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) MsConfig - StartUpReg: ooVoo.exe - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.06.12 11:00:39 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{D859B2F1-AFF1-4929-8294-F9C14D1A7D5B} [2011.06.12 10:26:43 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2011.06.12 00:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2011.06.12 00:04:51 | 000,000,000 | ---D | C] -- C:\Programme\Fighters [2011.06.12 00:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters [2011.06.12 00:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2011.06.12 00:04:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Common Toolkit Suite [2011.06.12 00:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2011.06.12 00:03:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F31DF89A-89A8-4883-9398-F0F33A3BCA88} [2011.06.12 00:02:44 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Roaming\Fighters [2011.06.12 00:02:42 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\PackageAware [2011.06.11 21:34:45 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{AD73294D-2959-4853-8C86-4B9B87AB7733} [2011.06.11 09:34:20 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{D32265AC-5B8D-49AE-99BC-DD691F6C0A63} [2011.06.10 19:06:10 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{51770B4F-97FC-46A1-AAB6-E21A597EE5A8} [2011.06.10 07:23:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe [2011.06.09 23:42:36 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{B57AB1EC-498E-4717-890A-CEE4C1101FCA} [2011.06.08 21:09:40 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{E0886DFD-607B-4776-AE44-6ED08AA0336B} [2011.06.08 09:09:14 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{215C5824-83D4-4E39-904C-B3005A7EA2D3} [2011.06.07 21:08:48 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{576B199B-3D79-453E-A1C1-2D939EF272AE} [2011.06.07 09:08:22 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{86E2577A-B84A-416B-8D68-FC02C7705073} [2011.06.06 21:07:55 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{04B6C8C0-8380-460D-9C7C-E019BF1DC6E0} [2011.06.06 09:07:29 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{818D4A3D-3172-4B38-AA78-3C666DE668D2} [2011.06.05 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{BA87942D-EB95-454F-82A8-46AE0E5D6E16} [2011.06.05 09:52:40 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2011.06.04 23:56:31 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{FF444EAE-87AB-427B-9F62-4591456B8819} [2011.06.04 09:13:17 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{84357F46-CBF0-489B-A3B3-1A03700A51C1} [2011.06.03 16:40:08 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{9689EB1C-C518-462D-B374-98885033FE2B} [2011.06.02 12:04:48 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{838204CE-93F5-48A2-9CCF-BE15F09D2CBB} [2011.06.02 00:04:20 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{0E731FF8-95A8-4762-AB88-225E50EADB0A} [2011.06.01 09:18:50 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{EEA23283-3BE0-4C38-80AE-CB04014BC420} [2011.05.31 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{1E85EEF9-70FE-4281-9394-C1A274952A4C} [2011.05.31 09:17:56 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{69BD4FB8-BC8D-4A44-9BB3-1DE8DAC9ACF3} [2011.05.30 19:43:23 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{47F7D9E6-6E95-4B61-B312-75CBD489E143} [2011.05.30 07:42:57 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{7D523E34-5BEA-4317-BF4A-4E0D8572A5E8} [2011.05.29 19:42:24 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{21D6D0CC-D7AF-4BFB-8C02-B4B38CAE5A8B} [2011.05.27 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{5FD271C8-44F3-4134-AD8B-678DA32136F8} [2011.05.26 22:02:02 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{F5F1E39F-BC88-4913-A4E6-156BDA73D613} [2011.05.26 07:10:06 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{7D3D6ECF-FE9F-4E36-9F61-2173EF4D3DE9} [2011.05.24 09:29:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\Documents\Rechtsanwalt Kroh Vdafone [2011.05.24 08:35:08 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{961C87A4-0BFD-4F81-9ECD-1090F395479A} [2011.05.23 13:36:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{EC72473E-9337-40ED-8554-DD22873F905D} [2011.05.23 00:42:51 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{7CB65960-BE86-4E9C-BB3B-20DD7FD15801} [2011.05.22 22:53:05 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.05.22 01:05:30 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{3671AD87-2DBC-4286-8A99-E336902B068D} [2011.05.21 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\Documents\Tordynex Übersetzung [2011.05.21 07:39:35 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{1D5F4051-826D-4BFE-9856-E7D8F6034BBC} [2011.05.20 07:52:40 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{C4BA6739-237F-4768-8082-8CAD7126F2E9} [2011.05.19 19:31:56 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{66C0C584-214D-4276-B417-05EA8EA93219} [2011.05.18 22:15:20 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{5DB67BB0-FA98-414D-BBE4-37AC5C9C069A} [2011.05.18 09:01:02 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{8B03D2B8-3452-49EC-9CC0-BA2676174948} [2011.05.17 17:22:43 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{AF01215C-53C7-43CF-81D2-2C1A6B79B462} [2011.05.16 20:42:25 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{8C1DE9C5-DE77-4523-B506-B6D300F7366B} [2011.05.16 07:53:36 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{14292F6E-2C9D-4A8C-A851-D4DA73A12DB7} [2011.05.15 19:53:09 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{73E3C288-77F0-49E9-A7F9-94330C8B0051} [2011.05.15 01:00:39 | 000,000,000 | ---D | C] -- C:\Users\Nahid\jahrgangs foto [2011.05.15 00:55:35 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{F7AC2E47-1B94-4252-9A94-2D28C31626D4} [2011.05.14 11:39:08 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{EC780FEC-28AA-4ABD-A95D-6BC30A7891BC} [2011.05.14 00:53:23 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.05.13 23:38:42 | 000,000,000 | ---D | C] -- C:\Users\Nahid\AppData\Local\{D2879966-91C7-49EC-B3DA-EE8E4DE65665} [2011.05.13 23:30:10 | 000,000,000 | ---D | C] -- C:\Users\Nahid\Documents\Tordynex [2011.02.18 20:46:37 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2011.02.18 20:46:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2010.12.16 18:54:48 | 000,983,040 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll [2010.12.16 18:54:48 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll [2010.12.16 18:54:48 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll [2010.12.16 18:54:47 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll [2010.12.16 18:54:47 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll [2010.12.16 18:54:47 | 000,528,384 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll [2010.12.16 18:54:47 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll [2010.12.16 18:54:47 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll [2010.12.16 18:54:45 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe [2010.12.16 18:54:44 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll [2010.12.16 18:54:43 | 000,667,648 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll [2010.12.16 18:54:43 | 000,528,384 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe [2010.12.16 18:54:43 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll [2010.12.16 18:54:43 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe [1 C:\Users\Nahid\AppData\Local\*.tmp files -> C:\Users\Nahid\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.12 21:24:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.12 10:26:52 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.12 09:37:54 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.12 09:37:54 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.12 09:36:05 | 004,864,748 | ---- | M] () -- C:\Users\Nahid\Desktop\FightersLogs.zip [2011.06.12 09:32:06 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2011.06.12 00:04:59 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk [2011.06.11 21:24:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.06.11 21:24:00 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.06.10 09:16:31 | 000,102,945 | ---- | M] () -- C:\Users\Nahid\Desktop\Lebenslauf Nahid Rashedi Alvandi.pdf [2011.06.10 08:49:22 | 000,212,247 | ---- | M] () -- C:\Users\Nahid\Desktop\Anschreiben Nahid Rashedi Alvandi.pdf [2011.06.10 08:23:58 | 000,212,376 | ---- | M] () -- C:\Users\Nahid\Documents\Nahid Rashedi Alvandi Anschreiben .pdf [2011.06.10 08:08:48 | 000,087,205 | ---- | M] () -- C:\Users\Nahid\Desktop\Bewerbung Nahid Rashedi Alvandi.pdf [2011.06.10 00:34:16 | 000,212,430 | ---- | M] () -- C:\Users\Nahid\Documents\Anschreiben Nahid Rashedi Alvandi.pdf [2011.06.06 19:00:59 | 002,916,099 | ---- | M] () -- C:\Users\Nahid\Documents\06-06-2011 18;59;48.rtf [2011.06.05 19:14:35 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.06.05 19:14:35 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.06.05 19:14:35 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.06.05 19:14:35 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.06.03 17:14:01 | 000,077,175 | ---- | M] () -- C:\Users\Nahid\Desktop\33304172_OBBkhJYt_c.jpg [2011.05.31 11:01:41 | 000,484,675 | ---- | M] () -- C:\Users\Nahid\Desktop\Prof. Dr. med. Joachim Dissemond.pdf [2011.05.28 11:02:53 | 000,113,326 | ---- | M] () -- C:\Users\Nahid\Desktop\248073_227380897289164_161610780532843_1002634_4885383_n.jpg [2011.05.24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.05.23 08:32:15 | 000,125,968 | ---- | M] () -- C:\Users\Nahid\Desktop\38801_143023169055867_139282436096607_302532_1705063_n.jpg [2011.05.22 23:19:59 | 000,085,593 | ---- | M] () -- C:\Users\Nahid\Desktop\222208_219505941411111_219505004744538_848944_1613727_n.jpg [2011.05.21 08:58:59 | 000,002,090 | ---- | M] () -- C:\Users\Nahid\Desktop\Tordynex Übersetzung - Verknüpfung.lnk [2011.05.20 18:09:57 | 000,001,441 | ---- | M] () -- C:\Users\Nahid\Desktop\Hercules Deluxe Optical Glass - Verknüpfung (2).lnk [2011.05.20 08:12:43 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2011.05.16 20:31:47 | 000,007,091 | ---- | M] () -- C:\Users\Nahid\Documents\Bewerbung - unopiu - Verknüpfung.lnk [2011.05.15 01:03:10 | 000,001,138 | ---- | M] () -- C:\Users\Nahid\Desktop\Tordynex - mappe -essen.lnk [2011.05.15 01:01:12 | 000,001,031 | ---- | M] () -- C:\Users\Nahid\Desktop\jahrgangs foto - Verknüpfung.lnk [1 C:\Users\Nahid\AppData\Local\*.tmp files -> C:\Users\Nahid\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.12 10:26:52 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.06.12 10:26:51 | 000,001,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.06.12 09:35:38 | 004,864,748 | ---- | C] () -- C:\Users\Nahid\Desktop\FightersLogs.zip [2011.06.12 00:04:59 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk [2011.06.10 09:16:31 | 000,102,945 | ---- | C] () -- C:\Users\Nahid\Desktop\Lebenslauf Nahid Rashedi Alvandi.pdf [2011.06.10 08:49:21 | 000,212,247 | ---- | C] () -- C:\Users\Nahid\Desktop\Anschreiben Nahid Rashedi Alvandi.pdf [2011.06.10 08:23:57 | 000,212,376 | ---- | C] () -- C:\Users\Nahid\Documents\Nahid Rashedi Alvandi Anschreiben .pdf [2011.06.10 08:08:47 | 000,087,205 | ---- | C] () -- C:\Users\Nahid\Desktop\Bewerbung Nahid Rashedi Alvandi.pdf [2011.06.10 00:34:13 | 000,212,430 | ---- | C] () -- C:\Users\Nahid\Documents\Anschreiben Nahid Rashedi Alvandi.pdf [2011.06.06 19:00:55 | 002,916,099 | ---- | C] () -- C:\Users\Nahid\Documents\06-06-2011 18;59;48.rtf [2011.06.03 17:13:46 | 000,077,175 | ---- | C] () -- C:\Users\Nahid\Desktop\33304172_OBBkhJYt_c.jpg [2011.05.31 11:01:33 | 000,484,675 | ---- | C] () -- C:\Users\Nahid\Desktop\Prof. Dr. med. Joachim Dissemond.pdf [2011.05.28 11:02:39 | 000,113,326 | ---- | C] () -- C:\Users\Nahid\Desktop\248073_227380897289164_161610780532843_1002634_4885383_n.jpg [2011.05.23 08:31:59 | 000,125,968 | ---- | C] () -- C:\Users\Nahid\Desktop\38801_143023169055867_139282436096607_302532_1705063_n.jpg [2011.05.22 23:19:39 | 000,085,593 | ---- | C] () -- C:\Users\Nahid\Desktop\222208_219505941411111_219505004744538_848944_1613727_n.jpg [2011.05.21 08:58:59 | 000,002,090 | ---- | C] () -- C:\Users\Nahid\Desktop\Tordynex Übersetzung - Verknüpfung.lnk [2011.05.20 18:09:57 | 000,001,441 | ---- | C] () -- C:\Users\Nahid\Desktop\Hercules Deluxe Optical Glass - Verknüpfung (2).lnk [2011.05.15 01:03:10 | 000,001,138 | ---- | C] () -- C:\Users\Nahid\Desktop\Tordynex - mappe -essen.lnk [2011.05.15 01:01:12 | 000,001,031 | ---- | C] () -- C:\Users\Nahid\Desktop\jahrgangs foto - Verknüpfung.lnk [2011.04.28 13:56:28 | 000,010,264 | ---- | C] () -- C:\Windows\System32\drivers\avfsfilter.sys [2011.02.18 20:46:35 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini [2011.01.04 02:50:03 | 000,005,120 | ---- | C] () -- C:\Users\Nahid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.16 19:02:01 | 000,335,872 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll [2010.12.16 18:59:42 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXCTFXPU.DLL [2010.12.16 18:59:41 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctpmon.dll [2010.12.16 18:59:21 | 000,012,288 | ---- | C] () -- C:\Windows\System32\lxctpmrc.dll [2010.12.16 18:54:48 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll [2010.12.16 18:54:44 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll [2010.12.10 16:57:45 | 000,000,088 | ---- | C] () -- C:\Windows\wincmd.ini [2010.12.10 16:11:20 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.12.10 16:11:20 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.12.10 16:11:12 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.12.10 16:11:12 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.12.10 16:11:12 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.12.10 15:41:22 | 000,052,836 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2010.12.10 15:41:21 | 000,162,304 | ---- | C] () -- C:\Windows\System32\libpng13.dll [2010.12.10 15:41:20 | 000,394,752 | ---- | C] () -- C:\Windows\System32\cygwinb19.dll [2010.12.10 15:41:19 | 001,199,179 | ---- | C] () -- C:\Windows\unins002.exe [2010.12.10 15:41:19 | 000,010,129 | ---- | C] () -- C:\Windows\unins002.dat [2010.12.10 15:40:27 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe [2010.12.10 15:40:27 | 000,007,958 | ---- | C] () -- C:\Windows\unins001.dat [2010.12.10 15:40:00 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe [2010.12.10 15:40:00 | 000,012,131 | ---- | C] () -- C:\Windows\unins000.dat [2009.07.14 10:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,429,392 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.06.20 15:40:14 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll [2006.05.18 13:01:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll [2006.05.03 16:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll [2005.06.24 04:37:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll ========== LOP Check ========== [2011.05.01 13:05:07 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\5400 Series [2011.03.08 10:55:02 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\5400 Series [2011.01.30 11:03:05 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Babylon [2011.06.12 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Fighters [2010.12.10 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Local [2010.12.10 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\MuldeR [2011.01.21 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\ooVoo Details [2010.12.15 09:39:06 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\TVgenial [2010.12.16 08:05:13 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Windows Live Writer [2010.12.10 16:50:52 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\WordToPDF [2010.12.10 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\XnView [2011.05.30 06:38:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.08 10:55:02 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\5400 Series [2010.12.10 15:42:50 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Adobe [2010.12.10 16:03:39 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Ahead [2011.01.19 18:51:39 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Apple Computer [2011.01.30 11:03:05 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Babylon [2010.12.10 16:16:21 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\DivX [2011.06.12 00:02:48 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Fighters [2010.12.10 15:15:16 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Identities [2010.12.29 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\InstallShield [2010.12.10 17:53:21 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Local [2010.12.10 16:18:49 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Macromedia [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Media Center Programs [2011.03.04 23:10:41 | 000,000,000 | --SD | M] -- C:\Users\Nahid\AppData\Roaming\Microsoft [2011.02.26 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Mozilla [2010.12.10 15:49:20 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\MuldeR [2010.12.10 15:49:27 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\NCH Software [2011.01.21 23:55:51 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\ooVoo Details [2011.01.19 09:00:07 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Skype [2010.12.15 09:39:06 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\TVgenial [2010.12.10 16:58:22 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\vlc [2010.12.10 17:04:24 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Winamp [2010.12.16 08:05:13 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Windows Live Writer [2010.12.10 17:42:26 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\WinRAR [2010.12.10 16:50:52 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\WordToPDF [2010.12.10 15:55:18 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\XnView [2011.06.11 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Nahid\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2007.08.29 16:36:06 | 000,167,936 | ---- | M] () -- C:\Users\Nahid\AppData\Roaming\NCH Software\Components\wmawav\wmawav.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2011.02.18 01:00:10 | 000,013,131 | ---- | M] ()(C:\Users\Nahid\Documents\?? ???? ?? ?? ?? ??????? ?? ?? ??????? ????? ??? ????? ?? ??????? ???? ???? ???? ??? ?? ????????.docx) -- C:\Users\Nahid\Documents\ما لحظه ها را می گذرانیم تا به خوشبختی برسیم ولی افسوس که خوشبختی همان لحظه هایی بود که گذراندیم.docx [2011.02.16 14:43:41 | 000,013,131 | ---- | C] ()(C:\Users\Nahid\Documents\?? ???? ?? ?? ?? ??????? ?? ?? ??????? ????? ??? ????? ?? ??????? ???? ???? ???? ??? ?? ????????.docx) -- C:\Users\Nahid\Documents\ما لحظه ها را می گذرانیم تا به خوشبختی برسیم ولی افسوس که خوشبختی همان لحظه هایی بود که گذراندیم.docx [2010.12.19 10:56:33 | 000,081,533 | ---- | M] ()(C:\Users\Nahid\Documents\????.docx) -- C:\Users\Nahid\Documents\یلدا.docx [2010.12.19 10:56:31 | 000,081,533 | ---- | C] ()(C:\Users\Nahid\Documents\????.docx) -- C:\Users\Nahid\Documents\یلدا.docx < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.06.2011 22:47:08 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = D:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,18 Mb Total Physical Memory | 266,78 Mb Available Physical Memory | 26,31% Memory free
1,99 Gb Paging File | 0,71 Gb Available in Paging File | 35,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 38,96 Gb Total Space | 12,11 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive D: | 39,06 Gb Total Space | 12,91 Gb Free Space | 33,05% Space Free | Partition Type: NTFS
Drive E: | 33,66 Gb Total Space | 32,28 Gb Free Space | 95,90% Space Free | Partition Type: NTFS
Computer Name: NAHID-PC | User Name: Nahid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files\Fighters\SPYWAREfighter\SWPROTray.exe /scan "%1" (SPAMfighter)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Premium
"{54dcbccb-c905-46dc-b6e6-48563d0e9e55}" = LameXP
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A7D2B13-9522-48A9-A06F-A9C4AA33D8AD}" = SPYWAREfighter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89AF1D9-A501-4AA5-9E44-9753D0F92347}" = Kidizoom® Pro & Plus
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.5026)
"{E04ACCBC-DF36-364E-87E8-6C24BB981AB8}.vc_x86runtime_30729_5026" = Visual C++ 2008 x86 Runtime - v9.0.30729.5026
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DivX Setup.divx.com" = DivX-Setup
"Dolphins 3D_is1" = Dolphins 3D
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.60
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.4.0
"Lexmark 5400 Series" = Lexmark 5400 Series
"M928366" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Picasa 3" = Picasa 3
"PictureIt_v9" = Microsoft Picture It! Foto Premium 9
"SPYWAREfighter" = SPYWAREfighter
"TVgenial" = TVgenial 4.10
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"Wincmd" = Windows Commander (Remove or Repair)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WordToPDF_is1" = WordToPDF 2.4
"XnView_is1" = XnView 1.97.8
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
12.06.2011, 22:52
| #6 |
| /// Malware-holic | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. |
|
12.06.2011, 23:50
| #7 |
| | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. Combofix Logfile: Code:
ATTFilter ComboFix 11-06-11.01 - Nahid 13.06.2011 0:22.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1014.71 [GMT 2:00]
ausgeführt von:: c:\users\Nahid\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: SPYWAREfighter *Enabled/Updated* {54CEAF19-6DDF-F31A-F96A-11F730C2EC03}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Nahid\AppData\Roaming\Local
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Nahid\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchplugins\SearchquWebSearch.xml
c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchqutb
c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\searchqutb\preferences.dat
c:\users\Nahid\Desktop\install_flash_player.exe
c:\windows\TEMP\dsamb0ib.vbt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-12 bis 2011-06-12 ))))))))))))))))))))))))))))))
.
.
2011-06-12 22:33 . 2011-06-12 22:36 -------- d-----w- c:\users\Nahid\AppData\Local\temp
2011-06-12 22:33 . 2011-06-12 22:33 -------- d-----w- c:\users\Gast\AppData\Local\temp
2011-06-12 22:33 . 2011-06-12 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-12 21:39 . 2011-06-12 21:39 -------- d-----w- c:\users\Nahid\AppData\Local\{C8B80FD4-A16F-495A-8426-26000C5D9373}
2011-06-12 09:00 . 2011-06-12 09:00 -------- d-----w- c:\users\Nahid\AppData\Local\{D859B2F1-AFF1-4929-8294-F9C14D1A7D5B}
2011-06-11 22:05 . 2011-06-11 22:35 -------- d-----w- c:\programdata\clp
2011-06-11 22:04 . 2011-06-11 22:04 -------- d-----w- c:\program files\Fighters
2011-06-11 22:04 . 2011-06-11 22:04 -------- d-----w- c:\programdata\Common Toolkit Suite
2011-06-11 22:04 . 2011-06-11 22:04 -------- d-----w- c:\program files\Common Files\Common Toolkit Suite
2011-06-11 22:04 . 2011-06-11 22:04 -------- d-----w- c:\programdata\Fighters
2011-06-11 22:03 . 2011-06-11 22:05 -------- dc-h--w- c:\programdata\{F31DF89A-89A8-4883-9398-F0F33A3BCA88}
2011-06-11 22:02 . 2011-06-11 22:02 -------- d-----w- c:\users\Nahid\AppData\Roaming\Fighters
2011-06-11 22:02 . 2011-06-11 22:02 -------- d-----w- c:\users\Nahid\AppData\Local\PackageAware
2011-06-11 19:34 . 2011-06-11 19:34 -------- d-----w- c:\users\Nahid\AppData\Local\{AD73294D-2959-4853-8C86-4B9B87AB7733}
2011-06-11 19:26 . 2011-05-09 20:46 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9483A00F-BC88-4A41-A529-8047F3735652}\mpengine.dll
2011-06-11 07:34 . 2011-06-11 07:34 -------- d-----w- c:\users\Nahid\AppData\Local\{D32265AC-5B8D-49AE-99BC-DD691F6C0A63}
2011-06-10 17:06 . 2011-06-10 17:06 -------- d-----w- c:\users\Nahid\AppData\Local\{51770B4F-97FC-46A1-AAB6-E21A597EE5A8}
2011-06-10 05:23 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-09 21:42 . 2011-06-09 21:42 -------- d-----w- c:\users\Nahid\AppData\Local\{B57AB1EC-498E-4717-890A-CEE4C1101FCA}
2011-06-08 19:09 . 2011-06-08 19:09 -------- d-----w- c:\users\Nahid\AppData\Local\{E0886DFD-607B-4776-AE44-6ED08AA0336B}
2011-06-08 07:09 . 2011-06-08 07:09 -------- d-----w- c:\users\Nahid\AppData\Local\{215C5824-83D4-4E39-904C-B3005A7EA2D3}
2011-06-07 19:08 . 2011-06-07 19:08 -------- d-----w- c:\users\Nahid\AppData\Local\{576B199B-3D79-453E-A1C1-2D939EF272AE}
2011-06-07 07:08 . 2011-06-07 07:08 -------- d-----w- c:\users\Nahid\AppData\Local\{86E2577A-B84A-416B-8D68-FC02C7705073}
2011-06-06 19:07 . 2011-06-06 19:08 -------- d-----w- c:\users\Nahid\AppData\Local\{04B6C8C0-8380-460D-9C7C-E019BF1DC6E0}
2011-06-06 07:07 . 2011-06-06 07:07 -------- d-----w- c:\users\Nahid\AppData\Local\{818D4A3D-3172-4B38-AA78-3C666DE668D2}
2011-06-05 10:12 . 2011-06-05 10:13 -------- d-----w- c:\users\Nahid\AppData\Local\{BA87942D-EB95-454F-82A8-46AE0E5D6E16}
2011-06-05 07:52 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-04 21:56 . 2011-06-04 21:56 -------- d-----w- c:\users\Nahid\AppData\Local\{FF444EAE-87AB-427B-9F62-4591456B8819}
2011-06-04 07:13 . 2011-06-04 07:13 -------- d-----w- c:\users\Nahid\AppData\Local\{84357F46-CBF0-489B-A3B3-1A03700A51C1}
2011-06-03 14:40 . 2011-06-03 14:40 -------- d-----w- c:\users\Nahid\AppData\Local\{9689EB1C-C518-462D-B374-98885033FE2B}
2011-06-02 10:04 . 2011-06-02 10:04 -------- d-----w- c:\users\Nahid\AppData\Local\{838204CE-93F5-48A2-9CCF-BE15F09D2CBB}
2011-06-01 22:04 . 2011-06-01 22:04 -------- d-----w- c:\users\Nahid\AppData\Local\{0E731FF8-95A8-4762-AB88-225E50EADB0A}
2011-06-01 07:18 . 2011-06-01 07:19 -------- d-----w- c:\users\Nahid\AppData\Local\{EEA23283-3BE0-4C38-80AE-CB04014BC420}
2011-05-31 19:18 . 2011-05-31 19:18 -------- d-----w- c:\users\Nahid\AppData\Local\{1E85EEF9-70FE-4281-9394-C1A274952A4C}
2011-05-31 07:17 . 2011-05-31 07:18 -------- d-----w- c:\users\Nahid\AppData\Local\{69BD4FB8-BC8D-4A44-9BB3-1DE8DAC9ACF3}
2011-05-30 17:43 . 2011-05-30 17:43 -------- d-----w- c:\users\Nahid\AppData\Local\{47F7D9E6-6E95-4B61-B312-75CBD489E143}
2011-05-30 05:42 . 2011-05-30 05:43 -------- d-----w- c:\users\Nahid\AppData\Local\{7D523E34-5BEA-4317-BF4A-4E0D8572A5E8}
2011-05-29 17:42 . 2011-05-29 17:42 -------- d-----w- c:\users\Nahid\AppData\Local\{21D6D0CC-D7AF-4BFB-8C02-B4B38CAE5A8B}
2011-05-27 08:15 . 2011-05-27 08:16 -------- d-----w- c:\users\Nahid\AppData\Local\{5FD271C8-44F3-4134-AD8B-678DA32136F8}
2011-05-26 20:02 . 2011-05-26 20:02 -------- d-----w- c:\users\Nahid\AppData\Local\{F5F1E39F-BC88-4913-A4E6-156BDA73D613}
2011-05-26 05:10 . 2011-05-26 05:10 -------- d-----w- c:\users\Nahid\AppData\Local\{7D3D6ECF-FE9F-4E36-9F61-2173EF4D3DE9}
2011-05-24 06:35 . 2011-05-24 06:35 -------- d-----w- c:\users\Nahid\AppData\Local\{961C87A4-0BFD-4F81-9ECD-1090F395479A}
2011-05-23 11:36 . 2011-05-23 11:36 -------- d-----w- c:\users\Nahid\AppData\Local\{EC72473E-9337-40ED-8554-DD22873F905D}
2011-05-22 22:42 . 2011-05-22 22:43 -------- d-----w- c:\users\Nahid\AppData\Local\{7CB65960-BE86-4E9C-BB3B-20DD7FD15801}
2011-05-22 20:53 . 2011-05-22 20:53 -------- d-----w- c:\windows\Sun
2011-05-21 23:05 . 2011-05-21 23:05 -------- d-----w- c:\users\Nahid\AppData\Local\{3671AD87-2DBC-4286-8A99-E336902B068D}
2011-05-21 05:39 . 2011-05-21 05:39 -------- d-----w- c:\users\Nahid\AppData\Local\{1D5F4051-826D-4BFE-9856-E7D8F6034BBC}
2011-05-20 05:52 . 2011-05-20 05:52 -------- d-----w- c:\users\Nahid\AppData\Local\{C4BA6739-237F-4768-8082-8CAD7126F2E9}
2011-05-19 17:31 . 2011-05-19 17:32 -------- d-----w- c:\users\Nahid\AppData\Local\{66C0C584-214D-4276-B417-05EA8EA93219}
2011-05-18 20:15 . 2011-05-18 20:15 -------- d-----w- c:\users\Nahid\AppData\Local\{5DB67BB0-FA98-414D-BBE4-37AC5C9C069A}
2011-05-18 07:01 . 2011-05-18 07:01 -------- d-----w- c:\users\Nahid\AppData\Local\{8B03D2B8-3452-49EC-9CC0-BA2676174948}
2011-05-17 15:22 . 2011-05-17 15:22 -------- d-----w- c:\users\Nahid\AppData\Local\{AF01215C-53C7-43CF-81D2-2C1A6B79B462}
2011-05-16 18:42 . 2011-05-16 18:42 -------- d-----w- c:\users\Nahid\AppData\Local\{8C1DE9C5-DE77-4523-B506-B6D300F7366B}
2011-05-16 05:53 . 2011-05-16 05:53 -------- d-----w- c:\users\Nahid\AppData\Local\{14292F6E-2C9D-4A8C-A851-D4DA73A12DB7}
2011-05-15 17:53 . 2011-05-15 17:53 -------- d-----w- c:\users\Nahid\AppData\Local\{73E3C288-77F0-49E9-A7F9-94330C8B0051}
2011-05-14 23:00 . 2011-05-14 23:03 -------- d-----w- c:\users\Nahid\jahrgangs foto
2011-05-14 22:55 . 2011-05-14 22:55 -------- d-----w- c:\users\Nahid\AppData\Local\{F7AC2E47-1B94-4252-9A94-2D28C31626D4}
2011-05-14 09:39 . 2011-05-14 09:39 -------- d-----w- c:\users\Nahid\AppData\Local\{EC780FEC-28AA-4ABD-A95D-6BC30A7891BC}
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-14 02:21 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-05-20 08:54 . 2010-12-10 13:57 1166144 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-12 07:17 . 2010-12-24 08:06 1152832 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-10 12:10 . 2010-12-10 13:44 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-12-10 13:44 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2011-04-26 20:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:03 . 2010-12-10 13:44 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-12-10 13:44 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-12-10 13:44 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-12-10 13:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-12-10 13:44 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-28 11:56 . 2011-04-28 11:56 10264 ----a-w- c:\windows\system32\drivers\avfsfilter.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-09 06:13 . 2011-05-10 21:59 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-10 21:59 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-25 03:06 . 2011-05-10 21:59 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-25 03:06 . 2011-05-10 21:59 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-03-25 03:06 . 2011-05-10 21:59 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-03-25 03:06 . 2011-05-10 21:59 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-03-25 03:06 . 2011-05-10 21:59 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-03-25 03:06 . 2011-05-10 21:59 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-03-25 03:06 . 2011-05-10 21:59 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-04-14 16:40 . 2011-06-12 08:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2011-01-30 1219488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 106496]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712]
"SWPROguard"="c:\program files\Fighters\SPYWAREfighter\SWPROTray.exe" [2011-04-28 1131144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 10:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 10:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamserviceOG]
2009-10-19 16:30 2913576 ----a-w- c:\program files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-08 19:17 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-06-07 03:05 98304 ----a-w- c:\program files\Lexmark 5400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-14 09:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5400 Series Fax Server]
2006-07-10 23:30 294912 ----a-w- c:\program files\Lexmark 5400 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCTCATS]
2006-06-07 12:09 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcttime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxctmon.exe]
2006-06-20 13:37 286720 ----a-w- c:\program files\Lexmark 5400 Series\lxctmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 09:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 18:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [2011-04-28 10264]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [2009-02-09 99968]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2011-04-28 1206408]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-04-23 812544]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nahid\AppData\Roaming\Mozilla\Firefox\Profiles\bpc8xr6z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-ooVoo - c:\program files\ooVoo\oovoo.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Watch Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Engine Scanning Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AV Watch Service]
"ImagePath"="C:/Program Files/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,83,4e,e7,f8,bb,2b,47,89,fc,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0e,83,4e,e7,f8,bb,2b,47,89,fc,c4,\
.
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-2922082828-1365418600-2234279854-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2922082828-1365418600-2234279854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2922082828-1365418600-2234279854-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5068)
c:\windows\System32\ieframe.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe
c:\program files\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxctcoms.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-13 00:44:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-12 22:44
.
Vor Suchlauf: 7 Verzeichnis(se), 12.885.131.264 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 12.806.045.696 Bytes frei
.
- - End Of File - - C00D162DCEC19230C95B14C63B5A36DA
|
|
13.06.2011, 09:43
| #8 |
| /// Malware-holic | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. öffne mal computer, c: qoobox, rechtsklick quarantain, mit winrar oder zip packen und hochladen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2011, 10:50
| #9 |
| | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. hi markus, bis punkt 2 bin ich gekommen aber ich weiss nicht was ich danach machen muss sorry .... bin dem linke Uploadchannel Trojaner-Board gefolgt ... aber weiter ????? |
|
13.06.2011, 10:55
| #10 |
| /// Malware-holic | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. also die datei ist gepackt? dann gehst du in den upload channel, dann lädst du über " durchsuchen" die datei hoch bzw wählst die erst mal aus. dann gibst du, in den jeweiligen feldern, deinen nutzernamen, bzw den link zum topick an und lädst die datei hoch, wenn da steht upload erfolgreich, passt das.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2011, 11:37
| #11 |
| | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. ach man ich komme nicht weiter bin zu blöd :-( wenn ich auf computer gehe , c: qoobox, rechtsklick geht ein fenster auf .....da steht aber nichts von winrar oder zip |
|
13.06.2011, 12:56
| #12 |
| /// Malware-holic | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. ok lade 7zip http://filepony.de/download-7-zip/ instalieren, dann wieder zu quarantain navigieren, rechtsklick, 7zip menü aufklappen, und dann packen. und das archiv hochladen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2011, 13:40
| #13 |
| /// Malware-holic | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. sieht soweit unauffällig aus. download malwarebytes: Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2011, 15:39
| #14 |
| | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6847 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 13.06.2011 16:27:59 mbam-log-2011-06-13 (16-27-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|L:\|M:\|) Durchsuchte Objekte: 324571 Laufzeit: 1 Stunde(n), 16 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: e:\Tools\Antispy\windows 7 loader\windows loader\windows loader.exe (RiskWare.Tool.HCK) -> No action taken. e:\Tools\Demo\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken. e:\Tools\Demo\demo-x-x-gepackt\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken. e:\Tools\Demo\demo-x-x-gepackt\fr08_final\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken. e:\Tools\Demo\fr08_final\fr08v101.exe (Malware.Packer.Krunchy) -> No action taken. |
|
13.06.2011, 15:43
| #15 |
| /// Malware-holic | habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. hi, keygens etc unterstützen wir nicht, da illegal, hier gibts nur support beim neu aufsetzen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu habe ein virus und weiss nicht wie er heißt das einzige was ich dazu sagen kann ist das http://www1. |
| dinge, eingefangen, einzige, firefox, gefangen, gen, heute, hoffe, leiste, liebe, lieben, regeln, schnelle, schnelle hilfe, system, virus, virus eingefangen |
Linear-Darstellung
