Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.XPACK.Gen2 gefunden - was nun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.08.2010, 15:51   #1
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Hallo zusammen!

Vielleicht könnt Ihr mir helfen... Auf unserem PC (Windows 7 Professional / 32bit) wurde heute TR/Crypt.XPACK.Gen2 gefunden. Was ist das und wie bekomme ich das wieder weg?

Zitat:
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BB1D0E58-D8EE-7C4E-6A6F-D512A0214861}-Cww.exe
[0] Archivtyp: HIDDEN
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
--> FIL\\\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BB1D0E58-D8EE-7C4E-6A6F-D512A0214861}-Cww.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
C:\Users\Chef\Documents\***\Go Vegan Or Go To Hell\Rezepte\Weihnachtsteller.doc
[0] Archivtyp: CHM
--> /#SYSTEM
[WARNUNG] Die Datei konnte nicht gelesen werden!

Beginne mit der Desinfektion:
C:\ProgramData\Microsoft\Windows Defender\LocalCopy\{BB1D0E58-D8EE-7C4E-6A6F-D512A0214861}-Cww.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48235b82.qua' verschoben!


CC-Cleaner habe ich laufen gelassen.

Malwarebytes Anti Malware sagt folgendes:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4462

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.08.2010 16:39:14
mbam-log-2010-08-22 (16-39-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136653
Laufzeit: 6 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
RSIT - Log:

RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by Chef at 2010-08-22 16:53:14
Microsoft Windows 7 Professional  
System drive C: has 116 GB (52%) free of 222 GB
Total RAM: 2047 MB (48% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:53:29, on 22.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chef\Desktop\RSIT(2).exe
C:\Program Files\trend micro\Chef.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: hxxp://asia.msi.com.tw
O15 - Trusted Zone: hxxp://global.msi.com.tw
O15 - Trusted Zone: hxxp://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\system32\dgdersvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
 
--
End of file - 8789 bytes
 
======Scheduled tasks folder======
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-847127913-465227217-606268584-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-847127913-465227217-606268584-1001UA.job
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-12 41760]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-25 282792]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-06-01 1501064]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 1468296]
""= []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-08-10 421888]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="acaptuser32.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
wlnotify.dll []
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
======File associations======
 
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
 
======List of files/folders created in the last 1 months======
 
2010-08-22 16:44:50 ----D---- C:\Program Files\trend micro
2010-08-22 16:44:49 ----D---- C:\rsit
2010-08-18 22:52:02 ----SHD---- C:\Config.Msi
2010-08-18 17:18:27 ----D---- C:\Program Files\Microsoft SDKs
2010-08-18 17:18:24 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-08-18 15:44:31 ----D---- C:\Users\Chef\AppData\Roaming\Malwarebytes
2010-08-18 15:44:10 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-18 15:44:03 ----D---- C:\ProgramData\Malwarebytes
2010-08-18 15:42:41 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-18 15:41:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-18 13:55:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-08-18 13:55:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-08-11 07:18:25 ----A---- C:\Windows\system32\ir32_32.dll
2010-08-11 07:18:25 ----A---- C:\Windows\system32\iccvid.dll
2010-08-11 07:18:21 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-11 07:18:20 ----A---- C:\Windows\system32\rtutils.dll
2010-08-11 07:18:19 ----A---- C:\Windows\system32\msxml3.dll
2010-08-11 07:18:18 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-08-11 07:18:18 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-11 07:18:18 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-11 07:18:16 ----A---- C:\Windows\system32\mshtml.dll
2010-08-11 07:18:15 ----A---- C:\Windows\system32\wininet.dll
2010-08-11 07:18:15 ----A---- C:\Windows\system32\urlmon.dll
2010-08-11 07:18:15 ----A---- C:\Windows\system32\ieframe.dll
2010-08-11 07:18:14 ----A---- C:\Windows\system32\mstime.dll
2010-08-11 07:18:14 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-11 07:18:14 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-11 07:18:14 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-11 07:18:14 ----A---- C:\Windows\system32\ieui.dll
2010-08-11 07:18:14 ----A---- C:\Windows\system32\iepeers.dll
2010-08-11 07:18:14 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-11 07:18:13 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-11 07:18:13 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-11 07:18:10 ----A---- C:\Windows\system32\schannel.dll
2010-08-11 07:18:09 ----A---- C:\Windows\system32\win32k.sys
2010-08-10 10:25:04 ----D---- C:\Program Files\QS
2010-08-10 10:25:01 ----D---- C:\Users\Chef\AppData\Roaming\TeamViewer
2010-08-06 20:35:49 ----D---- C:\Windows\system32\System32
2010-08-04 10:20:36 ----D---- C:\ProgramData\Die GeldPlaner Einstellungen
2010-08-04 10:20:34 ----D---- C:\ProgramData\metier2000Apps
2010-08-03 09:42:25 ----A---- C:\Windows\system32\shell32.dll
2010-08-01 17:40:30 ----D---- C:\Program Files\Common Files\Windows Live
2010-08-01 17:38:59 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-01 15:03:38 ----A---- C:\Windows\system32\srvany.exe
2010-08-01 15:03:38 ----A---- C:\Windows\KMService.exe
2010-08-01 14:50:07 ----D---- C:\Program Files\Microsoft Synchronization Services
2010-08-01 14:50:05 ----D---- C:\Program Files\Common Files\DESIGNER
2010-08-01 14:49:22 ----D---- C:\Program Files\Microsoft Sync Framework
2010-08-01 14:49:22 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-08-01 14:48:10 ----D---- C:\Program Files\Microsoft Visual Studio 8
2010-08-01 14:46:34 ----D---- C:\Program Files\Microsoft Analysis Services
2010-07-28 16:57:14 ----A---- C:\Windows\system32\drivers\sscewhnt.sys
2010-07-28 16:57:14 ----A---- C:\Windows\system32\drivers\sscewh.sys
2010-07-28 16:57:14 ----A---- C:\Windows\system32\drivers\sscemdm.sys
2010-07-28 16:57:14 ----A---- C:\Windows\system32\drivers\sscemdfl.sys
2010-07-28 16:57:14 ----A---- C:\Windows\system32\drivers\sscecmnt.sys
2010-07-28 16:57:14 ----A---- C:\Windows\system32\drivers\sscecm.sys
2010-07-28 16:57:14 ----A---- C:\Windows\system32\drivers\sscebus.sys
2010-07-26 12:05:15 ----D---- C:\ProgramData\DivX
2010-07-24 11:48:15 ----D---- C:\Users\Chef\AppData\Roaming\ROUTE 66 Sync
2010-07-24 11:47:39 ----D---- C:\Program Files\Common Files\ROUTE 66
2010-07-24 11:47:37 ----D---- C:\Program Files\ROUTE 66
 
======List of files/folders modified in the last 1 months======
 
2010-08-22 16:53:16 ----D---- C:\Windows\Temp
2010-08-22 16:45:02 ----D---- C:\Windows\Prefetch
2010-08-22 16:44:50 ----D---- C:\Program Files
2010-08-22 16:44:06 ----D---- C:\Windows\system32\drivers
2010-08-22 16:27:03 ----D---- C:\Windows
2010-08-22 15:58:51 ----SHD---- C:\System Volume Information
2010-08-22 10:09:53 ----D---- C:\Windows\system32\config
2010-08-20 14:34:48 ----SHD---- C:\Boot
2010-08-19 18:00:10 ----D---- C:\Program Files\JDownloader
2010-08-19 10:00:06 ----D---- C:\Windows\winsxs
2010-08-18 22:52:50 ----SHD---- C:\Windows\Installer
2010-08-18 22:48:58 ----RSD---- C:\Windows\assembly
2010-08-18 22:08:54 ----D---- C:\Windows\Microsoft.NET
2010-08-18 17:23:07 ----D---- C:\Program Files\Common Files
2010-08-18 17:21:50 ----D---- C:\ProgramData\Microsoft Help
2010-08-18 17:20:16 ----D---- C:\ProgramData\Microsoft
2010-08-18 17:20:15 ----SD---- C:\Users\Chef\AppData\Roaming\Microsoft
2010-08-18 17:18:52 ----D---- C:\Program Files\Common Files\microsoft shared
2010-08-18 17:16:34 ----RSD---- C:\Windows\Fonts
2010-08-18 17:16:13 ----D---- C:\ProgramData\Corel
2010-08-18 17:11:21 ----D---- C:\Program Files\Corel
2010-08-18 16:59:35 ----D---- C:\Windows\debug
2010-08-18 16:57:39 ----D---- C:\Program Files\CCleaner
2010-08-18 15:55:30 ----D---- C:\Windows\schemas
2010-08-18 15:53:43 ----D---- C:\Windows\system32\Tasks
2010-08-18 15:53:42 ----D---- C:\Windows\Tasks
2010-08-18 15:44:03 ----D---- C:\ProgramData
2010-08-18 14:41:22 ----D---- C:\Windows\system32\drivers\etc
2010-08-18 13:21:54 ----D---- C:\Program Files\Plagiarism Detector
2010-08-18 10:24:41 ----D---- C:\Program Files\QuickTime
2010-08-18 10:24:19 ----D---- C:\Windows\System32
2010-08-16 10:47:40 ----D---- C:\Program Files\Mozilla Thunderbird
2010-08-14 10:34:34 ----D---- C:\Windows\inf
2010-08-14 10:34:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-12 16:44:43 ----D---- C:\Windows\system32\catroot2
2010-08-11 08:56:37 ----D---- C:\Windows\system32\migration
2010-08-11 08:56:37 ----D---- C:\Program Files\Internet Explorer
2010-08-11 07:18:07 ----D---- C:\Windows\system32\catroot
2010-08-06 22:38:58 ----D---- C:\Users\Chef\AppData\Roaming\Vso
2010-08-06 20:35:29 ----D---- C:\ProgramData\Samsung
2010-08-04 10:10:28 ----D---- C:\Program Files\Safari
2010-08-03 20:09:31 ----A---- C:\Windows\system32\MRT.exe
2010-08-01 14:51:39 ----D---- C:\Windows\ShellNew
2010-08-01 14:51:22 ----D---- C:\Program Files\MSBuild
2010-08-01 14:49:23 ----D---- C:\Program Files\Microsoft Office
2010-08-01 14:49:22 ----D---- C:\Program Files\Microsoft.NET
2010-08-01 14:47:00 ----A---- C:\Windows\win.ini
2010-08-01 14:46:57 ----D---- C:\Program Files\Common Files\System
2010-07-28 17:25:38 ----D---- C:\Windows\Minidump
2010-07-28 17:12:58 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-28 17:09:15 ----D---- C:\Windows\system32\DriverStore
2010-07-28 17:07:58 ----D---- C:\Program Files\PC Connectivity Solution
2010-07-28 17:07:29 ----D---- C:\Users\Chef\AppData\Roaming\Samsung
2010-07-28 17:07:19 ----D---- C:\Program Files\Common Files\Samsung
2010-07-28 17:07:07 ----D---- C:\Program Files\Samsung
2010-07-28 16:57:20 ----D---- C:\Windows\system32\Samsung_USB_Drivers
2010-07-26 15:17:06 ----A---- C:\Windows\system32\dgdersvc.exe
2010-07-26 15:17:06 ----A---- C:\Windows\system32\dgderapi.dll
2010-07-26 12:07:46 ----D---- C:\Program Files\DivX
2010-07-26 12:07:45 ----D---- C:\Program Files\Common Files\DivX Shared
2010-07-26 12:07:12 ----D---- C:\Users\Chef\AppData\Roaming\DivX
2010-07-26 12:06:57 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-07-25 09:37:37 ----D---- C:\Users\Chef\AppData\Roaming\MiniLyrics
2010-07-24 15:43:00 ----D---- C:\Program Files\Mozilla Firefox
2010-07-24 12:27:59 ----D---- C:\Program Files\Minilyrics
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-10 691696]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-11-10 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-25 124784]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-18 26024]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-11-10 28520]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-10 5632]
R2 ACEDRV07;ACEDRV07; \??\C:\Windows\system32\drivers\ACEDRV07.sys [2010-03-18 101376]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-11-13 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-03-25 60936]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-11-13 25888]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-08-23 103952]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-09-14 5157376]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
R3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [2010-07-26 18136]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-11-11 47360]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2009-06-01 30088]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-23 43008]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\Windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-07 57856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
R3 V0330VID;WebCam Vista/Live! Cam Chat VF0330; C:\Windows\system32\DRIVERS\V0330Vid.sys [2009-07-03 157728]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
S3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB; C:\Windows\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mgmt;Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]
S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\Windows\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader; C:\Windows\system32\DRIVERS\SCR33X2K.sys [2005-08-25 45568]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM); C:\Windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter; C:\Windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers; C:\Windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
S3 STC2DFU;STCII DFU Adapter; C:\Windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-25 7796]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-09-14 172032]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-03-25 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 dgdersvc;Device Error Recovery Service; C:\Windows\system32\dgdersvc.exe [2010-07-26 95568]
R2 FlipShare Service;FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [2009-10-28 451904]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2010-05-28 233472]
R2 KMService;KMService; C:\Windows\system32\srvany.exe [2010-08-01 8192]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2007-06-05 177704]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-01 1043784]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-07-16 540968]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-11 651720]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 ose;Office  Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-05 435016]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2010-04-19 337064]
S4 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-19 405672]
 
-----------------EOF-----------------
         
--- --- ---

Alt 23.08.2010, 14:23   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 23.08.2010, 18:02   #3
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



So, hab ich gemacht.

Malwarebytes sagt:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4465

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.08.2010 18:20:10
mbam-log-2010-08-23 (18-20-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 459848
Laufzeit: 1 Stunde(n), 35 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Chef\Documents\! Andrea\Studium\rubicon\RUBICon.exe.new (Trojan.Spambot) -> Quarantined and deleted successfully.



OTL-Log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 8/23/2010 6:49:00 PM - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Chef\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.90 Gb Total Space | 130.05 Gb Free Space | 59.96% Space Free | Partition Type: NTFS
Drive D: | 106.45 Gb Total Space | 42.22 Gb Free Space | 39.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC
Current User Name: Chef
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chef\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Chef\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\winsta.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davhlpr.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (dgdersvc) -- C:\Windows\System32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (DAUpdaterSvc) -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (SCR3XX2K) -- C:\Windows\System32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (V0330VID) -- C:\Windows\System32\drivers\V0330Vid.sys (Creative Technology Ltd.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (MRV6X32U) -- C:\Windows\System32\drivers\Mrvw23B.sys (A/WLAN-1)
DRV - (SCR33x USB Smart Card Reader) -- C:\Windows\System32\drivers\SCR33X2K.sys (SCM Microsystems Inc.)
DRV - (STC2DFU) -- C:\Windows\System32\drivers\Stc2Dfu.sys (SCM Microsystems Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CB 02 8F 04 94 61 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "eslprintables Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2215634&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {B2EA3FAB-912C-48a1-BABD-C5B00BB885BB}:1.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: knowmoreextension@knowmore.org:0.2.7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {e47d6d44-6479-461d-bfa3-dbd0dc5a9011}:2.7.2.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://www.danble.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=mjhWFJ7U&q="
 
FF - user.js..browser.search.selectedEngine: "Google.com"
FF - user.js..keyword.URL: "hxxp://www.danble.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=mjhWFJ7U&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 10:24:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 10:24:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/08/18 10:24:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/08/18 10:24:42 | 000,000,000 | ---D | M]
 
[2010/06/14 11:16:41 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Mozilla\Extensions
[2010/06/14 11:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/10 01:35:37 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\b8aswv5x.default\extensions
[2010/08/23 13:41:09 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions
[2010/06/24 17:08:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/10 17:11:32 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010/01/04 02:43:37 | 000,000,000 | ---D | M] (Cache View) -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{B2EA3FAB-912C-48a1-BABD-C5B00BB885BB}
[2010/08/20 13:37:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/14 11:28:02 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010/08/20 13:37:54 | 000,000,000 | ---D | M] (eslprintables Toolbar) -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}
[2010/04/08 23:21:13 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/22 10:25:14 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\2020Player@2020Technologies.com
[2010/08/18 15:20:04 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\knowmoreextension@knowmore.org
[2010/04/19 09:05:38 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\personas@christopher.beard
[2010/01/20 13:18:40 | 000,000,929 | ---- | M] () -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\searchplugins\conduit.xml
[2009/08/17 20:06:24 | 000,009,941 | ---- | M] () -- C:\Users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\searchplugins\mywebsearch.xml
[2010/08/23 13:06:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 07:39:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 13:06:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/12 00:37:18 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/12 00:37:18 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/12 00:37:18 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/12 00:37:18 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/12 00:37:18 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/08/18 14:41:22 | 000,417,144 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1       onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1       orbitservice.ubi.com
O1 - Hosts: 127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 14392 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1fd4c0f6-ce8e-11de-b069-001e2ac75201}\Shell - "" = AutoRun
O33 - MountPoints2\{1fd4c0f6-ce8e-11de-b069-001e2ac75201}\Shell\AutoRun\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{1fd4c0f6-ce8e-11de-b069-001e2ac75201}\Shell\configure\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{1fd4c0f6-ce8e-11de-b069-001e2ac75201}\Shell\install\command - "" = G:\SETUP.EXE -- File not found
O33 - MountPoints2\{fa33dea3-cf97-11de-8683-001e2ac75201}\Shell - "" = AutoRun
O33 - MountPoints2\{fa33dea3-cf97-11de-8683-001e2ac75201}\Shell\AutoRun\command - "" = M:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/08/23 18:28:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2010/08/23 13:06:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/23 13:06:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/23 13:06:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/22 21:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/22 17:41:31 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\Avira
[2010/08/22 17:36:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/08/22 17:36:49 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/08/22 17:36:49 | 000,102,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2010/08/22 17:36:49 | 000,079,432 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2010/08/22 17:36:49 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/08/22 17:36:49 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/08/22 17:36:49 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/08/22 17:26:58 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/22 17:26:56 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/22 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Local\Sunbelt Software
[2010/08/22 17:07:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/22 17:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/08/22 17:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/22 16:58:43 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chef\Desktop\HiJackThis204.exe
[2010/08/22 16:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/22 16:43:43 | 000,472,064 | ---- | C] ( ) -- C:\Users\Chef\Desktop\RootRepeal.exe
[2010/08/18 17:20:16 | 000,000,000 | ---D | C] -- C:\Users\Chef\Documents\Corel
[2010/08/18 17:20:02 | 000,000,000 | ---D | C] -- C:\Users\Chef\Documents\Visual Studio 2008
[2010/08/18 17:18:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/08/18 17:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/08/18 17:10:48 | 000,000,000 | ---D | C] -- C:\Users\Chef\Desktop\CorelDRAW.Graphics.Suite.X5.v15.0.0.486.Keymaker.Only-AGAiN
[2010/08/18 16:48:16 | 000,000,000 | ---D | C] -- C:\Users\Chef\Desktop\Plagiarism.Finder.v1.2.2.WinALL-TBE
[2010/08/18 15:44:31 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\Malwarebytes
[2010/08/18 15:44:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/18 15:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/18 15:42:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/18 15:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/18 13:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/18 13:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/18 12:35:39 | 612,279,536 | ---- | C] (Acresso Software Inc.                                        ) -- C:\Users\Chef\Desktop\CorelDRAWGraphicsSuiteX5_SP1_Installer_DE.exe
[2010/08/18 12:31:46 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Chef\Desktop\spybotsd162.exe
[2010/08/18 10:29:52 | 005,003,908 | ---- | C] (ManiacTools.com                                             ) -- C:\Users\Chef\Desktop\m4a-to-mp3-converter.exe
[2010/08/11 07:18:25 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/08/11 07:18:25 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 07:18:20 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 07:18:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 07:18:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 07:18:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 07:18:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 07:18:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 07:18:14 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 07:18:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 07:18:14 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 07:18:13 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 07:18:13 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/11 07:18:09 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/10 10:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\QS
[2010/08/10 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Roaming\TeamViewer
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/08/06 20:35:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2010/08/04 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Local\Die GeldPlaner Einstellungen
[2010/08/04 10:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Die GeldPlaner Einstellungen
[2010/08/04 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\Chef\Documents\Die GeldPlaner Daten
[2010/08/04 10:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\metier2000Apps
[2010/08/01 17:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/08/01 17:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/01 14:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/08/01 14:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/08/01 14:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/08/01 14:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/08/01 14:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/08/01 14:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/07/28 16:57:14 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdm.sys
[2010/07/28 16:57:14 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscebus.sys
[2010/07/28 16:57:14 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscemdfl.sys
[2010/07/28 16:57:14 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecmnt.sys
[2010/07/28 16:57:14 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscecm.sys
[2010/07/28 16:57:14 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewhnt.sys
[2010/07/28 16:57:14 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\sscewh.sys
[2010/07/26 12:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2009/11/11 12:48:57 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Chef\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010/08/23 18:50:48 | 007,864,320 | ---- | M] () -- C:\Users\Chef\ntuser.dat
[2010/08/23 18:30:51 | 000,014,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/23 18:30:51 | 000,014,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/23 18:28:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Chef\Desktop\OTL.exe
[2010/08/23 18:26:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/23 18:23:48 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/23 18:23:05 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/23 18:22:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/23 18:22:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/23 18:22:43 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 18:21:19 | 005,063,292 | -H-- | M] () -- C:\Users\Chef\AppData\Local\IconCache.db
[2010/08/23 18:18:22 | 000,116,196 | ---- | M] () -- C:\Users\Chef\Desktop\bookmarks-2010-08-23.json
[2010/08/23 12:58:37 | 000,074,626 | ---- | M] () -- C:\Users\Chef\Desktop\lesezeichen rené.html
[2010/08/23 10:38:20 | 001,373,616 | ---- | M] () -- C:\Users\Chef\Desktop\MCPR.exe
[2010/08/22 17:38:31 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/22 17:26:56 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/08/22 17:09:24 | 000,000,512 | ---- | M] () -- C:\Users\Chef\Desktop\HBEDV.KEY
[2010/08/22 17:07:54 | 000,001,098 | ---- | M] () -- C:\Users\Chef\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/22 17:07:54 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/22 16:58:49 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chef\Desktop\HiJackThis204.exe
[2010/08/22 16:44:36 | 000,339,991 | ---- | M] () -- C:\Users\Chef\Desktop\RSIT(2).exe
[2010/08/22 12:37:54 | 000,293,376 | ---- | M] () -- C:\Users\Chef\Desktop\2sow8fmw.exe
[2010/08/20 17:52:04 | 000,524,288 | -HS- | M] () -- C:\Users\Chef\ntuser.dat{4c110492-ac57-11df-ac17-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 17:52:04 | 000,524,288 | -HS- | M] () -- C:\Users\Chef\ntuser.dat{4c110492-ac57-11df-ac17-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 17:52:04 | 000,065,536 | -HS- | M] () -- C:\Users\Chef\ntuser.dat{4c110492-ac57-11df-ac17-806e6f6e6963}.TM.blf
[2010/08/20 14:38:26 | 009,175,040 | ---- | M] () -- C:\Users\Chef\NTUSER.DAT_tureg_old
[2010/08/19 12:34:48 | 000,131,224 | ---- | M] () -- C:\Users\Chef\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/19 09:45:37 | 000,470,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/18 16:57:41 | 000,000,927 | ---- | M] () -- C:\Users\Chef\Desktop\CCleaner.lnk
[2010/08/18 15:44:13 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 14:41:22 | 000,417,144 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/18 14:25:07 | 001,205,624 | ---- | M] () -- C:\Users\Chef\Desktop\MalAware.exe
[2010/08/18 13:55:50 | 000,001,202 | ---- | M] () -- C:\Users\Chef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/18 13:55:50 | 000,001,178 | ---- | M] () -- C:\Users\Chef\Desktop\Spybot - Search & Destroy.lnk
[2010/08/18 12:49:15 | 612,279,536 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\Chef\Desktop\CorelDRAWGraphicsSuiteX5_SP1_Installer_DE.exe
[2010/08/18 12:32:17 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Chef\Desktop\spybotsd162.exe
[2010/08/18 10:30:13 | 005,003,908 | ---- | M] (ManiacTools.com                                             ) -- C:\Users\Chef\Desktop\m4a-to-mp3-converter.exe
[2010/08/14 11:32:46 | 000,123,392 | ---- | M] () -- C:\Users\Chef\Desktop\VfL Sindorf - Mädchen - Übersicht-1.doc
[2010/08/14 10:34:34 | 000,724,492 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/14 10:34:34 | 000,614,038 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/14 10:34:34 | 000,106,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/08/12 14:15:20 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/08/08 14:16:10 | 000,000,952 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/08/06 22:38:57 | 000,001,041 | ---- | M] () -- C:\Users\Chef\AppData\Roaming\vso_ts_preview.xml
[2010/08/06 11:32:57 | 000,013,620 | ---- | M] () -- C:\Users\Chef\Documents\4you Sporttasche.docx
[2010/08/04 10:10:30 | 000,002,503 | ---- | M] () -- C:\Users\Chef\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/01 15:05:49 | 000,001,063 | ---- | M] () -- C:\Users\Chef\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/08/01 15:03:12 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2010/08/01 14:47:00 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010/07/29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/07/28 17:07:16 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010/07/26 15:17:06 | 000,726,352 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2010/07/26 15:17:06 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
[2010/07/26 15:17:06 | 000,018,136 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\System32\drivers\dgderdrv.sys
[2010/07/26 15:15:26 | 000,036,640 | ---- | M] () -- C:\Windows\System32\FsUsbExDisk.Sys
 
========== Files Created - No Company Name ==========
 
[2010/08/23 18:18:21 | 000,116,196 | ---- | C] () -- C:\Users\Chef\Desktop\bookmarks-2010-08-23.json
[2010/08/23 12:58:37 | 000,074,626 | ---- | C] () -- C:\Users\Chef\Desktop\lesezeichen rené.html
[2010/08/23 10:38:18 | 001,373,616 | ---- | C] () -- C:\Users\Chef\Desktop\MCPR.exe
[2010/08/23 07:16:08 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/08/22 17:40:45 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/08/22 17:38:31 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/08/22 17:09:23 | 000,000,512 | ---- | C] () -- C:\Users\Chef\Desktop\HBEDV.KEY
[2010/08/22 17:07:54 | 000,001,098 | ---- | C] () -- C:\Users\Chef\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/22 17:07:54 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/08/22 16:44:33 | 000,339,991 | ---- | C] () -- C:\Users\Chef\Desktop\RSIT(2).exe
[2010/08/22 12:37:35 | 000,293,376 | ---- | C] () -- C:\Users\Chef\Desktop\2sow8fmw.exe
[2010/08/20 14:39:25 | 000,524,288 | -HS- | C] () -- C:\Users\Chef\ntuser.dat{4c110492-ac57-11df-ac17-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010/08/20 14:39:25 | 000,524,288 | -HS- | C] () -- C:\Users\Chef\ntuser.dat{4c110492-ac57-11df-ac17-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010/08/20 14:39:25 | 000,065,536 | -HS- | C] () -- C:\Users\Chef\ntuser.dat{4c110492-ac57-11df-ac17-806e6f6e6963}.TM.blf
[2010/08/18 16:57:41 | 000,000,927 | ---- | C] () -- C:\Users\Chef\Desktop\CCleaner.lnk
[2010/08/18 15:44:13 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 14:25:02 | 001,205,624 | ---- | C] () -- C:\Users\Chef\Desktop\MalAware.exe
[2010/08/18 13:55:50 | 000,001,202 | ---- | C] () -- C:\Users\Chef\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/18 13:55:50 | 000,001,178 | ---- | C] () -- C:\Users\Chef\Desktop\Spybot - Search & Destroy.lnk
[2010/08/06 11:32:57 | 000,013,620 | ---- | C] () -- C:\Users\Chef\Documents\4you Sporttasche.docx
[2010/08/01 15:05:49 | 000,001,063 | ---- | C] () -- C:\Users\Chef\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/08/01 15:03:38 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010/07/30 12:10:08 | 000,123,392 | ---- | C] () -- C:\Users\Chef\Desktop\VfL Sindorf - Mädchen - Übersicht-1.doc
[2010/07/05 18:04:55 | 000,004,608 | ---- | C] () -- C:\Users\Chef\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/22 20:30:44 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/06/22 20:30:44 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/05/25 08:45:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010/05/25 08:45:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010/05/25 08:45:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010/05/25 08:45:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/04/13 19:14:36 | 000,000,238 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/04/12 16:19:03 | 000,000,031 | ---- | C] () -- C:\Windows\LEGEND.INI
[2010/04/03 10:54:59 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010/02/16 20:08:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/02/04 20:41:37 | 000,000,454 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2010/02/01 14:02:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/19 20:54:15 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/01/11 16:01:04 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/01/10 17:30:12 | 000,000,058 | ---- | C] () -- C:\Users\Chef\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/12/14 14:09:50 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/12/12 23:13:20 | 000,000,042 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\default.pls
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/13 14:07:36 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/11/13 14:07:36 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/11/11 12:51:46 | 000,001,041 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\vso_ts_preview.xml
[2009/11/11 12:50:04 | 000,000,034 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\pcouffin.log
[2009/11/11 12:48:57 | 000,087,608 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\inst.exe
[2009/11/11 12:48:57 | 000,007,887 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\pcouffin.cat
[2009/11/11 12:48:57 | 000,001,144 | ---- | C] () -- C:\Users\Chef\AppData\Roaming\pcouffin.inf
[2009/11/11 10:08:59 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/11/10 23:54:01 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/11/10 19:25:53 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/11/10 18:53:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/11/10 18:15:33 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/10/06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/02/19 08:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2008/02/01 09:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\System32\drivers\FlashSys.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BA9BD0C2
< End of report >
         
--- --- ---




Extras-Log:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 8/23/2010 6:49:00 PM - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Chef\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.90 Gb Total Space | 130.05 Gb Free Space | 59.96% Space Free | Partition Type: NTFS
Drive D: | 106.45 Gb Total Space | 42.22 Gb Free Space | 39.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC
Current User Name: Chef
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03CD12C5-1DBA-DB8D-7057-CB23BDB5D1CC}" = Catalyst Control Center Graphics Full New
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05265F1D-EE53-930A-10D0-C83FEB6C6431}" = Catalyst Control Center Core Implementation
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0EC02B5F-D049-5E91-5966-C0BC4C732B45}" = CCC Help Spanish
"{1A259241-4C67-557F-749F-4E6646F2704F}" = ATI AVIVO Codecs
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Ultra Edition HD
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{27EC691D-253C-4F23-9EB8-903794C995F6}" = Catalyst Control Center - Branding
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E0DCC65-1931-EAB3-7687-3788469B385A}" = CCC Help Japanese
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4811EEC6-2DDC-57B8-92CB-190F0DC4F324}" = ccc-utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACBE725-9800-54D0-4B4B-4B1BD3E97E7E}" = FlipShare
"{4CF19DE6-571C-670E-9BE3-6F5D344F2192}" = ATI Catalyst Install Manager
"{4F191CC0-F04F-D5B6-8BD2-968A8C2EB3AD}" = CCC Help French
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{72532827-6BE7-691B-8055-861BF7BE918B}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v4.1
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{7B066C19-196C-423A-B296-805FFBAEC384}" = SCR33xx USB Smartcard Reader
"{7B9B4675-5C1B-257A-BAFE-04E37AAC7100}" = CCC Help Finnish
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80EABFA2-3536-2714-6F43-B6CEF44D473A}" = Catalyst Control Center Graphics Light
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{877B4763-B62C-92E8-D841-40B2A8D3381F}" = CCC Help Dutch
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5132733-04B1-E373-2FF4-A374AC8963D1}" = CCC Help English
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_912" = Adobe Acrobat 9.1.2 - CPSID_49166
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD96C419-D1EE-1BED-FC0D-57FDF7CFBBC0}" = Catalyst Control Center InstallProxy
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C33B045C-BA6F-2754-F63F-FA4A9559CAD1}" = CCC Help Italian
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{C9283362-F4C9-1C0E-FC92-7B4A37BDBC82}" = ccc-core-static
"{CBAB7ED1-4361-F93A-E2D8-F8E028E1D7BB}" = Catalyst Control Center Graphics Previews Vista
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DB306600-E862-43B3-9C52-CA1D6C5B192B}" = ROUTE 66 Sync
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06F91DB-9DA5-41F9-9941-6B0802236A44}" = RUBICon
"{E0EF0281-14C6-0D96-C49A-45A9F21206DE}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8D4EE56-DF37-C9C8-C623-8D5C0DC02CE9}" = CCC Help Swedish
"{EA5A6416-454B-D123-A499-A5A75B8425D5}" = CCC Help Chinese Standard
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EB2B44E2-F7E9-2057-25CD-65756638FF39}" = Catalyst Control Center Localization All
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBAB9C68-13BF-357B-BCB3-0FF25A696FB6}" = CCC Help Danish
"{ED58903E-F2C1-9CB4-C83F-CA7E9D8E87FD}" = CCC Help Norwegian
"{EDA12670-56B5-4459-BA21-D010F0E3EBA1}" = Emergency 4 Deluxe
"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7DF747E-FEA8-5939-5C6B-55E3B84594D6}" = Catalyst Control Center Graphics Full Existing
"{F8170627-908C-AD35-A6B0-3873E31F4FA4}" = CCC Help German
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Ashampoo MP3 AudioCenter" = Ashampoo MP3 AudioCenter
"Avira AntiVir Desktop" = Avira Premium Security Suite
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative VF0330" = Creative WebCam Vista/Live! Cam Chat (VF0330) Driver (1.12.01.00)
"CSI - Deadly Intent" = CSI - Deadly Intent
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"EvilLyrics" = EvilLyrics
"FileZilla Client" = FileZilla Client 3.3.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.1
"Free Studio_is1" = Free Studio version 4.2
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{DB306600-E862-43B3-9C52-CA1D6C5B192B}" = ROUTE 66 Sync
"JDownloader" = JDownloader
"Lexma" = Metzler Lexika - Das Lexikon des Mittelalters
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MyFreeCodec" = MyFreeCodec
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Alert 4" = PC Alert 4
"Plagiarism Detector" = Plagiarism Detector
"SADK" = Die Siedler - Aufbruch der Kulturen
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"UltraISO_is1" = UltraISO Premium V9.35
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
"Wubi" = Ubuntu
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 8/22/2010 9:26:07 AM | Computer Name = PC | Source = Google Update | ID = 20
Description = 
 
Error - 8/22/2010 9:48:05 AM | Computer Name = PC | Source = Google Update | ID = 20
Description = 
 
Error - 8/22/2010 9:56:47 AM | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: avcenter.exe, version: 10.0.12.28, time
 stamp: 0x4b823970  Faulting module name: MSVCR90.dll, version: 9.0.30729.4926, time
 stamp: 0x4a1743c1  Exception code: 0x40000015  Fault offset: 0x0005bb47  Faulting process
 id: 0x578  Faulting application start time: 0x01cb420139012ad7  Faulting application
 path: C:\program files\avira\antivir desktop\avcenter.exe  Faulting module path: 
C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
Report
 Id: 1a1032f1-adf5-11df-a0da-001e2ac75201
 
Error - 8/22/2010 11:09:37 AM | Computer Name = PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
Error - 8/22/2010 11:53:36 AM | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application name: 2sow8fmw.exe, version: 1.0.15.15281, time
 stamp: 0x4b2763f0  Faulting module name: 2sow8fmw.exe, version: 1.0.15.15281, time
 stamp: 0x4b2763f0  Exception code: 0xc0000005  Fault offset: 0x0005c887  Faulting process
 id: 0x7f0  Faulting application start time: 0x01cb421178e8893a  Faulting application
 path: C:\Users\Chef\Desktop\2sow8fmw.exe  Faulting module path: C:\Users\Chef\Desktop\2sow8fmw.exe
Report
 Id: 6c07dfd9-ae05-11df-b89d-001e2ac75201
 
Error - 8/22/2010 3:02:20 PM | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 8/22/2010 3:03:35 PM | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error
 in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line
 8.  The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 8/22/2010 9:32:13 PM | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
 Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.  The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 of attribute "version" in element "assemblyIdentity" is invalid.
 
Error - 8/22/2010 9:32:55 PM | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\mozbackup\dll\DelZip179.dll".Error
 in manifest or policy file "c:\program files\mozbackup\dll\DelZip179.dll" on line
 8.  The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error - 8/23/2010 11:26:10 AM | Computer Name = PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:50 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
Error - 8/23/2010 9:34:51 AM | Computer Name = PC | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 47.
 
 
< End of report >
         
--- --- ---
__________________

Alt 23.08.2010, 19:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Ist rel. unaufällig. Gabs noch mehr Funde bzw. Logfiles von malwarebytes?

Zitat:
O1 - Hosts: 127.0.0.1 static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1 onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1 orbitservice.ubi.com
O1 - Hosts: 127.0.0.1 ubisoft-orbit-savegames.s3.amazonaws.com
Und was hat das auf sich? Warum soll Dein Rechner keinen Kontakt zu ubisoft aufnehmen können?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.08.2010, 20:24   #5
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Es gab nur noch das Log aus dem ersten Post.

Was ubisoft angeht, bin ich ehrlich gesagt überfragt. Kann das vielleicht von einem Spiel sein? Als wir noch nicht zusammenwohnten, haben wir schon mal "einmal bezahlt, zweimal gespielt". Spiele sind generell aber nicht mein Terrain. Das macht mein Freund immer. Wird das Gedöns dann mit dem Spiel gemeinsam deinstalliert, oder ist das etwas Separates?


Alt 24.08.2010, 11:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> TR/Crypt.XPACK.Gen2 gefunden - was nun?

Alt 24.08.2010, 13:44   #7
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



So, Combo-Fix ist durch.

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-23.02 - Andrea 24.08.2010  14:10:06.4.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1033.18.2047.1236 [GMT 2:00]
ausgeführt von:: c:\users\Andrea.PC.000\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-24 bis 2010-08-24  ))))))))))))))))))))))))))))))
.

2010-08-24 12:23 . 2010-08-24 12:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-24 10:38 . 2010-08-24 11:55	--------	d-----w-	C:\cofi
2010-08-23 23:11 . 2010-08-23 23:11	--------	d-----w-	c:\users\Andrea.PC.000\AppData\Roaming\TuneUp Software
2010-08-23 22:12 . 2010-08-23 22:12	--------	d-----w-	C:\Lyrics
2010-08-23 20:50 . 2010-08-24 11:55	--------	d-----w-	c:\program files\Free M4a to MP3 Converter
2010-08-23 19:47 . 2010-08-23 19:47	57344	----a-r-	c:\users\Chef\AppData\Roaming\Microsoft\Installer\{7036A07A-FE2A-4920-A944-19B73D16F106}\NewShortcut8_7036A07AFE2A4920A94419B73D16F106.exe
2010-08-23 19:47 . 2010-08-23 19:47	57344	----a-r-	c:\users\Chef\AppData\Roaming\Microsoft\Installer\{7036A07A-FE2A-4920-A944-19B73D16F106}\NewShortcut2_7036A07AFE2A4920A94419B73D16F106_1.exe
2010-08-23 19:47 . 2010-08-23 19:47	25214	----a-r-	c:\users\Chef\AppData\Roaming\Microsoft\Installer\{7036A07A-FE2A-4920-A944-19B73D16F106}\ARPPRODUCTICON.exe
2010-08-23 19:47 . 2010-08-23 19:47	--------	d-----w-	c:\program files\Duden
2010-08-22 15:41 . 2010-08-22 15:41	--------	d-----w-	c:\users\Chef\AppData\Roaming\Avira
2010-08-22 15:36 . 2010-03-01 08:04	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-08-22 15:36 . 2010-02-18 08:51	102856	----a-w-	c:\windows\system32\drivers\avfwot.sys
2010-08-22 15:36 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-08-22 15:36 . 2010-02-15 13:23	79432	----a-w-	c:\windows\system32\drivers\avfwim.sys
2010-08-22 15:36 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-08-22 15:36 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-08-22 15:26 . 2010-08-22 15:26	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-08-22 15:09 . 2010-08-22 15:09	--------	d-----w-	c:\users\Chef\AppData\Local\Sunbelt Software
2010-08-22 15:07 . 2010-08-23 19:59	--------	d-----w-	c:\programdata\Lavasoft
2010-08-22 14:44 . 2010-08-22 14:53	--------	d-----w-	c:\program files\trend micro
2010-08-22 08:25 . 2010-01-11 07:57	1643888	----a-w-	c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
2010-08-20 11:37 . 2010-08-18 15:16	52224	----a-w-	c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\FFExternalAlert.dll
2010-08-20 11:37 . 2010-08-18 15:16	101376	----a-w-	c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\RadioWMPCore.dll
2010-08-18 15:18 . 2010-08-18 15:18	--------	d-----w-	c:\program files\Microsoft SDKs
2010-08-18 15:18 . 2010-08-18 15:21	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2010-08-18 13:44 . 2010-08-18 13:44	--------	d-----w-	c:\users\Chef\AppData\Roaming\Malwarebytes
2010-08-18 13:44 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 13:44 . 2010-08-18 13:44	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-18 13:42 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-18 13:41 . 2010-08-18 13:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-18 11:55 . 2010-08-23 20:02	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-18 11:55 . 2010-08-23 20:00	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-10 08:25 . 2010-08-10 08:25	--------	d-----w-	c:\program files\QS
2010-08-10 08:25 . 2010-08-10 08:25	--------	d-----w-	c:\users\Chef\AppData\Roaming\TeamViewer
2010-08-06 18:35 . 2010-07-26 13:18	201728	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\CmdAgent.dll
2010-08-04 08:20 . 2010-08-04 08:21	--------	d-----w-	c:\users\Chef\AppData\Local\Die GeldPlaner Einstellungen
2010-08-04 08:20 . 2010-08-04 08:20	--------	d-----w-	c:\programdata\Die GeldPlaner Einstellungen
2010-08-04 08:20 . 2010-08-04 08:20	--------	d-----w-	c:\programdata\metier2000Apps
2010-08-04 08:09 . 2010-08-04 08:09	72488	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-01 15:40 . 2010-08-01 15:40	--------	d-----w-	c:\program files\Common Files\Windows Live
2010-08-01 15:38 . 2010-08-01 15:38	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-08-01 13:03 . 2010-08-01 13:03	8192	----a-w-	c:\windows\system32\srvany.exe
2010-08-01 12:50 . 2010-08-01 12:50	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2010-08-01 12:49 . 2010-08-01 12:49	--------	d-----w-	c:\program files\Microsoft Sync Framework
2010-08-01 12:49 . 2010-08-01 12:49	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-08-01 12:48 . 2010-08-01 12:48	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2010-08-01 12:46 . 2010-08-01 12:46	--------	d-----w-	c:\program files\Microsoft Analysis Services
2010-07-28 14:57 . 2010-04-27 02:25	98560	----a-w-	c:\windows\system32\drivers\sscebus.sys
2010-07-28 14:57 . 2010-04-27 02:25	14848	----a-w-	c:\windows\system32\drivers\sscemdfl.sys
2010-07-28 14:57 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecmnt.sys
2010-07-28 14:57 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecm.sys
2010-07-28 14:57 . 2010-04-27 02:25	123648	----a-w-	c:\windows\system32\drivers\sscemdm.sys
2010-07-28 14:57 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewhnt.sys
2010-07-28 14:57 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewh.sys
2010-07-28 11:56 . 2010-07-28 11:56	265528	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
2010-07-28 11:55 . 2010-07-28 11:55	6144	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\de-De\MCS.Thunder.Update.resources.dll
2010-07-28 11:55 . 2010-07-28 11:55	9728	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll
2010-07-28 11:49 . 2010-07-28 11:49	48128	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll
2010-07-28 11:49 . 2010-07-28 11:49	204288	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\CabLib.dll
2010-07-28 11:49 . 2010-07-28 11:49	6656	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll
2010-07-28 11:49 . 2010-07-28 11:49	12288	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll
2010-07-26 10:13 . 2010-07-26 10:13	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-26 10:07 . 2010-07-26 10:05	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-26 10:07 . 2010-07-26 10:05	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-26 10:07 . 2009-11-25 17:03	530625	----a-w-	c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-07-26 10:07 . 2010-07-26 10:07	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-26 10:07 . 2009-11-25 17:03	530625	----a-w-	c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-07-26 10:07 . 2010-07-26 10:07	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-26 10:07 . 2010-07-26 10:07	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-26 10:07 . 2010-07-26 10:07	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-26 10:05 . 2010-07-26 10:13	--------	d-----w-	c:\programdata\DivX

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 11:55 . 2009-11-10 17:27	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-08-23 23:09 . 2010-08-23 23:09	131224	----a-w-	c:\users\Andrea.PC.000\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-23 20:29 . 2009-11-10 16:13	--------	d-----w-	c:\program files\JDownloader
2010-08-23 11:06 . 2009-12-04 08:57	--------	d-----w-	c:\program files\Java
2010-08-23 10:56 . 2010-01-19 18:53	--------	d-----w-	c:\program files\Elaborate Bytes
2010-08-22 15:11 . 2009-11-10 00:23	--------	d-----w-	c:\programdata\Avira
2010-08-19 10:34 . 2009-11-09 23:27	131224	----a-w-	c:\users\Chef\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 15:21 . 2009-11-10 13:02	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-18 15:16 . 2009-11-13 15:08	--------	d-----w-	c:\programdata\Corel
2010-08-18 15:11 . 2009-11-13 15:02	--------	d-----w-	c:\program files\Corel
2010-08-18 14:57 . 2010-05-01 08:28	--------	d-----w-	c:\program files\CCleaner
2010-08-18 11:21 . 2009-11-22 11:51	--------	d-----w-	c:\program files\Plagiarism Detector
2010-08-18 08:24 . 2010-03-31 08:26	--------	d-----w-	c:\program files\QuickTime
2010-08-16 08:47 . 2009-11-10 12:54	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-08-08 12:16 . 2009-12-14 12:09	952	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-08-06 20:38 . 2009-11-11 10:48	--------	d-----w-	c:\users\Chef\AppData\Roaming\Vso
2010-08-06 18:35 . 2010-06-22 18:29	--------	d-----w-	c:\programdata\Samsung
2010-08-04 08:10 . 2010-02-03 21:21	--------	d-----w-	c:\program files\Safari
2010-08-01 12:51 . 2009-07-14 04:52	--------	d-----w-	c:\program files\MSBuild
2010-08-01 12:49 . 2009-11-10 13:04	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 05:18	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 05:18	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-28 15:12 . 2009-11-10 16:15	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-28 15:07 . 2010-06-22 18:30	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-07-28 15:07 . 2009-11-10 16:55	--------	d-----w-	c:\users\Chef\AppData\Roaming\Samsung
2010-07-28 15:07 . 2010-06-22 18:29	--------	d-----w-	c:\program files\Common Files\Samsung
2010-07-28 15:07 . 2009-11-10 16:15	--------	d-----w-	c:\program files\Samsung
2010-07-26 13:17 . 2010-05-25 06:44	95568	----a-w-	c:\windows\system32\dgdersvc.exe
2010-07-26 13:17 . 2010-05-25 06:44	726352	----a-w-	c:\windows\system32\dgderapi.dll
2010-07-26 13:17 . 2010-05-25 06:44	18136	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2010-07-26 13:15 . 2010-06-22 18:30	36640	----a-w-	c:\windows\system32\FsUsbExDisk.Sys
2010-07-26 10:07 . 2009-11-25 17:03	--------	d-----w-	c:\program files\DivX
2010-07-26 10:07 . 2009-11-25 17:03	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-07-26 10:07 . 2009-11-25 21:57	--------	d-----w-	c:\users\Chef\AppData\Roaming\DivX
2010-07-25 07:37 . 2010-07-18 11:28	--------	d-----w-	c:\users\Chef\AppData\Roaming\MiniLyrics
2010-07-24 10:27 . 2010-07-18 11:27	--------	d-----w-	c:\program files\Minilyrics
2010-07-24 09:48 . 2010-07-24 09:48	--------	d-----w-	c:\users\Chef\AppData\Roaming\ROUTE 66 Sync
2010-07-24 09:47 . 2010-07-24 09:47	--------	d-----w-	c:\program files\Common Files\ROUTE 66
2010-07-24 09:47 . 2010-07-24 09:47	--------	d-----w-	c:\program files\ROUTE 66
2010-07-21 09:11 . 2010-07-21 09:11	--------	d-----w-	c:\program files\Flip Video
2010-07-21 08:13 . 2010-04-28 08:33	--------	d-----w-	c:\program files\iTunes
2010-07-21 08:12 . 2010-07-21 08:12	--------	d-----w-	c:\program files\iPod
2010-07-21 08:12 . 2009-11-10 13:42	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-21 08:10 . 2010-07-21 08:10	--------	d-----w-	c:\program files\Bonjour
2010-07-21 08:08 . 2010-07-21 08:08	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-18 11:06 . 2009-11-10 19:38	--------	d-----w-	c:\program files\EvilLyrics
2010-07-17 19:41 . 2010-03-15 07:11	--------	d-----w-	c:\program files\Google
2010-07-17 03:00 . 2010-05-12 05:39	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-15 20:28 . 2010-07-15 20:28	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-30 06:25 . 2010-08-11 05:18	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-28 09:01 . 2010-06-28 09:01	--------	d-----w-	c:\program files\MyFree Codec
2010-06-26 22:49 . 2010-06-26 22:49	--------	d-----w-	c:\program files\3ivx
2010-06-26 22:49 . 2010-06-26 22:49	--------	d-----w-	c:\programdata\Flip Video
2010-06-22 02:47 . 2010-08-11 05:18	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 05:18	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 05:18	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 05:18	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 05:18	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 05:18	37376	----a-w-	c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 05:18	2326016	----a-w-	c:\windows\system32\win32k.sys
2010-06-16 12:17 . 2010-06-16 12:17	71992	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-16 05:48 . 2010-08-11 05:18	224256	----a-w-	c:\windows\system32\schannel.dll
2010-06-14 10:11 . 2009-11-11 08:08	34	----a-w-	c:\windows\system32\BD7010.DAT
2010-06-14 06:12 . 2010-08-11 05:18	1286016	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-11 05:18	1233920	----a-w-	c:\windows\system32\msxml3.dll
2010-06-04 09:05 . 2010-06-22 18:30	110592	----a-w-	c:\windows\system32\FsUsbExDevice.Dll
2010-05-28 06:25 . 2010-06-22 18:30	233472	----a-w-	c:\windows\system32\FsUsbExService.Exe
2010-05-27 07:24 . 2010-06-11 09:20	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 09:20	293888	----a-w-	c:\windows\system32\atmfd.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-24_10.58.36   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-09 23:43 . 2010-08-24 11:58	58036              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-08-24 10:42	44744              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-24 11:58	44744              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-09 23:25 . 2010-08-24 11:31	14822              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-847127913-465227217-606268584-1001_UserData.bin
- 2009-11-10 00:24 . 2010-08-24 10:40	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 00:24 . 2010-08-24 11:56	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 00:24 . 2010-08-24 11:56	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 00:24 . 2010-08-24 10:40	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-08-24 10:40	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-24 11:56	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-09 23:25 . 2010-08-24 11:57	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-09 23:25 . 2010-08-24 11:57	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-09 23:25 . 2010-08-24 11:57	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-09 23:25 . 2010-08-24 11:57	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 17:12 . 2010-08-24 12:10	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 17:12 . 2010-08-24 10:10	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 17:12 . 2010-08-24 10:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-10 17:12 . 2010-08-24 12:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-11-10 17:12 . 2010-08-24 12:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-10 17:12 . 2010-08-24 10:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-09 23:25 . 2010-08-24 12:10	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:25 . 2010-08-24 11:57	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-24 11:56 . 2010-08-24 11:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-24 10:40 . 2010-08-24 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-24 11:56 . 2010-08-24 11:56	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-24 10:40 . 2010-08-24 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:03 . 2010-08-24 10:53	7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-08-24 12:08	7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20	561552	----a-w-	c:\progra~1\MICROS~1\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ROUTE66Sync"=c:\program files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"V0330Mon.exe"=c:\windows\V0330Mon.exe
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-08-01 8192]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2005-08-25 45568]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-10 691696]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-14 172032]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-07-26 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-01 1043784]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 V0330VID;WebCam Vista/Live! Cam Chat VF0330;c:\windows\system32\DRIVERS\V0330Vid.sys [2009-07-03 157728]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 07:11]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 07:11]
.
.
------- Zusätzlicher Suchlauf -------
.
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - 

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-24  14:34:40
ComboFix-quarantined-files.txt  2010-08-24 12:34

Vor Suchlauf: 147.717.292.032 bytes free
Nach Suchlauf: 147.511.828.480 bytes free

- - End Of File - - 5C9BD06D68A7071D6F69859EF75D3DB3
         
--- --- ---

Alt 24.08.2010, 17:51   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Filelook::
c:\windows\system32\srvany.exe
c:\users\Andrea.PC.000\AppData\Local\GDIPFONTCACHEV1.DAT

Dirlook::
c:\program files\QS
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.08.2010, 22:06   #9
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



So, hier kommt das nächste Log-File. Nach einem Neustart wurde übrigens nicht gefragt.

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-08-23.02 - Admin 24.08.2010  22:41:18.5.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1033.18.2047.1266 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Admin\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-24 bis 2010-08-24  ))))))))))))))))))))))))))))))
.

2010-08-24 20:53 . 2010-08-24 20:53	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-24 20:53 . 2010-08-24 20:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-24 20:26 . 2010-08-24 20:27	--------	d-----w-	c:\users\Admin\AppData\Local\Microsoft
2010-08-24 12:37 . 2010-08-24 12:37	0	----a-w-	c:\windows\nsreg.dat
2010-08-24 12:03 . 2010-08-24 12:03	--------	d-----w-	C:\cofi13485c
2010-08-24 12:02 . 2010-08-24 12:02	--------	d-----w-	C:\cofi19091c
2010-08-24 11:49 . 2010-08-24 11:55	--------	d-----w-	C:\cofi18768c
2010-08-24 11:36 . 2010-08-24 11:55	--------	d-----w-	C:\cofi24740c
2010-08-24 11:36 . 2010-08-24 11:55	--------	d-----w-	C:\cofi12582c
2010-08-24 11:31 . 2010-08-24 11:55	--------	d-----w-	C:\cofi4570c
2010-08-24 11:28 . 2010-08-24 11:55	--------	d-----w-	C:\cofi3023c
2010-08-24 11:25 . 2010-08-24 11:55	--------	d-----w-	C:\cofi4666c
2010-08-24 10:38 . 2010-08-24 11:55	--------	d-----w-	C:\cofi
2010-08-23 23:09 . 2010-08-24 12:54	--------	d-----w-	c:\users\Andrea.PC.000
2010-08-23 23:09 . 2010-08-24 12:54	--------	d-----w-	c:\users\Andrea.PC.000\AppData\Local\Microsoft
2010-08-23 22:12 . 2010-08-23 22:12	--------	d-----w-	C:\Lyrics
2010-08-23 20:50 . 2010-08-24 11:55	--------	d-----w-	c:\program files\Free M4a to MP3 Converter
2010-08-23 19:47 . 2010-08-23 19:47	57344	----a-r-	c:\users\Chef\AppData\Roaming\Microsoft\Installer\{7036A07A-FE2A-4920-A944-19B73D16F106}\NewShortcut8_7036A07AFE2A4920A94419B73D16F106.exe
2010-08-23 19:47 . 2010-08-23 19:47	57344	----a-r-	c:\users\Chef\AppData\Roaming\Microsoft\Installer\{7036A07A-FE2A-4920-A944-19B73D16F106}\NewShortcut2_7036A07AFE2A4920A94419B73D16F106_1.exe
2010-08-23 19:47 . 2010-08-23 19:47	25214	----a-r-	c:\users\Chef\AppData\Roaming\Microsoft\Installer\{7036A07A-FE2A-4920-A944-19B73D16F106}\ARPPRODUCTICON.exe
2010-08-23 19:47 . 2010-08-23 19:47	--------	d-----w-	c:\program files\Duden
2010-08-22 15:41 . 2010-08-22 15:41	--------	d-----w-	c:\users\Chef\AppData\Roaming\Avira
2010-08-22 15:36 . 2010-03-01 08:04	124784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-08-22 15:36 . 2010-02-18 08:51	102856	----a-w-	c:\windows\system32\drivers\avfwot.sys
2010-08-22 15:36 . 2010-02-16 12:24	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-08-22 15:36 . 2010-02-15 13:23	79432	----a-w-	c:\windows\system32\drivers\avfwim.sys
2010-08-22 15:36 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-08-22 15:36 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-08-22 15:26 . 2010-08-22 15:26	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-08-22 15:09 . 2010-08-22 15:09	--------	d-----w-	c:\users\Chef\AppData\Local\Sunbelt Software
2010-08-22 15:07 . 2010-08-23 19:59	--------	d-----w-	c:\programdata\Lavasoft
2010-08-22 14:44 . 2010-08-22 14:53	--------	d-----w-	c:\program files\trend micro
2010-08-22 08:25 . 2010-01-11 07:57	1643888	----a-w-	c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
2010-08-20 11:37 . 2010-08-18 15:16	52224	----a-w-	c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\FFExternalAlert.dll
2010-08-20 11:37 . 2010-08-18 15:16	101376	----a-w-	c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\f5riadur.default\extensions\{e47d6d44-6479-461d-bfa3-dbd0dc5a9011}\components\RadioWMPCore.dll
2010-08-18 15:18 . 2010-08-18 15:18	--------	d-----w-	c:\program files\Microsoft SDKs
2010-08-18 15:18 . 2010-08-18 15:21	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2010-08-18 13:44 . 2010-08-18 13:44	--------	d-----w-	c:\users\Chef\AppData\Roaming\Malwarebytes
2010-08-18 13:44 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 13:44 . 2010-08-18 13:44	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-18 13:42 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-18 13:41 . 2010-08-18 13:44	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-18 11:55 . 2010-08-23 20:02	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-18 11:55 . 2010-08-23 20:00	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-10 08:25 . 2010-08-10 08:25	--------	d-----w-	c:\program files\QS
2010-08-10 08:25 . 2010-08-10 08:25	--------	d-----w-	c:\users\Chef\AppData\Roaming\TeamViewer
2010-08-06 18:35 . 2010-07-26 13:18	201728	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\CmdAgent.dll
2010-08-04 08:20 . 2010-08-04 08:21	--------	d-----w-	c:\users\Chef\AppData\Local\Die GeldPlaner Einstellungen
2010-08-04 08:20 . 2010-08-04 08:20	--------	d-----w-	c:\programdata\Die GeldPlaner Einstellungen
2010-08-04 08:20 . 2010-08-04 08:20	--------	d-----w-	c:\programdata\metier2000Apps
2010-08-04 08:09 . 2010-08-04 08:09	72488	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-01 15:40 . 2010-08-01 15:40	--------	d-----w-	c:\program files\Common Files\Windows Live
2010-08-01 15:38 . 2010-08-01 15:38	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-08-01 13:03 . 2010-08-01 13:03	8192	----a-w-	c:\windows\system32\srvany.exe
2010-08-01 12:50 . 2010-08-01 12:50	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2010-08-01 12:49 . 2010-08-01 12:49	--------	d-----w-	c:\program files\Microsoft Sync Framework
2010-08-01 12:49 . 2010-08-01 12:49	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-08-01 12:48 . 2010-08-01 12:48	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2010-08-01 12:46 . 2010-08-01 12:46	--------	d-----w-	c:\program files\Microsoft Analysis Services
2010-07-28 14:57 . 2010-04-27 02:25	98560	----a-w-	c:\windows\system32\drivers\sscebus.sys
2010-07-28 14:57 . 2010-04-27 02:25	14848	----a-w-	c:\windows\system32\drivers\sscemdfl.sys
2010-07-28 14:57 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecmnt.sys
2010-07-28 14:57 . 2010-04-27 02:25	12416	----a-w-	c:\windows\system32\drivers\sscecm.sys
2010-07-28 14:57 . 2010-04-27 02:25	123648	----a-w-	c:\windows\system32\drivers\sscemdm.sys
2010-07-28 14:57 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewhnt.sys
2010-07-28 14:57 . 2010-04-27 02:25	12288	----a-w-	c:\windows\system32\drivers\sscewh.sys
2010-07-28 11:56 . 2010-07-28 11:56	265528	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
2010-07-28 11:55 . 2010-07-28 11:55	6144	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\de-De\MCS.Thunder.Update.resources.dll
2010-07-28 11:55 . 2010-07-28 11:55	9728	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll
2010-07-28 11:49 . 2010-07-28 11:49	48128	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll
2010-07-28 11:49 . 2010-07-28 11:49	204288	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\CabLib.dll
2010-07-28 11:49 . 2010-07-28 11:49	6656	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll
2010-07-28 11:49 . 2010-07-28 11:49	12288	----a-w-	c:\users\Chef\AppData\Roaming\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll
2010-07-26 10:13 . 2010-07-26 10:13	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-26 10:07 . 2010-07-26 10:05	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-26 10:07 . 2010-07-26 10:05	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-26 10:07 . 2009-11-25 17:03	530625	----a-w-	c:\programdata\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-07-26 10:07 . 2010-07-26 10:07	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-26 10:07 . 2009-11-25 17:03	530625	----a-w-	c:\programdata\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-07-26 10:07 . 2010-07-26 10:07	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-26 10:07 . 2010-07-26 10:07	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-26 10:07 . 2010-07-26 10:07	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-26 10:05 . 2010-07-26 10:13	--------	d-----w-	c:\programdata\DivX

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 20:28 . 2010-08-24 20:28	--------	d-----w-	c:\users\Admin\AppData\Roaming\TuneUp Software
2010-08-24 13:39 . 2009-11-10 16:13	--------	d-----w-	c:\program files\JDownloader
2010-08-24 11:55 . 2009-11-10 17:27	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-08-23 11:06 . 2009-12-04 08:57	--------	d-----w-	c:\program files\Java
2010-08-23 10:56 . 2010-01-19 18:53	--------	d-----w-	c:\program files\Elaborate Bytes
2010-08-22 15:11 . 2009-11-10 00:23	--------	d-----w-	c:\programdata\Avira
2010-08-19 10:34 . 2009-11-09 23:27	131224	----a-w-	c:\users\Chef\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-18 15:21 . 2009-11-10 13:02	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-18 15:16 . 2009-11-13 15:08	--------	d-----w-	c:\programdata\Corel
2010-08-18 15:11 . 2009-11-13 15:02	--------	d-----w-	c:\program files\Corel
2010-08-18 14:57 . 2010-05-01 08:28	--------	d-----w-	c:\program files\CCleaner
2010-08-18 11:21 . 2009-11-22 11:51	--------	d-----w-	c:\program files\Plagiarism Detector
2010-08-18 08:24 . 2010-03-31 08:26	--------	d-----w-	c:\program files\QuickTime
2010-08-16 08:47 . 2009-11-10 12:54	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-08-08 12:16 . 2009-12-14 12:09	952	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-08-06 20:38 . 2009-11-11 10:48	--------	d-----w-	c:\users\Chef\AppData\Roaming\Vso
2010-08-06 18:35 . 2010-06-22 18:29	--------	d-----w-	c:\programdata\Samsung
2010-08-04 08:10 . 2010-02-03 21:21	--------	d-----w-	c:\program files\Safari
2010-08-01 12:51 . 2009-07-14 04:52	--------	d-----w-	c:\program files\MSBuild
2010-08-01 12:49 . 2009-11-10 13:04	--------	d-----w-	c:\program files\Microsoft.NET
2010-07-29 06:30 . 2010-08-11 05:18	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 05:18	82944	----a-w-	c:\windows\system32\iccvid.dll
2010-07-28 15:12 . 2009-11-10 16:15	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-28 15:07 . 2010-06-22 18:30	--------	d-----w-	c:\program files\PC Connectivity Solution
2010-07-28 15:07 . 2009-11-10 16:55	--------	d-----w-	c:\users\Chef\AppData\Roaming\Samsung
2010-07-28 15:07 . 2010-06-22 18:29	--------	d-----w-	c:\program files\Common Files\Samsung
2010-07-28 15:07 . 2009-11-10 16:15	--------	d-----w-	c:\program files\Samsung
2010-07-26 13:17 . 2010-05-25 06:44	95568	----a-w-	c:\windows\system32\dgdersvc.exe
2010-07-26 13:17 . 2010-05-25 06:44	726352	----a-w-	c:\windows\system32\dgderapi.dll
2010-07-26 13:17 . 2010-05-25 06:44	18136	----a-w-	c:\windows\system32\drivers\dgderdrv.sys
2010-07-26 13:15 . 2010-06-22 18:30	36640	----a-w-	c:\windows\system32\FsUsbExDisk.Sys
2010-07-26 10:07 . 2009-11-25 17:03	--------	d-----w-	c:\program files\DivX
2010-07-26 10:07 . 2009-11-25 17:03	--------	d-----w-	c:\program files\Common Files\DivX Shared
2010-07-26 10:07 . 2009-11-25 21:57	--------	d-----w-	c:\users\Chef\AppData\Roaming\DivX
2010-07-25 07:37 . 2010-07-18 11:28	--------	d-----w-	c:\users\Chef\AppData\Roaming\MiniLyrics
2010-07-24 10:27 . 2010-07-18 11:27	--------	d-----w-	c:\program files\Minilyrics
2010-07-24 09:48 . 2010-07-24 09:48	--------	d-----w-	c:\users\Chef\AppData\Roaming\ROUTE 66 Sync
2010-07-24 09:47 . 2010-07-24 09:47	--------	d-----w-	c:\program files\Common Files\ROUTE 66
2010-07-24 09:47 . 2010-07-24 09:47	--------	d-----w-	c:\program files\ROUTE 66
2010-07-21 09:11 . 2010-07-21 09:11	--------	d-----w-	c:\program files\Flip Video
2010-07-21 08:13 . 2010-04-28 08:33	--------	d-----w-	c:\program files\iTunes
2010-07-21 08:12 . 2010-07-21 08:12	--------	d-----w-	c:\program files\iPod
2010-07-21 08:12 . 2009-11-10 13:42	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-21 08:10 . 2010-07-21 08:10	--------	d-----w-	c:\program files\Bonjour
2010-07-21 08:08 . 2010-07-21 08:08	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-18 11:06 . 2009-11-10 19:38	--------	d-----w-	c:\program files\EvilLyrics
2010-07-17 19:41 . 2010-03-15 07:11	--------	d-----w-	c:\program files\Google
2010-07-17 03:00 . 2010-05-12 05:39	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-07-15 20:28 . 2010-07-15 20:28	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-06-30 06:25 . 2010-08-11 05:18	978432	----a-w-	c:\windows\system32\wininet.dll
2010-06-28 09:01 . 2010-06-28 09:01	--------	d-----w-	c:\program files\MyFree Codec
2010-06-26 22:49 . 2010-06-26 22:49	--------	d-----w-	c:\program files\3ivx
2010-06-26 22:49 . 2010-06-26 22:49	--------	d-----w-	c:\programdata\Flip Video
2010-06-22 02:47 . 2010-08-11 05:18	310784	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-11 05:18	307200	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-11 05:18	113664	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33 . 2010-08-11 05:18	3955080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-11 05:18	3899784	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-11 05:18	37376	----a-w-	c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-11 05:18	2326016	----a-w-	c:\windows\system32\win32k.sys
2010-06-16 12:17 . 2010-06-16 12:17	71992	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-16 05:48 . 2010-08-11 05:18	224256	----a-w-	c:\windows\system32\schannel.dll
2010-06-14 10:11 . 2009-11-11 08:08	34	----a-w-	c:\windows\system32\BD7010.DAT
2010-06-14 06:12 . 2010-08-11 05:18	1286016	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-06-08 06:02 . 2010-08-11 05:18	1233920	----a-w-	c:\windows\system32\msxml3.dll
2010-06-04 09:05 . 2010-06-22 18:30	110592	----a-w-	c:\windows\system32\FsUsbExDevice.Dll
2010-05-28 06:25 . 2010-06-22 18:30	233472	----a-w-	c:\windows\system32\FsUsbExService.Exe
2010-05-27 07:24 . 2010-06-11 09:20	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-11 09:20	293888	----a-w-	c:\windows\system32\atmfd.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\srvany.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 8192
Created time: 2010-08-01 13:03
Modified time: 2010-08-01 13:03
MD5: 4635935FC972C582632BF45C26BFCB0E
SHA1: 7C5329229042535FE56E74F1F246C6DA8CEA3BE8

---- Directory of c:\program files\QS ----

2010-08-10 08:25 . 2010-06-24 08:55	64296	----a-w-	c:\program files\QS\SAS.exe


(((((((((((((((((((((((((((((   SnapShot@2010-08-24_10.58.36   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-09 23:43 . 2010-08-24 13:08	58116              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 04:55 . 2010-08-24 10:42	44744              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-08-24 20:32	44744              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-09 23:25 . 2010-08-24 20:32	14854              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-847127913-465227217-606268584-1001_UserData.bin
+ 2009-11-10 00:24 . 2010-08-24 20:30	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 00:24 . 2010-08-24 10:40	16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 00:24 . 2010-08-24 10:40	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 00:24 . 2010-08-24 20:30	32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-08-24 20:30	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-08-24 10:40	16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-09 23:25 . 2010-08-24 20:31	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-09 23:25 . 2010-08-24 20:31	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-09 23:25 . 2010-08-24 20:31	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-09 23:25 . 2010-08-24 20:31	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 17:12 . 2010-08-24 10:10	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 17:12 . 2010-08-24 20:05	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 17:12 . 2010-08-24 20:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-11-10 17:12 . 2010-08-24 10:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-11-10 17:12 . 2010-08-24 10:10	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-11-10 17:12 . 2010-08-24 20:05	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-09 23:25 . 2010-08-24 20:31	32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-09 23:25 . 2010-08-24 10:40	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-09 23:25 . 2010-08-24 20:31	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-07 17:29 . 2010-06-14 10:14	9560              c:\windows\System32\NetworkList\Icons\{D07AD4A7-72C2-40A5-8F14-038CF9EEA432}_48.bin
+ 2010-06-07 17:29 . 2010-08-24 13:55	9560              c:\windows\System32\NetworkList\Icons\{D07AD4A7-72C2-40A5-8F14-038CF9EEA432}_48.bin
- 2010-06-07 17:29 . 2010-06-14 10:14	4280              c:\windows\System32\NetworkList\Icons\{D07AD4A7-72C2-40A5-8F14-038CF9EEA432}_32.bin
+ 2010-06-07 17:29 . 2010-08-24 13:55	4280              c:\windows\System32\NetworkList\Icons\{D07AD4A7-72C2-40A5-8F14-038CF9EEA432}_32.bin
- 2010-06-07 17:29 . 2010-06-14 10:14	2456              c:\windows\System32\NetworkList\Icons\{D07AD4A7-72C2-40A5-8F14-038CF9EEA432}_24.bin
+ 2010-06-07 17:29 . 2010-08-24 13:55	2456              c:\windows\System32\NetworkList\Icons\{D07AD4A7-72C2-40A5-8F14-038CF9EEA432}_24.bin
- 2010-02-04 07:02 . 2010-08-23 23:10	8192              c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat
+ 2010-02-04 07:02 . 2010-08-24 14:36	8192              c:\windows\System32\Microsoft\Protect\Recovery\Recovery.dat
+ 2010-08-24 20:30 . 2010-08-24 20:30	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-24 10:40 . 2010-08-24 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-24 10:40 . 2010-08-24 10:40	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-08-24 20:30 . 2010-08-24 20:30	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2010-08-14 08:34	614038              c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-08-24 20:33	614038              c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-08-14 08:34	106158              c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-08-24 20:33	106158              c:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2010-08-24 10:53	7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-08-24 16:30	7077888              c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20	561552	----a-w-	c:\progra~1\MICROS~1\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MyWebSearch Plugin"=rundll32 c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
"IgfxTray"=c:\windows\system32\igfxtray.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ROUTE66Sync"=c:\program files\ROUTE 66\ROUTE 66 Sync\Sync9Loader.exe -runinbackground
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"V0330Mon.exe"=c:\windows\V0330Mon.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 135664]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2010-08-01 8192]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MRV6X32U;Vista 32-bits Native WiFi Driver - USB;c:\windows\system32\DRIVERS\MRVW23B.sys [2006-12-22 231040]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SCR33x USB Smart Card Reader;SCR33x USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR33X2K.sys [2005-08-25 45568]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 98560]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 14848]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 123648]
R3 STC2DFU;STCII DFU Adapter;c:\windows\system32\DRIVERS\Stc2Dfu.SYS [2004-10-24 7796]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-10 691696]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-02-18 102856]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-14 172032]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2010-04-01 536232]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-07-26 95568]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-01 1043784]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-02-15 79432]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-26 18136]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-06 57856]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 V0330VID;WebCam Vista/Live! Cam Chat VF0330;c:\windows\system32\DRIVERS\V0330Vid.sys [2009-07-03 157728]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - FSUSBEXDISK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 07:11]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 07:11]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gfbtaffx.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\progra~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size",  4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-24  22:58:01
ComboFix-quarantined-files.txt  2010-08-24 20:58
ComboFix2.txt  2010-08-24 12:34

Vor Suchlauf: 150.125.412.352 bytes free
Nach Suchlauf: 150.058.266.624 bytes free

- - End Of File - - B148A0B349F472B7F163592DC2B968E2
         
--- --- ---

Alt 27.08.2010, 10:52   #10
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Hej Arne, ich möchte nicht drängeln, aber:
Schaut's gut aus auf unserem PC? Oder gibt's Grund zur Sorge?

Alt 27.08.2010, 10:58   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.08.2010, 12:11   #12
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



GMER ist tatsächlich abgestürzt.

Hier das OSAM-Logfile:

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:07:43 on 27.08.2010

OS: Windows 7  (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Adobe Systems, Inc." - C:\Windows\System32\acaptuser32.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avfwot" (avfwot) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avfwot.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Admin\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"pgldapow" (pgldapow) - ? - C:\Users\Admin\AppData\Local\Temp\pgldapow.sys  (Hidden registry entry, rootkit activity | File not found)
"SCR33x USB Smart Card Reader" (SCR33x USB Smart Card Reader) - "SCM Microsystems Inc." - C:\Windows\System32\DRIVERS\SCR33X2K.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"STCII DFU Adapter" (STC2DFU) - "SCM Microsystems Inc." - C:\Windows\System32\DRIVERS\Stc2Dfu.SYS
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"Vista 32-bits Native WiFi Driver - USB" (MRV6X32U) - "A/WLAN-1" - C:\Windows\System32\DRIVERS\MRVW23B.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files\Common Files\Corel\Shared\Shell Extension\x86\ShellXP.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\MLSHEXT.DLL
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{AD392E40-428C-459F-961E-9B147782D099} "UIContextMenu Class" - "EZB Systems, Inc." - C:\Program Files\UltraISO\isoshell.dll
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
{8167C273-DF59-4416-B647-C8BB2C7EE83E} "WebSDev Control" - "MICRO-STAR INT'L CO., LTD." - C:\PROGRA~1\MSI\MSIWDev\WebSDev.ocx / hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
{F4971EE7-DAA0-4053-9964-665D8EE6A077} "SmartSelect Class" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port Monitor" - "Adobe Systems Inc" - C:\Windows\system32\AdobePDF.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir MailGuard" (AntiVirMailService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira AntiVir WebGuard" (AntiVirWebService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira FireWall" (AntiVirFirewallService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
"Device Error Recovery Service" (dgdersvc) - "Devguru Co., Ltd." - C:\Windows\system32\dgdersvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"FlipShare Service" (FlipShare Service) - ? - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"KMService" (KMService) - ? - C:\Windows\system32\srvany.exe  (File found, but it contains no detailed information)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"ScCertProp" - ? - wlnotify.dll  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


Und hier das bootkit-log:

.\debug.cpp(238) : Debug log started at 27.08.2010 - 11:00:35
.\boot_cleaner.cpp(675) : Bootkit Remover
.\boot_cleaner.cpp(676) : (c) 2009 eSage Lab
.\boot_cleaner.cpp(677) : www.esagelab.com
.\boot_cleaner.cpp(681) : Program version: 1.1.0.0
.\boot_cleaner.cpp(688) : OS Version: Microsoft Windows 7 (build 7600), 32-bit
.\debug.cpp(248) : **********************************************
.\debug.cpp(249) : *** [ LOADED MODULES INFORMATION ] ***********
.\debug.cpp(250) : **********************************************
.\debug.cpp(256) : 0x8303d000 0x00400000 "\SystemRoot\system32\ntoskrnl.exe"
.\debug.cpp(256) : 0x83006000 0x00037000 "\SystemRoot\system32\halmacpi.dll"
.\debug.cpp(256) : 0x80bc0000 0x00008000 "\SystemRoot\system32\kdcom.dll"
.\debug.cpp(256) : 0x8981f000 0x00078000 "\SystemRoot\system32\mcupdate_GenuineIntel.dll"
.\debug.cpp(256) : 0x89897000 0x00011000 "\SystemRoot\system32\PSHED.dll"
.\debug.cpp(256) : 0x898a8000 0x00008000 "\SystemRoot\system32\BOOTVID.dll"
.\debug.cpp(256) : 0x898b0000 0x00042000 "\SystemRoot\system32\CLFS.SYS"
.\debug.cpp(256) : 0x898f2000 0x000ab000 "\SystemRoot\system32\CI.dll"
.\debug.cpp(256) : 0x8999d000 0x00071000 "\SystemRoot\system32\drivers\Wdf01000.sys"
.\debug.cpp(256) : 0x89a0e000 0x0000e000 "\SystemRoot\system32\drivers\WDFLDR.SYS"
.\debug.cpp(256) : 0x89a1c000 0x00048000 "\SystemRoot\system32\DRIVERS\ACPI.sys"
.\debug.cpp(256) : 0x89a64000 0x00009000 "\SystemRoot\system32\DRIVERS\WMILIB.SYS"
.\debug.cpp(256) : 0x89a6d000 0x00008000 "\SystemRoot\system32\DRIVERS\msisadrv.sys"
.\debug.cpp(256) : 0x89a75000 0x0000b000 "\SystemRoot\system32\DRIVERS\vdrvroot.sys"
.\debug.cpp(256) : 0x89a80000 0x0002a000 "\SystemRoot\system32\DRIVERS\pci.sys"
.\debug.cpp(256) : 0x89aaa000 0x00011000 "\SystemRoot\System32\drivers\partmgr.sys"
.\debug.cpp(256) : 0x89abb000 0x00010000 "\SystemRoot\system32\DRIVERS\volmgr.sys"
.\debug.cpp(256) : 0x89acb000 0x0004b000 "\SystemRoot\System32\drivers\volmgrx.sys"
.\debug.cpp(256) : 0x89b16000 0x00007000 "\SystemRoot\system32\DRIVERS\intelide.sys"
.\debug.cpp(256) : 0x89b1d000 0x0000e000 "\SystemRoot\system32\DRIVERS\PCIIDEX.SYS"
.\debug.cpp(256) : 0x89b2b000 0x00016000 "\SystemRoot\System32\drivers\mountmgr.sys"
.\debug.cpp(256) : 0x89b41000 0x00009000 "\SystemRoot\system32\DRIVERS\atapi.sys"
.\debug.cpp(256) : 0x89b4a000 0x00023000 "\SystemRoot\system32\DRIVERS\ataport.SYS"
.\debug.cpp(256) : 0x89b6d000 0x00009000 "\SystemRoot\system32\DRIVERS\amdxata.sys"
.\debug.cpp(256) : 0x89b76000 0x00034000 "\SystemRoot\system32\drivers\fltmgr.sys"
.\debug.cpp(256) : 0x89baa000 0x00011000 "\SystemRoot\system32\drivers\fileinfo.sys"
.\debug.cpp(256) : 0x89c1a000 0x0012f000 "\SystemRoot\System32\Drivers\Ntfs.sys"
.\debug.cpp(256) : 0x89d49000 0x0002b000 "\SystemRoot\System32\Drivers\msrpc.sys"
.\debug.cpp(256) : 0x89d74000 0x00013000 "\SystemRoot\System32\Drivers\ksecdd.sys"
.\debug.cpp(256) : 0x89d87000 0x0005d000 "\SystemRoot\System32\Drivers\cng.sys"
.\debug.cpp(256) : 0x89de4000 0x0000e000 "\SystemRoot\System32\drivers\pcw.sys"
.\debug.cpp(256) : 0x89df2000 0x00009000 "\SystemRoot\System32\Drivers\Fs_Rec.sys"
.\debug.cpp(256) : 0x89dfb000 0x000b7000 "\SystemRoot\system32\drivers\ndis.sys"
.\debug.cpp(256) : 0x89eb2000 0x0003e000 "\SystemRoot\system32\drivers\NETIO.SYS"
.\debug.cpp(256) : 0x89ef0000 0x00025000 "\SystemRoot\System32\Drivers\ksecpkg.sys"
.\debug.cpp(256) : 0x8a02a000 0x00149000 "\SystemRoot\System32\drivers\tcpip.sys"
.\debug.cpp(256) : 0x8a173000 0x00031000 "\SystemRoot\System32\drivers\fwpkclnt.sys"
.\debug.cpp(256) : 0x8a1a4000 0x00009000 "\SystemRoot\system32\DRIVERS\vmstorfl.sys"
.\debug.cpp(256) : 0x8a1ad000 0x0003f000 "\SystemRoot\system32\DRIVERS\volsnap.sys"
.\debug.cpp(256) : 0x8a1ec000 0x00008000 "\SystemRoot\System32\Drivers\spldr.sys"
.\debug.cpp(256) : 0x8a1f4000 0x0002d000 "\SystemRoot\System32\drivers\rdyboost.sys"
.\debug.cpp(256) : 0x8a221000 0x00010000 "\SystemRoot\System32\Drivers\mup.sys"
.\debug.cpp(256) : 0x8a231000 0x00008000 "\SystemRoot\System32\drivers\hwpolicy.sys"
.\debug.cpp(256) : 0x8a239000 0x00032000 "\SystemRoot\System32\DRIVERS\fvevol.sys"
.\debug.cpp(256) : 0x8a26b000 0x00011000 "\SystemRoot\system32\DRIVERS\disk.sys"
.\debug.cpp(256) : 0x8a27c000 0x00025000 "\SystemRoot\system32\DRIVERS\CLASSPNP.SYS"
.\debug.cpp(256) : 0x8a2d3000 0x0001f000 "\SystemRoot\system32\DRIVERS\cdrom.sys"
.\debug.cpp(256) : 0x8a2f2000 0x00007000 "\SystemRoot\System32\Drivers\Null.SYS"
.\debug.cpp(256) : 0x8a2f9000 0x00007000 "\SystemRoot\System32\Drivers\Beep.SYS"
.\debug.cpp(256) : 0x8a300000 0x0000c000 "\SystemRoot\System32\drivers\vga.sys"
.\debug.cpp(256) : 0x8a30c000 0x00021000 "\SystemRoot\System32\drivers\VIDEOPRT.SYS"
.\debug.cpp(256) : 0x8a32d000 0x0000d000 "\SystemRoot\System32\drivers\watchdog.sys"
.\debug.cpp(256) : 0x8a33a000 0x00008000 "\SystemRoot\System32\DRIVERS\RDPCDD.sys"
.\debug.cpp(256) : 0x8a342000 0x00008000 "\SystemRoot\system32\drivers\rdpencdd.sys"
.\debug.cpp(256) : 0x8a34a000 0x00008000 "\SystemRoot\system32\drivers\rdprefmp.sys"
.\debug.cpp(256) : 0x8a352000 0x0000b000 "\SystemRoot\System32\Drivers\Msfs.SYS"
.\debug.cpp(256) : 0x8a35d000 0x0000e000 "\SystemRoot\System32\Drivers\Npfs.SYS"
.\debug.cpp(256) : 0x8a36b000 0x00017000 "\SystemRoot\system32\DRIVERS\tdx.sys"
.\debug.cpp(256) : 0x8a382000 0x0000b000 "\SystemRoot\system32\DRIVERS\TDI.SYS"
.\debug.cpp(256) : 0x8a38d000 0x00018000 "\SystemRoot\system32\DRIVERS\avfwot.sys"
.\debug.cpp(256) : 0x8a3a5000 0x0005a000 "\SystemRoot\system32\drivers\afd.sys"
.\debug.cpp(256) : 0x89f15000 0x00032000 "\SystemRoot\System32\DRIVERS\netbt.sys"
.\debug.cpp(256) : 0x8a000000 0x00009000 "\SystemRoot\system32\drivers\ws2ifsl.sys"
.\debug.cpp(256) : 0x8a009000 0x00007000 "\SystemRoot\system32\DRIVERS\wfplwf.sys"
.\debug.cpp(256) : 0x89f47000 0x0001f000 "\SystemRoot\system32\DRIVERS\pacer.sys"
.\debug.cpp(256) : 0x8a010000 0x0000e000 "\SystemRoot\system32\DRIVERS\netbios.sys"
.\debug.cpp(256) : 0x89f66000 0x0001a000 "\SystemRoot\system32\DRIVERS\serial.sys"
.\debug.cpp(256) : 0x8a01e000 0x00006000 "\SystemRoot\System32\Drivers\StarOpen.SYS"
.\debug.cpp(256) : 0x89f80000 0x00013000 "\SystemRoot\system32\DRIVERS\wanarp.sys"
.\debug.cpp(256) : 0x89f93000 0x00010000 "\SystemRoot\system32\DRIVERS\termdd.sys"
.\debug.cpp(256) : 0x8a024000 0x00006000 "\SystemRoot\system32\DRIVERS\ssmdrv.sys"
.\debug.cpp(256) : 0x89fa3000 0x00041000 "\SystemRoot\system32\DRIVERS\rdbss.sys"
.\debug.cpp(256) : 0x89fe4000 0x0000a000 "\SystemRoot\system32\drivers\nsiproxy.sys"
.\debug.cpp(256) : 0x89fee000 0x0000a000 "\SystemRoot\system32\DRIVERS\mssmbios.sys"
.\debug.cpp(256) : 0x89c00000 0x0000c000 "\SystemRoot\System32\drivers\discache.sys"
.\debug.cpp(256) : 0x91820000 0x00064000 "\SystemRoot\system32\drivers\csc.sys"
.\debug.cpp(256) : 0x91884000 0x00018000 "\SystemRoot\System32\Drivers\dfsc.sys"
.\debug.cpp(256) : 0x9189c000 0x0000e000 "\SystemRoot\system32\DRIVERS\blbdrive.sys"
.\debug.cpp(256) : 0x918aa000 0x00022000 "\SystemRoot\system32\DRIVERS\avipbb.sys"
.\debug.cpp(256) : 0x918cc000 0x00021000 "\SystemRoot\system32\DRIVERS\tunnel.sys"
.\debug.cpp(256) : 0x918ed000 0x00012000 "\SystemRoot\system32\DRIVERS\intelppm.sys"
.\debug.cpp(256) : 0x91c3e000 0x0053e000 "\SystemRoot\system32\DRIVERS\atikmdag.sys"
.\debug.cpp(256) : 0x9217c000 0x000b7000 "\SystemRoot\System32\drivers\dxgkrnl.sys"
.\debug.cpp(256) : 0x92233000 0x00039000 "\SystemRoot\System32\drivers\dxgmms1.sys"
.\debug.cpp(256) : 0x9226c000 0x0001f000 "\SystemRoot\system32\DRIVERS\HDAudBus.sys"
.\debug.cpp(256) : 0x9228b000 0x0002c000 "\SystemRoot\system32\DRIVERS\1394ohci.sys"
.\debug.cpp(256) : 0x922b7000 0x00045000 "\SystemRoot\system32\DRIVERS\Rt86win7.sys"
.\debug.cpp(256) : 0x922fc000 0x0000b000 "\SystemRoot\system32\DRIVERS\usbuhci.sys"
.\debug.cpp(256) : 0x92307000 0x0004b000 "\SystemRoot\system32\DRIVERS\USBPORT.SYS"
.\debug.cpp(256) : 0x92352000 0x0000f000 "\SystemRoot\system32\DRIVERS\usbehci.sys"
.\debug.cpp(256) : 0x92361000 0x0000a000 "\SystemRoot\system32\DRIVERS\usbohci.sys"
.\debug.cpp(256) : 0x9236b000 0x0000a000 "\SystemRoot\system32\DRIVERS\serenum.sys"
.\debug.cpp(256) : 0x92375000 0x00018000 "\SystemRoot\system32\DRIVERS\parport.sys"
.\debug.cpp(256) : 0x9238d000 0x00018000 "\SystemRoot\system32\DRIVERS\i8042prt.sys"
.\debug.cpp(256) : 0x923a5000 0x0000d000 "\SystemRoot\system32\DRIVERS\kbdclass.sys"
.\debug.cpp(256) : 0x923b2000 0x00006000 "\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys"
.\debug.cpp(256) : 0x923b8000 0x00013000 "\SystemRoot\system32\DRIVERS\avfwim.sys"
.\debug.cpp(256) : 0x923cb000 0x0000d000 "\SystemRoot\system32\DRIVERS\CompositeBus.sys"
.\debug.cpp(256) : 0x923d8000 0x00012000 "\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.\debug.cpp(256) : 0x91c00000 0x00018000 "\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.\debug.cpp(256) : 0x91c18000 0x0000b000 "\SystemRoot\system32\DRIVERS\ndistapi.sys"
.\debug.cpp(256) : 0x918ff000 0x00022000 "\SystemRoot\system32\DRIVERS\ndiswan.sys"
.\debug.cpp(256) : 0x91c23000 0x00018000 "\SystemRoot\system32\DRIVERS\raspppoe.sys"
.\debug.cpp(256) : 0x91921000 0x00017000 "\SystemRoot\system32\DRIVERS\raspptp.sys"
.\debug.cpp(256) : 0x91938000 0x00017000 "\SystemRoot\system32\DRIVERS\rassstp.sys"
.\debug.cpp(256) : 0x923ea000 0x0000c000 "\SystemRoot\System32\Drivers\pcouffin.sys"
.\debug.cpp(256) : 0x923f6000 0x0000a000 "\SystemRoot\system32\DRIVERS\rdpbus.sys"
.\debug.cpp(256) : 0x9194f000 0x0000d000 "\SystemRoot\system32\DRIVERS\mouclass.sys"
.\debug.cpp(256) : 0x91c3b000 0x00002000 "\SystemRoot\system32\DRIVERS\swenum.sys"
.\debug.cpp(256) : 0x9195c000 0x00034000 "\SystemRoot\system32\DRIVERS\ks.sys"
.\debug.cpp(256) : 0x91990000 0x0000e000 "\SystemRoot\system32\DRIVERS\umbus.sys"
.\debug.cpp(256) : 0x9199e000 0x00044000 "\SystemRoot\system32\DRIVERS\usbhub.sys"
.\debug.cpp(256) : 0x919e2000 0x00011000 "\SystemRoot\System32\Drivers\NDProxy.SYS"
.\debug.cpp(256) : 0x919f3000 0x0001d000 "\SystemRoot\system32\drivers\AtiHdmi.sys"
.\debug.cpp(256) : 0x91a10000 0x0002f000 "\SystemRoot\system32\drivers\portcls.sys"
.\debug.cpp(256) : 0x91a3f000 0x00019000 "\SystemRoot\system32\drivers\drmk.sys"
.\debug.cpp(256) : 0x91a58000 0x00050000 "\SystemRoot\system32\drivers\HdAudio.sys"
.\debug.cpp(256) : 0x91aa8000 0x0000d000 "\SystemRoot\System32\Drivers\crashdmp.sys"
.\debug.cpp(256) : 0x91ab5000 0x0000b000 "\SystemRoot\System32\Drivers\dump_dumpata.sys"
.\debug.cpp(256) : 0x91ac0000 0x00009000 "\SystemRoot\System32\Drivers\dump_atapi.sys"
.\debug.cpp(256) : 0x91ac9000 0x00011000 "\SystemRoot\System32\Drivers\dump_dumpfve.sys"
.\debug.cpp(256) : 0x95490000 0x0024a000 "\SystemRoot\System32\win32k.sys"
.\debug.cpp(256) : 0x91ada000 0x0000a000 "\SystemRoot\System32\drivers\Dxapi.sys"
.\debug.cpp(256) : 0x91ae4000 0x0000f000 "\SystemRoot\system32\DRIVERS\SCR3XX2K.sys"
.\debug.cpp(256) : 0x91af3000 0x00002000 "\SystemRoot\system32\DRIVERS\USBD.SYS"
.\debug.cpp(256) : 0x91af5000 0x0000b000 "\SystemRoot\system32\DRIVERS\SMCLIB.SYS"
.\debug.cpp(256) : 0x91b00000 0x0000c000 "\SystemRoot\System32\DRIVERS\scfilter.sys"
.\debug.cpp(256) : 0x91b0c000 0x00009000 "\SystemRoot\system32\DRIVERS\dc3d.sys"
.\debug.cpp(256) : 0x91b15000 0x00007000 "\SystemRoot\system32\DRIVERS\HIDPARSE.SYS"
.\debug.cpp(256) : 0x91b1c000 0x0000b000 "\SystemRoot\system32\DRIVERS\hidusb.sys"
.\debug.cpp(256) : 0x91b27000 0x00013000 "\SystemRoot\system32\DRIVERS\HIDCLASS.SYS"
.\debug.cpp(256) : 0x91b3a000 0x00004000 "\SystemRoot\system32\DRIVERS\NuidFltr.sys"
.\debug.cpp(256) : 0x91b3e000 0x0000b000 "\SystemRoot\system32\DRIVERS\mouhid.sys"
.\debug.cpp(256) : 0x91b49000 0x0000b000 "\SystemRoot\system32\DRIVERS\point32k.sys"
.\debug.cpp(256) : 0x91b54000 0x0000b000 "\SystemRoot\system32\DRIVERS\monitor.sys"
.\debug.cpp(256) : 0x91b5f000 0x00017000 "\SystemRoot\system32\DRIVERS\USBSTOR.SYS"
.\debug.cpp(256) : 0x91b76000 0x00027000 "\SystemRoot\system32\DRIVERS\V0330Vid.sys"
.\debug.cpp(256) : 0x956f0000 0x00009000 "\SystemRoot\System32\TSDDD.dll"
.\debug.cpp(256) : 0x95740000 0x0004d000 "\SystemRoot\System32\ATMFD.DLL"
.\debug.cpp(256) : 0x91b9d000 0x0001b000 "\SystemRoot\system32\drivers\luafv.sys"
.\debug.cpp(256) : 0x91bb8000 0x00015000 "\SystemRoot\system32\DRIVERS\avgntflt.sys"
.\debug.cpp(256) : 0x92400000 0x00062000 "\??\C:\Windows\system32\drivers\ACEDRV07.sys"
.\debug.cpp(256) : 0x92462000 0x0001a000 "\SystemRoot\system32\drivers\WudfPf.sys"
.\debug.cpp(256) : 0x9247c000 0x00010000 "\SystemRoot\system32\DRIVERS\lltdio.sys"
.\debug.cpp(256) : 0x9248c000 0x00046000 "\SystemRoot\system32\DRIVERS\nwifi.sys"
.\debug.cpp(256) : 0x924d2000 0x00010000 "\SystemRoot\system32\DRIVERS\ndisuio.sys"
.\debug.cpp(256) : 0x924e2000 0x00013000 "\SystemRoot\system32\DRIVERS\rspndr.sys"
.\debug.cpp(256) : 0x924f5000 0x00085000 "\SystemRoot\system32\drivers\HTTP.sys"
.\debug.cpp(256) : 0x9257a000 0x00019000 "\SystemRoot\system32\DRIVERS\bowser.sys"
.\debug.cpp(256) : 0x92593000 0x00012000 "\SystemRoot\System32\drivers\mpsdrv.sys"
.\debug.cpp(256) : 0x925a5000 0x00023000 "\SystemRoot\system32\DRIVERS\mrxsmb.sys"
.\debug.cpp(256) : 0x925c8000 0x0003b000 "\SystemRoot\system32\DRIVERS\mrxsmb10.sys"
.\debug.cpp(256) : 0x92603000 0x0001b000 "\SystemRoot\system32\DRIVERS\mrxsmb20.sys"
.\debug.cpp(256) : 0x9261e000 0x00007000 "\SystemRoot\system32\DRIVERS\parvdm.sys"
.\debug.cpp(256) : 0x92625000 0x00043000 "\SystemRoot\system32\DRIVERS\atksgt.sys"
.\debug.cpp(256) : 0x92668000 0x00005000 "\SystemRoot\system32\DRIVERS\lirsgt.sys"
.\debug.cpp(256) : 0x9266d000 0x00097000 "\SystemRoot\system32\drivers\peauth.sys"
.\debug.cpp(256) : 0x92704000 0x0000a000 "\SystemRoot\System32\Drivers\secdrv.SYS"
.\debug.cpp(256) : 0x9270e000 0x00021000 "\SystemRoot\System32\DRIVERS\srvnet.sys"
.\debug.cpp(256) : 0x9272f000 0x0000d000 "\SystemRoot\System32\drivers\tcpipreg.sys"
.\debug.cpp(256) : 0x9273c000 0x0004f000 "\SystemRoot\System32\DRIVERS\srv2.sys"
.\debug.cpp(256) : 0x9278b000 0x00051000 "\SystemRoot\System32\DRIVERS\srv.sys"
.\debug.cpp(256) : 0x927dc000 0x00003000 "\SystemRoot\System32\drivers\dgderdrv.sys"
.\debug.cpp(256) : 0x927df000 0x00001000 "\??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys"
.\debug.cpp(256) : 0x927e0000 0x00009000 "\??\C:\Windows\system32\FsUsbExDisk.SYS"
.\debug.cpp(256) : 0x91bcd000 0x00021000 "\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.\debug.cpp(256) : 0x957b0000 0x0001e000 "\SystemRoot\System32\cdd.dll"
.\debug.cpp(256) : 0xad89f000 0x00017000 "\??\C:\Users\Admin\AppData\Local\Temp\pgldapow.sys"
.\debug.cpp(256) : 0xad8b6000 0x00009000 "\SystemRoot\system32\DRIVERS\asyncmac.sys"
.\debug.cpp(256) : 0xad8bf000 0x0000f000 "\SystemRoot\system32\DRIVERS\Rtnicxp.sys"
.\debug.cpp(256) : 0x76fb0000 0x0013c000 "\Windows\System32\ntdll.dll"
.\debug.cpp(256) : 0x47650000 0x00013000 "\Windows\System32\smss.exe"
.\debug.cpp(256) : 0x771f0000 0x00050000 "\Windows\System32\apisetschema.dll"
.\debug.cpp(256) : 0x00070000 0x000a6000 "\Windows\System32\autochk.exe"
.\debug.cpp(256) : 0x76e50000 0x0015c000 "\Windows\System32\ole32.dll"
.\debug.cpp(256) : 0x76200000 0x00c49000 "\Windows\System32\shell32.dll"
.\debug.cpp(256) : 0x76060000 0x0019d000 "\Windows\System32\setupapi.dll"
.\debug.cpp(256) : 0x771c0000 0x00019000 "\Windows\System32\sechost.dll"
.\debug.cpp(263) : **********************************************
.\debug.cpp(307) : *** [ DEVICE OBJECTS INFORMATION ] ***********
.\debug.cpp(308) : **********************************************
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\D:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{6aaa0478-cd8c-11de-94b2-806e6f6e6963}#0000003939B00000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-3&Rev_1.20#080103015146000371&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDIS"
.\debug.cpp(400) : Destination="\Device\Ndis"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d1459cfe-b1c8-11df-9ebd-001d9283b00b"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d1459cfe-b1c8-11df-9ebd-001d9283b00b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#080103015146000371&2##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d1459cff-b1c8-11df-9ebd-001d9283b00b"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d1459cff-b1c8-11df-9ebd-001d9283b00b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WUDFLpcDevice"
.\debug.cpp(400) : Destination="\Device\WUDFLpcDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1cb3fe79&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_197B&DEV_2380&SUBSYS_379D1462&REV_00#4&119065b6&0&00E1#{6bdd1fc1-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0018"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{919AC6AC-D288-467B-B6D9-A60FFFFFC086}"
.\debug.cpp(400) : Destination="\Device\NDMP9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi3:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY1"
.\debug.cpp(400) : Destination="\Device\Video0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AgileVPN"
.\debug.cpp(400) : Destination="\Device\AgileVPN"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{892EDE5E-BE49-443c-A0B3-005D74F2D69C}#ScFilter#7&e87a2f&3&01#{d86354cc-a2ac-4223-95b9-2e48ce154434}"
.\debug.cpp(400) : Destination="\Device\0000007e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#4&2a7c57a4&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ffbb6e3f-ccfe-4d84-90d9-421418b03a8e}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{A85C9D60-E838-4CEE-8BE3-0273FF04203D}"
.\debug.cpp(400) : Destination="\Device\NDMP3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY2"
.\debug.cpp(400) : Destination="\Device\Video1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&337c01ae&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d1459d0b-b1c8-11df-9ebd-001d9283b00b"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d1459d0b-b1c8-11df-9ebd-001d9283b00b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACI19A4#5&4dc0dc4&0&UID1281#{866519b5-3f07-4c97-b7df-24c5d8a8ccb8}"
.\debug.cpp(400) : Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{2B8FD263-B535-4821-B997-1968A8DA464E}"
.\debug.cpp(400) : Destination="\Device\NDMP5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY3"
.\debug.cpp(400) : Destination="\Device\Video2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{6aaa0478-cd8c-11de-94b2-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-0&REV_1.20#080103015146000371&0##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000008a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY4"
.\debug.cpp(400) : Destination="\Device\Video3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIAdminDevice"
.\debug.cpp(400) : Destination="\Device\WMIAdminDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ProcessManagement"
.\debug.cpp(400) : Destination="\Device\ProcessManagement"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY5"
.\debug.cpp(400) : Destination="\Device\Video4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{636FF46E-80FE-4314-BC84-DC7749EDE5B4}"
.\debug.cpp(400) : Destination="\Device\NDMP14"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VolMgrControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa0496-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00E5&Col01#6&1a457e1c&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#080103015146000371&1##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\$VDMLPT1"
.\debug.cpp(400) : Destination="\Device\ParallelVdm0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_405F#5&2557aa68&0&2#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY6"
.\debug.cpp(400) : Destination="\Device\Video5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#5&1f97ad6d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{3c0d501a-140b-11d1-b40f-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy4"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&24d4b198&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-0&REV_1.20#080103015146000371&0##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000008a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d1459d03-b1c8-11df-9ebd-001d9283b00b"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d1459d03-b1c8-11df-9ebd-001d9283b00b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&2a08df1b&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0035&SUBSYS_00011799&REV_43#4&343a16ca&0&08F0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0021"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolumeShadowCopy5"
.\debug.cpp(400) : Destination="\Device\HarddiskVolumeShadowCopy5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&337c01ae&0&1#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde0Channel1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\F:"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa0498-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\TeredoTun"
.\debug.cpp(400) : Destination="\Device\TeredoTun"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WMIDataDevice"
.\debug.cpp(400) : Destination="\Device\WMIDataDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SPDevice"
.\debug.cpp(400) : Destination="\Device\SPDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{31DD7D7C-95FF-46E7-B687-392EF83C8D64}"
.\debug.cpp(400) : Destination="\Device\NDMP12"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\COM1"
.\debug.cpp(400) : Destination="\Device\Serial0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa047d-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-1&Rev_1.20#080103015146000371&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000084"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SW#{eeab7790-c514-11d1-b42b-00805fc1270e}#asyncmac#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\KSENUM#00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d1459d07-b1c8-11df-9ebd-001d9283b00b"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d1459d07-b1c8-11df-9ebd-001d9283b00b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avgntflt"
.\debug.cpp(400) : Destination="\FileSystem\Filters\avgntflt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PEAuth"
.\debug.cpp(400) : Destination="\Device\PEAuth"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0004#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PIPE"
.\debug.cpp(400) : Destination="\Device\NamedPipe"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa047e-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa049a-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-0&Rev_1.20#080103015146000371&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Point32Filter"
.\debug.cpp(400) : Destination="\Device\Point32Filter"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UNC"
.\debug.cpp(400) : Destination="\Device\Mup"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{6BFB56D9-C7E5-4481-9E14-C48683E09BAA}"
.\debug.cpp(400) : Destination="\Device\NDMP23"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E2F8A220-AF88-446C-9A55-453E58DD3A33}"
.\debug.cpp(400) : Destination="\Device\NDMP22"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&368569b2&0#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{959F085E-D41E-4014-851B-7265BF2D5C58}"
.\debug.cpp(400) : Destination="\Device\NDMP11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{0a4252a0-7e70-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{EDED0412-5EC0-4000-8F37-6352B9E65326}"
.\debug.cpp(400) : Destination="\Device\NDMP2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GEARAspiWDMDevice"
.\debug.cpp(400) : Destination="\Device\GEARAspiWDMDevice"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Psched"
.\debug.cpp(400) : Destination="\Device\Psched"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa0497-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000004"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD0"
.\debug.cpp(400) : Destination="\Device\USBFDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMDFCtrlDev-d1459d0f-b1c8-11df-9ebd-001d9283b00b"
.\debug.cpp(400) : Destination="\Device\UMDFCtrlDev-d1459d0f-b1c8-11df-9ebd-001d9283b00b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgrMsg"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgrMsg"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_045E&PID_00E5#5&3bec036&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0005#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{C0DE3E38-8BA7-479F-8B75-833F294C5AA8}"
.\debug.cpp(400) : Destination="\Device\NDMP20"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*TEREDO#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000005"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Tcp"
.\debug.cpp(400) : Destination="\Device\Tcp"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCIIDE#IDEChannel#4&24d4b198&0&0#{2accfe60-c130-11d2-b082-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\PciIde1Channel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0003#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-20792812-b911-4799-a085-f3d71a4fdd78"
.\debug.cpp(400) : Destination="\Device\HostProcess-20792812-b911-4799-a085-f3d71a4fdd78"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FsUsbExDisk"
.\debug.cpp(400) : Destination="\Device\FsUsbExDisk"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Duo_CPU_____E6550__@_2.33GHz#_2#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000005c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD1"
.\debug.cpp(400) : Destination="\Device\USBFDO-1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{10ED20EA-F614-48C8-BFAC-4844FC17CA94}"
.\debug.cpp(400) : Destination="\Device\NDMP6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk0Partition3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#vdrvroot#0000#{2e34d650-5819-42ca-84ae-d30803bae505}"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive0"
.\debug.cpp(400) : Destination="\Device\Harddisk0\DR0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_F31D1385&REV_10#4&343a16ca&0&00F0#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-2&Rev_1.20#080103015146000371&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000085"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627379&REV_1000#4&3b2e1653&0&0001#{86841137-ed8e-4d97-9975-f2ed56b4430e}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB20#5&338311d&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{cf1dda2c-9743-11d0-a3ee-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{53172480-4791-11d0-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD2"
.\debug.cpp(400) : Destination="\Device\USBFDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PRN"
.\debug.cpp(400) : Destination="\DosDevices\LPT1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#FixedButton#2&daba3ff&1#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\00000060"

.\debug.cpp(369) : Device "\GLOBAL??\avfwot"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\H:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#UMBUS#0000#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000057"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\CdRom0"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive1"
.\debug.cpp(400) : Destination="\Device\Harddisk1\DR1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#080103015146000371&3##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000008d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\dgderdrv"
.\debug.cpp(400) : Destination="\Device\dgderdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IPSECDOSPDevice"
.\debug.cpp(400) : Destination="\Device\IPSECDOSP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627379&REV_1000#4&3b2e1653&0&0001#{dda54a40-1e4c-11d1-a050-405705c10000}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{97ebaacb-95bd-11d0-a3ea-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_0035&SUBSYS_00011799&REV_43#4&343a16ca&0&09F0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0022"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CC&SUBSYS_73791462&REV_01#3&11583659&0&EF#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0010"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD3"
.\debug.cpp(400) : Destination="\Device\USBFDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\fsWrap"
.\debug.cpp(400) : Destination="\Device\FsWrap"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume2"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa0499-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive2"
.\debug.cpp(400) : Destination="\Device\Harddisk2\DR2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&WpdBusEnumRoot#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000089"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD4"
.\debug.cpp(400) : Destination="\Device\USBFDO-4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_379C1462&REV_01#6E00000010EC816800#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume3"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#volmgr#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000059"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627379&REV_1000#4&3b2e1653&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive3"
.\debug.cpp(400) : Destination="\Device\Harddisk3\DR3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Global"
.\debug.cpp(400) : Destination="\GLOBAL??"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume4"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_405F#5&2557aa68&0&2#{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&2a08df1b&0&0001#{dba43692-ad00-48aa-b1a7-ffa99a04ee17}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0303#4&368569b2&0#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000006b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANBH#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD5"
.\debug.cpp(400) : Destination="\Device\USBFDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C9&SUBSYS_73791462&REV_01#3&11583659&0&E9#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0007"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0C0C#aa#{4afa3d53-74a7-11d0-be5e-00a0c9062857}"
.\debug.cpp(400) : Destination="\Device\0000005f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\I:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive4"
.\debug.cpp(400) : Destination="\Device\Harddisk4\DR4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LOG:"
.\debug.cpp(400) : Destination="\clfs"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00E5&Col02#6&1a457e1c&0&0001#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000081"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&2a08df1b&0&0001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume5"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{86e0d1e0-8089-11d0-9ce4-08003e301f73}"
.\debug.cpp(400) : Destination="\Device\00000069"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD6"
.\debug.cpp(400) : Destination="\Device\USBFDO-6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-1&Rev_1.20#080103015146000371&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{268FA983-F9B2-421C-8835-27209DD0C2AA}"
.\debug.cpp(400) : Destination="\Device\NDMP10"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PhysicalDrive5"
.\debug.cpp(400) : Destination="\Device\Harddisk5\DR5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#080103015146000371&4##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-3&REV_1.20#080103015146000371&3##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000008d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Secdrv"
.\debug.cpp(400) : Destination="\Device\Secdrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume6"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HCD7"
.\debug.cpp(400) : Destination="\Device\USBFDO-7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CA&SUBSYS_73791462&REV_01#3&11583659&0&EA#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0008"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{F2F28353-AA36-407B-ADD0-48E853F894A0}"
.\debug.cpp(400) : Destination="\Device\NDMP4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000001"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume7"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_405F#5&2557aa68&0&2#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_07B8&PID_E004#080103015146000371#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-9"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&3001cb50&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\StarOpen"
.\debug.cpp(400) : Destination="\Device\StarOpen"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa047c-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-H60N________________CV02____#5&11f767ef&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP3T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000002"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-2&REV_1.20#080103015146000371&2##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000008c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HarddiskVolume8"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk3Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\patincouffin0"
.\debug.cpp(400) : Destination="\Device\Patin couffin device0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\J:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&7be8e28&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{E28D896F-9EA8-433A-9C10-66C97C19A921}"
.\debug.cpp(400) : Destination="\Device\NDMP21"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPPOEMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0501#1#{4d36e978-e325-11ce-bfc1-08002be10318}"
.\debug.cpp(400) : Destination="\Device\00000069"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-2&Rev_1.20#080103015146000371&2#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-b8a7f807-1035-450b-b523-43df33b089ca"
.\debug.cpp(400) : Destination="\Device\HostProcess-b8a7f807-1035-450b-b523-43df33b089ca"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPTENUM#MicrosoftRawPort#5&2101544c&0&LPT1#{811fc6a5-f728-11d0-a537-0000f8753ed1}"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_SSTPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000051"

.\debug.cpp(369) : Device "\GLOBAL??\avfwim"
.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627379&REV_1000#4&3b2e1653&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MountPointManager"
.\debug.cpp(400) : Destination="\Device\MountPointManager"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0003#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\pgldapow"
.\debug.cpp(400) : Destination="\Device\pgldapow"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-085b94a6-dfda-4191-a8eb-3a56a854180c"
.\debug.cpp(400) : Destination="\Device\HostProcess-085b94a6-dfda-4191-a8eb-3a56a854180c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&2a08df1b&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIP#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ssmctl"
.\debug.cpp(400) : Destination="\Device\ssmctl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\K:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#{6aaa0478-cd8c-11de-94b2-806e6f6e6963}#0000000300100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Nsi"
.\debug.cpp(400) : Destination="\Device\Nsi"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&2a08df1b&0&0001#{eb115ffc-10c8-4964-831d-6dcb02e6f23f}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArp"
.\debug.cpp(400) : Destination="\Device\WANARP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PartmgrControl"
.\debug.cpp(400) : Destination="\Device\PartmgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NXTIPSECDevice"
.\debug.cpp(400) : Destination="\Device\NXTIPSEC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk1Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume4"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04E6&PID_5116#21120550402995#{077e2f20-e171-4dc6-8a24-ecea3035c257}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_L2TPMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{483C9FF8-503D-414B-B402-E4C1F1F568CB}"
.\debug.cpp(400) : Destination="\Device\NDMP15"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WFPDev"
.\debug.cpp(400) : Destination="\Device\WFP"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WwanProt"
.\debug.cpp(400) : Destination="\Device\WwanProt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_041E&PID_405F#5&2557aa68&0&2#{6994ad05-93ef-11d0-a3cc-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\USBPDO-11"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\DISPLAY#ACI19A4#5&4dc0dc4&0&UID1281#{e6f07b5f-ee97-4a90-b076-33f57bf4eaa7}"
.\debug.cpp(400) : Destination="\Device\0000007f"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIP"
.\debug.cpp(400) : Destination="\Device\NDMP17"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#DiskST3360320AS_____________________________3.AAM___#5&24b11894&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP2T0L0-2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ASYNCMAC"
.\debug.cpp(400) : Destination="\Device\ASYNCMAC"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00E5&Col01#6&1a457e1c&0&0000#{1e0886f0-4876-47fe-b3fd-c9851b2bcff2}"
.\debug.cpp(400) : Destination="\Device\00000080"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27CB&SUBSYS_73791462&REV_01#3&11583659&0&EB#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_8086&DEV_27C8&SUBSYS_73791462&REV_01#3&11583659&0&E8#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0006"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi0:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WanArpV6"
.\debug.cpp(400) : Destination="\Device\WANARPV6"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Volume{6aaa0481-cd8c-11de-94b2-806e6f6e6963}"
.\debug.cpp(400) : Destination="\Device\CdRom0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\L:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0004#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\UMB#UMB#1&841921d&0&PrinterBusEnumerator#{65a9a6cf-64cd-480b-843e-32c86e1ba19f}"
.\debug.cpp(400) : Destination="\Device\00000088"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\lirsgt"
.\debug.cpp(400) : Destination="\Device\lirsgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#4&1b0c5aff&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#PNP0400#4&368569b2&0#{97f76ef0-f883-11d0-af1f-0000f800845c}"
.\debug.cpp(400) : Destination="\Device\0000006a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\1394BUS0"
.\debug.cpp(400) : Destination="\Device\1394BUS0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-3&Rev_1.20#080103015146000371&3#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000086"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-0&Rev_1.20#080103015146000371&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000083"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_PPTPMINIPORT#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000050"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk4Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume7"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9498&SUBSYS_16021462&REV_00#4&13d7cd30&0&0008#{5b45201d-f2f2-4f3b-85bb-30ff1f953599}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#SYSTEM#0000#{4747b320-62ce-11cf-a5d6-28db04c10000}"
.\debug.cpp(400) : Destination="\Device\00000056"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_AGILEVPNMINIPORT#0000#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000004a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{CBE94056-BCA0-448F-8CD4-0D4FE9CF5D77}"
.\debug.cpp(400) : Destination="\Device\NDMP1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\IDE#CdRomHL-DT-ST_DVDRAM_GSA-H60N________________CV02____#5&11f767ef&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\Ide\IdeDeviceP3T0L0-3"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-4&Rev_1.20#080103015146000371&4#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\00000087"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NdisWan"
.\debug.cpp(400) : Destination="\Device\NdisWan"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AscKmd"
.\debug.cpp(400) : Destination="\Device\AscKmd"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627379&REV_1000#4&3b2e1653&0&0001#{a17579f0-4fec-4936-9364-249460863be5}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANBH"
.\debug.cpp(400) : Destination="\Device\NDMP16"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\LPT1"
.\debug.cpp(400) : Destination="\Device\Parallel0"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi1:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HostProcess-f2019a4b-98c8-4c70-81a3-437e822977b8"
.\debug.cpp(400) : Destination="\Device\HostProcess-f2019a4b-98c8-4c70-81a3-437e822977b8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MpsDevice"
.\debug.cpp(400) : Destination="\Device\MPS"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0006#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\0000000d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_10EC&DEV_0888&SUBSYS_14627379&REV_1000#4&3b2e1653&0&0001#{65e8773e-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007c"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#ROOT_HUB#5&6fe85c3&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}"
.\debug.cpp(400) : Destination="\Device\USBPDO-5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\STORAGE#Volume#_??_USBSTOR#Disk&Ven_Generic&Prod_2.0_Reader____-4&Rev_1.20#080103015146000371&4#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8139&SUBSYS_F31D1385&REV_10#4&343a16ca&0&00F0#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0020"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_10EC&DEV_8168&SUBSYS_379C1462&REV_01#6E00000010EC816800#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0019"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-4&REV_1.20#080103015146000371&4##{6ac27878-a6fa-4155-ba85-f98f491d4f33}"
.\debug.cpp(400) : Destination="\Device\0000008e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FltMgr"
.\debug.cpp(400) : Destination="\FileSystem\Filters\FltMgr"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\FtControl"
.\debug.cpp(400) : Destination="\Device\VolMgrControl"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\C:"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1002&DEV_9498&SUBSYS_16021462&REV_00#4&13d7cd30&0&0008#{1ca05180-a699-450a-9a0c-de4fbe3ddd89}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0016"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WpdBusEnumRoot#UMB#2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_2.0_READER____-1&REV_1.20#080103015146000371&1##{f33fdc04-d1ac-4e8e-9a30-19bbd4b108ae}"
.\debug.cpp(400) : Destination="\Device\0000008b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04E6&PID_5116#21120550402995#{50dd5230-ba8a-11d1-bf5d-0000f805f530}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACEDRV07"
.\debug.cpp(400) : Destination="\Device\ACEDRV07"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk5Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Harddisk2Partition1"
.\debug.cpp(400) : Destination="\Device\HarddiskVolume5"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{DB2B4279-B5CF-4626-9DBA-32D0ECE44C87}"
.\debug.cpp(400) : Destination="\Device\NDMP19"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NDISWANIPV6"
.\debug.cpp(400) : Destination="\Device\NDMP18"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\MAILSLOT"
.\debug.cpp(400) : Destination="\Device\MailSlot"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\AUX"
.\debug.cpp(400) : Destination="\DosDevices\COM1"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\GLOBALROOT"
.\debug.cpp(400) : Destination=""

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000055"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\NUL"
.\debug.cpp(400) : Destination="\Device\Null"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\SstpDrv"
.\debug.cpp(400) : Destination="\Device\SstpDrv"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\atksgt"
.\debug.cpp(400) : Destination="\Device\atksgt"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Ndisuio"
.\debug.cpp(400) : Destination="\Device\Ndisuio"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\PCI#VEN_1033&DEV_00E0&SUBSYS_00021799&REV_04#4&343a16ca&0&0AF0#{3abf6f2d-71c4-462a-8a92-1e6861e6af27}"
.\debug.cpp(400) : Destination="\Device\NTPNP_PCI0023"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#*ISATAP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000003"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Scsi2:"
.\debug.cpp(400) : Destination="\Device\Ide\IdePort2"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\VDRVROOT"
.\debug.cpp(400) : Destination="\Device\00000058"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0002#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\00000009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#RDP_KBD#0000#{884b96c3-56ef-11d1-bc8c-00a0c91405dd}"
.\debug.cpp(400) : Destination="\Device\00000054"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\WfpAle"
.\debug.cpp(400) : Destination="\Device\WfpAle"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\USB#VID_04E6&PID_5116#21120550402995#{a5dcbf10-6530-11d2-901f-00c04fb951ed}"
.\debug.cpp(400) : Destination="\Device\USBPDO-8"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\{BD823627-2986-4BD6-A111-F292B5B444E1}"
.\debug.cpp(400) : Destination="\Device\NDMP13"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HDAUDIO#FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001#5&2a08df1b&0&0001#{65e8773d-8f56-11d0-a3b9-00a0c9223196}"
.\debug.cpp(400) : Destination="\Device\0000007a"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\ACPI#GenuineIntel_-_x86_Family_6_Model_15_-_Intel(R)_Core(TM)2_Duo_CPU_____E6550__@_2.33GHz#_1#{97fadb10-4e33-40ae-359c-8bef029dbdd0}"
.\debug.cpp(400) : Destination="\Device\0000005b"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#MS_NDISWANIPV6#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000004e"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0006#{ad498944-762f-11d0-8dcb-00c04fc3358c}"
.\debug.cpp(400) : Destination="\Device\0000000d"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\HID#VID_045E&PID_00E5&Col02#6&1a457e1c&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}"
.\debug.cpp(400) : Destination="\Device\00000081"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\Root#AV_FLTDEV9MP#0002#{cac88484-7515-4c03-82e6-71a87abac361}"
.\debug.cpp(400) : Destination="\Device\00000009"

.\debug.cpp(369) : SymbolicLink "\GLOBAL??\avipbb"
.\debug.cpp(400) : Destination="\Device\avipbb"

.\debug.cpp(451) : **********************************************
.\boot_cleaner.cpp(1077) : System volume is \\.\C:
.\boot_cleaner.cpp(1113) : \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`00100000
.\boot_cleaner.cpp(424) : Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff
.\boot_cleaner.cpp(1151) :
.\boot_cleaner.cpp(1152) : Size Device Name MBR Status
.\boot_cleaner.cpp(1153) : --------------------------------------------
.\boot_cleaner.cpp(1197) : 335 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
.\boot_cleaner.cpp(1203) :
.\boot_cleaner.cpp(1242) : Done;
Miniaturansicht angehängter Grafiken
TR/Crypt.XPACK.Gen2 gefunden - was nun?-bootkit.jpg  

Alt 27.08.2010, 12:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.08.2010, 21:07   #14
Hildes_Sofa
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Hab ich gemacht.

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4488

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.08.2010 22:02:20
mbam-log-2010-08-27 (22-02-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 360358
Laufzeit: 48 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



SuperAntiSpyware:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/27/2010 at 06:02 PM

Application Version : 4.41.1000

Core Rules Database Version : 5412
Trace Rules Database Version: 3224

Scan type : Complete Scan
Total Scan Time : 02:20:38

Memory items scanned : 712
Memory threats detected : 0
Registry items scanned : 11271
Registry threats detected : 0
File items scanned : 326920
File threats detected : 10

Adware.Tracking Cookie
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atdmt[1].txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@interclick[1].txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@fastclick[1].txt
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@ad.yieldmanager[2].txt
ia.media-imdb.com [ C:\Users\Chef\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VVR6KZVJ ]
inwmedia.net [ C:\Users\Chef\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VVR6KZVJ ]
www.naiadsystems.com [ C:\Users\Chef\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VVR6KZVJ ]

Trojan.Agent/Gen-ImageDocFake
C:\USERS\CHEF\DOCUMENTS\! ANDREA\GO VEGAN OR GO TO HELL\INFO\INHALTSSTOFFEH.DOC
C:\USERS\CHEF\DOCUMENTS\! ANDREA\GO VEGAN OR GO TO HELL\INFO\INHALTSSTOFFEO.DOC
C:\USERS\CHEF\DOCUMENTS\! ANDREA\GO VEGAN OR GO TO HELL\INFO\INHALTSSTOFFEF.DOC

Alt 27.08.2010, 21:38   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Crypt.XPACK.Gen2 gefunden - was nun? - Standard

TR/Crypt.XPACK.Gen2 gefunden - was nun?



Sieht ok aus, da wurden nur Cookies gefunden. Das andere sieht nach Fehlalarmen aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Crypt.XPACK.Gen2 gefunden - was nun?
analysis, anti, anti-malware, archiv, avgntflt.sys, datei, dateien, defender, explorer, folge, folgendes, hallo zusammen, heute, hinweis, microsoft, namen, notepad.exe, pferd, professional, programdata, safer networking, sptd.sys, staropen, studio, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen2, trojanische, trojanische pferd, verschoben, version, visual studio, warnung, wieder weg, windows, windows 7, wscript.exe, zusammen



Ähnliche Themen: TR/Crypt.XPACK.Gen2 gefunden - was nun?


  1. TR/Crypt.XPACK.Gen2 von Avira Antivir gefunden
    Log-Analyse und Auswertung - 31.10.2012 (51)
  2. TR/Crypt.XPACK.Gen2 von Antivir gefunden
    Log-Analyse und Auswertung - 29.10.2012 (3)
  3. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  4. TR/Crypt.XPACK.Gen2 Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  5. NICHTS geht mehr - TR/crypt.xpack.gen2 und TR/PSW.karagany.a.73 gefunden
    Plagegeister aller Art und deren Bekämpfung - 28.01.2012 (1)
  6. TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (1)
  7. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  8. TR/Crypt.XPACK.Gen2 auf meinem PC gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.07.2011 (17)
  9. AntiVir hat DR/PSW.Cain.284.3 Dropper TR/Rootkit.Gen und TR/Crypt.XPACK.Gen2 gefunden!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2011 (37)
  10. TR/Crypt.XPACK.Gen3 - nach formatierung von C: TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (9)
  11. Trojaner TR/Dldr.Small.aulw und TR/Crypt.XPACK.Gen2 + Gen3 gefunden
    Plagegeister aller Art und deren Bekämpfung - 26.09.2010 (15)
  12. Trojaner TR/Crypt.XPACK.Gen2 gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.09.2010 (17)
  13. Trojaner TR/Crypt.XPACK.Gen2 gefunden. Was nun?
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (1)
  14. Trojaner Gefunden - TR/Crypt.XPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 18.08.2010 (1)
  15. TR/Crypt.XPACK.Gen2 gefunden in Datei
    Plagegeister aller Art und deren Bekämpfung - 28.07.2010 (16)
  16. TR/Crypt.XPACK.Gen2 und TR/Agent.193536 gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (5)
  17. 'TR/Crypt.XPACK.Gen2' und 'Trojan.W32.Grumm ALARM' gefunden in C:\documents and setti
    Log-Analyse und Auswertung - 03.05.2010 (21)

Zum Thema TR/Crypt.XPACK.Gen2 gefunden - was nun? - Hallo zusammen! Vielleicht könnt Ihr mir helfen... Auf unserem PC (Windows 7 Professional / 32bit) wurde heute TR/Crypt.XPACK.Gen2 gefunden. Was ist das und wie bekomme ich das wieder weg? Zitat: - TR/Crypt.XPACK.Gen2 gefunden - was nun?...
Archiv
Du betrachtest: TR/Crypt.XPACK.Gen2 gefunden - was nun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.