sshnas21.dll Trojaner

DaarK · 14.11.2010, 00:47

Hej Leute. Ich glaube ich habe mir diesen Trojaner eingefangen, welcher die Symptome von willkürlichem Öffnen des IE und der Fehlermeldung "sshnas21.dll - modul konnte nciht gefunden werden" hat. Nun wollte ich Malware drüber laufen lassen, aber der PC stürzt davon immer ab, Antivir genauso. Schätze er stürzt ab, wenn er bei der Suche beim Trojaner angekommen ist.
Hat jemand von euch mit solchen Symptomen schon Erfahrungen?

Swisstreasure · 14.11.2010, 02:08

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

DaarK · 14.11.2010, 14:09

Hej. Super, vielen Dank für die schnelle Antwort. Habe OTL durchlaufen lassen, das sind meine Ergebnisse: Den Schritt 2 wollte ich soeben befolgen, aber ich bin bei dem punkt

"Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!"

hängen geblieben, denn das kann ich bei mir nicht auswählen.. Bei mir sieht das folgendermaßen aus: (als anhang beigefügt)

Wie sollte ich weiter verfahren?

Swisstreasure · 14.11.2010, 14:19

Bist Du als Administrator angemeldet? Du musst GMER als Administrator ausführen.

DaarK · 14.11.2010, 14:42

Ich bin als Admin angemeldet und führe es auch als Admin aus. Aber ich kann trotzdem keine Haken setzen.

Swisstreasure · 14.11.2010, 15:30

Dann poste einmal do OTL Logs.

DaarK · 14.11.2010, 15:52

Alles klar, soweit hab ichs ja geschafft

OTL.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.11.2010 13:19:56 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Lernen angesagt!!!\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 6,55 Gb Free Space | 5,59% Space Free | Partition Type: NTFS
Drive D: | 348,57 Gb Total Space | 67,16 Gb Free Space | 19,27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 7,40 Gb Total Space | 4,91 Gb Free Space | 66,33% Space Free | Partition Type: FAT32
 
Computer Name: DARIO-PC | User Name: Lernen angesagt!!! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.11.10 15:25:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lernen angesagt!!!\Desktop\OTL.exe
PRC - [2010.11.10 15:15:33 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.10 15:15:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.10 15:15:32 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2010.03.18 10:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.08 21:30:47 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.03.08 21:30:39 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.02.03 08:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.01.12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2008.09.29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.10 15:25:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lernen angesagt!!!\Desktop\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrB.exe -- (PnkBstrB)
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.09.29 02:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.29 12:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.03.02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2005.09.23 02:26:42 | 004,476,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon80)
SRV - [2010.11.10 15:15:33 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.10 15:15:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.06 02:59:38 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.08 21:30:47 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.03.08 21:30:39 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.29 05:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\UltraStar Deluxe\zlportio.sys -- (zlportio)
DRV:64bit: - [2010.11.10 15:15:33 | 000,081,584 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.10.08 14:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.09.29 03:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 02:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.06 02:46:36 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.26 13:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 13:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 13:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 13:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.26 13:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.02.26 13:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010.01.10 16:30:08 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009.08.28 09:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.29 12:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.21 19:24:44 | 000,025,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2009.05.09 02:14:24 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)
DRV:64bit: - [2009.01.06 01:02:00 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2008.12.26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008.11.26 14:02:18 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2535596843-642051105-2169759579-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2535596843-642051105-2169759579-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2535596843-642051105-2169759579-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C E7 0A 2D 1F 6B CB 01  [binary data]
IE - HKU\S-1-5-21-2535596843-642051105-2169759579-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://cruzzzer.pochta.ru/proxy.pac"
FF - prefs.js..network.proxy.http: "192.41.135.218"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.04.04 10:23:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.06.07 11:03:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.01.14 22:34:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.12 19:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.06.07 11:03:52 | 000,000,000 | ---D | M]
 
[2010.07.26 22:55:09 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\mozilla\Extensions
[2010.10.31 13:59:06 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\mozilla\Firefox\Profiles\bv435zhu.default\extensions
[2010.10.31 13:59:01 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\mozilla\Firefox\Profiles\bv435zhu.default\extensions\foxyproxy@eric.h.jung
 
O1 HOSTS File: ([2010.11.09 00:12:48 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files (x86)\Save Flash\SaveFlash.dll (PilotGroup LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2535596843-642051105-2169759579-1007..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2535596843-642051105-2169759579-1007..\Run: [KOO9RV9K4Z] C:\Users\LERNEN~1\AppData\Local\Temp\Epr.exe File not found
O4 - HKU\S-1-5-21-2535596843-642051105-2169759579-1007..\Run: [Metropolis] C:\Users\LERNEN~1\AppData\Local\Temp\sshnas21.DLL File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Lernen angesagt!!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lernen angesagt!!!\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\PrxerNsp.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysNative\PrxerDrv.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.149.64.2
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{90b990f0-fe07-11de-a937-0026b9149cf8}\Shell - "" = AutoRun
O33 - MountPoints2\{90b990f0-fe07-11de-a937-0026b9149cf8}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{90b990f0-fe07-11de-a937-0026b9149cf8}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{90b990f0-fe07-11de-a937-0026b9149cf8}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - ac3filter.acm File not found
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\SysWow64\ffdshow.ax ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.14 12:05:09 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\Neuer Ordner
[2010.11.10 15:25:52 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Lernen angesagt!!!\Desktop\OTL.exe
[2010.11.10 15:24:41 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Malwarebytes
[2010.11.10 15:24:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.10 15:24:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.10 15:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.10 15:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.09 00:35:12 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\Crack
[2010.11.08 23:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.11.08 23:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010.11.08 23:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.11.08 16:49:33 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\birds-flying-images
[2010.11.07 17:31:14 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\Michael Rüttger
[2010.11.07 02:59:32 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Avira
[2010.11.07 02:58:57 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.11.07 02:58:57 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.11.07 02:58:57 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.11.06 00:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.11.06 00:12:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2010.11.06 00:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.11.04 19:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.11.04 19:17:15 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.11.03 19:31:19 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\Housing_intsek.fp5_files
[2010.11.02 00:50:42 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\DB BAHN - Ihr Online-Ticket_files
[2010.10.31 14:44:01 | 000,073,728 | ---- | C] (Initex Software) -- C:\Windows\SysWow64\PrxerDrv.dll
[2010.10.31 14:44:01 | 000,061,440 | ---- | C] (Initex Software) -- C:\Windows\SysWow64\PrxerNsp.dll
[2010.10.31 14:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier
[2010.10.31 14:28:51 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\AppData\Local\Zattoo
[2010.10.31 14:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2010.10.27 21:25:38 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\LSG
[2010.10.25 16:08:41 | 000,396,072 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2010.10.25 16:08:41 | 000,261,928 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2010.10.25 16:08:41 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2010.10.25 16:08:41 | 000,205,608 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2010.10.25 16:08:41 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2010.10.25 16:08:41 | 000,147,752 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo4.dll
[2010.10.25 16:08:41 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2010.10.25 16:08:40 | 000,292,400 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2010.10.25 16:06:10 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\AppData\Local\Apps
[2010.10.25 16:06:09 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\AppData\Local\Deployment
[2010.10.20 15:24:22 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Desktop\Bilder
[2010.10.20 15:04:47 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\.VirtualBox
[2010.10.20 15:03:47 | 000,000,000 | ---D | C] -- C:\Programme\VirtualBox
[2010.10.20 15:00:12 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\xm1
[2010.10.19 14:04:03 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Documents\Zeeman
[2010.10.19 13:59:11 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\Documents\LEdProjects
[2010.10.19 13:43:55 | 000,000,000 | ---D | C] -- C:\Programme\LEd
[2010.10.19 13:23:26 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\AppData\Local\LEd
[2010.10.15 18:13:35 | 000,000,000 | ---D | C] -- C:\Users\Lernen angesagt!!!\.yass
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.14 13:14:08 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2535596843-642051105-2169759579-1007UA.job
[2010.11.14 13:14:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.14 13:14:08 | 000,000,318 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.14 13:14:05 | 000,000,318 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.14 13:14:01 | 000,000,318 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.11.14 13:13:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.14 11:42:11 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 11:42:11 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.14 11:35:17 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.14 11:34:43 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.13 19:06:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2535596843-642051105-2169759579-1007Core.job
[2010.11.13 02:45:12 | 269,599,782 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\panorama.psd
[2010.11.13 02:11:54 | 000,099,214 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\Untitled_Panorama1.jpg
[2010.11.10 15:25:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Lernen angesagt!!!\Desktop\OTL.exe
[2010.11.10 15:24:36 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.10 15:15:33 | 000,081,584 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.10 00:55:32 | 000,527,954 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\tuch.psd
[2010.11.10 00:49:23 | 000,297,631 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\fahne.psd
[2010.11.10 00:25:49 | 013,029,254 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\al.psd
[2010.11.09 19:04:49 | 000,118,326 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\mirrors1.jpg
[2010.11.09 16:48:46 | 000,550,478 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\blood.psd
[2010.11.09 14:41:02 | 005,025,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.08 17:31:01 | 001,272,846 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset-birds.jpg
[2010.11.08 16:36:11 | 001,294,585 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset-sw.jpg
[2010.11.08 16:35:52 | 001,258,404 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset.jpg
[2010.11.08 16:35:42 | 152,090,765 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset.psd
[2010.11.08 16:27:28 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.08 16:27:28 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.08 16:27:28 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.08 16:27:28 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.08 16:27:28 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.03 19:31:19 | 000,007,985 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\Housing_intsek.fp5.htm
[2010.11.02 16:27:48 | 000,002,968 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled10_MAS.bak
[2010.11.02 16:27:45 | 000,002,968 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled9_MAS.bak
[2010.11.02 16:22:50 | 000,003,296 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled8_MAS.bak
[2010.11.02 16:22:44 | 000,002,808 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled7_MAS.bak
[2010.11.02 16:22:30 | 000,006,088 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled6_MAS.bak
[2010.11.02 16:20:39 | 000,003,272 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled5_MAS.bak
[2010.11.02 16:19:53 | 000,003,520 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled4_MAS.bak
[2010.11.02 16:19:50 | 000,006,088 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled3_MAS.bak
[2010.11.02 16:14:23 | 000,002,952 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled2_MAS.bak
[2010.11.02 16:08:59 | 000,005,648 | ---- | M] () -- C:\Users\Lernen angesagt!!!\untitled1_MAS.bak
[2010.11.02 00:50:42 | 000,032,161 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\DB BAHN - Ihr Online-Ticket.htm
[2010.11.02 00:49:24 | 000,467,356 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\Zugticket.pdf
[2010.11.01 17:12:14 | 001,007,097 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\DSCN6521.JPG
[2010.10.31 19:59:30 | 000,393,301 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\gammalab_report_final.pdf
[2010.10.31 17:23:18 | 000,000,112 | ---- | M] () -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Current.prx
[2010.10.31 14:29:00 | 000,017,408 | ---- | M] () -- C:\Users\Lernen angesagt!!!\AppData\Local\WebpageIcons.db
[2010.10.27 13:46:27 | 000,104,090 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\Repetionsfragor.pdf
[2010.10.20 00:01:57 | 000,000,214 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Documents\TXCUserDictionary.dic
[2010.10.18 20:44:06 | 000,001,481 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Desktop\My Dropbox - Verknüpfung.lnk
[2010.10.17 17:12:00 | 000,224,097 | ---- | M] () -- C:\Users\Lernen angesagt!!!\Documents\Zeichnung1.jpg
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.13 02:44:50 | 269,599,782 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\panorama.psd
[2010.11.13 02:11:47 | 000,099,214 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\Untitled_Panorama1.jpg
[2010.11.10 15:24:36 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.10 00:49:21 | 000,297,631 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\fahne.psd
[2010.11.10 00:20:02 | 000,527,954 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\tuch.psd
[2010.11.10 00:15:52 | 013,029,254 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\al.psd
[2010.11.09 19:04:49 | 000,118,326 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\mirrors1.jpg
[2010.11.09 16:04:25 | 000,550,478 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\blood.psd
[2010.11.08 17:30:53 | 001,272,846 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset-birds.jpg
[2010.11.08 16:49:26 | 000,602,350 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\SS-birds-flying.abr
[2010.11.08 16:36:07 | 001,294,585 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset-sw.jpg
[2010.11.08 16:35:46 | 001,258,404 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset.jpg
[2010.11.08 16:35:39 | 152,090,765 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\sunset.psd
[2010.11.03 19:31:19 | 000,007,985 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\Housing_intsek.fp5.htm
[2010.11.02 00:50:41 | 000,032,161 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\DB BAHN - Ihr Online-Ticket.htm
[2010.11.02 00:49:24 | 000,467,356 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\Zugticket.pdf
[2010.11.01 17:19:07 | 000,393,301 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\gammalab_report_final.pdf
[2010.11.01 17:12:05 | 001,007,097 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\DSCN6521.JPG
[2010.10.31 14:44:04 | 000,000,112 | ---- | C] () -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Current.prx
[2010.10.31 14:28:51 | 000,017,408 | ---- | C] () -- C:\Users\Lernen angesagt!!!\AppData\Local\WebpageIcons.db
[2010.10.27 13:46:27 | 000,104,090 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Desktop\Repetionsfragor.pdf
[2010.10.17 23:25:14 | 000,000,214 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Documents\TXCUserDictionary.dic
[2010.10.17 17:11:57 | 000,224,097 | ---- | C] () -- C:\Users\Lernen angesagt!!!\Documents\Zeichnung1.jpg
[2010.10.11 18:57:35 | 000,000,337 | ---- | C] () -- C:\Users\Lernen angesagt!!!\AppData\Local\Perfmon.PerfmonCfg
[2010.08.28 19:36:11 | 000,005,105 | ---- | C] () -- C:\ProgramData\oafcpcef.qqj
[2010.07.12 22:39:22 | 000,000,135 | ---- | C] () -- C:\Users\Lernen angesagt!!!\AppData\Roaming\gnuplot_history
[2010.07.06 09:22:27 | 000,006,144 | ---- | C] () -- C:\Users\Lernen angesagt!!!\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.24 11:19:22 | 000,000,214 | ---- | C] () -- C:\Windows\BUHL.INI
[2010.04.14 20:48:03 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.15 19:05:28 | 000,212,992 | ---- | C] () -- C:\Windows\SysWow64\WMIMPLEX.dll
[2010.02.15 19:05:28 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\maplec.dll
[2010.02.15 19:05:28 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\maplecompat.dll
[2010.01.30 14:31:28 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.01.30 14:24:33 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4000DEFGIPS.ini
[2010.01.10 13:05:45 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.19 16:35:04 | 000,126,976 | ---- | C] () -- C:\Windows\gdf.dll
[2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2010.07.05 22:20:33 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\AnvSoft
[2010.08.12 00:44:46 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\ApexDC++
[2010.06.14 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Audacity
[2010.01.21 20:28:07 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Avnex
[2010.08.10 13:27:36 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\BitTorrent
[2010.01.10 17:51:42 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\DAEMON Tools Lite
[2010.01.21 18:02:32 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\DeskSoft
[2010.04.14 20:09:49 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Dev-Cpp
[2010.01.30 14:43:54 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\EPSON
[2010.06.27 23:19:09 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Facebook
[2010.07.12 19:47:47 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\FileZilla
[2010.06.15 20:48:10 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\FreeFLVConverter
[2010.04.09 13:38:47 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\GARMIN
[2010.07.15 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\gedit
[2010.07.15 12:27:32 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\gtk-2.0
[2010.03.15 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Leadertech
[2010.01.11 11:29:56 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Miranda
[2010.08.21 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Nokia
[2010.08.21 18:40:29 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Nokia Ovi Suite
[2010.04.03 14:20:10 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\PC Suite
[2010.06.15 20:07:48 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Publish Providers
[2010.01.09 21:10:12 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Seiz System Engineering
[2010.02.01 00:58:54 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\SnapTeam
[2010.06.15 10:57:38 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\Sony
[2010.01.30 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\TeamViewer
[2010.01.14 22:38:33 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\tmp
[2010.04.20 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\TrueCrypt
[2010.01.09 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\WirelessManager
[2010.05.02 16:43:55 | 000,000,000 | ---D | M] -- C:\Users\Dario\AppData\Roaming\XnView
[2010.07.08 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\ApexDC++
[2010.11.14 05:13:08 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\BitTorrent
[2010.07.12 20:34:34 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\DAEMON Tools Lite
[2010.11.14 11:35:28 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Dropbox
[2010.10.04 17:28:37 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\FileZilla
[2010.07.21 11:21:13 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\gedit
[2010.10.12 21:50:06 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\LyX16
[2010.08.24 14:39:22 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Miranda
[2010.08.28 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\MOVAVI
[2010.08.23 23:50:08 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Nokia
[2010.08.23 23:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\PC Suite
[2010.10.14 00:08:52 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\QuickScan
[2010.11.13 22:40:42 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\Spotify
[2010.10.20 15:00:12 | 000,000,000 | ---D | M] -- C:\Users\Lernen angesagt!!!\AppData\Roaming\xm1
[2010.09.21 20:55:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.14 13:14:08 | 000,000,318 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.14 13:14:05 | 000,000,318 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.14 13:14:01 | 000,000,318 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.01.09 20:02:49 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.09.04 19:59:12 | 000,000,045 | ---- | M] () -- C:\error.log
[2010.11.14 11:34:43 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.22 13:51:53 | 000,000,031 | ---- | M] () -- C:\installer_debug.txt
[2010.06.24 10:47:21 | 000,000,400 | ---- | M] () -- C:\InstallHelper.log
[2010.04.05 17:21:18 | 000,182,936 | ---- | M] () -- C:\P1005.log
[2010.01.14 22:34:22 | 000,000,174 | ---- | M] () -- C:\Setup.log
[2010.01.10 15:30:54 | 000,000,044 | ---- | M] () -- C:\unconfirm.ini
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 21:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:66B13F37
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6152D44C
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86

< End of report >

Extra.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.11.2010 13:19:56 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Lernen angesagt!!!\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 71,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,19 Gb Total Space | 6,55 Gb Free Space | 5,59% Space Free | Partition Type: NTFS
Drive D: | 348,57 Gb Total Space | 67,16 Gb Free Space | 19,27% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive G: | 7,40 Gb Total Space | 4,91 Gb Free Space | 66,33% Space Free | Partition Type: FAT32
 
Computer Name: DARIO-PC | User Name: Lernen angesagt!!! | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2535596843-642051105-2169759579-1007\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Lernen angesagt!!!\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [yass] -- "C:\Program Files\Yass 0.9.6\yass.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [yass] -- "C:\Program Files\Yass 0.9.6\yass.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0A736376-5483-A955-2D85-774122C9DAD7}" = ATI Catalyst Install Manager
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23EA8626-1A8A-453A-ACC4-77CED745849A}" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7153392-1D61-B3A5-D054-987CF1A5CFEA}" = ccc-utility64
"{C74A84EC-7C5F-4C36-A4A6-381E516D643B}" = Microsoft IntelliPoint 7.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{EAFC065C-0576-4DE9-8FDB-4D943367506E}" = Oracle VM VirtualBox 3.2.10
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6F7EFFE-7E09-F490-DBA1-1F720433FC62}" = WMV9/VC-1 Video Playback
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Creative OA008" = Integrated Webcam Driver (1.02.02.0106)  
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 2.0 SDK (x64) - ENU" = Microsoft .NET Framework 2.0 SDK (x64) - ENU
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1272D148-4A53-C14D-A6C2-1CF277177356}" = CCC Help English
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17BECEAF-FC27-5800-12CC-7CEFE59D8B70}" = Catalyst Control Center Graphics Previews Vista
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C357D84-EA58-4B34-B445-29FD77FAB834}" = D-Link DWL-700AP Air Manager
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{4ECA710C-B818-4751-A3B8-42C2D93922A8}" = Nokia Software Updater
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59D1195A-7E64-4120-BB37-F053D9FD45FB}" = ODF Add-In für Microsoft Office
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B937101-FD85-4CA9-9176-ADA6492314AF}" = ArcSoft WebCam Companion 3
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{835A6F5F-BC13-48DF-BEBE-8D80B419D145}" = Cisco AnyConnect VPN Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{ACE65EB6-8955-4CC1-83FA-574B08A24422}" = NetSkat
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B12DEF61-EC9F-3901-AC33-6EFC95E8F16C}" = ccc-core-static
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BE898830-D652-3A4F-19D8-D2CE2EAD8F3D}" = Catalyst Control Center InstallProxy
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D22F5242-773E-4270-AB1F-492021BCABBE}" = Garmin City Navigator Europe NT 2010.31 Update
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{df60597e-8262-40c2-a8f5-a616992eefdc}" = Nero 9
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E98350A5-4518-2004-2393-55F389856B29}" = Catalyst Control Center Localization All
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Any Video Converter_is1" = Any Video Converter 3.0.6
"AP Tuner 3.08" = AP Tuner 3.08
"ApexDC++" = ApexDC++ 1.3.5 (64bit)
"Aspell" = Aspell Data
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Deluxe Ski Jump 3_is1" = Deluxe Ski Jump 3 v1.7.0
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"ESDX4000_4050_CX3900" = ESDX4000_4050_CX3900
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free CD to MP3 Converter" = Free CD to MP3 Converter
"Free FLV Converter_is1" = Free FLV Converter V 6.8.0
"gedit_is1" = gedit 2.30.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{1F295031-E793-4308-A384-5553977DFD13}" = AVerMedia HC82 Express-Card Hybrid Analog
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4C357D84-EA58-4B34-B445-29FD77FAB834}" = D-Link DWL-700AP Air Manager
"IrfanView" = IrfanView (remove only)
"LastFM_is1" = Last.fm 1.5.4.24567
"LyX" = LyX 1.6.7-4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 12" = Maple 12
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"MiKTeX 2.8" = MiKTeX 2.8
"Miranda IM" = Miranda IM 0.8.13
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"Picasa 3" = Picasa 3
"Proxifier_is1" = Proxifier version 2.91
"PunkBusterSvc" = PunkBuster Services
"Save Flash" = Save Flash 4.3
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"Series 60 Theme Studio" = Series 60 Theme Studio
"Spotify" = Spotify
"StarCraft II" = StarCraft II
"TeamViewer 5" = TeamViewer 5
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"TrueCrypt" = TrueCrypt
"UltraStar Deluxe" = UltraStar Deluxe
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WinDjView" = WinDjView 1.0.3
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.2
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.97-8
"Yass 0.9.6" = Yass 0.9.6
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2535596843-642051105-2169759579-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Alpha Decay" = Alpha Decay
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

--------------------------------------------------------------------------

DaarK · 14.11.2010, 17:24

In der ersten Datei stehts ja sogar:

O4 - HKU\S-1-5-21-2535596843-642051105-2169759579-1007..\Run: [Metropolis] C:\Users\LERNEN~1\AppData\Local\Temp\sshnas21.DLL File not found

Swisstreasure · 14.11.2010, 20:38

Was ist das?

Zitat:

O1 - Hosts: 127.0.0.1 activate.adobe.com

Wo hast Du das gekauft?

Zitat:

Adobe Photoshop CS5

Ganz einfach. Du hast Adobe Photoshop auf illegale Art registriert und auch aktiviert. Dabei hast Du Dir nebenbei noch andere unerwünschte Sachen an Board gezogen.

DaarK · 14.11.2010, 21:08

Um die nervigen automatischen Updates zu deaktivieren.
Aber warum kann ich denn bei GMER die haken nicht setzen?

Swisstreasure · 14.11.2010, 23:04

Ich denke eher an eine illegale Version von Photoshop....

DaarK · 15.11.2010, 13:37

Naja, dann schließe ich das Thema wieder, wenn keiner das kennt, dass man bei GMER nicht alles auswählen kann

Swisstreasure · 15.11.2010, 19:24

Zitat:

Zitat von DaarK

Naja, dann schließe ich das Thema wieder, wenn keiner das kennt, dass man bei GMER nicht alles auswählen kann

Du weisst genau um was es geht. Illegale Software = Kein Support hier.

14.11.2010, 14:19	#4
Swisstreasure /// Malwareteam	sshnas21.dll Trojaner Bist Du als Administrator angemeldet? Du musst GMER als Administrator ausführen.

14.11.2010, 15:30	#6
Swisstreasure /// Malwareteam	sshnas21.dll Trojaner Dann poste einmal do OTL Logs.

14.11.2010, 23:04	#11
Swisstreasure /// Malwareteam	sshnas21.dll Trojaner Ich denke eher an eine illegale Version von Photoshop....

sshnas21.dll Trojaner

Plagegeister aller Art und deren Bekämpfung: sshnas21.dll Trojaner