Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll

ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


Log-Analyse und Auswertung: ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.04.2010, 00:08   #1
sHaoMao
 
ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll - Standard

ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


Hi,

ich hab leider das gleiche Problem..(http://www.trojaner-board.de/84958-v...kt-worden.html) bekam 'ne Nachricht per ICQ vom Kollegen, irgendwas mit "schau dir dieses Bild mal an :-D *URL*".. da wir das öfters untereinander machen bin ich drauf, *.jpg gezogen, geöffnet, kam nix..

Seit dem bekomme ich beim Booten den Error :
RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll

Dazu kommt, dass permanent irgendwelche IE Site geöffnet werden.. außerdem hängt der PC etwas und in der Taskbar springt einfach ICQ rein und blinkt..

Hier meine HijackThis Logfile, ich hoffe ihr könnt mir helfen, ich verzweifle......

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 00:07:57, on 17.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\astsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Users\Shao\AppData\Local\Temp\Og8.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Games\Half Life 2\steam.exe
C:\Users\Public\winsvcn.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\Oxunod.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSWOW64\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows System Guard] C:\Users\Public\winsvcn.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "d:\games\half life 2\steam.exe" -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [Windows System Guard] C:\Users\Public\winsvcn.exe
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Windows\system32\sshnas21.dll,BackupReadW
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\Shao\AppData\Local\Temp\Og8.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{E72A87C5-4266-4C1B-81DF-99CA1353B877}: NameServer = 192.168.1.254
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SYSTEM32\astsrv.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9136 bytes
Hier noch meine vollstöndige Malwarebytes Log

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3930

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.04.2010 01:01:47
mbam-log-2010-04-17 (01-01-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 282870
Laufzeit: 40 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Shao\AppData\Local\Temp\Og8.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Shao\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Und hier die OTL Logs

Code:
ATTFilter
OTL logfile created on: 17.04.2010 01:02:54 - Run 2
OTL by OldTimer - Version 3.2.1.1     Folder = D:\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 155,71 Gb Free Space | 66,86% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 24,71 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHAO-PC
Current User Name: Shao
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Oxunod.exe ()
PRC - C:\Users\Shao\AppData\Local\Temp\Og8.exe ()
PRC - C:\Users\Public\winsvcn.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Games\Half Life 2\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Spyware Doctor\pctgmhk.dll (PC Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.)
DRV - (CSC) -- C:\Windows\CSC [2009.11.14 11:10:08 | 000,000,000 | ---D | M]
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\ElbyCDIO.dll (Elaborate Bytes AG)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB BF AF B2 34 83 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.14 22:07:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.16 20:49:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.14 22:07:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.16 20:49:55 | 000,000,000 | ---D | M]
 
[2009.11.14 12:08:04 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\mozilla\Extensions
[2009.11.14 12:08:04 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\mozilla\Firefox\Profiles\4tl3a6y9.default\extensions
[2010.04.16 13:27:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.21 14:18:18 | 000,000,841 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows System Guard] C:\Users\Public\winsvcn.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] d:\games\half life 2\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\winsvcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.29 08:12:19 | 000,000,048 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{67436c56-d0fd-11de-9f74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67436c56-d0fd-11de-9f74-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2008.08.29 08:12:17 | 001,407,832 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.16 20:56:40 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.04.16 20:56:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.04.16 20:56:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.04.16 20:52:16 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010.04.16 20:52:16 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010.04.16 20:52:14 | 000,230,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010.04.16 20:52:12 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\Shao\AppData\Roaming\PC Tools
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.04.16 20:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.04.14 22:08:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.04.14 22:08:37 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.04.14 22:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.04.14 22:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.04.14 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.14 22:06:40 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.14 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.04.08 12:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.04.08 12:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.04.07 16:26:07 | 000,000,000 | ---D | C] -- C:\Users\Shao\AppData\Local\Blizzard Entertainment
[2010.04.07 16:23:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010.04.05 14:33:31 | 000,000,000 | ---D | C] -- C:\Users\Shao\Documents\4A Games
[2010.04.05 14:32:24 | 000,000,000 | ---D | C] -- C:\Users\Shao\AppData\Local\4A Games
[2010.04.05 14:31:42 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.04.05 14:31:42 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.04.05 14:31:42 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.04.05 14:31:42 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.04.05 14:31:42 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.04.05 14:31:42 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.04.05 14:31:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.04.05 14:31:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.04.03 17:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.03 17:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.04.03 17:13:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.03 17:13:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.03 17:13:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[1 C:\Users\Shao\AppData\Roaming\*.tmp files -> C:\Users\Shao\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.17 01:06:23 | 002,621,440 | -HS- | M] () -- C:\Users\Shao\NTUSER.DAT
[2010.04.17 00:07:43 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.17 00:07:43 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.17 00:07:43 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.17 00:07:43 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.17 00:07:43 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.17 00:05:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.17 00:05:48 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.17 00:00:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.17 00:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.17 00:00:17 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.16 23:59:16 | 003,088,292 | -H-- | M] () -- C:\Users\Shao\AppData\Local\IconCache.db
[2010.04.16 23:22:19 | 000,164,352 | ---- | M] () -- C:\Windows\Oxunod.exe
[2010.04.16 21:39:27 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.04.16 20:52:16 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.04.16 20:49:55 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.16 19:58:10 | 000,164,352 | ---- | M] () -- C:\Windows\Oxunoc.exe
[2010.04.16 19:47:35 | 000,164,352 | ---- | M] () -- C:\Windows\Oxunob.exe
[2010.04.16 18:03:42 | 000,006,956 | ---- | M] () -- C:\cc_20100416_180334.reg
[2010.04.16 18:03:00 | 000,001,873 | ---- | M] () -- C:\Users\Shao\Desktop\CCleaner.lnk
[2010.04.16 17:43:12 | 000,164,352 | ---- | M] () -- C:\Windows\Oxunoa.exe
[2010.04.14 22:08:49 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.07 14:46:41 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.04.07 14:46:41 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.03 23:42:10 | 000,000,870 | ---- | M] () -- C:\Users\Shao\Desktop\Counter-Strike Source.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.29 22:06:23 | 000,006,656 | ---- | M] () -- C:\Users\Shao\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 15:04:24 | 000,012,109 | ---- | M] () -- C:\Users\Shao\Desktop\Training.xlsx
[2010.03.27 14:24:10 | 000,011,810 | ---- | M] () -- C:\Users\Shao\Desktop\Trainingsplan.docx
[2010.03.21 18:25:33 | 000,000,600 | ---- | M] () -- C:\Users\Shao\AppData\Roaming\winscp.rnd
[2010.03.18 21:15:49 | 000,001,699 | ---- | M] () -- C:\Users\Shao\Desktop\Photoshop.lnk
[1 C:\Users\Shao\AppData\Roaming\*.tmp files -> C:\Users\Shao\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.17 00:00:45 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunod.exe
[2010.04.16 20:56:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.04.16 20:56:40 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.04.16 20:56:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.04.16 20:56:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.04.16 20:56:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.04.16 20:52:16 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010.04.16 20:52:14 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010.04.16 20:52:13 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.04.16 20:52:12 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010.04.16 20:49:55 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.16 19:58:14 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunoc.exe
[2010.04.16 19:47:41 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunob.exe
[2010.04.16 18:03:39 | 000,006,956 | ---- | C] () -- C:\cc_20100416_180334.reg
[2010.04.16 17:43:16 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunoa.exe
[2010.04.14 22:08:49 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.08 12:31:25 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.03.27 00:11:06 | 000,012,109 | ---- | C] () -- C:\Users\Shao\Desktop\Training.xlsx
[2010.03.26 23:39:15 | 000,011,810 | ---- | C] () -- C:\Users\Shao\Desktop\Trainingsplan.docx
[2010.03.18 21:15:49 | 000,001,699 | ---- | C] () -- C:\Users\Shao\Desktop\Photoshop.lnk
[2010.02.28 18:41:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.02.28 18:41:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.02.28 18:41:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009.12.20 01:22:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.06 21:14:07 | 000,000,600 | ---- | C] () -- C:\Users\Shao\AppData\Roaming\winscp.rnd
[2009.12.01 23:05:56 | 000,006,656 | ---- | C] () -- C:\Users\Shao\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.14 11:44:14 | 000,000,020 | -HS- | C] () -- C:\Users\Shao\ntuser.ini
[2009.11.14 11:44:13 | 000,524,288 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.11.14 11:44:13 | 000,524,288 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.14 11:44:13 | 000,262,144 | -HS- | C] () -- C:\Users\Shao\ntuser.dat.LOG1
[2009.11.14 11:44:13 | 000,065,536 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.14 11:44:13 | 000,000,000 | -HS- | C] () -- C:\Users\Shao\ntuser.dat.LOG2
[2009.11.14 11:44:12 | 002,621,440 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Code:
ATTFilter
OTL Extras logfile created on: 17.04.2010 01:02:54 - Run 2
OTL by OldTimer - Version 3.2.1.1     Folder = D:\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 155,71 Gb Free Space | 66,86% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 24,71 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHAO-PC
Current User Name: Shao
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winsvcn.exe" = C:\Users\Public\winsvcn.exe:*:Enabled:Windows System Guard -- ()
"C:\Users\Public\winsvcn.exe" = C:\Users\Public\winsvcn.exe:*:Enabled:Windows System Guard -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{591362D4-590B-457E-9BA3-F4D9508B88BA}" = MobileMe Control Panel
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2DFAC810-6DD8-4E23-96A4-BEB118408203}" = Mask Pro 4.1
"{32C7FDDF-8D18-4B29-B81A-CDA512093274}" = Intellihance Pro 4.2
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7C723788-585C-4537-92AC-CF616209197C}" = PhotoTune 2
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EB46587-4354-411C-BBAC-A9BBB2131F3D}" = FocalPoint 1.0
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AC38B36B-90F8-4C1F-8AC9-236B851B8871}" = Genuine Fractals 5.0
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0198F7E-9D0D-4F94-B241-D943505DE194}" = Command and Conquer 4 Beta
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 1.0 Professional Edition
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AnyDVD" = AnyDVD
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Diablo II" = Diablo II
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 9" = FL Studio 9
"IL Download Manager" = IL Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.9.8
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"PoiZone" = PoiZone
"PokerStars.net" = PokerStars.net
"PokerTH 0.7.1" = PokerTH
"PunkBusterSvc" = PunkBuster Services
"Sawer" = Sawer
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 240" = Counter-Strike: Source
"Steam App 550" = Left 4 Dead 2
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.04.2010 18:24:47 | Computer Name = Shao-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4445c334  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x47e2d72b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02db553e
ID
 des fehlerhaften Prozesses: 0xd40  Startzeit der fehlerhaften Anwendung: 0x01cad37709986af3
Pfad
 der fehlerhaften Anwendung: d:\games\half life 2\steamapps\shao1501\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 b588583a-3f6f-11df-a90a-00508db3a509
 
Error - 03.04.2010 19:19:05 | Computer Name = Shao-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4445c334  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x47e2d72b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x006f553e
ID
 des fehlerhaften Prozesses: 0x600  Startzeit der fehlerhaften Anwendung: 0x01cad37c7a38ef3c
Pfad
 der fehlerhaften Anwendung: d:\games\half life 2\steamapps\shao1501\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 4b7a65d8-3f77-11df-a90a-00508db3a509
 
Error - 03.04.2010 19:40:23 | Computer Name = Shao-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4445c334  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x47e2d72b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02c5553e
ID
 des fehlerhaften Prozesses: 0xdc4  Startzeit der fehlerhaften Anwendung: 0x01cad384209759ae
Pfad
 der fehlerhaften Anwendung: d:\games\half life 2\steamapps\shao1501\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 452f96d9-3f7a-11df-a90a-00508db3a509
 
Error - 05.04.2010 08:05:56 | Computer Name = Shao-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 510    Startzeit: 01cad4b1d198977e    Endzeit: 375    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID:   
 
Error - 05.04.2010 11:00:28 | Computer Name = Shao-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.190.4, Zeitstempel:
 0x4b960e0a  Name des fehlerhaften Moduls: java.dll, Version: 6.0.190.4, Zeitstempel:
 0x4b963ed1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005875  ID des fehlerhaften Prozesses:
 0xf74  Startzeit der fehlerhaften Anwendung: 0x01cad4d0b8703958  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Java\jre6\bin\javaw.exe  Pfad des fehlerhaften 
Moduls: C:\Program Files (x86)\Java\jre6\bin\java.dll  Berichtskennung: f891e5b7-40c3-11df-933a-00508db3a509
 
Error - 07.04.2010 08:01:16 | Computer Name = Shao-PC | Source = Application Hang | ID = 1002
Description = Programm BFBC2Game.exe, Version 1.0.1.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: cac    Startzeit: 
01cad643348945f9    Endzeit: 737    Anwendungspfad: C:\Games\Battlefield - Bad Company 2\BFBC2Game.exe

Berichts-ID:
   
 
Error - 07.04.2010 16:45:29 | Computer Name = Shao-PC | Source = Application Hang | ID = 1002
Description = Programm ts3client_win64.exe, Version 1.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 17c    Startzeit: 01cad69311772957    Endzeit: 15    Anwendungspfad: 
C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe    Berichts-ID:   
 
Error - 13.04.2010 11:08:25 | Computer Name = Shao-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4445c334  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x47e2d72b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x02cd553e
ID
 des fehlerhaften Prozesses: 0xf04  Startzeit der fehlerhaften Anwendung: 0x01cadb16359fe82f
Pfad
 der fehlerhaften Anwendung: d:\games\half life 2\steamapps\shao1501\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 67f98b15-470e-11df-ab4e-00508db3a509
 
Error - 16.04.2010 16:47:44 | Computer Name = Shao-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.190.4, Zeitstempel:
 0x4b960e06  Name des fehlerhaften Moduls: java.dll, Version: 6.0.190.4, Zeitstempel:
 0x4b963ed1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005875  ID des fehlerhaften Prozesses:
 0xca8  Startzeit der fehlerhaften Anwendung: 0x01cadda60f7b9a9c  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Java\jre6\bin\java.dll  Berichtskennung: 4e6d4b27-4999-11df-b975-00508db3a509
 
Error - 16.04.2010 16:47:49 | Computer Name = Shao-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.190.4, Zeitstempel:
 0x4b960e06  Name des fehlerhaften Moduls: java.dll, Version: 6.0.190.4, Zeitstempel:
 0x4b963ed1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00005875  ID des fehlerhaften Prozesses:
 0xdf8  Startzeit der fehlerhaften Anwendung: 0x01cadda613589811  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Java\jre6\bin\java.dll  Berichtskennung: 5141574b-4999-11df-b975-00508db3a509
 
[ System Events ]
Error - 16.04.2010 12:05:34 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 12:05:34 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 12:05:35 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 12:57:46 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 12:57:46 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 12:57:48 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 18:00:19 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 18:00:19 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 18:00:21 | Computer Name = Shao-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\pfc.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 16.04.2010 18:01:30 | Computer Name = Shao-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >

Alt 17.04.2010, 17:02   #2
Sion
 
ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll - Standard

ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


Starte OTL.
Kopiere unten in das Skript-Feld rein:

Zitat:
:OTL
PRC - C:\Windows\Oxunod.exe ()
PRC - C:\Users\Shao\AppData\Local\Temp\Og8.exe ()
PRC - C:\Users\Public\winsvcn.exe ()
O4 - HKLM..\Run: [Windows System Guard] C:\Users\Public\winsvcn.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\winsvcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2008.08.29 08:12:19 | 000,000,048 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{67436c56-d0fd-11de-9f74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67436c56-d0fd-11de-9f74-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2008.08.29 08:12:17 | 001,407,832 | ---- | M] ()
[2010.04.17 00:00:45 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunod.exe
[2010.04.16 19:58:14 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunoc.exe
[2010.04.16 19:47:41 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunob.exe
[2010.04.16 17:43:16 | 000,164,352 | ---- | C] () -- C:\Windows\Oxunoa.exe
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winsvcn.exe" =-
"C:\Users\Public\winsvcn.exe" =-

:Commands
[emptytemp]
Klicke auf Run Fix.
Neustart zulassen, wenn gefragt.
Poste das Fix Log. Zu finden unter c:\_OTL

2. Hol dir Sophos Anti-Rootkit.
Hier ist die Anleitung dazu
__________________
Alt 19.04.2010, 15:31   #3
sHaoMao
 
ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll - Standard

ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Oxunod.exe was found!
No active process named Og8.exe was found!
No active process named winsvcn.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Guard deleted successfully.
C:\Users\Public\winsvcn.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Guard deleted successfully.
File C:\Users\Public\winsvcn.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67436c56-d0fd-11de-9f74-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67436c56-d0fd-11de-9f74-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67436c56-d0fd-11de-9f74-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67436c56-d0fd-11de-9f74-806e6f6e6963}\ not found.
File move failed. E:\Installer.exe scheduled to be moved on reboot.
C:\Windows\Oxunod.exe moved successfully.
C:\Windows\Oxunoc.exe moved successfully.
C:\Windows\Oxunob.exe moved successfully.
C:\Windows\Oxunoa.exe moved successfully.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Shao
->Temp folder emptied: 6443641 bytes
->Temporary Internet Files folder emptied: 48111697 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85663454 bytes
->Flash cache emptied: 3176 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6246 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 134,00 mb
 
 
OTL by OldTimer - Version 3.2.1.1 log created on 04192010_162812

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Installer.exe scheduled to be moved on reboot.
C:\Users\Shao\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
__________________
Alt 19.04.2010, 17:41   #4
sHaoMao
 
ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll - Standard

ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


Hier die Sophos Anti-Rootkit Log:

Code:
ATTFilter
Sophos Anti-Rootkit Version 1.5.0  (c) 2009 Sophos Plc
Started logging on 19.04.2010 at 18:18:01
User "Shao" on computer "SHAO-PC"
Windows version 6.1 SP 0.0  build 7600 SM=0x100 PT=0x1 WOW64
Info:	Starting registry scan.
Info:	Starting disk scan of C: (NTFS).
Hidden:	file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Hidden:	file C:\Windows\System32\drivers\sptd.sys
Info:	Starting disk scan of D: (NTFS).
Stopped logging on 19.04.2010 at 18:38:37

Alt 19.04.2010, 18:39   #5
Sion
 
ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll - Standard

ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


Zur Kontrolle:

1. Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
ftdisk.sys
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schließe alle anderen Programme.
Klicke auf Quick Scan.
Poste die beiden Logs - OTL.txt und Extras.txt

2. http://www.trojaner-board.de/51871-a...tispyware.html


Alt 19.04.2010, 20:09   #6
sHaoMao
 
ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll - Standard

ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


OTL.txt
Code:
ATTFilter
OTL logfile created on: 19.04.2010 20:57:30 - Run 3
OTL by OldTimer - Version 3.2.1.1     Folder = D:\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 83,00% Memory free
16,00 Gb Paging File | 15,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 155,76 Gb Free Space | 66,88% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 24,70 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
Drive E: | 7,71 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHAO-PC
Current User Name: Shao
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (unikorn) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (astcc) -- C:\Windows\SysWOW64\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB BF AF B2 34 83 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.14 22:07:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.16 20:49:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.14 22:07:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.16 20:49:55 | 000,000,000 | ---D | M]
 
[2009.11.14 12:08:04 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\mozilla\Extensions
[2009.11.14 12:08:04 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\mozilla\Firefox\Profiles\4tl3a6y9.default\extensions
[2010.04.18 19:00:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.11.03 04:14:39 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.11.03 04:14:39 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.11.03 04:14:39 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.11.03 04:14:39 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.11.03 04:14:39 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.21 14:18:18 | 000,000,841 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1				activate.adobe.com
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Steam] d:\games\half life 2\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.29 08:12:19 | 000,000,048 | -H-- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!
 
========== Files/Folders - Created Within 14 Days ==========
 
[2010.04.19 18:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010.04.16 20:56:40 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.04.16 20:56:40 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.04.16 20:56:40 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.04.16 20:52:16 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010.04.16 20:52:16 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010.04.16 20:52:14 | 000,230,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010.04.16 20:52:12 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\Shao\AppData\Roaming\PC Tools
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.04.16 20:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.04.16 20:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.04.14 22:08:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.04.14 22:08:37 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.04.14 22:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.04.14 22:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.04.14 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.14 22:06:40 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.14 22:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.04.08 12:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.04.08 12:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.04.07 16:26:07 | 000,000,000 | ---D | C] -- C:\Users\Shao\AppData\Local\Blizzard Entertainment
[2010.04.07 16:23:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Shao\AppData\Roaming\*.tmp files -> C:\Users\Shao\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 14 Days ==========
 
[2010.04.19 20:57:49 | 002,621,440 | -HS- | M] () -- C:\Users\Shao\NTUSER.DAT
[2010.04.19 20:55:07 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.04.19 18:07:22 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.19 18:07:22 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.19 18:07:22 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.19 18:07:22 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.19 18:07:22 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.19 18:05:02 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.19 18:05:02 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.19 18:04:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.19 16:30:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.19 16:29:53 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.19 16:28:59 | 003,096,174 | -H-- | M] () -- C:\Users\Shao\AppData\Local\IconCache.db
[2010.04.16 20:52:16 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.04.16 20:49:55 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.16 18:03:42 | 000,006,956 | ---- | M] () -- C:\cc_20100416_180334.reg
[2010.04.16 18:03:00 | 000,001,873 | ---- | M] () -- C:\Users\Shao\Desktop\CCleaner.lnk
[2010.04.14 22:08:49 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.07 14:46:41 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.04.07 14:46:41 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Shao\AppData\Roaming\*.tmp files -> C:\Users\Shao\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.16 20:56:40 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.04.16 20:56:40 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.04.16 20:56:40 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.04.16 20:56:40 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.04.16 20:56:40 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.04.16 20:52:16 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010.04.16 20:52:14 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010.04.16 20:52:13 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.04.16 20:52:12 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010.04.16 20:49:55 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.04.16 18:03:39 | 000,006,956 | ---- | C] () -- C:\cc_20100416_180334.reg
[2010.04.14 22:08:49 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.08 12:31:25 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.02.28 18:41:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.02.28 18:41:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.02.28 18:41:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2009.12.20 01:22:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.12.06 21:14:07 | 000,000,600 | ---- | C] () -- C:\Users\Shao\AppData\Roaming\winscp.rnd
[2009.12.01 23:05:56 | 000,006,656 | ---- | C] () -- C:\Users\Shao\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.14 11:44:14 | 000,000,020 | -HS- | C] () -- C:\Users\Shao\ntuser.ini
[2009.11.14 11:44:13 | 000,524,288 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.11.14 11:44:13 | 000,524,288 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.11.14 11:44:13 | 000,262,144 | -HS- | C] () -- C:\Users\Shao\ntuser.dat.LOG1
[2009.11.14 11:44:13 | 000,065,536 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.11.14 11:44:13 | 000,000,000 | -HS- | C] () -- C:\Users\Shao\ntuser.dat.LOG2
[2009.11.14 11:44:12 | 002,621,440 | -HS- | C] () -- C:\Users\Shao\NTUSER.DAT
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL
 
========== LOP Check ==========
 
[2009.11.30 15:30:58 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\ACD Systems
[2010.02.10 23:06:45 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\Bioshock2
[2009.12.15 20:48:11 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\Command and Conquer 4 Beta
[2009.11.16 19:09:33 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\DAEMON Tools Lite
[2009.11.14 22:03:52 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\DAEMON Tools Pro
[2010.04.16 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\ICQ
[2010.01.22 15:14:52 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\Leadertech
[2009.12.01 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\Mask Pro 4.0
[2010.03.11 20:27:12 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\Mumble
[2009.12.21 11:17:13 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\NationRed
[2009.12.01 23:41:13 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\onOne Software
[2010.03.12 14:12:32 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\pokerth
[2009.11.17 23:51:10 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\Teeworlds
[2010.03.02 15:06:34 | 000,000,000 | ---D | M] -- C:\Users\Shao\AppData\Roaming\TS3Client
[2010.01.29 18:02:24 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVRAID.SYS  >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav  >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
'ne Extras.txt hat er nicht erstellt...

Antwort

Themen zu ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll
64-bit, alternate, askbar, browser guard, c:\windows\system32\rundll32.exe, call of duty, components, fontcache, hdaudio.sys, install.exe, kompatibilität, langs, local\temp, location, malwarebytes' anti-malware, microsoft office word, oldtimer, otl logfile, otl.exe, plug-in, problem beim starten von c, problem beim starten von c:, programdata, saver, searchplugins, shell32.dll, shortcut, sptd.sys, studio, syswow64, trojan.downloader, usbaapl64, vlc media player, webcheck, windows system


« "gefährliches Backdoorprogramm BDS/Papras.HI" - krnlutou.dll | Google leitet auf falsche Seiten weiter - hier mein HiJackThis log »


Ähnliche Themen: ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll


  1. Fehlermeldung beim booten. RunDLL Problem beim starten von ... Das angegebene Modul wurde nicht gefunden.
    Plagegeister aller Art und deren Bekämpfung - 31.05.2016 (23)
  2. Fehlermeldung beim Starten von Win 8.1 - RunDll Problem bei Starten Falscher Parameter
    Alles rund um Windows - 04.10.2015 (13)
  3. runDLL - Problem beim starten von - Falscher Parameter
    Plagegeister aller Art und deren Bekämpfung - 10.08.2015 (6)
  4. Fehlermeldung RunDLL Problem beim Starten von
    Plagegeister aller Art und deren Bekämpfung - 11.04.2015 (20)
  5. RunDLL Problem beim Starten von C:\ Program Files (x86) \ Home Tab \ TBUpdater.dll Das angegebene Modul wurde nicht gefunden. (Windows 7)
    Log-Analyse und Auswertung - 30.01.2015 (7)
  6. RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (7)
  7. Fehlermeldung RunDll : Problem beim Starten C Program files (x86) HomeTab TB Updater.dll.
    Log-Analyse und Auswertung - 15.01.2014 (7)
  8. Fehlermeldung von RUNDLL: Problem beim Starten von ....TBHostSupport.dll
    Log-Analyse und Auswertung - 06.01.2014 (15)
  9. Fehlermeldung beim booten. RunDLL Problem beim starten von C:\ProgrammFiles\HomeTab\TBUpdater.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (21)
  10. Windows 8: RunDLL - Problem beim Starten von C:\Program Files (86x)\Home Tab\TBUpdater.dll
    Log-Analyse und Auswertung - 27.10.2013 (5)
  11. Windows 8 Pro RunDll Fehler beim Starten
    Alles rund um Windows - 18.08.2013 (1)
  12. Windows 8 Pro RunDll Fehler beim Starten
    Log-Analyse und Auswertung - 17.08.2013 (12)
  13. RunDLL Problem beim Starten von C:\Users\Username\AppData\tmikanp.dll
    Log-Analyse und Auswertung - 22.08.2012 (16)
  14. RunDLL Fehler / Problem beim starten von C:/Users/.../AppData..
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. Problem beim Staret von C:\Windows\system32\sshnas21.dll Das angegebene Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2010 (11)
  16. Beim Start erscheint: C:\Windows\system32\sshnas21.dll --> Modul fehlt
    Log-Analyse und Auswertung - 23.02.2010 (2)
  17. RunDLL Fehler beim Starten von Windows Vista
    Log-Analyse und Auswertung - 02.11.2009 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll - Hi, ich hab leider das gleiche Problem..( http://www.trojaner-board.de/84958-v...kt-worden.html ) bekam 'ne Nachricht per ICQ vom Kollegen, irgendwas mit "schau dir dieses Bild mal an :-D *URL*".. da wir das öfters - ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll...
Archiv
Du betrachtest: ICQ - RunDLL : Problem beim Starten von C:\Windows\system32\sshnas21.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131