Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Antimalware Doctor noch immer auf meinem PC

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.08.2010, 12:54   #1
SirSpeedy
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Hallo,
Ich habe mir gestern auf irgend so einer Seite den Virus "Antimalware Doctor" gefangen.
Ich bin bereits den Anweisungen zur Entfernung dieses Programms gefolgt (Malwarebytes Scan, CCleaner), jedoch bekomme ich immer noch Meldungen und das Programm zwingt mich zum Scannen auf.
Ich habe hier die Logs von Malwarebytes' Anti-Malware und von HiJackThis. Ich hoffe, Ihr könnt damit etwas anfangen.
Danke

Logfile von Malwarebytes
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4450

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

20/08/2010 02:31:19
mbam-log-2010-08-20 (02-31-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 354390
Laufzeit: 1 Stunde(n), 28 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 8
Infizierte Dateien: 37

Infizierte Speicherprozesse:
C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Program Files\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\GabPath (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultDns Service (Adware.ResultDns) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gabpath (Adware.GabPath) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (hxxp://www.tangosearch.com/?useie5=1&q=) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://home.tangotoolbar.com/) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome (Adware.ResultDns) -> Delete on reboot.
C:\Program Files\ResultDns (Adware.ResultDns) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\ProgramData\ResultDns (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997} (Adware.ResultDns) -> Delete on reboot.

Infizierte Dateien:
C:\Windows\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\GabPath\GPUninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hwkip.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPPM84SB\mqupjickr[2].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\mqupjickr[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\wtpvaae.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\lwkip.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\GabPath\gabpath.exe (Adware.GabPath) -> Quarantined and deleted successfully.
C:\Windows\System32\aa78.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\install.rdf (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\resultdns.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome.manifest (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\uninstall.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\chrome\resultdns.jar (Adware.ResultDns) -> Delete on reboot.
C:\ProgramData\ResultDns\resultdns112.exe (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{1A615EA8-4C56-49EE-BE83-F9A264B79997}\defaults\preferences\prefs.js (Adware.ResultDns) -> Quarantined and deleted successfully.
C:\Program Files\ResultDns\resultdns.dll (Adware.ResultDns) -> Delete on reboot.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\newsecureapp70700[2].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\E487.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\E689.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\ywkip.exe (Trojan.Adware) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\unqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Windows\jnipmo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\nezgb[2].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\lqrog.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPPM84SB\qhysq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\qhysq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36UJK292\nezgb[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\xcmosnerwa.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\mkcxhunr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\byinmycbf\qaifplqshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XPPM84SB\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DADBLAH3\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
         
Logfile von HijackThis
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-08-20 12:29:45
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 6 GB (10%) free of 53 GB
Total RAM: 2045 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:59, on 20/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\***\Downloads\RSIT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [esnmocaxwr.exe] "C:\Users\***\AppData\Local\Temp\esnmocaxwr.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Antimalware Doctor.lnk = C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\newsecureapp70700.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 10643 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job
C:\Windows\tasks\User_Feed_Synchronization-{E5145A7A-AF08-4E7E-AAB9-74C047D56293}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2006-11-16 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2006-11-16 151552]
{AD6E6555-FB2C-47D4-8339-3E2965509877} - TerraTec Home Cinema - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL [2008-11-04 526336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-09 3784704]
"Acer Tour"= []
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-11-17 453120]
"eRecoveryService"= []
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-10-31 304664]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2007-12-31 86960]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2006-11-23 7757824]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2006-11-23 81920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"esnmocaxwr.exe"=C:\Users\***\AppData\Local\Temp\esnmocaxwr.exe [2010-08-20 42496]
" Malwarebytes Anti-Malware  (reboot)"=D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WhatPulse"=C:\Program Files\WhatPulse\WhatPulse.exe [2009-04-08 2814976]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe [2006-11-20 754712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
C:\Program Files\avmwlanstick\wlangui.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-12-31 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2007-12-31 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
C:\Program Files\Launch Manager\LaunchAp.exe [2005-07-25 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files\Launch Manager\HotkeyApp.exe [2006-12-22 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
C:\Program Files\Launch Manager\OSDCtrl.exe [2006-08-29 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-11-28 244512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect.EXE]
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE [2007-12-31 3072000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2006-11-23 90191]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
c:\Program Files\Norton Internet Security\osCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
C:\Program Files\Launch Manager\PowerKey.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe [2008-11-04 1105920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraTec Remote Control]
C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe [2008-11-04 1105920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
C:\Program Files\Launch Manager\Wbutton.exe [2006-11-09 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
C:\Program Files\Last.fm\LastFMHelper.exe  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
C:\PROGRA~1\OPENOF~1.1\program\QUICKS~1.EXE  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\PROGRA~1\OPENOF~1.3\program\QUICKS~1.EXE [2007-08-17 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Antimalware Doctor.lnk - C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\newsecureapp70700.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=1
"AllowUnhashedWebView"=1
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-20 12:29:45 ----D---- C:\rsit
2010-08-20 12:29:45 ----D---- C:\Program Files\trend micro
2010-08-20 12:21:18 ----A---- C:\Windows\system32\drivers\xvqa.sys
2010-08-20 02:35:20 ----D---- C:\Users\***\AppData\Roaming\933452C29F284D9020EB484626E20D3A
2010-08-20 00:58:27 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-08-20 00:58:18 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-20 00:58:17 ----D---- C:\ProgramData\Malwarebytes
2010-08-20 00:58:17 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-20 00:38:05 ----D---- C:\Users\***\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7
2010-08-18 13:35:23 ----D---- C:\Program Files\OWON
2010-08-18 13:33:53 ----D---- C:\Windows\system32\OWONInstruments
2010-08-13 15:26:09 ----A---- C:\Windows\system32\iertutil.dll
2010-08-13 15:26:08 ----A---- C:\Windows\system32\mshtml.dll
2010-08-13 15:26:07 ----A---- C:\Windows\system32\ieframe.dll
2010-08-13 15:26:05 ----A---- C:\Windows\system32\urlmon.dll
2010-08-13 15:26:05 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-13 15:26:05 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-13 15:26:04 ----A---- C:\Windows\system32\wininet.dll
2010-08-13 15:26:04 ----A---- C:\Windows\system32\occache.dll
2010-08-13 15:26:04 ----A---- C:\Windows\system32\mstime.dll
2010-08-13 15:26:04 ----A---- C:\Windows\system32\ieui.dll
2010-08-13 15:26:04 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-13 15:26:04 ----A---- C:\Windows\system32\iepeers.dll
2010-08-13 15:26:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-13 15:26:03 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-13 15:26:03 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-13 15:26:03 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-13 15:26:03 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-13 15:26:03 ----A---- C:\Windows\system32\iesetup.dll
2010-08-13 15:26:03 ----A---- C:\Windows\system32\iernonce.dll
2010-08-13 15:25:59 ----A---- C:\Windows\system32\iccvid.dll
2010-08-13 15:25:55 ----A---- C:\Windows\system32\schannel.dll
2010-08-13 15:25:46 ----A---- C:\Windows\system32\win32k.sys
2010-08-13 15:25:41 ----A---- C:\Windows\system32\rtutils.dll
2010-08-13 15:25:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-13 15:25:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-13 15:25:17 ----A---- C:\Windows\system32\msxml3.dll
2010-08-13 15:25:15 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-13 15:25:14 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-13 15:25:13 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-03 15:20:57 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-20 12:29:55 ----D---- C:\Windows\Temp
2010-08-20 12:29:45 ----RD---- C:\Program Files
2010-08-20 12:23:45 ----D---- C:\Windows\Minidump
2010-08-20 12:23:45 ----D---- C:\Windows\Debug
2010-08-20 12:23:45 ----AD---- C:\Windows
2010-08-20 12:21:18 ----D---- C:\Windows\system
2010-08-20 12:21:18 ----AD---- C:\Windows\system32\drivers
2010-08-20 11:59:39 ----AD---- C:\Windows\System32
2010-08-20 11:59:39 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-20 11:57:24 ----D---- C:\Windows\Tasks
2010-08-20 02:31:18 ----HD---- C:\ProgramData
2010-08-20 02:14:29 ----SHD---- C:\System Volume Information
2010-08-20 00:38:05 ----D---- C:\Windows\Prefetch
2010-08-18 13:44:43 ----D---- C:\Windows\WindowsMobile
2010-08-18 13:35:43 ----SHD---- C:\Windows\Installer
2010-08-18 13:35:40 ----D---- C:\Windows\inf
2010-08-18 13:35:13 ----D---- C:\Windows\system32\catroot2
2010-08-17 13:59:38 ----D---- C:\Program Files\Mozilla Firefox
2010-08-15 15:29:27 ----D---- C:\Windows\Microsoft.NET
2010-08-15 15:28:44 ----RSD---- C:\Windows\assembly
2010-08-15 14:13:10 ----D---- C:\Windows\winsxs
2010-08-15 13:57:48 ----D---- C:\Windows\system32\migration
2010-08-15 13:57:48 ----D---- C:\Program Files\Movie Maker
2010-08-15 13:57:48 ----D---- C:\Program Files\Internet Explorer
2010-08-15 13:52:21 ----D---- C:\ProgramData\Microsoft Help
2010-08-15 13:51:57 ----D---- C:\Windows\system32\catroot
2010-08-15 13:51:17 ----D---- C:\Program Files\Windows Mail
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-21 17:46:50 ----D---- C:\Users\***\AppData\Roaming\vlc
2010-07-21 17:17:51 ----D---- C:\Program Files\VideoLAN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2007-01-02 20264]
R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 7936]
R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 53760]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-05-24 717296]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2006-08-29 13952]
R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-10-05 1161152]
R3 CLEDX;Team H2O CLEDX service; C:\Windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-09 1647976]
R3 LgBttPort;LGE Bluetooth TransPort; C:\Windows\system32\DRIVERS\lgbtport.sys [2009-06-11 12032]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\Windows\system32\DRIVERS\lgbtbus.sys [2009-06-11 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\Windows\system32\DRIVERS\lgvmodem.sys [2009-06-11 12928]
R3 lv321av;Logitech USB PC Camera (VC0321); C:\Windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]
R3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2006-11-28 1962784]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-12-05 6144]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-11-23 4455264]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2006-07-06 168448]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2006-06-06 11136]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2006-06-06 46208]
S0 gjmk;gjmk; C:\Windows\System32\drivers\xvqa.sys [2010-08-20 54016]
S1 mailKmd;mailKmd; C:\Windows\system32\drivers\mailKmd.sys []
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
S3 avmeject;AVM Eject; C:\Windows\system32\drivers\avmeject.sys [2007-01-26 4352]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-19 10752]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FlashUSB;FlashUSB; C:\Windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
S3 FWLANUSB;AVM FRITZ!WLAN; C:\Windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
S3 fwlanusbn;FRITZ!WLAN N; C:\Windows\system32\DRIVERS\fwlanusbn.sys [2007-12-19 401920]
S3 GTF32BUS;GT F32 BUS; C:\Windows\system32\DRIVERS\gtf32bus.sys [2006-09-01 32640]
S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2006-11-16 8064]
S3 GTSCSER;GT SC SER; C:\Windows\system32\DRIVERS\gtscser.sys [2006-11-16 19328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-07-11 101376]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 mod7700;Cinergy DT USB XS Diversity Capture Service; C:\Windows\system32\DRIVERS\mod7700.sys [2007-12-20 554240]
S3 MODRC;Cinergy DT USB XS Diversity IR Service; C:\Windows\system32\DRIVERS\modrc.sys [2007-07-11 13824]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 o1394bul;o1394bul; \??\C:\Users\***\AppData\Local\Temp\o1394bul.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-10-03 99840]
S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable; C:\Windows\System32\Drivers\SilvrLnk.sys [2004-01-28 21456]
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 tt;owonhdsusb.sys, Owon Hds1000 usb Driver; C:\Windows\System32\Drivers\owonhdsusb.sys [2006-04-21 59168]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-04-11 15872]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2009-08-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2009-08-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2009-08-21 24960]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-04-11 31616]
S3 WisINT15;WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS []
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2006-06-06 21632]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2006-06-06 20864]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2006-06-06 6400]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-12-22 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2006-11-16 45056]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-20 262247]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
S2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 190448]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-11-28 101152]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe [2010-01-28 35160]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30128\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe [2010-01-28 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------
         

Alt 23.08.2010, 15:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 24.08.2010, 14:47   #3
SirSpeedy
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Hallo,
Ich habe noch ein paar mal mit Malwarebytes gescannt, es wurden immer weniger Viren, jedoch war zuletzt AntimalwareDoctor noch drauf.

Hier sind die Logs von OTL:

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24/08/2010 14:37:35 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Joseph\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,99 Gb Total Space | 1,56 Gb Free Space | 3,00% Space Free | Partition Type: NTFS
Drive D: | 51,98 Gb Total Space | 34,64 Gb Free Space | 66,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Joseph\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eNet\eNMTray.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Joseph\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\odbc32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\mfc42.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\odbcint.dll (Microsoft Corporation)
MOD - C:\Acer\Empowering Technology\ePower\SysHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30128_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30128\SMSvcHost.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WisINT15) -- C:\Elements\1stboot\WisINT15.SYS File not found
DRV - (o1394bul) -- C:\Users\Joseph\AppData\Local\Temp\o1394bul.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S)
DRV - (atapi) -- C:\Windows\system32\drivers\atapi.sys ()
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (MODRC) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\Windows\System32\drivers\lv321av.sys (Logitech Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (GTSCSER) -- C:\Windows\System32\drivers\gtscser.sys (Option N.V.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (GTF32BUS) -- C:\Windows\System32\drivers\gtf32bus.sys (Option N.V.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys ()
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (tt) -- C:\Windows\System32\drivers\owonhdsusb.sys (zhangzhou lilliput optoelectronics institute co.,ltd.)
DRV - (CLEDX) -- C:\Windows\System32\drivers\cledx.sys (Team H2O)
DRV - (TIEHDUSB) -- C:\Windows\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://en.us.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://en.us.acer.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/17 13:59:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 13:59:24 | 000,000,000 | ---D | M]
 
[2010/08/24 12:56:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/20 15:38:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/17 13:59:13 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/08/17 13:59:13 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/08/17 13:59:13 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/08/17 13:59:13 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/08/17 13:59:13 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Acer Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.238.104.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/05 07:09:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell - "" = AutoRun
O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell - "" = AutoRun
O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found
O33 - MountPoints2\{cbb16de2-c937-11de-a475-0016d350e09a}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d7a81d20-d78a-11dd-b609-0016d350e09a}\Shell\AutoRun\command - "" = I:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun
O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun
O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/08/22 22:24:10 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\Unity
[2010/08/20 21:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
[2010/08/20 15:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/20 15:38:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/20 12:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/20 12:29:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/20 12:12:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/08/20 00:58:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/20 00:58:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/20 00:58:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/20 00:38:26 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\byinmycbf
[2010/08/20 00:38:11 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\Windows Server
[2010/08/18 13:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\OWON
[2010/08/18 13:33:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\OWONInstruments
[2010/08/13 15:26:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/13 15:26:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/13 15:26:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/13 15:26:04 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/13 15:26:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/13 15:26:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/13 15:26:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/13 15:26:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/13 15:26:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/13 15:26:03 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/13 15:26:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/13 15:26:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/13 15:26:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/13 15:26:03 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/13 15:26:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/13 15:25:59 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/13 15:25:46 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/13 15:25:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/13 15:25:23 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/13 15:25:22 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/07/29 19:03:21 | 000,000,000 | ---D | C] -- C:\Users\Joseph\Documents\Vacances
[2006/12/05 10:51:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/08/24 14:39:13 | 003,932,160 | -HS- | M] () -- C:\Users\Joseph\NTUSER.DAT
[2010/08/24 14:34:05 | 002,630,208 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/24 14:34:05 | 001,927,788 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/24 14:34:05 | 000,007,006 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/24 14:31:31 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/08/24 14:28:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 14:28:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 14:28:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 14:28:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 14:26:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/24 14:26:27 | 000,524,288 | -HS- | M] () -- C:\Users\Joseph\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/08/24 14:26:27 | 000,065,536 | -HS- | M] () -- C:\Users\Joseph\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/24 14:26:25 | 006,291,456 | -H-- | M] () -- C:\Users\Joseph\AppData\Local\IconCache.db
[2010/08/24 13:50:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job
[2010/08/24 13:50:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job
[2010/08/24 12:49:18 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5145A7A-AF08-4E7E-AAB9-74C047D56293}.job
[2010/08/20 21:04:50 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/20 15:38:31 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/20 12:25:59 | 000,294,412 | ---- | M] () -- C:\Users\Joseph\Documents\cc_20100820_122539.reg
[2010/08/20 12:22:21 | 000,000,638 | ---- | M] () -- C:\Users\Joseph\Desktop\CCleaner.lnk
[2010/08/20 00:58:20 | 000,000,624 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/20 00:38:17 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/15 14:01:47 | 000,316,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/06 18:07:59 | 000,002,255 | ---- | M] () -- C:\Users\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/08/20 21:04:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/20 15:38:31 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/08/20 12:25:45 | 000,294,412 | ---- | C] () -- C:\Users\Joseph\Documents\cc_20100820_122539.reg
[2010/08/20 12:22:21 | 000,000,638 | ---- | C] () -- C:\Users\Joseph\Desktop\CCleaner.lnk
[2010/08/20 00:58:20 | 000,000,624 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/20 00:38:16 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/05/03 18:19:02 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010/05/03 18:19:02 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/02/22 17:34:49 | 000,008,398 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/02/18 15:57:58 | 000,000,106 | ---- | C] () -- C:\Windows\codelaro.ini
[2009/08/17 13:46:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/17 13:45:51 | 000,019,944 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 15:19:18 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2009/07/31 15:19:18 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009/07/31 12:32:33 | 000,000,085 | ---- | C] () -- C:\Windows\Realflight.INI
[2009/07/31 12:29:31 | 000,000,248 | ---- | C] () -- C:\Windows\emug3.ini
[2009/07/26 15:08:06 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2008/10/05 19:57:21 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008/08/13 00:07:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/05/24 16:31:08 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007/12/02 12:38:36 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/06 00:06:39 | 000,000,680 | ---- | C] () -- C:\Users\Joseph\AppData\Local\d3d9caps.dat
[2007/10/11 20:25:45 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2007/10/11 20:21:42 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007/10/11 20:20:15 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/04/05 15:46:34 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/03/29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2007/02/07 12:19:38 | 000,041,472 | ---- | C] () -- C:\Users\Joseph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/04 11:18:47 | 000,042,594 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/02/03 03:56:21 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/02/03 03:56:21 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/02/03 03:55:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/02/03 03:54:20 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007/02/03 03:47:51 | 000,000,037 | ---- | C] () -- C:\Windows\Acer.ini
[2007/01/22 20:22:36 | 000,055,034 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2007/01/02 18:54:14 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/01/02 18:53:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/01/02 18:53:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/01/02 18:52:40 | 000,037,376 | ---- | C] () -- C:\Windows\System32\MSNChatHook.dll
[2007/01/02 18:52:28 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/01/02 18:52:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/01/02 18:52:18 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/12/05 14:15:30 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/12/05 13:58:20 | 000,743,424 | R--- | C] () -- C:\Windows\libxml2.dll
[2006/12/05 13:56:37 | 000,872,448 | R--- | C] () -- C:\Windows\iconv.dll
[2006/12/05 10:51:17 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2006/12/05 07:10:14 | 000,013,952 | ---- | C] () -- C:\Windows\System32\drivers\UBHelper.sys
[2006/12/05 07:09:00 | 000,198,144 | ---- | C] () -- C:\Windows\System32\_psisdecd.dll
[2006/12/02 20:32:24 | 000,000,042 | ---- | C] () -- C:\Windows\PreLaunch.ini
[2006/12/02 20:32:23 | 000,204,800 | ---- | C] () -- C:\Windows\Capsule.dll
[2006/12/02 20:32:22 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002/02/27 18:50:00 | 000,197,120 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2001/12/27 01:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[2001/09/04 08:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 01:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 07:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
< End of report >
         
--- --- ---


So wie:

Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24/08/2010 14:37:35 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Joseph\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000046E | Country: Luxembourg | Language: LBX | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 51,99 Gb Total Space | 1,56 Gb Free Space | 3,00% Space Free | Partition Type: NTFS
Drive D: | 51,98 Gb Total Space | 34,64 Gb Free Space | 66,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C4276F-160D-4D2D-8213-A0759707E98B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{0A7BCE11-27FC-4324-AC84-605164ACEB07}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1250C5FE-EE34-4B01-BE33-C69CA3723E42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1372693F-B636-4929-8AF5-C81B78E74C41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{19AEAA7F-E8AF-43F0-80C2-EE3E11FFBA18}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1F5AF1A9-F887-41F0-9A17-6AB4B389ACEB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1F6FBBA1-B7CA-44B1-AA82-25E57F1C0A8F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2825FD28-644C-4178-BABA-E891581C2874}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3915AE0A-E1BF-4176-A28E-41C859B44AC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3B317CC8-C085-43D9-83BC-5E92CAFF7B7A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4E8D9EC0-0885-4C8F-90DE-1FEC701C1CAB}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{538B1A06-9051-4955-930F-15FDCEF8A673}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{58605C72-0692-4767-912D-712B8C1E5835}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5DC87C24-FF21-4D96-8947-B3FC7A65E87B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{6284B1D3-6E09-4202-8BBC-8569CAC8A98A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{670B7933-7653-4B37-AE25-5C50E78FF65F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6BD66D0B-BFD8-4752-A3BC-076B49E44D1F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{769F4F47-AF56-4F2C-8A54-66547A68A081}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8405E434-0643-4531-956B-FA1BF2DD4F10}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{87804F9E-2E25-4757-A038-C9F1F5F15330}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{92F52F82-A746-4018-8CD3-36D5D9AF4FD3}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{99BE4BF5-FC3E-4B63-8A01-2A4CD3027D51}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9C78A943-8ED6-4BBC-B219-5354AC652851}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A6404B2F-E858-4B23-838A-2DF95AEFCC92}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B05567B8-C44A-4231-96EF-90D185FD3E03}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B27D00F1-8108-45BE-A17F-2F43D3C61A1B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{B2CF5380-E5CE-4C7A-9EC7-534DA233F9F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{BC25F39F-B7A3-4AA1-B59F-7276C843106E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C07BB437-79E0-431B-B773-BE7556050C4E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C4C45A09-4E4D-4F22-92D4-5FB8DEC42F8C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CC335801-70AE-4B27-81D9-0EDDE14FA734}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{DD624100-27BA-4D24-9608-9CFA4C2906EB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DF3F3A8C-7B44-4E21-9076-4C41D5B8557F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DFBF39FD-A1B9-4C3F-9527-896D5C79D485}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{E3A69D1E-1E50-4B42-8699-BC883EABB7E7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E41E513D-6E03-49FF-B005-65D633680E95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E5633B34-EBE6-4F4F-93ED-0F54DED8DC3C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EB767FCF-839A-4C21-8506-09A225C989B3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{EC64E1C4-B5C8-4980-A9D8-16047C2902D9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ED9BEAB6-1822-47CE-8CE0-2FBC78CEB427}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{F181EC19-C28F-4844-90C5-D8827A4B24F3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{FA7F956A-F9CB-4138-B128-3754B6C63EE7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCB8ECB1-F528-4C4F-84D3-0F406B46A627}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E8BBAE-E14F-4975-8148-D32FA50F042F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0A5EF2F5-ECD1-4B4F-8240-8623B0D6DD0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{0FBB531F-1DBE-49C5-9A29-CDF3831779CD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{11662FEA-1555-4549-9901-F2C7F2AC6CE8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1739D1BD-DE3D-4D3E-BF5E-C3DECC6805CC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{18920867-ECAB-41D4-B4D5-21FB52F58176}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1EE69DFA-CCC7-4464-9369-B93E3A6E94C9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{23A2E8D0-5B84-48B9-8E54-91DC9194DFED}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{29F9CCAA-8D6D-44FA-BC22-C917CDD4E7BC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2BB5AE51-031F-4FA5-BE5F-DBE0E2339811}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2C5C772F-A4B8-48BC-A31A-ABE01E9301C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{31C0F322-59E4-4ADC-A18B-4B9C08A44C1D}" = protocol=17 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
"{39D78FF7-598A-4ED3-AC7E-7FA0CCF5C0A8}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{3A1D3130-860E-48C1-A25B-5D83A10ED4FE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3BAD6A77-C3D3-49BC-933D-1F708A1E67A7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{3C9AD040-A26F-433E-A884-C1423A3C58A1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4058AF9D-356C-4A93-908A-4F414CA1F08E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{481C4CD2-34F2-413A-A88F-A405186A1E6C}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{4AB8B68C-5E27-4979-B92B-C68EFB9C5122}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{53636527-7C75-4C43-B311-9A42882C6230}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | 
"{54005500-71F5-426B-8D42-A9FF4DB0A5F7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{575B28A3-9E3E-4DDB-AE1C-BB100AB83FB6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{57B5071C-4DA5-4AE1-A365-AA1EDCFA3EC5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5AD54DFE-3029-4048-AA7F-D4E8DABF50BB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5BA23281-3480-48D5-A305-F61F2B43549E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5CBDE346-16CB-4EED-8561-88383FC984C8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{645E776A-B8DD-4AE4-B2C7-ED84DD361222}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{6FA17350-2CE5-4CD9-9149-39F992E37D07}" = protocol=6 | dir=in | app=c:\program files\cyanide\radsportmanager pro 2005-2006\cym2005.exe | 
"{72E15782-3ACD-44D9-A1C0-54764469D675}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{778702ED-6EB9-4A81-8241-74285B7A390F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{79D699F6-0F97-4E3C-B656-4BF471C84BDE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{7A98E19B-F677-4EF7-B8B6-57242C15CF2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8131E75F-120D-47A3-8905-95FB36259892}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{839A66A7-48AA-4BF4-81AC-46F838090879}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{8D9BEFF7-CAF5-44C3-A125-82B04838D422}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{963F7B8C-6DF7-4B2A-A8A0-E8E742CA186D}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe | 
"{97E18E7B-AF40-4B75-8ED4-2FECAD8C7F4E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9D822A95-9482-4CA5-BAFC-80444D4991E5}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe | 
"{9FCE865E-1CC8-4EE5-AA64-F9EC371EDB85}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{AE72EB08-6E5D-4967-BEF4-E9F30BA443BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B0B2546F-223C-4710-8352-63E7AEEBF51F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B41AF908-9291-4118-9911-FAC860436E09}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B466DF3E-157F-4AD8-B71B-C4A732856972}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B4B37CE5-54D7-4502-844A-A5BA38A7570A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{B9B35BC5-A721-4B0D-AB4B-6345014D37F9}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{C1DD537B-9350-49C1-9889-9348E2CFD2B6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C652FF59-B4AD-4248-B300-EC0C1C6427BD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{C68D5627-1E00-42DC-933C-5F1A379D1BE7}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{CD65B743-AC5A-4C3D-8D6E-BD95598C2B65}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D28E2822-9744-47B5-A5FC-B793DE313B40}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe | 
"{D75908BF-4898-4A45-8BF9-0C56F80AC29C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DD45D1C1-DE57-4A67-B044-114A23B30095}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA3B351B-8289-44E6-A034-792682A93011}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F0CB7336-D76B-4845-9D7E-2441789E3D03}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F60C73CC-0FA1-481F-847B-0B53198C9226}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{FD177EAA-89D1-49D8-82AC-485EF18A875C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}" = Safari
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{1048B0D2-BAF6-4080-A3C5-2879026FCBF4}" = HdsSetup
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{223E6BB9-6602-4ee4-A964-1B3EFD3C5B80}" = Canon MP130
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28D1D5CE-45D6-4208-8B87-C752B5BC1E3B}" = Vodafone Mobile Connect
"{2D84D8F3-0499-4CC5-98A2-F9D5F31308DB}" = FIFA 2002
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{471A9640-39F8-11D5-A07F-005004F915E3}" = Microsoft Games Pocket Pak for Pocket PC
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe (inkl. Add-On 1)
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90CA713A-5D86-40DF-9C29-C284497D3B5F}" = MioMap v3 Updater for PDA
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8742BE5-6238-3EC0-A9B9-CD562E054A54}" = Microsoft .NET Framework 4 Client Profile
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.1.1.3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E0AD8FC1-1860-33CA-9CFE-5962B91DDDEB}" = Microsoft .NET Framework 4 Extended
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F07AE5AB-516C-4CEB-A0AA-AD083B9182C6}" = TI NoteFolio Creator
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F59A3B93-6C1C-4C3E-BCC4-4897490E2963}" = LG Bluetooth Drivers
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = TIPCI
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FD71DDAA-EED9-450B-9F91-FADD43DD9CED}_is1" = ALNO AG Küchenplaner 0.96b
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows Driver Package - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"AcerOrbiCamDrv" = Acer Camera Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AutoHotkey" = AutoHotkey 1.0.48.03
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"EPSON Printer and Utilities" = EPSON Printer Software
"Evrsoft First Page 2006_is1" = Evrsoft First Page 2006
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"Google Updater" = Google Updater
"Graffiti Studio 2.0_is1" = Graffiti Studio 2.0
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{5EBAC9CB-97D7-44CD-A82D-4FCB37F582AC}" = World Racing 2
"InstallShield_{F7B05784-334C-4F76-8BAB-30ABEB7FD534}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"JAP" = JAP
"KSE Backgammon 2.0 (Pocket PC)" = KSE Backgammon 2.0 (Pocket PC)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.42 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.54 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator 1.1" = Canon MP Navigator 1.1
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OmniGSoft Mini-Aquabike 1.0 for Pocket PC" = OmniGSoft Mini-Aquabike 1.0 for Pocket PC
"OmniGSoft Mini-Sportsbike 1.0 for Pocket PC" = OmniGSoft Mini-Sportsbike 1.0 for Pocket PC
"OmniGSoft Mini-TransCanada 1.2 for Pocket PC" = OmniGSoft Mini-TransCanada 1.2 for Pocket PC
"PacSteamT" = PacSteamT
"RealFlightG4Pro" = RealFlight G4 R/C Simulator
"SecondLife" = SecondLife (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"ST6UNST #1" = Bounty Hunter 2099 Pinball
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.0
"TomTom HOME" = TomTom HOME 2.7.5.2014
"VLC media player" = VLC media player 1.1.0
"WhatPulse" = WhatPulse 1.6.2.1
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"Zattoo" = Zattoo 3.2.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22/08/2010 16:05:26 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 22/08/2010 16:05:26 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 22/08/2010 16:30:56 | Computer Name = Joseph-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 14.0.8089.726, time stamp
 0x4a6ce533, faulting module MsgPlusLive.dll, version 4.70.0.334, time stamp 0x489d9678,
 exception code 0xc0000005, fault offset 0x000363a8,  process id 0x1610, application
 start time 0x01cb4238d98469c4.
 
Error - 23/08/2010 06:49:49 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 23/08/2010 06:49:49 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 23/08/2010 06:50:01 | Computer Name = Joseph-PC | Source = Google Update | ID = 20
Description = 
 
Error - 24/08/2010 06:52:43 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 24/08/2010 06:52:43 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 24/08/2010 08:34:02 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 24/08/2010 08:34:02 | Computer Name = Joseph-PC | Source = LoadPerf | ID = 3011
Description = 
 
[ Media Center Events ]
Error - 13/02/2010 12:24:56 | Computer Name = Joseph-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
 returned 10000105  Process: DefaultDomain Object Name: Media Center Guide 
 
[ OSession Events ]
Error - 28/12/2007 12:02:05 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5359
 seconds with 4140 seconds of active time.  This session ended with a crash.
 
Error - 15/12/2009 11:47:11 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/01/2010 13:14:58 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/01/2010 13:21:32 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 379
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 12/01/2010 13:21:56 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/01/2010 13:22:23 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/01/2010 13:23:09 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18/01/2010 11:40:34 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18/01/2010 11:45:15 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29/07/2010 13:08:29 | Computer Name = Joseph-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 446
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 22/08/2010 17:38:44 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 22/08/2010 17:38:45 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 22/08/2010 17:38:46 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 22/08/2010 17:38:48 | Computer Name = Joseph-PC | Source = PlugPlayManager | ID = 12
Description = The device 'TSSTcorp CD/DVDW TS-L632D ATA Device' (IDE\CdRomTSSTcorp_CD/DVDW_TS-L632D_______________ac00____\5&214dc5be&0&1.1.0)
 disappeared from the system without first being prepared for removal.
 
Error - 22/08/2010 17:38:47 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 22/08/2010 17:38:48 | Computer Name = Joseph-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort1.
 
Error - 22/08/2010 17:38:48 | Computer Name = Joseph-PC | Source = cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.
 
Error - 23/08/2010 06:45:52 | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24/08/2010 06:46:34 | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24/08/2010 08:29:20 | Computer Name = Joseph-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Gruss,
SirSpeedy
__________________

Alt 24.08.2010, 18:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Poste dann auch die neuere Logs von Malwarebytes, da ich wissen muss, was noch gefunden wurde.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.08.2010, 19:15   #5
SirSpeedy
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Hallo,
Es wurden 6 Dateien gefunden:

Log
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4469

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

24/08/2010 14:26:04
mbam-log-2010-08-24 (14-26-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 348848
Laufzeit: 1 Stunde(n), 21 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Joseph\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Joseph\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
         


Alt 24.08.2010, 19:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell - "" = AutoRun
O33 - MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell - "" = AutoRun
O33 - MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found
O33 - MountPoints2\{cbb16de2-c937-11de-a475-0016d350e09a}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{d7a81d20-d78a-11dd-b609-0016d350e09a}\Shell\AutoRun\command - "" = I:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun
O33 - MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell - "" = AutoRun
O33 - MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell - "" = AutoRun
O33 - MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell - "" = AutoRun
O33 - MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\StartVMCLite.exe -- File not found
[2010/08/20 00:38:26 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\byinmycbf
[2010/08/20 00:38:11 | 000,000,000 | ---D | C] -- C:\Users\Joseph\AppData\Local\Windows Server
[2010/08/20 00:38:17 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Antimalware Doctor noch immer auf meinem PC

Alt 24.08.2010, 21:39   #7
SirSpeedy
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Getan.

Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10c2dfa2-c883-11dd-b3e3-d366d30766de}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b5525c-735b-11dd-becc-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b5525c-735b-11dd-becc-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b5525c-735b-11dd-becc-0018ded2c45d}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b55269-735b-11dd-becc-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b55269-735b-11dd-becc-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b55269-735b-11dd-becc-0018ded2c45d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45406dd4-299e-11dd-8898-0016d350e09a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{45406dd4-299e-11dd-8898-0016d350e09a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45406dd4-299e-11dd-8898-0016d350e09a}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5396b090-56b7-11df-97bc-0016d350e09a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5396b090-56b7-11df-97bc-0016d350e09a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5396b090-56b7-11df-97bc-0016d350e09a}\ not found.
File E:\USBAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8a-78f4-11dd-bc82-0018ded2c45d}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59c72d8b-78f4-11dd-bc82-0018ded2c45d}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60275abe-d791-11dd-a196-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60275abe-d791-11dd-a196-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60275abe-d791-11dd-a196-0018ded2c45d}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b52639e-1163-11de-8750-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b52639e-1163-11de-8750-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b52639e-1163-11de-8750-0018ded2c45d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b5263b7-1163-11de-8750-0016cfec2a79}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b5263b7-1163-11de-8750-0016cfec2a79}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8b5263b7-1163-11de-8750-0016cfec2a79}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2074f8a-2b38-11dd-ac44-0018ded2c45d}\ not found.
File H:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb7f1025-140d-11df-a763-0016d350e09a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb7f1025-140d-11df-a763-0016d350e09a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb7f1025-140d-11df-a763-0016d350e09a}\ not found.
File E:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb16de2-c937-11de-a475-0016d350e09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cbb16de2-c937-11de-a475-0016d350e09a}\ not found.
File J:\InstallTomTomHOME.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d7a81d20-d78a-11dd-b609-0016d350e09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d7a81d20-d78a-11dd-b609-0016d350e09a}\ not found.
File I:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4c-d2a0-11dd-b929-0016cfec2a79}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da348e4d-d2a0-11dd-b929-0016cfec2a79}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b4-7448-11dd-ab4b-0018ded2c45d}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e41ab5b6-7448-11dd-ab4b-0018ded2c45d}\ not found.
File H:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e98a54ab-6ddb-11dd-af63-0016d350e09a}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\StartVMCLite.exe not found.
C:\Users\Joseph\AppData\Local\byinmycbf folder moved successfully.
C:\Users\Joseph\AppData\Local\Windows Server folder moved successfully.
C:\zrpt.xml moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
 
User: Joseph
->Temp folder emptied: 32638 bytes
->Java cache emptied: 3997523 bytes
->FireFox cache emptied: 76811970 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
 
User: Patrick
->Temp folder emptied: 34459 bytes
 
User: Public
 
User: ReleaseEngineer.MACROVISION
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 249797131 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 315,00 mb
 
 
OTL by OldTimer - Version 3.2.10.0 log created on 08242010_211248

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 24.08.2010, 23:45   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.08.2010, 23:57   #9
SirSpeedy
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Hier die Log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-24.07 - Joseph 25/08/2010  20:47:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.352.1033.18.2045.1307 [GMT 2:00]
Running from: c:\users\Joseph\Desktop\cofi.exe
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Joseph\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\enemies-names.txt
c:\users\Joseph\AppData\Roaming\988ED89C1DEFD0DE856991C6464A55B7\local.ini
c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk

-- Previous Run --

Infected copy of c:\windows\explorer.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe 

Infected copy of c:\windows\explorer.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe 

Infected copy of c:\windows\System32\wininit.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe 

--------

c:\windows\system32\wininit.exe . . . is infected!!

.
(((((((((((((((((((((((((   Files Created from 2010-07-25 to 2010-08-25  )))))))))))))))))))))))))))))))
.

2010-08-25 18:57 . 2010-08-25 21:29	--------	d-----w-	c:\users\Joseph\AppData\Local\temp
2010-08-25 18:57 . 2010-08-25 18:57	--------	d-----w-	c:\users\Patrick\AppData\Local\temp
2010-08-25 18:57 . 2010-08-25 18:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-24 19:12 . 2010-08-24 19:12	--------	d-----w-	C:\_OTL
2010-08-22 20:27 . 2010-08-22 20:27	--------	d-----w-	c:\users\Joseph\AppData\Roaming\Unity
2010-08-22 20:24 . 2010-08-22 20:24	--------	d-----w-	c:\users\Joseph\AppData\Local\Unity
2010-08-20 19:04 . 2010-08-20 19:04	56	---ha-w-	c:\windows\system32\ezsidmv.dat
2010-08-20 19:04 . 2010-08-20 19:04	--------	d-----w-	c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM
2010-08-20 19:04 . 2010-08-20 19:04	--------	d-----w-	c:\users\ReleaseEngineer.MACROVISION
2010-08-20 13:39 . 2010-08-20 19:09	--------	d-----w-	c:\users\Joseph\AppData\Roaming\Skype
2010-08-20 13:38 . 2010-08-20 13:38	--------	d-----w-	c:\program files\Common Files\Skype
2010-08-20 13:38 . 2010-08-20 13:38	--------	d-----r-	c:\program files\Skype
2010-08-20 10:29 . 2010-08-20 10:30	--------	d-----w-	C:\rsit
2010-08-20 10:29 . 2010-08-20 10:29	--------	d-----w-	c:\program files\trend micro
2010-08-20 00:35 . 2010-08-20 00:35	--------	d-----w-	c:\users\Joseph\AppData\Roaming\933452C29F284D9020EB484626E20D3A
2010-08-19 22:58 . 2010-08-19 22:58	--------	d-----w-	c:\users\Joseph\AppData\Roaming\Malwarebytes
2010-08-19 22:58 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-19 22:58 . 2010-08-19 22:58	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-19 22:58 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-18 11:35 . 2010-08-18 11:35	--------	d-----w-	c:\program files\OWON
2010-08-18 11:33 . 2010-08-18 11:33	--------	d-----w-	c:\windows\system32\OWONInstruments
2010-08-13 13:25 . 2010-05-27 20:08	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-08-13 13:25 . 2010-06-11 16:16	274944	----a-w-	c:\windows\system32\schannel.dll
2010-08-13 13:25 . 2010-06-21 13:37	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-08-13 13:25 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-13 13:25 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-13 13:25 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-13 13:25 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-13 13:25 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-13 13:25 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-13 13:25 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 10:29 . 2007-02-03 01:48	12	----a-w-	c:\windows\bthservsdp.dat
2010-08-20 13:38 . 2007-04-29 10:37	--------	d-----w-	c:\programdata\Skype
2010-08-15 11:52 . 2007-12-19 21:02	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-15 11:51 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-15 11:44 . 2007-02-03 20:10	35416	----a-w-	c:\users\Joseph\AppData\Roaming\nvModes.dat
2010-07-21 15:46 . 2008-03-23 15:26	--------	d-----w-	c:\users\Joseph\AppData\Roaming\vlc
2010-07-21 15:17 . 2008-03-23 15:08	--------	d-----w-	c:\program files\VideoLAN
2010-06-29 06:01 . 2007-11-05 22:06	680	----a-w-	c:\users\Joseph\AppData\Local\d3d9caps.dat
2010-06-26 06:05 . 2010-08-13 13:26	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 13:26	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 13:26	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 13:26	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-09 08:06 . 2010-06-09 08:06	976832	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\12886\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06	70584	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\12886\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06	331176	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\12886\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06	331176	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\12886\AcrobatUpdater.exe
2006-05-03 09:06 . 2008-10-05 17:57	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-10-05 17:57	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-10-05 17:57	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-04-11 06:32 . 977AD7568C1B6A8D92EDC31ED8EB9B4C . 19944 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[7] 2008-02-27 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-12-31 86960]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=c:\windows\pss\OpenOffice.org 2.1.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Joseph^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-20 17:09	754712	----a-w-	c:\program files\Acer\OrbiCam10\OrbiCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42	36272	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-07 13:07	133104	----atw-	c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 23:00	385024	----a-w-	c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-12-31 14:19	218032	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2007-12-31 14:19	218032	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 11:10	267048	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
2005-07-25 12:36	32768	----a-w-	c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2006-12-22 09:07	204800	----a-w-	c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2006-08-29 08:26	241664	----a-w-	c:\program files\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-11-28 16:38	244512	----a-w-	c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect.EXE]
2007-12-31 14:20	3072000	----a-w-	c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 14:00	1249280	----a-w-	d:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2006-11-22 22:29	90191	----a-w-	c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 21:13	385024	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote Control Editor]
2008-11-04 10:06	1105920	----a-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 15:38	583048	----a-w-	c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TerraTec Remote Control]
2008-11-04 10:06	1105920	----a-w-	c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41	247144	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2006-11-09 13:37	86016	----a-w-	c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 07:21	648072	----a-w-	c:\windows\WindowsMobile\wmdc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):23,16,25,e4,36,1f,ca,01

R1 mailKmd;mailKmd; [x]
R2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-26 4352]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB.sys [2009-05-12 16896]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-26 265088]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2007-12-19 401920]
R3 MODRC;Cinergy DT USB XS Diversity IR Service;c:\windows\system32\DRIVERS\modrc.sys [2007-07-11 13824]
R3 o1394bul;o1394bul;c:\users\Joseph\AppData\Local\Temp\o1394bul.sys [x]
R3 tt;owonhdsusb.sys, Owon Hds1000 usb Driver;c:\windows\system32\Drivers\owonhdsusb.sys [2006-04-21 59168]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-05-24 717296]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-06-11 12032]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-06-11 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-06-11 12928]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-11-28 847392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 12:42]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 13:07]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job
- c:\users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 13:07]

2010-08-25 c:\windows\Tasks\User_Feed_Synchronization-{E5145A7A-AF08-4E7E-AAB9-74C047D56293}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = fritz.box
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://www.yahoo.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - 
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-AVMWlanClient - c:\program files\avmwlanstick\wlangui.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-PowerKey - c:\program files\Launch Manager\PowerKey.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-25 23:32
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\windows\TEMP\TMP0000000A86BD860FDB0B752A 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wvudmctcrqucplr]
"imagepath"="\??\c:\windows\TEMP\E698.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xyrfgvxveobayne]
"imagepath"="\??\c:\windows\TEMP\E7A2.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4033196447-1890306390-1010895685-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56994F70-5643-455F-F3BE-F00A46CF6B07}*]
"habgmhijojcncpim"=hex:6b,61,63,66,62,6d,67,65,66,6e,6b,70,67,6a,63,6a,61,6c,
   61,61,6a,62,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3004)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\windows\system32\btncopy.dll
d:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
d:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
d:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
d:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\conime.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-08-25  23:40:15 - machine was rebooted
ComboFix-quarantined-files.txt  2010-08-25 21:40

Pre-Run: 1*749*069*824 bytes free
Post-Run: 2*657*067*008 bytes free

- - End Of File - - 0E2E1798EB68A38F44D36DF03273477D
         
--- --- ---


Gruss

Alt 26.08.2010, 11:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.08.2010, 16:16   #11
SirSpeedy
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Puh, hoffen die Scans waren erfolgreich.


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-27 15:47:05
Windows 6.0.6002 Service Pack 2
Running: x7qsvr1u.exe; Driver: C:\Users\Joseph\AppData\Local\Temp\kflyqpow.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.rsrc           C:\Windows\system32\drivers\atapi.sys                                                                                             entry point in ".rsrc" section [0x807F0014]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                          section is writeable [0x8C20A340, 0x292427, 0xE8000020]
 
---- User IAT/EAT - GMER 1.0.15 ----
 
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                             [74707817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                              [7475A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                          [7470BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                    [746FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                              [747075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                           [746FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                               [74738395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                  [7470DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                          [746FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                           [746FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                            [746F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                    [7478CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                       [7472C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                          [746FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                    [746F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                   [746F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[1852] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                      [74702AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                           Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                           Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-3                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device          \Driver\tifm21 \Device\TIFMxx21DE-0                                                                                               BD023192
 
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001620a37b62                                          0x21 0x22 0xD9 0x32 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001cd41a1124                                          0xF1 0x4C 0x23 0x88 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0023b433acf0                                          0xCE 0xA2 0xAF 0xED ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0022a949d7c8                                          0x38 0x60 0x7B 0xE2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfec2a79@5cac4cd24428                                          0xDA 0xCD 0xAF 0x24 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                  
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                               0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                            0x86 0xB4 0x12 0x8D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                               C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                   0x5F 0x63 0x5D 0xA9 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                      0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                             0xDA 0x4D 0xA7 0xB2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41                                   
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                             0x62 0xC2 0x6A 0x64 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001620a37b62                                              0x21 0x22 0xD9 0x32 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@001cd41a1124                                              0xF1 0x4C 0x23 0x88 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0023b433acf0                                              0xCE 0xA2 0xAF 0xED ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@0022a949d7c8                                              0x38 0x60 0x7B 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cfec2a79@5cac4cd24428                                              0xDA 0xCD 0xAF 0x24 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                              
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                   0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                0x86 0xB4 0x12 0x8D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                                   C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                                       0x5F 0x63 0x5D 0xA9 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                                 0xDA 0x4D 0xA7 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)               
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh                                 0x62 0xC2 0x6A 0x64 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56994F70-5643-455F-F3BE-F00A46CF6B07}                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{56994F70-5643-455F-F3BE-F00A46CF6B07}@habgmhijojcncpim  0x6B 0x61 0x63 0x66 ...
 
---- Files - GMER 1.0.15 ----
 
File            C:\Windows\system32\drivers\atapi.sys                                                                                             suspicious modification
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---



OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:11:19 on 27.08.2010
 
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8
 
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
 
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
 
 
[Common]
-----( %SystemRoot%\Tasks )-----
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000Core.job" - "Google Inc." - C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-4033196447-1890306390-1010895685-1000UA.job" - "Google Inc." - C:\Users\Joseph\AppData\Local\Google\Update\GoogleUpdate.exe
 
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"TIControlPanel.cpl" - "Texas Instruments Incorporated" - C:\Windows\system32\TIControlPanel.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"NokiaConnectionManager" - "Nokia" - D:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IDE Channel" (atapi) - ? - C:\Windows\System32\drivers\atapi.sys  (File found, but it contains no detailed information)
"int15" (int15) - ? - C:\Windows\system32\drivers\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kflyqpow" (kflyqpow) - ? - C:\Users\Joseph\AppData\Local\Temp\kflyqpow.sys  (Hidden registry entry, rootkit activity | File not found)
"mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys  (File not found)
"o1394bul" (o1394bul) - ? - C:\Users\Joseph\AppData\Local\Temp\o1394bul.sys  (File not found)
"owonhdsusb.sys, Owon Hds1000 usb Driver" (tt) - "zhangzhou lilliput optoelectronics institute co.,ltd." - C:\Windows\System32\Drivers\owonhdsusb.sys
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfvfs02.sys
"Team H2O CLEDX service" (CLEDX) - "Team H2O" - C:\Windows\System32\DRIVERS\cledx.sys
"TIEHDUSB" (TIEHDUSB) - "Texas Instruments Incorporated" - C:\Windows\System32\drivers\tiehdusb.sys
"UBHelper" (UBHelper) - ? - C:\Windows\system32\drivers\UBHelper.sys  (File found, but it contains no detailed information)
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"WisINT15" (WisINT15) - ? - C:\Elements\1stboot\WisINT15.SYS  (File not found)
 
[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Dossiers Web" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Texas Instruments Incorporated" - C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - D:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Users\Joseph\Desktop\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.6.0_02" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_18" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_18.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
{238F6F83-B8B4-11CF-8771-00A024541EE3} "{238F6F83-B8B4-11CF-8771-00A024541EE3}" - ? -   (File not found | COM-object registry key not found) / hxxp://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/icaweb-20070115.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"ICQ6" - "ICQ, Inc." - C:\Program Files\ICQ6\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
<binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype add-on for Internet Explorer" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{02478D38-C3F9-4EFB-9B51-7695ECA05670} "Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"TomTomHOME.exe" - "TomTom" - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
"WhatPulse" - "WhatPulse.org" - C:\Program Files\WhatPulse\WhatPulse.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AcerOrbicamRibbon" - "Acer Inc." - "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"ISUSScheduler" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"LogitechCommunicationsManager" - "Acer Inc." - "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe
 
[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\aspnet_state.exe
"Automatic LiveUpdate Scheduler" (Automatic LiveUpdate Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eLock Service" (eLockService) - "Acer Inc." - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
"eNet Service" (eNet Service) - "Acer Inc." - C:\Acer\Empowering Technology\eNet\eNet Service.exe
"ePower Service" (WMIService) - "acer" - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"eSettings Service" (eSettingsService) - ? - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod Service" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
"LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30128_X86" (clr_optimization_v4.0.30128_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
 
===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---


Bootkit Remover Log
Code:
ATTFilter
.\debug.cpp(238) : Debug log started at 27.08.2010 - 14:12:50
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x82644000 0x003b9000 "\SystemRoot\system32\ntkrnlpa.exe"
.\debug.cpp(256) : 0x82611000 0x00033000 "\SystemRoot\system32\hal.dll"
.\debug.cpp(256) : 0x80405000 0x00007000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8040c000 0x00070000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x8047c000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x8048d000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x80495000 0x00041000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x804d6000 0x000e0000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8060f000 0x0007c000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x8068b000 0x0000d000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x80698000 0x00046000 "\SystemRoot\system32\drivers\acpi.sys"
.\debug.cpp(256) : 0x806de000 0x00009000 "\SystemRoot\system32\drivers\WMILIB.SYS"
.\debug.cpp(256) : 0x806e7000 0x00008000 "\SystemRoot\system32\drivers\msisadrv.sys"
.\debug.cpp(256) : 0x806ef000 0x00027000 "\SystemRoot\system32\drivers\pci.sys"
.\debug.cpp(256) : 0x80716000 0x0000f000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x80725000 0x00003000 "\SystemRoot\system32\DRIVERS\compbatt.sys"
.\debug.cpp(256) : 0x80728000 0x0000a000 "\SystemRoot\system32\DRIVERS\BATTC.SYS"
.\debug.cpp(256) : 0x80732000 0x0000f000 "\SystemRoot\system32\drivers\volmgr.sys"
.\debug.cpp(256) : 0x80741000 0x0004a000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x8078b000 0x00007000 "\SystemRoot\system32\drivers\intelide.sys"
.\debug.cpp(256) : 0x80792000 0x0000e000 "\SystemRoot\system32\drivers\PCIIDEX.SYS"
.\debug.cpp(256) : 0x807cd000 0x00010000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x807dd000 0x00009000 "\SystemRoot\System32\drivers\sfsync02.sys"
.\debug.cpp(256) : 0x807e6000 0x00004000 "\SystemRoot\System32\Drivers\UBHelper.sys"
.\debug.cpp(256) : 0x807ea000 0x00008000 "\SystemRoot\system32\drivers\atapi.sys"
.\debug.cpp(256) : 0x805b6000 0x0001e000 "\SystemRoot\system32\drivers\ataport.SYS"
.\debug.cpp(256) : 0x8300d000 0x00032000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x8303f000 0x00010000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x8304f000 0x00009000 "\SystemRoot\system32\DRIVERS\psdfilter.sys"
.\debug.cpp(256) : 0x83058000 0x00071000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x830c9000 0x0010b000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x831d4000 0x0002b000 "\SystemRoot\system32\drivers\msrpc.sys"
.\debug.cpp(256) : 0x83208000 0x0003b000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x83243000 0x000ea000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8332d000 0x0001b000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x88605000 0x00110000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x88715000 0x00039000 "\SystemRoot\system32\drivers\volsnap.sys"
.\debug.cpp(256) : 0x8874e000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x88756000 0x00018000 "\SystemRoot\System32\drivers\sfvfs02.sys"
.\debug.cpp(256) : 0x8876e000 0x00008000 "\SystemRoot\System32\drivers\sfhlp02.sys"
.\debug.cpp(256) : 0x88776000 0x00013000 "\SystemRoot\System32\drivers\sfdrv01.sys"
.\debug.cpp(256) : 0x88789000 0x00012000 "\SystemRoot\system32\drivers\psdvdisk.sys"
.\debug.cpp(256) : 0x8879b000 0x00002000 "\SystemRoot\system32\drivers\PSDNServ.sys"
.\debug.cpp(256) : 0x8879d000 0x0000f000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x887ac000 0x00027000 "\SystemRoot\System32\drivers\ecache.sys"
.\debug.cpp(256) : 0x887d3000 0x00011000 "\SystemRoot\system32\drivers\disk.sys"
.\debug.cpp(256) : 0x83348000 0x00021000 "\SystemRoot\system32\drivers\CLASSPNP.SYS"
.\debug.cpp(256) : 0x887e4000 0x00009000 "\SystemRoot\system32\drivers\crcdisk.sys"
.\debug.cpp(256) : 0x8337c000 0x0000b000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x83387000 0x00009000 "\SystemRoot\system32\DRIVERS\tunmp.sys"
.\debug.cpp(256) : 0x83390000 0x0000f000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x8339f000 0x00009000 "\SystemRoot\system32\DRIVERS\wmiacpi.sys"
.\debug.cpp(256) : 0x8c20a000 0x00440000 "\SystemRoot\system32\DRIVERS\nvlddmkm.sys"
.\debug.cpp(256) : 0x8c64a000 0x000a1000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x8c6eb000 0x0000c000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8c6f7000 0x0008d000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x8bc01000 0x001c1000 "\SystemRoot\system32\DRIVERS\NETw3v32.sys"
.\debug.cpp(256) : 0x8bdc2000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x8c784000 0x0003e000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x8bdcd000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x8bddc000 0x0001a000 "\SystemRoot\system32\DRIVERS\sdbus.sys"
.\debug.cpp(256) : 0x8bdf6000 0x00004000 "\SystemRoot\system32\DRIVERS\CmBatt.sys"
.\debug.cpp(256) : 0x833a8000 0x00013000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x8c7f0000 0x0000b000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x833bb000 0x0002b000 "\SystemRoot\system32\DRIVERS\SynTP.sys"
.\debug.cpp(256) : 0x8bdfa000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x833e6000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x805d4000 0x00018000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8bdfc000 0x00002000 "\SystemRoot\system32\DRIVERS\NTIDrvr.sys"
.\debug.cpp(256) : 0x8c200000 0x00007000 "\SystemRoot\System32\Drivers\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x8c807000 0x0002f000 "\SystemRoot\system32\DRIVERS\msiscsi.sys"
.\debug.cpp(256) : 0x8c836000 0x00041000 "\SystemRoot\system32\DRIVERS\storport.sys"
.\debug.cpp(256) : 0x8c877000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8c882000 0x00017000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x8c899000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x8c8a4000 0x00023000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x8c8c7000 0x0000f000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x8c8d6000 0x00014000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x8c8ea000 0x00015000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x8c8ff000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8c90f000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x8c911000 0x0002a000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x8c93b000 0x00003000 "\SystemRoot\system32\drivers\WmBEnum.sys"
.\debug.cpp(256) : 0x8c93e000 0x0000c000 "\SystemRoot\system32\drivers\WmXlCore.sys"
.\debug.cpp(256) : 0x8c94a000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x8c954000 0x0000e000 "\SystemRoot\system32\DRIVERS\cledx.sys"
.\debug.cpp(256) : 0x8c962000 0x00003000 "\SystemRoot\system32\DRIVERS\lgbtbus.sys"
.\debug.cpp(256) : 0x8c965000 0x0000d000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x8c972000 0x00035000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x8c9a7000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x8c9b8000 0x00004000 "\SystemRoot\system32\DRIVERS\lgvmodem.sys"
.\debug.cpp(256) : 0x8c9bc000 0x0000d000 "\SystemRoot\system32\drivers\modem.sys"
.\debug.cpp(256) : 0x8c9c9000 0x00003000 "\SystemRoot\system32\DRIVERS\lgbtport.sys"
.\debug.cpp(256) : 0x8cc0f000 0x00191000 "\SystemRoot\system32\drivers\RTKVHDA.sys"
.\debug.cpp(256) : 0x8cda0000 0x0002d000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x8cdcd000 0x00025000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x8ce08000 0x0011c000 "\SystemRoot\system32\DRIVERS\AGRSM.sys"
.\debug.cpp(256) : 0x8cf24000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.SYS"
.\debug.cpp(256) : 0x8cf2d000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8cf34000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8cf44000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x8cf4b000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8cf57000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8cf78000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8cf80000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8cf88000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8cf93000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8cfa1000 0x00009000 "\SystemRoot\System32\DRIVERS\rasacd.sys"
.\debug.cpp(256) : 0x8cfaa000 0x00016000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8cfc0000 0x00014000 "\SystemRoot\system32\DRIVERS\smb.sys"
.\debug.cpp(256) : 0x8d209000 0x00048000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x8d251000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8d283000 0x00016000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8d299000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x8d2a7000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x8d2ba000 0x0003c000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x8d2f6000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x8d300000 0x00003000 "\SystemRoot\System32\Drivers\Hotkey.SYS"
.\debug.cpp(256) : 0x8d303000 0x00017000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x8da03000 0x001de000 "\SystemRoot\system32\DRIVERS\LVMVDrv.sys"
.\debug.cpp(256) : 0x8d31a000 0x000ce000 "\SystemRoot\system32\DRIVERS\lv321av.sys"
.\debug.cpp(256) : 0x8dbe1000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x8dbee000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x8d3e8000 0x00008000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x962b0000 0x00203000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x8d3f0000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x8cfd4000 0x0000f000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x964d0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x964f0000 0x0000e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0x8cfe3000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x9ba0d000 0x000b0000 "\SystemRoot\system32\drivers\spsys.sys"
.\debug.cpp(256) : 0x9babd000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9bacd000 0x0002a000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x9baf7000 0x0000a000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x9bb01000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x9bb14000 0x0006d000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x9bb81000 0x0001d000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9bb9e000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x9bbb7000 0x00015000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x9bbcc000 0x00021000 "\SystemRoot\system32\drivers\mrxdav.sys"
.\debug.cpp(256) : 0x8c9cc000 0x0001f000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x9d60a000 0x00039000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x9d643000 0x00018000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x9d65b000 0x00027000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9d682000 0x0004e000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x9d6d0000 0x00016000 "\SystemRoot\system32\DRIVERS\cdfs.sys"
.\debug.cpp(256) : 0x9d6e6000 0x00011000 "\??\C:\Windows\system32\drivers\int15.sys"
.\debug.cpp(256) : 0x9d6f7000 0x00028000 "\SystemRoot\System32\Drivers\fastfat.SYS"
.\debug.cpp(256) : 0x9d71f000 0x000de000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x9d600000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9bbed000 0x0000c000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x8c7c2000 0x00017000 "\??\C:\Users\Joseph\AppData\Local\Temp\kflyqpow.sys"
.\debug.cpp(256) : 0x807a0000 0x0002d000 "\SystemRoot\system32\DRIVERS\pcmcia.sys"
.\debug.cpp(256) : 0xbd000000 0x0002e000 "\SystemRoot\system32\drivers\tifm21.sys"
.\debug.cpp(256) : 0xbd02e000 0x0001c000 "\SystemRoot\system32\DRIVERS\Rtlh86.sys"
.\debug.cpp(256) : 0x77820000 0x00127000 "\Windows\System32\ntdll.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0E#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005a"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000008"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000046"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) :              Destination="\Device\Video0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000076"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) :              Destination="\Device\Ndis"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{686068EB-1EB4-40A3-8922-CFF278C162FA}"
.\debug.cpp(400) :              Destination="\Device\NDMP18"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000005"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000044"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000047"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) :              Destination="\Device\Video1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSDVDiskTemp"
.\debug.cpp(400) :              Destination="\Device\PSDVDiskTemp"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000001"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) :              Destination="\Device\Video2"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolumeShadowCopy1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FE39A392-9F2F-4ED6-A048-7A71FD852A52}"
.\debug.cpp(400) :              Destination="\Device\NDMP30"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) :              Destination="\Device\WMIAdminDevice"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21558de7&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde0Channel0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{60C4332C-62B4-4CA6-B119-1A28F468AA43}"
.\debug.cpp(400) :              Destination="\Device\NDMP3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E3FE0F52-6729-43AC-8488-5AC1FB2AE7A9}"
.\debug.cpp(400) :              Destination="\Device\NDMP23"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000045"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) :              Destination="\Device\00000076"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) :              Destination="\Device\Video3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000001"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000009"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6EA11ADB-6FEB-425D-A3CB-3CB73F334E62}"
.\debug.cpp(400) :              Destination="\Device\NDMP19"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) :              Destination="\Device\Video4"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL2388#5&422345b&0&UID280#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) :              Destination="\Device\0000007a"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tun0"
.\debug.cpp(400) :              Destination="\Device\Tun0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0014#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007f"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfsync02i"
.\debug.cpp(400) :              Destination="\Device\sfsync02i"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) :              Destination="\Device\00000076"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_104C&DEV_803B&SUBSYS_01071025&REV_00#4&2cabf08d&0&32F0#{2c9f2281-eb3c-11d6-80af-0001020c74d4}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0020"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CompositeBattery"
.\debug.cpp(400) :              Destination="\Device\CompositeBattery"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{FF439460-52DE-411E-8C6F-4DC818CE5EE1}"
.\debug.cpp(400) :              Destination="\Device\NDMP2"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&17ad8718&0&00E2#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGE Virtual Modem"
.\debug.cpp(400) :              Destination="\Device\00000073"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0A#1#{72631e54-78a4-11d0-bcf7-00aa00b7b32a}"
.\debug.cpp(400) :              Destination="\Device\0000006a"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000003"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000011"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_01071025&REV_02#3&21436425&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0007"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0003#{d50f1fe3-64e1-4ce7-aac3-410dc6b98b2d}"
.\debug.cpp(400) :              Destination="\Device\0000004f"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SpDevice"
.\debug.cpp(400) :              Destination="\Device\SpDevice"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) :              Destination="\Device\WMIDataDevice"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) :              Destination="\Device\CdRom0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) :              Destination="\Device\PEAuth"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&ActiveSyncWPDEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\0000007e"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) :              Destination="\Device\NamedPipe"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfhlp02i"
.\debug.cpp(400) :              Destination="\Device\sfhlp02i"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000004"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000007"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{2eb07ea0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM27"
.\debug.cpp(400) :              Destination="\Device\00000073"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_0#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000054"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM3"
.\debug.cpp(400) :              Destination="\Device\AgereModem5"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_10250100&REV_1006#4&14c70871&0&0101#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :              Destination="\Device\00000077"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) :              Destination="\Device\GEARAspiWDMDevice"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2215D338-64ED-4121-99F1-BFBDAB675739}"
.\debug.cpp(400) :              Destination="\Device\NDMP14"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM28"
.\debug.cpp(400) :              Destination="\Device\00000074"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) :              Destination="\Device\Psched"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) :              Destination="\Device\Mup"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\0000005c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgrMsg"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{84E1A471-F4DA-4BDF-A4E8-3BB14E58B4BC}"
.\debug.cpp(400) :              Destination="\Device\NDMP5"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000009"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1ff35374&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-2"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) :              Destination="\Device\Tcp"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) :              Destination="\Device\USBFDO-0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{845be5c3-b439-11db-85f3-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\CdRom0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_01D7&SUBSYS_01071025&REV_A1#4&1c716b25&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0016"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfdrv01"
.\debug.cpp(400) :              Destination="\Device\sfdrv01"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000003"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{8ACB5A22-0394-40DD-A14C-3817B4E70107}"
.\debug.cpp(400) :              Destination="\Device\NDMP7"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000a"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0010#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) :              Destination="\Device\USBFDO-1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_01071025&REV_02#3&21436425&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0011"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Agere Systems HDA Modem"
.\debug.cpp(400) :              Destination="\Device\00000077"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) :              Destination="\Device\Harddisk0\DR0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfvfs02"
.\debug.cpp(400) :              Destination="\Device\sfvfs02"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000002"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000006"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0009#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000b"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0015#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000010"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TUNMP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000011"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) :              Destination="\Device\USBFDO-2"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) :              Destination="\DosDevices\LPT1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{3977CB03-ACE8-445E-8510-4918127ABA4F}"
.\debug.cpp(400) :              Destination="\Device\NDMP8"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F956B924-B91D-4C01-96ED-787FC947813C}"
.\debug.cpp(400) :              Destination="\Device\NDMP12"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) :              Destination="\Device\USBFDO-3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) :              Destination="\Device\FsWrap"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\00000051"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) :              Destination="\Device\CdRom0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________ac00____#5&214dc5be&0&1.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP1T1L0-3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{845be5bf-b439-11db-85f3-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000052"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) :              Destination="\Device\USBFDO-4"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000048"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_02&VEN_11C1&DEV_3026&SUBSYS_10250100&REV_1006#4&14c70871&0&0101#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000077"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGBT#LGBT_modem#1&431a56f&0&0000#{769829ad-0071-4e70-a1b0-d56dbfc1c628}"
.\debug.cpp(400) :              Destination="\Device\00000073"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureB53AB53AOffset7E00Length1F4117A00#{7f108a28-9833-4b3b-b780-2c6b5fa5c062}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureB53AB53AOffset1F411F800LengthCFF6D8600#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) :              Destination="\GLOBAL??"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS1#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000057"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#ISCSIPRT#0000#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\00000014"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000044"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000006"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000049"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGBT#LGBT_modem#1&431a56f&0&0000#{2c7089aa-2e0e-11d1-b114-00c04fc2aae4}"
.\debug.cpp(400) :              Destination="\Device\00000073"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) :              Destination="\clfs"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000076"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#ThermalZone#TZS0#{4afa3d51-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000056"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&21558de7&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\PciIde0Channel1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000008"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&34e8c3c5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) :              Destination="\Device\Secdrv"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000004"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10DE&DEV_01D7&SUBSYS_01071025&REV_A1#4&1c716b25&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0016"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000a"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0010#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\int15"
.\debug.cpp(400) :              Destination="\Device\int15"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\00000076"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000047"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1c214eb5&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\nativewifip"
.\debug.cpp(400) :              Destination="\Device\nativewifip"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfdrv01i"
.\debug.cpp(400) :              Destination="\Device\sfdrv01i"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000002"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000005"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_4222&SUBSYS_10018086&REV_02#4&17ad8718&0&00E2#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0018"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000049"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) :              Destination="\Device\00000055"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01071025&REV_01#4&16535a13&0&00E0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0014#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007f"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) :              Destination="\Device\MountPointManager"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfsync02"
.\debug.cpp(400) :              Destination="\Device\sfsync02"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000043"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000045"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\kflyqpow"
.\debug.cpp(400) :              Destination="\Device\kflyqpow"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) :              Destination="\Device\PartmgrControl"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfhlp02"
.\debug.cpp(400) :              Destination="\Device\sfhlp02"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0013#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000e"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0004#{508a919c-d155-4cf7-863e-de014cbb1b90}"
.\debug.cpp(400) :              Destination="\Device\00000050"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{fb6c428a-0353-11d1-905f-0000c0cc16ba}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) :              Destination="\Device\WANARP"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0017#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000007c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) :              Destination="\Device\Nsi"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{1C0414E5-8DCB-4F7E-AE11-4C318B2703DF}"
.\debug.cpp(400) :              Destination="\Device\NDMP4"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{84C7DA36-B4B8-4384-8F67-227704D1F3E3}"
.\debug.cpp(400) :              Destination="\Device\NDMP9"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{7B31554B-FC77-467A-9BD1-1FD00CB197CF}"
.\debug.cpp(400) :              Destination="\Device\NDMP10"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54126D3A-1F7B-481B-AA83-DFE4BE82171D}"
.\debug.cpp(400) :              Destination="\Device\NDMP16"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_01071025&REV_02#3&21436425&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0009"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000043"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{54950694-33A2-408C-9E06-ABBEB791E26F}"
.\debug.cpp(400) :              Destination="\Device\NDMP24"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) :              Destination="\Device\NXTIPSEC"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\sfvfs02i"
.\debug.cpp(400) :              Destination="\Device\sfvfs02i"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000d"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) :              Destination="\Device\NDMP21"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) :              Destination="\Device\WFP"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) :              Destination="\Device\WANARPV6"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{442A5B3D-9FD2-4348-8647-624CC2BD2198}"
.\debug.cpp(400) :              Destination="\Device\NDMP25"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#LPL2388#5&422345b&0&UID280#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) :              Destination="\Device\0000007a"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) :              Destination="\Device\0000007b"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{5660E17F-5C10-4FD0-82C7-F1B4C2C4F949}"
.\debug.cpp(400) :              Destination="\Device\NDMP26"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{845be5c0-b439-11db-85f3-806e6f6e6963}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CE53E496-4163-416E-A8C3-646C4F712890}"
.\debug.cpp(400) :              Destination="\Device\NDMP1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0011#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\0000000d"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{66313009-8F7E-42E2-9C3A-F44CE14C3F20}"
.\debug.cpp(400) :              Destination="\Device\NDMP17"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000048"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) :              Destination="\Device\0000004c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LGBT#LGBT_transport#1&431a56f&0&0000#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) :              Destination="\Device\00000074"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomTSSTcorp_CD#DVDW_TS-L632D_______________ac00____#5&214dc5be&0&1.1.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP1T1L0-3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#1&19f7e59c&0&SignatureB53AB53AOffsetEF37F7E00LengthCFEF00400#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NTIDrvr"
.\debug.cpp(400) :              Destination="\Device\NTIDrvr"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_01071025&REV_02#3&21436425&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0008"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) :              Destination="\Device\NDMP20"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{a530a220-8e1d-11d3-87a1-00104be390af}"
.\debug.cpp(400) :              Destination="\Device\0000004d"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) :              Destination="\Device\Ide\IdePort1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#SYN0302#4&eb94406&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000069"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&eb94406&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\00000068"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) :              Destination="\Device\AscKmd"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) :              Destination="\Device\NdisWan"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskHitachi_HTS541612J9SA00_________________SBDOC70P#5&e941519&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) :              Destination="\Device\Ide\IdeDeviceP0T0L0-0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2FAF8F3-CE8D-4D5C-82AF-ACAE63744075}"
.\debug.cpp(400) :              Destination="\Device\NDMP6"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*6TO4MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\00000007"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0009#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000b"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F27D7546-0502-48A8-A374-01A1EC4BBABD}"
.\debug.cpp(400) :              Destination="\Device\NDMP13"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0015#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000010"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_01071025&REV_02#3&21436425&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0010"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) :              Destination="\Device\MPS"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) :              Destination="\Device\VolMgrControl"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) :              Destination="\FileSystem\Filters\FltMgr"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0001#{be472025-8177-11d3-87a1-00104be390af}"
.\debug.cpp(400) :              Destination="\Device\0000004d"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0883&SUBSYS_10251235&REV_1000#4&14c70871&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) :              Destination="\Device\00000076"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) :              Destination="\Device\HarddiskVolume2"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSDVDisk"
.\debug.cpp(400) :              Destination="\Device\PSDVDisk"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0053D894-9CCD-48FA-BE75-C82C0B862241}"
.\debug.cpp(400) :              Destination="\Device\NDMP11"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) :              Destination="\Device\NDMP22"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) :              Destination="\DosDevices\COM1"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) :              Destination="\Device\MailSlot"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PSDNServ"
.\debug.cpp(400) :              Destination="\Device\PSDNServ"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&a840b01&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-3"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&e58f58a&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-4"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) :              Destination="\Device\Null"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) :              Destination="\Device\RaidPort0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004b"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) :              Destination="\Device\Ndisuio"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_046D&PID_0896#5&1e9490a9&0&7#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) :              Destination="\Device\USBPDO-5"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) :              Destination="\Device\SstpDrv"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) :              Destination=""
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_01071025&REV_01#4&16535a13&0&00E0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) :              Destination="\Device\NTPNP_PCI0017"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AGRSM_xface"
.\debug.cpp(400) :              Destination="\Device\AGRSM_xface"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UBHelper0"
.\debug.cpp(400) :              Destination="\Device\UBHelper0"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0013#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000000e"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) :              Destination="\Device\0000004a"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) :              Destination="\Device\WfpAle"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SYNTP"
.\debug.cpp(400) :              Destination="\Device\SynTP"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ROOT#*ISATAP#0017#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\0000007c"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{0B445639-B454-43BF-A2FB-49D9E835E9DB}"
.\debug.cpp(400) :              Destination="\Device\NDMP29"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0D#2&daba3ff&2#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) :              Destination="\Device\00000059"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) :              Destination="\Device\00000046"
 
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HOTKEY"
.\debug.cpp(400) :              Destination="\Device\HOTKEY"
 
.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`f411f800
.\boot_cleaner.cpp(424) : Boot sector MD5 is: 4857c98ecdcb93636f1a53bbb301a72f
.\boot_cleaner.cpp(1151) : 
.\boot_cleaner.cpp(1152) :      Size  Device Name          MBR Status
.\boot_cleaner.cpp(1153) :  --------------------------------------------
.\boot_cleaner.cpp(1197) :    111 GB  \\.\PhysicalDrive0   Unknown boot code
.\boot_cleaner.cpp(1203) : 
.\boot_cleaner.cpp(1209) : Unknown boot code has been found on some of your physical disks.
.\boot_cleaner.cpp(1211) : To inspect the boot code manually, dump the master boot sector:
.\boot_cleaner.cpp(1212) : remover.exe dump <device_name> [output_file]
.\boot_cleaner.cpp(1216) : To disinfect the master boot sector, use the following command:
.\boot_cleaner.cpp(1217) : remover.exe fix <device_name>
.\boot_cleaner.cpp(1220) : 
.\boot_cleaner.cpp(1242) : Done;
         
Gruss

Alt 27.08.2010, 20:33   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Antimalware Doctor noch immer auf meinem PC - Standard

Antimalware Doctor noch immer auf meinem PC



Zitat:
File C:\Windows\system32\drivers\atapi.sys suspicious modification
Hm, das sollte Combofix eigentlich fixen

Hast Du auf Deinem Computer noch eine andere atapi.sys, außer die in system32\drivers? Durchsuch mal Laufwerk C
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Antimalware Doctor noch immer auf meinem PC
32 bit, adobe, adware.adparatus, adware.adrotator, adware.bho, adware.gabpath, adware.mirar, adware.resultdns, adware.trymedia, agere systems, browser, converter, defender, device driver, diagnostics, explorer, firefox, fontcache, hdaudio.sys, hijack, hijack.startpage, home premium, hotkey.sys, install.exe, local\temp, mdm.exe, microsoft, mozilla, notepad.exe, nvlddmkm.sys, pdf, popup, preferences, programdata, realtek, registry, remote control, rogue.antimalwaredoctor, rootkit.dropper, rundll, scan, senden, server, software, sptd.sys, start menu, stick, svchost.exe, symantec, system, trojan.adware, trymedia, virus, vista 32, vista 32 bit, vodafone, wireless lan, wmp, wscript.exe



Ähnliche Themen: Antimalware Doctor noch immer auf meinem PC


  1. Stronghold Antimalware nach Deinstallation immer noch da?
    Plagegeister aller Art und deren Bekämpfung - 11.10.2014 (9)
  2. 2x ihavenet immer noch auf meinem Rechner
    Mülltonne - 08.09.2013 (1)
  3. Antimalware Doctor nach Malwarebytes Anti Malware Durchlauf noch da
    Log-Analyse und Auswertung - 03.10.2010 (1)
  4. Antimalware Doctor - was ist noch zu tun?
    Log-Analyse und Auswertung - 28.09.2010 (14)
  5. Antimalware Doctor erfolgreich gelöscht aber noch weitere Probleme
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (18)
  6. Antimalware Doctor auf meinem PC; Forumsanleitung befolgt, jetzt k?
    Log-Analyse und Auswertung - 02.09.2010 (7)
  7. Antimalware Doctor entfernt (XP) - aber Windows-Login nicht mehr möglich (gibt es noch Hoffnung?)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (2)
  8. Antimalware Doctor / Dropper / Immer IFrame im Browser
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (15)
  9. Befall von antimalware Doctor auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 09.08.2010 (1)
  10. Antimalware Doctor startet immer wieder neu
    Plagegeister aller Art und deren Bekämpfung - 14.06.2010 (41)
  11. Antimalware Doctor kommt immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (9)
  12. Antimalware Doctor kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (6)
  13. Antimalware Doctor Angriff nach Rkill, Mbam Scan, CCleaber immer noch vorhanden!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (26)
  14. Antimalware Doctor offenbar noch nicht entfernt
    Log-Analyse und Auswertung - 13.05.2010 (22)
  15. Antimalware Doctor nach Mbam Scan immer noch vorhanden!
    Log-Analyse und Auswertung - 09.05.2010 (1)
  16. Antimalware Doctor - "idstrf" kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (11)
  17. Bifrost ist nach dem löschen noch immer auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 28.12.2009 (1)

Zum Thema Antimalware Doctor noch immer auf meinem PC - Hallo, Ich habe mir gestern auf irgend so einer Seite den Virus "Antimalware Doctor" gefangen. Ich bin bereits den Anweisungen zur Entfernung dieses Programms gefolgt (Malwarebytes Scan, CCleaner), jedoch bekomme - Antimalware Doctor noch immer auf meinem PC...
Archiv
Du betrachtest: Antimalware Doctor noch immer auf meinem PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.