Google Redirect Virus - TDSSKiller bringt keine Treffer

8hours · 01.11.2011, 07:13

Lieber Board Mitglieder,

meine Freundin hat sich einen google redirect virus geholt.

Symptome:
Umleitung auf Werbseiten nach klick auf Suchtreffer google links, sowie
Browser Tabs (chrome) werden eigenstaendig geoeffnet mit selben Werbeseiten

Die Umleitung erfolgte gestern ueber adjectivesearchsystem.com,
heute ist es eximioussearchsystem.com

Suche mit TDSSKiller, Malwarebites, Sophos AntiRootkit, SUPERAntiSpyware ergab keine Treffer.

Andere PCs am gleichem Router haben das Umleitungsproblem nicht.

Anbei otl.txt und extras.txt.

Vielen Dank fuer Eure Hilfe.

kira · 01.11.2011, 08:49

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/howfytdl/{9ACCB245-A272-4C69-B93E-B93EBF0B7766}
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\Shell - "" = AutoRun
O33 - MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\Shell - "" = AutoRun
O33 - MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\Shell\AutoRun\command - "" = H:\MI.exe
O33 - MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\Shell - "" = AutoRun
O33 - MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\Shell - "" = AutoRun
O33 - MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\Shell - "" = AutoRun
O33 - MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.10.31 11:14:46 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.31 11:14:44 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Commands
[purity]
[emptytemp]
[resethosts]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
absichtlich installiert?:

Zitat:

Babylon

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

8hours · 02.11.2011, 01:05

Zitat:

Zitat von kira

** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen: [...]

Bitte schön:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8064

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

02.11.2011 00:37:14
mbam-log-2011-11-02 (00-37-04).txt

Scan type: Full scan (C:\|D:\|I:\|J:\|)
Objects scanned: 547925
Time elapsed: 1 hour(s), 27 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\assembly\tmp\U\800000c0.@ (Trojan.Agent) -> No action taken.

Zitat:

Zitat von kira

Fixen mit OTL

Hier das Ergebnis:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0caf90d5-7163-11e0-b40b-00214f564ca2}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33f0208f-e6ca-11e0-823a-c2a27dced2f8}\ not found.
File H:\MI.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b69a420-fa0f-11e0-8efb-00215d077500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9b69a420-fa0f-11e0-8efb-00215d077500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b69a420-fa0f-11e0-8efb-00215d077500}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfcbe-f7f4-11e0-8e09-00214f564ca2}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1dbfccc-f7f4-11e0-8e09-00214f564ca2}\ not found.
File F:\AutoRun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
Unable to delete ADS C:\Users\Maryam\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Maryam\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Maryam\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b .
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Maryam
->Temp folder emptied: 1406311 bytes
->Temporary Internet Files folder emptied: 7716998 bytes
->Java cache emptied: 719642 bytes
->Google Chrome cache emptied: 32275006 bytes
->Flash cache emptied: 57385 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4118576 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 72509989 bytes
RecycleBin emptied: 172836 bytes
 
Total Files Cleaned = 114.00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11022011_004016

Files\Folders moved on Reboot...
C:\Users\Maryam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Maryam\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb moved successfully.
C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D12}.tlb moved successfully.

Registry entries deleted on Reboot...

Zitat:

Zitat von kira

Ich würde gerne noch all deine installierten Programme sehen:

Bitte Schön. Ist nichts spannenedes dabei. Babylon toolbar wohl mal versehentlich mitinstaliert, dann wieder deinstaliert

Code:

ATTFilter

Adobe AIR	Adobe Systems Inc.	30.10.2011		2.5.1.17730
Adobe Community Help	Adobe Systems Incorporated.	30.10.2011		3.4.980
Adobe Download Assistant	Adobe Systems Incorporated	30.10.2011		1.0.4
Adobe Dreamweaver CS5.5	Adobe Systems Incorporated	30.10.2011	801 MB	11.5
Adobe Fireworks CS5	Adobe Systems Incorporated	30.10.2011	1'063 MB	11.0
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	30.10.2011	6.00 MB	10.3.183.7
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	26.10.2011	6.00 MB	11.0.1.152
Adobe Media Player	Adobe Systems Incorporated	30.10.2011		1.8
Adobe Reader X (10.1.1)	Adobe Systems Incorporated	12.10.2011	114.2 MB	10.1.1
Aspell 0.6 Dictionary (Language: en)		30.10.2011		
Aspell Data		30.10.2011		
CCleaner	Piriform	30.10.2011		3.12
Cisco AnyConnect VPN Client	Cisco Systems, Inc.	16.10.2011	4.68 MB	2.5.3055
Dropbox	Dropbox, Inc.	19.09.2011		1.1.45
Foxit Reader 5.0	Foxit Corporation	29.09.2011	28.1 MB	5.0.2.718
Gadwin PrintScreen	Gadwin Systems, Inc.	30.10.2011		4.5
Google Chrome	Google Inc.	30.10.2011		15.0.874.106
Google Talk (remove only)		26.07.2011		
Google Talk Plugin	Google	12.09.2011	13.3 MB	2.3.2.0
Image Resizer Powertoy Clone for Windows (64 bit)	Brice Lambson	03.03.2011	0.29 MB	2.1
Intense Language Office		30.10.2011		
Java(TM) 6 Update 24	Oracle	09.04.2011	94.8 MB	6.0.240
jetAudio Basic VX	COWON	03.04.2011		8.0.11
Longman Dictionary of Contemporary English 5th Edition		30.10.2011		
LyX 2.0.0-3	LyX Team	30.10.2011		2.0.0-3
Malwarebytes' Anti-Malware version 1.51.2.1300	Malwarebytes Corporation	31.10.2011	13.8 MB	1.51.2.1300
MATLAB R2009a	The MathWorks, Inc.	26.02.2011		7.8
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.02.2011	38.8 MB	4.0.30319
Microsoft Office Enterprise 2007	Microsoft Corporation	30.10.2011		12.0.6425.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	08.10.2011	7.95 MB	14.0.5130.5003
Microsoft Office PowerPoint Viewer 2007 (English)	Microsoft Corporation	14.09.2011	169.4 MB	12.0.6425.1000
Microsoft Primary Interoperability Assemblies 2005	Microsoft Corporation	15.07.2011	7.71 MB	8.0.50727.42
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	07.03.2011	0.25 MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	0.29 MB	8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	26.02.2011	0.69 MB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	17.04.2011	0.57 MB	8.0.51011
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.07.2011	0.58 MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	15.07.2011	0.58 MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.07.2011	0.59 MB	9.0.30729.6161
MiKTeX 2.9	MiKTeX.org	30.10.2011		2.9
Mobile Partner	Huawei Technologies Co.,Ltd	30.10.2011		11.302.06.07.40
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	14.04.2011	1.28 MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	14.04.2011	1.33 MB	4.20.9876.0
Rosetta Stone Version 3	Rosetta Stone Ltd.	16.03.2011	120.4 MB	3.4.5.0
Setting Utility Series	Sony Corporation	26.02.2011		4.1.00.08130
Skype™ 5.1	Skype Technologies S.A.	08.03.2011	22.7 MB	5.1.112
Sophos Anti-Rootkit 1.5.20	Sophos Plc	30.10.2011		1.5.20
Sophos Anti-Virus	Sophos Limited	30.10.2011	26.3 MB	9.7.6
Sophos AutoUpdate	Sophos Limited	10.10.2011	9.01 MB	2.5.10
SPSS 15.0 für Windows [Auswertung Version]	SPSS Inc.	14.03.2011	450 MB	15.0.1
Synaptics Pointing Device Driver	Synaptics	26.02.2011		10.2.7.0
VAIO Control Center	Sony Corporation	26.02.2011		3.1.00.07110
VAIO Energie Verwaltung	Sony Corporation	26.02.2011		3.1.00.08060
VLC media player 1.1.11	VideoLAN	30.10.2011		1.1.11
WIDCOMM Bluetooth Software	Broadcom Corporation	29.06.2011	144.3 MB	6.2.0.9600
Windows 7 USB/DVD Download Tool	Microsoft Corporation	10.05.2011	0.85 MB	1.0.24.0
WinRAR 4.00 beta 7 (64-bit)	win.rar GmbH	26.02.2011		4.00.7
µTorrent		30.10.2011		2.2.0

Was mir mit CCleaner auffällt: nach jeder reinigung sammeln sich an die 400 mb an "System - Error Log Files" an.

Erneuter OTL scan wird nachgeliefert. Danke Schön soweit.

8hours · 02.11.2011, 08:28

otl.txt

Code:

ATTFilter

OTL logfile created on: 02.11.2011 01:26:30 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Maryam\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 61.99% Memory free
7.68 Gb Paging File | 6.04 Gb Available in Paging File | 78.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.58 Gb Total Space | 55.97 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
Drive D: | 111.47 Gb Total Space | 26.28 Gb Free Space | 23.58% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MARZA | User Name: Maryam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.31 22:10:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maryam\Desktop\OTL.exe
PRC - [2011.10.11 11:12:32 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011.10.11 11:12:26 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011.10.11 11:06:15 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011.09.24 14:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Maryam\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.19 04:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
PRC - [2011.05.12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
PRC - [2011.05.12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
PRC - [2011.04.07 19:27:20 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011.03.14 13:31:35 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010.10.14 09:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
PRC - [2009.07.01 17:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008.07.28 17:45:42 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008.07.28 17:45:42 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.11.20 13:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.01 17:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2008.08.06 18:06:48 | 000,407,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2011.10.11 11:12:32 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011.10.11 11:12:26 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011.10.11 11:06:15 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011.09.24 14:03:42 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2011.09.22 19:43:28 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.19 04:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.05.12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.05.12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.03.17 10:23:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.03.14 13:31:35 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.28 17:45:42 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.11 11:12:29 | 000,144,672 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011.10.11 11:06:08 | 000,026,104 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdcfilter.sys -- (sdcfilter)
DRV:64bit: - [2011.10.11 11:06:01 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011.09.22 19:29:18 | 000,022,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.17 10:18:03 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.04.14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.01.26 07:16:00 | 000,087,040 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.10.21 16:16:54 | 000,243,200 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.10 14:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.09.01 11:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.09.01 11:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.01 11:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.01 11:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.22 14:16:48 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.27 14:21:02 | 000,321,072 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.05.06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007.08.03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2011.05.19 04:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD)
DRV - [2011.05.16 19:54:00 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/08/05 21:18:32] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2010.11.17 21:29:20 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/03/13 23:56:39] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: scroogle (Enabled)
CHR - default_search_provider: search_url = https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi?Gw={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Maryam\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Maryam\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.11.02 00:41:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Limited)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - Startup: C:\Users\Maryam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maryam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00EC8595-7ACE-45F5-BDC9-6CB3837FBC09}: DhcpNameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3069806B-0D7B-4538-B83D-226D45FD08CC}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F6CE185-EA20-4D9A-9CF0-2A6A260C79F3}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D932C5DD-0964-4C22-9B2F-D6CEE834B8F2}: DhcpNameServer = 192.168.207.1 141.44.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.02 00:40:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.01 21:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.10.31 22:10:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Maryam\Desktop\OTL.exe
[2011.10.31 20:24:16 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\vlc
[2011.10.31 20:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.10.31 15:00:25 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\SUPERAntiSpyware.com
[2011.10.31 12:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.10.31 12:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.10.31 11:26:01 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Malwarebytes
[2011.10.31 11:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.31 11:25:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.10.31 11:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.31 09:38:47 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.10.30 23:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.10.30 22:53:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.10.30 22:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.10.30 19:40:24 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Avira
[2011.10.30 19:34:55 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.30 19:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.30 19:34:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.30 19:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.10.30 18:58:24 | 000,000,000 | ---D | C] -- C:\Intel
[2011.10.30 18:40:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.10.30 18:40:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.10.30 18:40:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.10.30 18:40:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.30 18:40:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.10.30 18:40:23 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.10.30 18:40:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.10.30 18:40:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.10.30 18:40:22 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.10.30 18:40:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.10.30 18:40:22 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.10.30 18:40:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.30 18:40:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.30 18:40:22 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.10.30 18:40:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.10.30 18:40:22 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.10.30 18:40:22 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.10.30 18:40:22 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.10.30 18:40:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.10.30 18:40:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.10.30 18:40:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.10.30 18:40:22 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.10.30 18:40:22 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.10.30 18:40:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.10.30 18:40:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.30 18:40:21 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.10.30 18:40:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.10.30 18:40:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.10.30 18:40:21 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.10.30 18:40:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.10.30 18:40:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.30 18:40:21 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.10.30 18:40:20 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.10.30 18:40:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.10.30 18:40:20 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.10.30 18:40:19 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.10.30 18:40:19 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.10.30 18:40:19 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.10.30 18:40:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.30 18:40:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.10.30 18:40:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.10.30 18:40:19 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.10.30 18:40:19 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.10.30 18:40:19 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.30 18:40:19 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.10.30 18:40:19 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.10.30 18:40:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.10.30 18:40:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.10.30 18:40:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.10.30 18:40:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.10.30 18:40:19 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.10.30 18:40:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.10.30 18:40:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.10.30 18:40:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.10.30 18:40:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.10.30 18:40:18 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.10.30 18:40:18 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.10.30 18:40:18 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.10.30 18:40:18 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.30 18:40:18 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.10.30 18:40:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.30 18:40:18 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.10.30 18:40:18 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.30 18:40:18 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.10.30 18:40:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.10.30 18:40:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.10.30 18:40:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.10.30 18:40:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.30 18:40:17 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.30 18:40:17 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.10.30 18:40:17 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.10.30 18:40:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.10.30 18:15:28 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Local\Sophos
[2011.10.28 10:36:13 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\dvdcss
[2011.10.27 21:27:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.23 23:30:13 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Desktop\recordings
[2011.10.22 09:01:15 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Desktop\New folder
[2011.10.19 13:55:05 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Documents\Downloads
[2011.10.17 12:39:27 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2011.10.17 12:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2011.10.16 13:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2011.10.16 13:49:00 | 000,243,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2011.10.16 13:49:00 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2011.10.16 13:49:00 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2011.10.16 13:49:00 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2011.10.16 13:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner
[2011.10.13 10:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
[2011.10.13 10:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MiKTeX 2.9
[2011.10.13 10:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyX20
[2011.10.13 09:21:56 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.13 09:21:56 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.13 09:21:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.13 09:21:56 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.13 09:21:48 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.13 09:21:48 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.12 12:50:24 | 000,000,000 | ---D | C] -- C:\Users\Maryam\Desktop\Iran
[2011.10.12 12:34:46 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\LyX2.0
[2011.10.11 11:12:50 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.10.11 11:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2011.10.11 11:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011.10.11 11:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Cisco Systems
[2011.10.11 11:06:56 | 000,037,400 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2011.10.11 11:06:09 | 000,144,672 | ---- | C] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011.10.11 11:06:08 | 000,026,104 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2011.10.11 11:06:05 | 000,183,024 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2011.10.11 11:06:01 | 000,025,608 | ---- | C] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2011.10.11 11:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2011.10.11 11:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011.10.08 10:31:20 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Foxit Software
[2011.10.07 18:16:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.10.07 18:15:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.10.06 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Maryam\AppData\Roaming\Sammsoft
[2011.10.06 19:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2011
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.02 01:23:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001UA.job
[2011.11.02 00:50:20 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 00:50:20 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.02 00:42:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.02 00:42:29 | 3094,573,056 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.02 00:41:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.11.01 21:48:24 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.01 14:37:14 | 000,619,146 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.01 14:37:14 | 000,107,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.01 14:37:13 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.01 14:35:27 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.10.31 22:10:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maryam\Desktop\OTL.exe
[2011.10.31 22:05:11 | 000,000,188 | ---- | M] () -- C:\Users\Maryam\defogger_reenable
[2011.10.31 20:27:53 | 000,050,477 | ---- | M] () -- C:\Users\Maryam\Desktop\Defogger.exe
[2011.10.31 20:24:04 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.10.31 17:23:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001Core.job
[2011.10.31 12:26:13 | 001,702,382 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.10.31 12:12:50 | 000,388,824 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_commerz.pdf
[2011.10.31 12:04:39 | 000,388,985 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_internet_nov.pdf
[2011.10.31 12:02:05 | 000,389,559 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_rent_nov.pdf
[2011.10.31 11:55:45 | 000,389,193 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_GA.pdf
[2011.10.31 11:15:45 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.10.31 11:15:45 | 000,002,239 | ---- | M] () -- C:\Users\Maryam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.30 22:49:41 | 000,001,365 | ---- | M] () -- C:\Users\Maryam\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011.10.30 18:40:23 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.10.30 18:40:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011.10.30 18:40:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011.10.30 18:40:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.30 18:40:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011.10.30 18:40:23 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011.10.30 18:40:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.10.30 18:40:22 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011.10.30 18:40:22 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.10.30 18:40:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011.10.30 18:40:22 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.10.30 18:40:22 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.30 18:40:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.30 18:40:22 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011.10.30 18:40:22 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011.10.30 18:40:22 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.10.30 18:40:22 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011.10.30 18:40:22 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011.10.30 18:40:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.10.30 18:40:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.10.30 18:40:22 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011.10.30 18:40:22 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011.10.30 18:40:22 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011.10.30 18:40:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.10.30 18:40:22 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.30 18:40:21 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011.10.30 18:40:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011.10.30 18:40:21 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.10.30 18:40:21 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.10.30 18:40:21 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011.10.30 18:40:21 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.30 18:40:21 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011.10.30 18:40:20 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011.10.30 18:40:20 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011.10.30 18:40:20 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011.10.30 18:40:19 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.10.30 18:40:19 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.10.30 18:40:19 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011.10.30 18:40:19 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.30 18:40:19 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.10.30 18:40:19 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011.10.30 18:40:19 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011.10.30 18:40:19 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.10.30 18:40:19 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.30 18:40:19 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011.10.30 18:40:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011.10.30 18:40:19 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.10.30 18:40:19 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011.10.30 18:40:19 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011.10.30 18:40:19 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011.10.30 18:40:19 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011.10.30 18:40:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011.10.30 18:40:19 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011.10.30 18:40:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.10.30 18:40:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011.10.30 18:40:18 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.10.30 18:40:18 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011.10.30 18:40:18 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011.10.30 18:40:18 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.30 18:40:18 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011.10.30 18:40:18 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.30 18:40:18 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011.10.30 18:40:18 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.30 18:40:18 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.10.30 18:40:18 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.10.30 18:40:18 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011.10.30 18:40:18 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.10.30 18:40:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.30 18:40:17 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.30 18:40:17 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.10.30 18:40:17 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011.10.30 18:40:17 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011.10.27 21:41:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.10.26 07:35:29 | 000,000,428 | ---- | M] () -- C:\Users\Maryam\Desktop\Document.rtf
[2011.10.25 15:29:27 | 000,964,181 | ---- | M] () -- C:\Users\Maryam\Desktop\3.jpeg
[2011.10.25 15:28:32 | 001,217,483 | ---- | M] () -- C:\Users\Maryam\Desktop\2.jpeg
[2011.10.25 15:27:33 | 001,623,929 | ---- | M] () -- C:\Users\Maryam\Desktop\1.jpeg
[2011.10.25 11:40:49 | 000,000,016 | -H-- | M] () -- C:\Windows\SysWow64\servdat.slm
[2011.10.25 11:34:38 | 000,000,219 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.tgz
[2011.10.25 11:34:38 | 000,000,205 | ---- | M] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.10.21 15:42:49 | 000,126,390 | ---- | M] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN (1).pdf
[2011.10.21 15:39:45 | 000,126,390 | ---- | M] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.pdf
[2011.10.21 12:08:44 | 269,389,405 | ---- | M] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.prn
[2011.10.19 17:41:48 | 000,010,240 | ---- | M] () -- C:\Users\Maryam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.19 08:31:07 | 000,002,645 | ---- | M] () -- C:\Users\Maryam\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011.10.18 09:06:41 | 000,001,219 | ---- | M] () -- C:\Users\Maryam\Desktop\Cisco AnyConnect VPN Client.lnk
[2011.10.17 12:00:43 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011.10.16 22:05:39 | 000,056,512 | ---- | M] () -- C:\Users\Maryam\Desktop\GA1 chronological.pdf
[2011.10.16 22:04:43 | 000,044,154 | ---- | M] () -- C:\Users\Maryam\Desktop\GA1 overview.pdf
[2011.10.16 13:49:05 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.10.15 17:18:13 | 000,921,652 | ---- | M] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg.pdf
[2011.10.14 12:28:05 | 004,976,392 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.13 10:43:00 | 000,001,981 | ---- | M] () -- C:\Users\Maryam\Desktop\LyX 2.0.lnk
[2011.10.13 09:44:40 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.10.11 11:12:29 | 000,144,672 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\drivers\savonaccess.sys
[2011.10.11 11:06:08 | 000,026,104 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\sdcfilter.sys
[2011.10.11 11:06:05 | 000,183,024 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\sdccoinstaller.dll
[2011.10.11 11:06:05 | 000,037,400 | ---- | M] (Sophos Limited) -- C:\Windows\SysNative\SophosBootTasks.exe
[2011.10.11 11:06:01 | 000,025,608 | ---- | M] (Sophos Plc) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys
[2011.10.11 10:23:05 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old
[2011.10.09 10:27:20 | 000,027,245 | ---- | M] () -- C:\Users\Maryam\Desktop\1. Semester_WS 11_12[1].pdf
[2011.10.07 18:27:32 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2011.10.07 18:27:31 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
 
========== Files Created - No Company Name ==========
 
[2011.11.01 21:48:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.31 22:05:10 | 000,000,188 | ---- | C] () -- C:\Users\Maryam\defogger_reenable
[2011.10.31 21:21:47 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.10.31 20:27:53 | 000,050,477 | ---- | C] () -- C:\Users\Maryam\Desktop\Defogger.exe
[2011.10.31 20:24:04 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.10.31 12:26:04 | 001,702,382 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.10.31 12:12:50 | 000,388,824 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_commerz.pdf
[2011.10.31 12:04:39 | 000,388,985 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_internet_nov.pdf
[2011.10.31 12:02:05 | 000,389,559 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_rent_nov.pdf
[2011.10.31 11:55:45 | 000,389,193 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg_GA.pdf
[2011.10.31 11:15:45 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.10.31 11:15:45 | 000,002,239 | ---- | C] () -- C:\Users\Maryam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011.10.26 07:35:28 | 000,000,428 | ---- | C] () -- C:\Users\Maryam\Desktop\Document.rtf
[2011.10.25 12:50:27 | 000,964,181 | ---- | C] () -- C:\Users\Maryam\Desktop\3.jpeg
[2011.10.25 12:49:46 | 001,217,483 | ---- | C] () -- C:\Users\Maryam\Desktop\2.jpeg
[2011.10.25 12:49:04 | 001,623,929 | ---- | C] () -- C:\Users\Maryam\Desktop\1.jpeg
[2011.10.21 15:42:52 | 000,126,390 | ---- | C] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN (1).pdf
[2011.10.21 15:39:44 | 000,126,390 | ---- | C] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.pdf
[2011.10.21 12:08:25 | 269,389,405 | ---- | C] () -- C:\Users\Maryam\Desktop\1234359_1_1_Haftpflicht_Fragebogen_VN.prn
[2011.10.19 08:31:07 | 000,002,645 | ---- | C] () -- C:\Users\Maryam\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011.10.18 15:59:17 | 000,083,401 | ---- | C] () -- C:\Users\Maryam\Desktop\Planning_3rd_Semester_WS_2011_12 (1).pdf
[2011.10.18 15:59:17 | 000,027,245 | ---- | C] () -- C:\Users\Maryam\Desktop\1. Semester_WS 11_12[1].pdf
[2011.10.18 09:06:41 | 000,001,219 | ---- | C] () -- C:\Users\Maryam\Desktop\Cisco AnyConnect VPN Client.lnk
[2011.10.16 22:05:39 | 000,056,512 | ---- | C] () -- C:\Users\Maryam\Desktop\GA1 chronological.pdf
[2011.10.16 22:04:43 | 000,044,154 | ---- | C] () -- C:\Users\Maryam\Desktop\GA1 overview.pdf
[2011.10.16 13:49:05 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2011.10.15 17:18:13 | 000,921,652 | ---- | C] () -- C:\Users\Maryam\Desktop\Auftritt der Stadtsparkasse Magdeburg.pdf
[2011.10.13 10:43:00 | 000,001,981 | ---- | C] () -- C:\Users\Maryam\Desktop\LyX 2.0.lnk
[2011.10.13 10:25:32 | 000,001,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LyX 2.0.lnk
[2011.10.13 09:44:40 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.10.13 09:44:40 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.10.01 21:21:26 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.30 15:13:22 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2011.09.30 15:07:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.03.16 20:03:39 | 000,010,240 | ---- | C] () -- C:\Users\Maryam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.15 16:39:54 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2011.03.15 16:39:54 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2011.03.15 16:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2011.03.15 16:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2011.03.15 16:39:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2011.03.15 16:38:07 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.03.15 16:38:07 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.02.27 19:14:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.02.27 03:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2011.02.27 02:35:43 | 000,007,605 | ---- | C] () -- C:\Users\Maryam\AppData\Local\Resmon.ResmonCfg
[2010.08.25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.08.25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.09.16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.12.09 14:11:00 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\intedreg.exe
 
========== LOP Check ==========
 
[2011.09.17 12:44:50 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\12Voip
[2011.08.10 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Auslogics
[2011.09.30 15:07:58 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\CAD-KAS
[2011.09.10 12:13:47 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.09.11 23:03:24 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.04.04 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\COWON
[2011.10.30 19:39:45 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\DAEMON Tools Lite
[2011.09.30 14:19:32 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Downloaded Installations
[2011.11.02 01:14:50 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Dropbox
[2011.10.08 10:31:20 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Foxit Software
[2011.10.22 11:39:51 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\JustVoip
[2011.10.13 10:33:28 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\LyX2.0
[2011.09.30 15:03:00 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Nitro PDF
[2011.04.14 20:16:10 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Nokia
[2011.10.31 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Nvu
[2011.09.18 14:40:35 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\ooVoo Details
[2011.04.14 20:12:53 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\PC Suite
[2011.10.06 19:47:48 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Sammsoft
[2011.08.17 19:25:13 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\Telefónica
[2011.11.02 01:26:26 | 000,000,000 | ---D | M] -- C:\Users\Maryam\AppData\Roaming\uTorrent
[2011.09.18 20:27:35 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Maryam\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 02.11.2011 01:26:30 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Maryam\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.84 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 61.99% Memory free
7.68 Gb Paging File | 6.04 Gb Available in Paging File | 78.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.58 Gb Total Space | 55.97 Gb Free Space | 50.16% Space Free | Partition Type: NTFS
Drive D: | 111.47 Gb Total Space | 26.28 Gb Free Space | 23.58% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MARZA | User Name: Maryam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.00 beta 7 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version]
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7240A69A-AC53-46A1-9039-1281DDBBE452}" = Cisco AnyConnect VPN Client
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aspell" = Aspell Data
"Aspell6-Dictionary-en" = Aspell 0.6 Dictionary (Language: en)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit Reader_is1" = Foxit Reader 5.0
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Chrome" = Google Chrome
"Intense Language Office" = Intense Language Office
"LyX20" = LyX 2.0.0-3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mobile Partner" = Mobile Partner
"NSIS_ldoce5" = Longman Dictionary of Contemporary English 5th Edition
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.11.2011 19:43:27 | Computer Name = marza | Source = ESENT | ID = 455
Description = Windows (3796) Windows: Error -1811 occurred while opening logfile
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00011.log.
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 01.11.2011 19:43:28 | Computer Name = marza | Source = Windows Search Service | ID = 7010
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 31.10.2011 06:36:13 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 31.10.2011 07:41:06 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 31.10.2011 09:11:13 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 31.10.2011 13:47:58 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 31.10.2011 14:04:22 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 31.10.2011 17:06:43 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 31.10.2011 18:24:27 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 01.11.2011 09:32:33 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 01.11.2011 16:41:27 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
Error - 01.11.2011 19:42:56 | Computer Name = marza | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:
 C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:
 No such file or directory
 
[ OSession Events ]
Error - 12.04.2011 06:08:39 | Computer Name = marza | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6835
 seconds with 2880 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.08.2011 15:07:52 | Computer Name = marza | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the VAIO
 Power Management service to connect.
 
Error - 05.08.2011 15:07:52 | Computer Name = marza | Source = Service Control Manager | ID = 7000
Description = The VAIO Power Management service failed to start due to the following
 error:   %%1053
 
Error - 05.08.2011 15:18:11 | Computer Name = marza | Source = Service Control Manager | ID = 7030
Description = The CyberLink PowerDVD 11.0 Service service is marked as an interactive
 service.  However, the system is configured to not allow interactive services. 
 This service may not function properly.
 
Error - 05.08.2011 15:18:13 | Computer Name = marza | Source = Service Control Manager | ID = 7030
Description = The CyberLink PowerDVD 11.0 Monitor Service service is marked as an
 interactive service.  However, the system is configured to not allow interactive
 services.  This service may not function properly.
 
Error - 05.08.2011 15:19:01 | Computer Name = marza | Source = bowser | ID = 8003
Description = 
 
Error - 05.08.2011 21:17:16 | Computer Name = marza | Source = ipnathlp | ID = 31004
Description = 
 
Error - 06.08.2011 04:21:01 | Computer Name = marza | Source = ipnathlp | ID = 31004
Description = 
 
Error - 06.08.2011 05:03:56 | Computer Name = marza | Source = ipnathlp | ID = 31004
Description = 
 
Error - 06.08.2011 06:08:56 | Computer Name = marza | Source = ipnathlp | ID = 31004
Description = 
 
Error - 06.08.2011 10:03:57 | Computer Name = marza | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

kira · 02.11.2011, 09:27

1.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

3.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

8hours · 02.11.2011, 23:15

Hier das Ergebnis des SUPERAntiScans....

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 11/02/2011 at 10:42 PM

Application Version : 5.0.1134

Core Rules Database Version : 7885
Trace Rules Database Version: 5697

Scan type       : Complete Scan
Total Scan Time : 02:28:24

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 637
Memory threats detected   : 0
Registry items scanned    : 72656
Registry threats detected : 0
File items scanned        : 167275
File threats detected     : 0

Syptome sind die gleichen wie urspruenglich:
Umleitung von gooogle auf Werbeseiten, sowie Browserfenster die sich selbstaendig oeffnen. Die Umleitungsadresse scheint taeglich zu wechseln, heute mit dem schoenen Namen: wonderfulseachsystem.com

Sonst keine Auffaelligkeiten oder Probleme.

kira · 03.11.2011, 11:59

Schritt 4. - fehlt noch!

außerdem:
1.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

2.
-> SICHEREN BROWSER VERWENDEN z.B. -> Erweiterungen für Firefox

3.
Dazu installiere noch:
Adblock Plus

8hours · 03.11.2011, 19:45

Hallo,

wir kommen der Sache näher...

Der Scan mit Eset Online scan ergab folgendes:

Code:

ATTFilter

C:\Users\Maryam\Downloads\FreeYouTubeDownloaderSetup.exe	a variant of Win32/Toolbar.Zugo application	deleted - quarantined
C:\Windows\system64\consrv.dll	Win64/Sirefef.D trojan	cleaned by deleting - quarantined
Operating memory	a variant of Win32/Sirefef.CH trojan

Nach dem Scan war das System nicht mehr bootfähig und musste mit System Restore wiederhergestellt werden. Ich vemute, dass durch die Löschung von consrv.dll windows nicht geladen werden konnte?

Die Umleitung ist übrigens Browserunabhängig, gesestet mit chrome & IE10 .

Hier das Ergebnis des MRB scans:

Code:

ATTFilter

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-03 19:35:42
-----------------------------
19:35:42.412    OS Version: Windows x64 6.1.7601 Service Pack 1
19:35:42.413    Number of processors: 2 586 0xF0D
19:35:42.414    ComputerName: MARZA  UserName: 
19:35:44.663    Initialize success
19:36:34.902    AVAST engine defs: 11110300
19:38:58.585    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:38:58.590    Disk 0 Vendor: TOSHIBA_MK2552GSX LV010A Size: 238475MB BusType: 11
19:38:58.596    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000071
19:38:58.600    Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
19:38:58.610    Disk 2  \Device\Harddisk2\DR2 -> \Device\00000072
19:38:58.615    Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
19:39:00.662    Disk 0 MBR read successfully
19:39:00.669    Disk 0 MBR scan
19:39:00.681    Disk 0 Windows 7 default MBR code
19:39:00.689    Service scanning
19:39:02.202    Modules scanning
19:39:02.211    Disk 0 trace - called modules:
19:39:02.263    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
19:39:02.275    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bfb490]
19:39:02.286    3 CLASSPNP.SYS[fffff8800195843f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004713060]
19:39:03.094    AVAST engine scan C:\Windows
19:39:04.857    AVAST engine scan C:\Windows\system32
19:39:15.890    File: C:\Windows\system32\consrv.dll  **INFECTED** Win32:Malware-gen
19:40:45.721    AVAST engine scan C:\Windows\system32\drivers
19:40:54.833    AVAST engine scan C:\Users\Maryam
19:43:18.521    Disk 0 MBR has been saved successfully to "C:\Users\Maryam\Desktop\MBR.dat"
19:43:18.528    The log file has been saved successfully to "C:\Users\Maryam\Desktop\aswMBR.txt"

Schöne Grüße

kira · 04.11.2011, 14:05

sieht nicht gut aus, hoffentlich ComboFix kann dein Problem lösen...

1.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!

2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows 2000 (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

8hours · 13.11.2011, 11:01

Hallo,

der Scan mit ComboFix hat die Sache bereinigt. Vielen Dank!

Leider sind die Logfiles mittlerweile abhanden gekommen, deshalb kann ich hier nichts vorzeigen.

kira · 14.11.2011, 13:40

Zitat:

Zitat von 8hours

der Scan mit ComboFix hat die Sache bereinigt. Vielen Dank!

Leider sind die Logfiles mittlerweile abhanden gekommen, deshalb kann ich hier nichts vorzeigen.

schaue mal bitte nach:

Code:

ATTFilter

C:\Qoobox 
oder C:\ComboFix.txt

8hours · 21.11.2011, 20:40

Hier nochmal die ComboFix log Datei

[CODE]
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-05.02 - Maryam 05.11.2011   9:22.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1033.18.3935.2273 [GMT 1:00]
ausgeführt von:: c:\users\Maryam\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\fix_gr_xhs.mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\new_fix_X_xPhs_xPls_uPhs_uPls_defe.mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\pearson-correlation-timecourse-dmpfc-precuneus (1).mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\pearson-correlation-timecourse-dmpfc-precuneus (2).mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\phs_gr_pls.mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\pls_gr_phs.mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\xhs_gr_fix.mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\xhs_gr_xls.mat
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Recent\xls_gr_xhs.mat
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\lsprst7.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-05 bis 2011-11-05  ))))))))))))))))))))))))))))))
.
.
2011-11-05 08:34 . 2011-11-05 08:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-04 17:21 . 2011-11-04 17:21	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFFF0060-49B4-434D-BD75-8386BC95B753}\offreg.dll
2011-11-04 17:21 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFFF0060-49B4-434D-BD75-8386BC95B753}\mpengine.dll
2011-11-03 00:36 . 2011-11-03 00:36	--------	d-----w-	c:\program files (x86)\ESET
2011-11-02 09:32 . 2011-11-03 16:26	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-11-02 09:32 . 2011-11-02 09:32	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-11-01 23:40 . 2011-11-01 23:40	--------	d-----w-	C:\_OTL
2011-11-01 20:48 . 2011-11-03 16:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-31 19:24 . 2011-11-03 16:26	--------	d-----w-	c:\users\Maryam\AppData\Roaming\vlc
2011-10-31 14:00 . 2011-10-31 14:00	--------	d-----w-	c:\users\Maryam\AppData\Roaming\SUPERAntiSpyware.com
2011-10-31 11:25 . 2011-10-31 13:10	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2011-10-31 11:23 . 2011-10-31 11:46	--------	d-----w-	c:\programdata\PC Tools
2011-10-31 10:26 . 2011-10-31 10:26	--------	d-----w-	c:\users\Maryam\AppData\Roaming\Malwarebytes
2011-10-31 10:25 . 2011-11-03 16:24	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-31 10:25 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-30 21:53 . 2011-10-31 10:15	--------	d-----w-	c:\program files (x86)\Google
2011-10-30 21:52 . 2011-10-31 18:59	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-10-30 18:40 . 2011-10-30 18:40	--------	d-----w-	c:\users\Maryam\AppData\Roaming\Avira
2011-10-30 18:34 . 2011-10-19 15:56	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-10-30 18:34 . 2011-10-30 18:34	--------	d-----w-	c:\programdata\Avira
2011-10-30 18:34 . 2011-10-30 18:34	--------	d-----w-	c:\program files (x86)\Avira
2011-10-30 18:30 . 2011-11-03 16:26	--------	d-----w-	c:\program files\CCleaner
2011-10-30 17:58 . 2011-10-30 17:58	--------	d-----w-	C:\Intel
2011-10-30 17:15 . 2011-10-30 17:15	--------	d-----w-	c:\users\Maryam\AppData\Local\Sophos
2011-10-28 09:36 . 2011-10-28 09:36	--------	d-----w-	c:\users\Maryam\AppData\Roaming\dvdcss
2011-10-27 20:27 . 2011-10-27 20:27	--------	d-----w-	c:\windows\system32\Macromed
2011-10-17 11:39 . 2011-10-17 11:39	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2011-10-16 12:49 . 2009-10-21 15:16	243200	----a-w-	c:\windows\system32\drivers\ewusbnet.sys
2011-10-16 12:49 . 2009-10-12 13:23	114304	----a-w-	c:\windows\system32\drivers\ewusbdev.sys
2011-10-16 12:49 . 2009-09-10 13:31	117248	----a-w-	c:\windows\system32\drivers\ewusbmdm.sys
2011-10-16 12:49 . 2007-08-09 02:10	29696	----a-w-	c:\windows\system32\drivers\ewdcsc.sys
2011-10-16 12:48 . 2011-10-31 19:00	--------	d-----w-	c:\program files (x86)\Mobile Partner
2011-10-13 09:19 . 2011-10-13 09:20	--------	d-----w-	c:\program files (x86)\MiKTeX 2.9
2011-10-13 09:16 . 2011-10-31 19:00	--------	d-----w-	c:\program files (x86)\LyX20
2011-10-13 08:21 . 2011-09-06 03:03	3138048	----a-w-	c:\windows\system32\win32k.sys
2011-10-13 08:21 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-13 08:21 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-13 08:21 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-13 08:21 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-13 08:21 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-13 08:21 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-13 08:21 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-13 08:21 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-12 11:34 . 2011-10-13 09:33	--------	d-----w-	c:\users\Maryam\AppData\Roaming\LyX2.0
2011-10-11 10:12 . 2011-10-11 10:12	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-10-11 10:07 . 2011-11-03 16:26	--------	d-----w-	c:\programdata\Sophos Web Intelligence
2011-10-11 10:07 . 2011-10-11 10:07	--------	d-----w-	c:\program files (x86)\Common Files\Cisco Systems
2011-10-11 10:06 . 2011-10-11 10:06	37400	----a-w-	c:\windows\system32\SophosBootTasks.exe
2011-10-11 10:06 . 2011-10-11 10:12	144672	----a-w-	c:\windows\system32\drivers\savonaccess.sys
2011-10-11 10:06 . 2011-10-11 10:06	26104	----a-w-	c:\windows\system32\drivers\sdcfilter.sys
2011-10-11 10:06 . 2011-10-11 10:06	183024	----a-w-	c:\windows\system32\sdccoinstaller.dll
2011-10-11 10:06 . 2011-10-11 10:06	25608	----a-w-	c:\windows\system32\drivers\SophosBootDriver.sys
2011-10-11 10:05 . 2011-10-31 19:02	--------	d-----w-	c:\program files (x86)\Sophos
2011-10-11 10:05 . 2011-10-11 10:06	--------	d-----w-	c:\programdata\Sophos
2011-10-08 09:31 . 2011-10-08 09:31	--------	d-----w-	c:\users\Maryam\AppData\Roaming\Foxit Software
2011-10-07 17:16 . 2011-10-31 19:02	--------	d-----w-	c:\windows\system32\SPReview
2011-10-07 17:15 . 2011-10-31 19:02	--------	d-----w-	c:\windows\system32\EventProviders
2011-10-06 18:47 . 2011-10-06 18:47	--------	d-----w-	c:\users\Maryam\AppData\Roaming\Sammsoft
2011-10-06 18:47 . 2011-10-07 20:22	--------	d-----w-	c:\program files (x86)\ARO 2011
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-27 20:41 . 2011-05-22 08:14	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 17:27 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-10-07 17:27 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-09-30 14:07 . 2011-09-30 14:07	80896	----a-w-	c:\windows\cadkasdeinst01.exe
2011-09-24 13:03 . 2011-09-24 13:03	68928	----a-w-	c:\windows\SysWow64\NLSSRV32.EXE
2011-09-24 13:02 . 2011-09-30 13:21	17216	----a-w-	c:\windows\system32\nitrolocalui.dll
2011-09-24 13:02 . 2011-09-30 13:21	28992	----a-w-	c:\windows\system32\nitrolocalmon.dll
2011-09-22 18:44 . 2011-09-22 18:44	10680	----a-w-	c:\windows\SysWow64\vpncategories.dll
2011-09-22 18:44 . 2011-09-22 18:44	30648	----a-w-	c:\windows\SysWow64\vpnevents.dll
2011-09-22 18:29 . 2011-09-22 18:29	22264	----a-w-	c:\windows\system32\drivers\vpnva64.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2010-10-14 487424]
"ILO_Office_Manager"="IntEdReg.exe" [2006-12-09 53760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Maryam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Maryam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-28 16:45	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [x]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/13 23:56];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-11-17 20:29 146928]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/08/05 21:18];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-05-16 18:54 148976]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-05-19 83240]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-05-12 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-05-12 312616]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-09-24 68928]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-05-19 75248]
R2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-10-11 167960]
R2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-10-11 1543704]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 407392]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7ABB.tmp [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2011-10-11 99864]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001Core.job
- c:\users\Maryam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 08:53]
.
2011-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2410179425-3192362434-292892601-1001UA.job
- c:\users\Maryam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 08:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Maryam\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"combofix"="c:\combofix\CF31226.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF31226.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.191.92.87 62.109.123.6
TCP: Interfaces\{00EC8595-7ACE-45F5-BDC9-6CB3837FBC09}\1405F5659535: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00EC8595-7ACE-45F5-BDC9-6CB3837FBC09}\64259445A51224F6870264F6E60275C414E40273237303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3069806B-0D7B-4538-B83D-226D45FD08CC}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{7F6CE185-EA20-4D9A-9CF0-2A6A260C79F3}: NameServer = 193.189.244.225 193.189.244.206
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{5F5867F0-2D23-4338-A206-01A76C823924} - c:\program files (x86)\InstallShield Installation Information\{5F5867F0-2D23-4338-A206-01A76C823924}\setup.exe
AddRemove-{72042FA6-5609-489F-A8EA-3C2DD650F667} - c:\program files (x86)\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe
AddRemove-{A7DA438C-2E43-4C20-BFDA-C1F4A6208558} - c:\program files (x86)\InstallShield Installation Information\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}\setup.exe
AddRemove-{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} - c:\program files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe
AddRemove-{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A} - c:\program files (x86)\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe
AddRemove-{F232C87C-6E92-4775-8210-DFE90B7777D9} - c:\program files (x86)\InstallShield Installation Information\{F232C87C-6E92-4775-8210-DFE90B7777D9}\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7ABB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}"=hex:51,66,7a,6c,4c,1d,38,12,fb,75,f9,
   3d,c0,fd,2a,09,db,aa,6a,3a,df,d1,96,21
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:49,33,0d,d7,4d,97,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,ce,b7,86,65,85,9f,4a,83,e8,21,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3f,ce,b7,86,65,85,9f,4a,83,e8,21,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-05  09:47:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-11-05 08:47
.
Vor Suchlauf: 63'816'843'264 bytes free
Nach Suchlauf: 63'548'604'416 bytes free
.
- - End Of File - - 73A6F78AA50049C47F27AFB638310548

--- --- ---

Schoene Gruesse!

kira · 22.11.2011, 09:09

zur Nachkontrolle:

erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Google Redirect Virus - TDSSKiller bringt keine Treffer

Log-Analyse und Auswertung: Google Redirect Virus - TDSSKiller bringt keine Treffer